Next-auth: How to redirect new users to a separate page, while using jwt

Interesting question… this has come up before but we don't have a clear standing response to how to handle it.

With a database

The redirect() callback can be used to determine where a user is redirected to after signing in, however it does not currently have access to the User object or Session state.

The newUser page can be set to force new accounts to be directed to a specific page. If using a database (which I appreciate you aren't) you can combine these to get the desired behaviour.

Without a database

You can use the jwt callback to set a property on the JWT then use the redirect() callback to always force users to /api/sign-callback and on that page then check the JWT and return a location redirect header based on if the user has completed sign in before.

If you want to persist the URL the user was previously on you can set URL returned by redirect() to encode the redirect URL as a query parameter (e.g. /api/sign-callback?callbackUrl=${encodeURIComponent(callbackUrl)) and return that from the redirect callback.

Note: For security reasons, you will likely want to check the callback URL is valid (e.g. at an allowed domain). Note that the redirect callback may be called more than once during sign in so you might want to add debug handling to check you are encoding it correctly / not double encoding it (etc) if doing this.

I think this is something we might make easier in future, for example by reducing the number of times redirect is called and/or passing the Session or User object to the callback to make this easier.

Is there any way to set isNewUser while using jwt? It could make things a lot easier for this kind of usecases.

Yes, you can set any properties you like when a JWT is created.

The example in the documentation shows how to set auth_time but you can set any properties you like on the JWT at sign in.

Earlier versions of NextAuth.js actually used to set isNewUser on the JWT (when using a database) but it's not a standard property on the JWT claims spec, so as of version 3.0 instead enough info is exposed to the jwt() callback to make it possible to set any properties on the JWT at sign in.

I mean, set isNewUser so next-auth will handle that particular person as a new user and redirect him to newUsers page itself, instead of making extra work with the redirects and separate api routes

For example, from the the signIn callback, where I verify user with the external backend and can determine if it's a new one or not

Hmm no, you can't currently set isNewUser from the signIn() callback.

It doesn't seem a bad idea for an enhancement though.

How is isNewUser determined ?
(pardon me if the question is silly, I'm quite new to this ecosystem)

You can take a look at this description from July (although the behavior may have been updated since then, I'm not totally sure):
https://github.com/nextauthjs/next-auth/issues/416#issuecomment-656612591

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!