next-auth
next-auth copied to clipboard
nextauthjs
OperationProcessingError: unexpected ID Token "nonce" claim value for SlackProvider
Provider type
Slack
Environment
System:
- OS: macOS 14.1
- CPU: Apple M1
Binaries:
- Node: 20.8.1
- npm: 10.2.0
Browsers:
- Firefox: 120.0b2
npmPackages:
- next: 14.0.0 => 14.0.0
- next-auth: ^5.0.0-beta.3 => 5.0.0-beta.3
- react: 18.2.0 => 18.2.0
Reproduction URL
https://github.com/Starefossen/next-auth-example
import NextAuth from "next-auth"
import SlackProvider from "next-auth/providers/slack"
import type { NextAuthConfig } from "next-auth"
export const config = {
theme: {
logo: "https://next-auth.js.org/img/logo/logo-sm.png",
},
debug: true,
providers: [
SlackProvider({
clientId: process.env.SLACK_CLIENT_ID!,
clientSecret: process.env.SLACK_CLIENT_SECRET!,
}),
],
callbacks: {
authorized({ request, auth }) {
const { pathname } = request.nextUrl
return pathname === "/middleware-example" && !!auth
},
},
} satisfies NextAuthConfig
export const { handlers, auth, signIn, signOut } = NextAuth(config)
Describe the issue
With standard config for Slack Provider auth. After authenticating with Slack the return request fails with the following error: unexpected ID Token "nonce" claim value
[auth][error][CallbackRouteError]: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: OperationProcessingError: unexpected ID Token "nonce" claim value
at Module.processAuthorizationCodeOpenIDResponse (webpack-internal:///(rsc)/./node_modules/oauth4webapi/build/index.js:1091:23)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async handleOAuth (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/oauth/callback.js:77:24)
at async Module.callback (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/routes/callback.js:34:41)
at async AuthInternal (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/index.js:104:38)
at async Auth (webpack-internal:///(rsc)/./node_modules/@auth/core/index.js:121:30)
at async /Users/hans/go/src/github.com/nextauthjs/next-auth-example/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:61856
[auth][details]: {
"provider": "slack"
}
How to reproduce
npm run dev- browse to
/api/auth/signin - click login with slack
Expected behavior
Expected the user to be logged in successfully.
Had the same problem, but was able to get it to work by adding nonce to the check.
Slack({
checks: ['pkce', 'nonce']
})
It seems there is a bug where 'nonce' is being checked even when it is not supposed to be. Explicitly including it as a target can circumvent this issue.
"next": "14.0.4",
"next-auth": "^5.0.0-beta.5",
"react": "^18",
If 'nonce' is not a check target, it returns undefined. https://github.com/nextauthjs/next-auth/blob/60cb83ea04032c0c69b499d931c679e2104a4e68/packages/core/src/lib/actions/callback/oauth/checks.ts#L205-L213
Processed as o.expectNoNonce without checking whether the Nonce is subject to check or not. https://github.com/nextauthjs/next-auth/blob/60cb83ea04032c0c69b499d931c679e2104a4e68/packages/core/src/lib/actions/callback/oauth/callback.ts#L133-L139
Yes, this worked for me. Thanks a lot @neptaco 💯
export const config = {
providers: [
SlackProvider({
checks: ['pkce', 'nonce'],
…
})
]
}
