You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to set up Credentials provider alongside Nodemailer and Google providers with database strategy. Both Nodemailer and Google work out of the box, but I understand that Credentials provider needs some extra work. According to the documentation:
"By default, the Credentials provider does not persist data in the database. However, you can still create and save any data in your database, you just have to provide the necessary logic, eg. to encrypt passwords, add rate-limiting, add password reset functionality, etc."
So, I'm assuming it should be doable. I'm setting up the provider:
constproviders=[Credentials({credentials: {email: {label: "Email",placeholder: "[email protected]",},password: {label: "Password",type: "password",},},asyncauthorize(credentials): Promise<User|null>{if(!credentials||!credentials.email||!credentials.password||typeofcredentials.email!=="string"||typeofcredentials.password!=="string"){returnnull;}returnawaitverifyCredentials(credentials.email,credentials.password,);// this returns a User if authorized, otherwise null},}),// Nodemailer and Google ommited...]
Creating the session seems straight-forward enough, I'm just creating it in the signIn callback like so:
So far so good, the sign-in flow works and the user is authorized.
However what I'm seeing is that the Credetials provider creates a JWT token in parallel and also sets it in the cookie, so getSession can never work. It feels that it wants to use the jwt strategy.
I found this blog post in an old discussion about this topic (#4394), in which the author describes a way to make this work, but it feels way too fragile, and according to the documentation, there should be a means to do this properly.
What do you think? Am I missing something or is this indeed a bug or as-of-yet-missing-feature?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi community!
I'm trying to set up Credentials provider alongside Nodemailer and Google providers with database strategy. Both Nodemailer and Google work out of the box, but I understand that Credentials provider needs some extra work. According to the documentation:
"By default, the Credentials provider does not persist data in the database. However, you can still create and save any data in your database, you just have to provide the necessary logic, eg. to encrypt passwords, add rate-limiting, add password reset functionality, etc."
So, I'm assuming it should be doable. I'm setting up the provider:
Creating the session seems straight-forward enough, I'm just creating it in the
signIncallback like so:So far so good, the sign-in flow works and the user is authorized.
However what I'm seeing is that the Credetials provider creates a JWT token in parallel and also sets it in the cookie, so
getSessioncan never work. It feels that it wants to use the jwt strategy.I found this blog post in an old discussion about this topic (#4394), in which the author describes a way to make this work, but it feels way too fragile, and according to the documentation, there should be a means to do this properly.
What do you think? Am I missing something or is this indeed a bug or as-of-yet-missing-feature?
--
Zsolt
Beta Was this translation helpful? Give feedback.
All reactions