next-auth
next-auth copied to clipboard
nextauthjs
Lazy initialization and auth() middleware wrapper incompatiblity bug
Environment
System:
OS: Windows 11 10.0.26252
CPU: (8) x64 Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Memory: 8.72 GB / 31.87 GB
Binaries:
Node: 22.5.1 - C:\Program Files\nodejs\node.EXE
npm: 10.8.2 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: Chromium (127.0.2651.49)
Internet Explorer: 11.0.26252.5000
npmPackages:
next: 14.2.5 => 14.2.5
next-auth: ^5.0.0-beta.19 => 5.0.0-beta.19
react: ^18 => 18.3.1
Reproduction URL
https://github.com/NBandNB/next-auth-middleware-bug
Describe the issue
It seems that there is a bug which is currently making Lazy Initialization of Next Auth incompatible with the auth() wrapper of a middleware function. It results in the following error:
[auth][error] UnknownAction: Cannot parse action at /session. Read more at https://errors.authjs.dev#unknownaction at parseActionAndProviderId (webpack-internal:///(middleware)/./node_modules/@auth/core/lib/utils/web.js:105:15) at toInternalRequest (webpack-internal:///(middleware)/./node_modules/@auth/core/lib/utils/web.js:37:40) at Auth (webpack-internal:///(middleware)/./node_modules/@auth/core/index.js:84:103) at getSession (webpack-internal:///(middleware)/./node_modules/next-auth/lib/index.js:20:60) at handleAuth (webpack-internal:///(middleware)/./node_modules/next-auth/lib/index.js:134:35) at Object.request [as handler] (webpack-internal:///(middleware)/./node_modules/next-auth/lib/index.js:72:28) at eval (webpack-internal:///(middleware)/./node_modules/next/dist/esm/server/web/adapter.js:202:31) at AsyncLocalStorage.run (node:async_hooks:346:14) at Object.wrap (webpack-internal:///(middleware)/./node_modules/next/dist/esm/server/async-storage/request-async-storage-wrapper.js:83:24) at eval (webpack-internal:///(middleware)/./node_modules/next/dist/esm/server/web/adapter.js:189:122)
This appears to be caused by the base path to being improperly set to "/auth" and the path being improperly set to "/session", when those should be "/api/auth" and "/api/auth/session" respectively, somewhere in the call chain to parseActionAndProviderId. To me it looks most likely that this mistake is made in the function getSession in next-auth, but is likely using improperly set config variables from elsewhere.
How to reproduce
Configure NextAuth using lazy initialization and use the auth() wrapper as middleware. My reproduction example does exactly that and is based off the create-next-app template. See the 2nd commit to see all changes that were necessary in order to reproduce this bug.
Expected behavior
The expected behavior is that the auth wrapper properly retrieves the current session and returns it for use in the middleware it is wrapping.
Hello, I did understand that is expected however after trying that and removing it I was able to determine that it was resulting the same bug irrespective of the presence of the route handlers at that location which was supported by what I was able to determine in looking through the code that it doesn’t actually make a http request to the route but rather calls the route handler internally. I have still added the route handler export to show that it still results in the same error as described above. Thank You.
From: Shreyan Shukla @.> Sent: Friday, July 26, 2024 11:33 AM To: nextauthjs/next-auth @.> Cc: NBandNB @.>; Author @.> Subject: Re: [nextauthjs/next-auth] Lazy initialization and auth() middleware wrapper incompatiblity bug (Issue #11450)
I dont think you have properly used next auth for this. Or maybe the reproduction URL isn't very specific enough. Would be highly grateful if you could make the repo more precise in the reproduction URL. Incase you have missed out on usage of next-auth, here's how your directory structure should look like: /app/api/auth/[...nextauth]/route.ts OR /pages/api/auth/[...nextauth].ts
— Reply to this email directly, view it on GitHub https://github.com/nextauthjs/next-auth/issues/11450#issuecomment-2253272996 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQVE6XK22VFVXAPIPKLKEIDZOKI4XAVCNFSM6AAAAABLNOWBL2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJTGI3TEOJZGY . You are receiving this because you authored the thread. https://github.com/notifications/beacon/AQVE6XIB2QXZFJZIYRBWQZ3ZOKI4XA5CNFSM6AAAAABLNOWBL2WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTUGJY32I.gif Message ID: @.*** @.***> >
I think I'm having a similar problem. I get:
Error: The Middleware "/src/middleware" must export a middleware or a default function
Every time I try to run Auth on lazy
I'm not sure that error is necessarily caused in the same place since it seems like it would be encountered earlier than the above mentioned problem. However, it does occur under the same circumstances established above. Additionally I was able to find a workaround for the problem when the error message matched what I have above by adding basePath: "/api/auth to the initialization config. However for this new error the only solution I have found to avoid it is to downgrade from from next-auth version 5.0.0-beta.20 to 5.0.0-beta.19.
See reproduction of new bug here: https://github.com/NBandNB/next-auth-middleware-bug/tree/next-auth-beta-20 Previous bug here: https://github.com/NBandNB/next-auth-middleware-bug/tree/next-auth-beta-19
adding basePath: "/api/auth to the initialization config
Legend. This fixed my Cannot parse action at /session error on beta v19.
When I use Lazy initialization. The api will show error if called. I installed "next-auth": "^5.0.0-beta.20",
/api/users
export const GET = auth(async (request: NextAuthRequest) => {
}
Lazy initialization:
import NextAuth from "next-auth"
import GitHub from "@auth/core/providers/github"
export const { handlers, auth } = NextAuth(async (req) => {
console.log(req) // do something with the request
return {
providers: [GitHub],
},
})
For now it seems like it will work if you manually downgrade to "next-auth": "5.0.0-beta.19", and add basePath: "/api/auth" to your authentication config(right below where you define providers). Hopefully there will be a better fix soon.
For now it seems like it will work if you manually downgrade to "next-auth": "5.0.0-beta.19", and add
basePath: "/api/auth"to your authentication config(right below where you define providers). Hopefully there will be a better fix soon.
Unfortunately this does not work in my case. Same issue here, auth() is not a function after lazily loading, even with the basePath set to '/api/auth'.
Unfortunately this does not work in my case. Same issue here,
auth()is not a function after lazily loading, even with the basePath set to '/api/auth'.
When using lazy config, auth is an async function that returns a Promise object.
just to help build upon what @fxghqc, this is what i used:
export default async (req: NextRequest) => {
const session = await auth();
if(!session) {
return NextResponse.redirect('/login'); // add your own redirect or whatever here
}
};
Unfortunately this does not work in my case. Same issue here,
auth()is not a function after lazily loading, even with the basePath set to '/api/auth'.When using lazy config,
authis an async function that returns a Promise object.
another bug in documentation then
+1
Edit by maintainer bot: Comment was automatically minimized because it was considered unhelpful. (If you think this was by mistake, let us know). Please only comment if it adds context to the issue. If you want to express that you have the same problem, use the upvote 👍 on the issue description or subscribe to the issue for updates. Thanks!
