I’m a bit confused on the implementation of the credentials provider and the redirects. The documentation says that the credentials provider doesn’t support a callback and its for the OAuth providers. This is fine. However, instead of staying on the page and flashing an error message or even logging in like in this video it redirects to https://localhost/api/auth/callback/[credentials-provider-name]
. Which doesn’t even include the port I’m working with. If I explicitly set an id it uses that at the end of the url in instead.
This is what I have for the provider
import NextAuth from "next-auth" import CredentialsProvider from "next-auth/providers/credentials" export default NextAuth({ // Configure one or more authentication providers providers: [ CredentialsProvider({ credentials: { username: { label: "Username", type: "text", placeholder: "someuser69" }, password: { label: "Password", type: "password" }, }, name: "User Pass", type: "credentials", async authorize(credentials, req) { // Add logic here to look up the user from the credentials supplied return { id: 2, name: "user", email: "user@gmail.com", } return null; } }) // ...add more providers here ], callbacks: { async jwt({ token, account }) { // Persist the OAuth access_token to the token right after signin if (account) { token.accessToken = account.access_token } return token }, async session({ session, token, user }) { // Send properties to the client, like an access_token from a provider. session.accessToken = token.accessToken return session }, async redirect({ url, baseUrl, }) { console.log(""); return baseUrl; }, async signIn({ user, account, profile, email, credentials }) { return '/home'; } }, session: { jwt: true, maxAge: 30 * 24 * 60 * 60, }, secret: "CHANGE!!!", jwt: { maxAge: 60 * 60 * 24 * 30, secret: "afdsfi", }, })
I’ve looked through the docs and I’m not sure if I’m making some massive oversight, here. But some of my major confusions are:
Where is this callback set and how do I turn in off in the default provider (if possible).
I don’t think the
authorize
function works. If I put a console log in it. It doesn’t print to the terminal. So I don’t even know if it’s being called.
Advertisement
Answer
The issue is that I hadn’t set the NEXTAUTH_URL
variable correctly. The module apparently appends https
if the protocol isn’t set in the provided address. This is the case whether you are using 127.0.0.1
or localhost
. The solution to fixing the callback issues is to pass in the unsecured http
protocol if you’re using a local address for testing or development purposes like so:
NEXTAUTH_URL='http://127.0.0.1:3001'