Next-auth CredentialProvider config and redirect

I’m a bit confused on the implementation of the credentials provider and the redirects. The documentation says that the credentials provider doesn’t support a callback and its for the OAuth providers. This is fine. However, instead of staying on the page and flashing an error message or even logging in like in this video it redirects to https://localhost/api/auth/callback/[credentials-provider-name]. Which doesn’t even include the port I’m working with. If I explicitly set an id it uses that at the end of the url in instead.

This is what I have for the provider

import NextAuth from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials"

export default NextAuth({
  // Configure one or more authentication providers
  providers: [
    CredentialsProvider({
      credentials: {
        username: { label: "Username", type: "text", placeholder: "someuser69" },
        password: { label: "Password", type: "password" },
      },
      name: "User Pass",
      type: "credentials",
      async authorize(credentials, req) {
        // Add logic here to look up the user from the credentials supplied
        return {
          id: 2,
          name: "user",
          email: "user@gmail.com",
        }
        return null;
      }
    })
    // ...add more providers here
  ],
  callbacks: {
    async jwt({ token, account }) {
      // Persist the OAuth access_token to the token right after signin
      if (account) {
        token.accessToken = account.access_token
      }
      return token
    },
    async session({ session, token, user }) {
      // Send properties to the client, like an access_token from a provider.
      session.accessToken = token.accessToken
      return session
    },
    async redirect({ url, baseUrl, }) {
      console.log("");
      return baseUrl;
    },
    async signIn({ user, account, profile, email, credentials }) {
      return '/home';
    }
  },
  session: {
    jwt: true,
    maxAge: 30 * 24 * 60 * 60,

  },
  secret: "CHANGE!!!",
  jwt: {
    maxAge: 60 * 60 * 24 * 30,
    secret: "afdsfi",

  },

})

I’ve looked through the docs and I’m not sure if I’m making some massive oversight, here. But some of my major confusions are:

Where is this callback set and how do I turn in off in the default provider (if possible).
I don’t think the authorize function works. If I put a console log in it. It doesn’t print to the terminal. So I don’t even know if it’s being called.

Answer

The issue is that I hadn’t set the NEXTAUTH_URL variable correctly. The module apparently appends https if the protocol isn’t set in the provided address. This is the case whether you are using 127.0.0.1 or localhost. The solution to fixing the callback issues is to pass in the unsecured http protocol if you’re using a local address for testing or development purposes like so:

NEXTAUTH_URL='http://127.0.0.1:3001'

Advertisement

Answer