[JWT] Using database still uses JWT strategy and gives a JWTSessionError #11510
Description
Environment
Package Info:
"react": "^18.3.1",
"react-dom": "^18.3.1",
"next": "14.2.5",
"next-auth": "^5.0.0-beta.20",
"drizzle-orm": "^0.32.1",
Node Version: v20.12.2
OS: Fedora Linux
Browser: Firefox
Reproduction URL
https://github.com/A1X5H04/notesync-web
Describe the issue
I am getting the following JWT Session Error when using a database strategy, this only occurs when using a database strategy,
auth.ts
import NextAuth from "next-auth";
import authConfig from "./auth.config";
import { DrizzleAdapter } from "@auth/drizzle-adapter";
import db from "./lib/db";
export const { handlers, signIn, signOut, auth } = NextAuth({
adapter: DrizzleAdapter(db),
pages: {
signIn: "/auth/login",
error: "/auth/error",
},
secret: "wnlAmKEdpTw+OY1L6PIk5ALNzHAKTqW23wdVpIjuKf",
callbacks: {
jwt({ token, user }) {
if (user) token.sub = user.id;
return token;
},
session({ session, token }) {
if (token.sub) session.user.id = token.sub;
return session;
},
},
debug: true,
...authConfig,
});auth.config.ts
import GitHub from "next-auth/providers/github";
import Credentials from "next-auth/providers/credentials";
import type { NextAuthConfig } from "next-auth";
import credentials from "next-auth/providers/credentials";
import { loginSchema } from "./lib/form-schemas";
import { getUserByEmail } from "./queries/user";
import bcryptjs from "bcryptjs";
// Notice this is only an object, not a full Auth.js instance
export default {
providers: [GitHub],
} satisfies NextAuthConfig;Here's the error I am getting:
GET /api/auth/callback/github?code=779*******7f58895f6b 302 in 12162ms
[auth][error] JWTSessionError: Read more at https://errors.authjs.dev#jwtsessionerror
[auth][cause]: JWEInvalid: Invalid Compact JWE
at compactDecrypt (webpack-internal:///(middleware)/./node_modules/jose/dist/browser/jwe/compact/decrypt.js:20:15)
at jwtDecrypt (webpack-internal:///(middleware)/./node_modules/jose/dist/browser/jwt/decrypt.js:12:100)
at Object.decode (webpack-internal:///(middleware)/./node_modules/@auth/core/jwt.js:81:79)
at Module.session (webpack-internal:///(middleware)/./node_modules/@auth/core/lib/actions/session.js:23:39)
at AuthInternal (webpack-internal:///(middleware)/./node_modules/@auth/core/lib/index.js:47:77)
at async Auth (webpack-internal:///(middleware)/./node_modules/@auth/core/index.js:126:34)
at async handleAuth (webpack-internal:///(middleware)/./node_modules/next-auth/lib/index.js:136:29)
at async adapter (webpack-internal:///(middleware)/./node_modules/next/dist/esm/server/web/adapter.js:179:16)
at async /mnt/data/Projects/Web Projects/notisync-web/node_modules/next/dist/server/web/sandbox/sandbox.js:110:22
at async runWithTaggedErrors (/mnt/data/Projects/Web Projects/notisync-web/node_modules/next/dist/server/web/sandbox/sandbox.js:107:9)
[auth][details]: {}
And yes, I don't have malformed secret configured, and I also have pass a string from the .env to the secret key in auth config, I have also not touched any jwt function in the library
How to reproduce
- Create a next app with npx create@next-app
- Install necessary libraries, here I install next-auth@beta and drizzle for database orm
- Follow the next auth documentation to configure next auth in nextjs project
- Follow the documentation for the database adapter and configure them as well
- Finally follow the edge compatibilty documentation for the next auth middleware since it works on edge
- Configure the ouath providers and run the app
- Invoke the oauth provider function and authenticate your app with oauth provider once done you will be thrown the error
Expected behavior
Should create a session in the database and authenticate the user and redirect them to designated route, without any error, and should use database approach