3 replies

NextAuth /verify-request double-triggering, invalidating token

Hello, I'm experiencing some issues with the EmailProvider from NextAuth. Unable to find any answers online I thought I'd take my question here, if someone has had any similar issues.

So for some context, I am running MongoDB /w Prisma and this is is model for the VerificationToken (however I doubt the issue lies here)

model VerificationToken {
    id         String   @id @default(auto()) @map("_id") @db.ObjectId
    identifier String
    token      String   @unique
    expires    DateTime

    @@unique([identifier, token])
}

model VerificationToken {
    id         String   @id @default(auto()) @map("_id") @db.ObjectId
    identifier String
    token      String   @unique
    expires    DateTime

    @@unique([identifier, token])
}

auth.ts

auth.ts

like so:

export const authOptions: NextAuthOptions = {
    callbacks: {
        signIn: async (user) => {
            const { name, image, id } = user.user;
            if (!name || !image)
                await prisma.user.update({
                    where: { id },
                    data: {
                        name: !name ? "User" : undefined,
                        image: !image
                            ? "/assets/imgs/default-avatar.png"
                            : undefined,
                    },
                });

            return true;
        },
        session: ({ session, user }) => ({
            ...session,
            user: {
                ...session.user,
                id: user.id,
                tag: user.tag,
                lastTagReset: user.lastTagReset,
                role: user.role,
            },
        }),
    },
    adapter: PrismaAdapter(prisma),
    providers: [
        ...
        EmailProvider({
            server: env.EMAIL_SERVER,
            from: env.EMAIL_FROM,
        }),
        ...
    ],
    cookies: {
        pkceCodeVerifier: {
            name: "next-auth.pkce.code_verifier",
            options: {
                httpOnly: true,
                sameSite: "none",
                path: "/",
                secure: true,
            },
        },
    },
};

export const authOptions: NextAuthOptions = {
    callbacks: {
        signIn: async (user) => {
            const { name, image, id } = user.user;
            if (!name || !image)
                await prisma.user.update({
                    where: { id },
                    data: {
                        name: !name ? "User" : undefined,
                        image: !image
                            ? "/assets/imgs/default-avatar.png"
                            : undefined,
                    },
                });

            return true;
        },
        session: ({ session, user }) => ({
            ...session,
            user: {
                ...session.user,
                id: user.id,
                tag: user.tag,
                lastTagReset: user.lastTagReset,
                role: user.role,
            },
        }),
    },
    adapter: PrismaAdapter(prisma),
    providers: [
        ...
        EmailProvider({
            server: env.EMAIL_SERVER,
            from: env.EMAIL_FROM,
        }),
        ...
    ],
    cookies: {
        pkceCodeVerifier: {
            name: "next-auth.pkce.code_verifier",
            options: {
                httpOnly: true,
                sameSite: "none",
                path: "/",
                secure: true,
            },
        },
    },
};

I have placed a quick console.log in the NextAuth src, just to possibly get some more information, to which I discovered that it seems to double trigger

useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}
useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}

useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}
useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}

I am also able to see the actual session in the DB, which then gets REMOVED but still gives errors that it was "unable to find the record"

prisma:error 
Invalid `prisma.verificationToken.delete()` invocation:


An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.
{"name":"PrismaClientKnownRequestError","code":"P2025","clientVersion":"5.3.1","meta":{"cause":"Record to delete does not exist."}}

prisma:error 
Invalid `prisma.verificationToken.delete()` invocation:


An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.
{"name":"PrismaClientKnownRequestError","code":"P2025","clientVersion":"5.3.1","meta":{"cause":"Record to delete does not exist."}}

ANY help is appreciated, I've been banging my head over this for hours now and I don't understand why it's acting like this

Solution

After coming back to this a few days later, I have found the problem, opening the dumb link through Outlook (because the standard Windows Mail app was not enough) it seems to trigger the endpoint on it's own somehow, invalidating the URL and then when I finally had the window open, the link was now already used.

So TL;DR: Probably use Gmail or the standard windows Mail app until it gets discontinued. If you use outlook, copy the link and paste it in the browser yourself

Jump to solution

TTC

Theo's Typesafe Cult•3y ago•

3 replies

Snow

NextAuth /verify-request double-triggering, invalidating token

model VerificationToken {
    id         String   @id @default(auto()) @map("_id") @db.ObjectId
    identifier String
    token      String   @unique
    expires    DateTime

    @@unique([identifier, token])
}

model VerificationToken {
    id         String   @id @default(auto()) @map("_id") @db.ObjectId
    identifier String
    token      String   @unique
    expires    DateTime

    @@unique([identifier, token])
}

auth.ts

auth.ts

like so:

export const authOptions: NextAuthOptions = {
    callbacks: {
        signIn: async (user) => {
            const { name, image, id } = user.user;
            if (!name || !image)
                await prisma.user.update({
                    where: { id },
                    data: {
                        name: !name ? "User" : undefined,
                        image: !image
                            ? "/assets/imgs/default-avatar.png"
                            : undefined,
                    },
                });

            return true;
        },
        session: ({ session, user }) => ({
            ...session,
            user: {
                ...session.user,
                id: user.id,
                tag: user.tag,
                lastTagReset: user.lastTagReset,
                role: user.role,
            },
        }),
    },
    adapter: PrismaAdapter(prisma),
    providers: [
        ...
        EmailProvider({
            server: env.EMAIL_SERVER,
            from: env.EMAIL_FROM,
        }),
        ...
    ],
    cookies: {
        pkceCodeVerifier: {
            name: "next-auth.pkce.code_verifier",
            options: {
                httpOnly: true,
                sameSite: "none",
                path: "/",
                secure: true,
            },
        },
    },
};

export const authOptions: NextAuthOptions = {
    callbacks: {
        signIn: async (user) => {
            const { name, image, id } = user.user;
            if (!name || !image)
                await prisma.user.update({
                    where: { id },
                    data: {
                        name: !name ? "User" : undefined,
                        image: !image
                            ? "/assets/imgs/default-avatar.png"
                            : undefined,
                    },
                });

            return true;
        },
        session: ({ session, user }) => ({
            ...session,
            user: {
                ...session.user,
                id: user.id,
                tag: user.tag,
                lastTagReset: user.lastTagReset,
                role: user.role,
            },
        }),
    },
    adapter: PrismaAdapter(prisma),
    providers: [
        ...
        EmailProvider({
            server: env.EMAIL_SERVER,
            from: env.EMAIL_FROM,
        }),
        ...
    ],
    cookies: {
        pkceCodeVerifier: {
            name: "next-auth.pkce.code_verifier",
            options: {
                httpOnly: true,
                sameSite: "none",
                path: "/",
                secure: true,
            },
        },
    },
};

I have placed a quick console.log in the NextAuth src, just to possibly get some more information, to which I discovered that it seems to double trigger

useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}
useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}

useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}
useVerificationToken {
  identifier: '...',
  token: 'b8df22aa3d0ff9f1321805437ea807d6199d833e3ec4b0cba278d79ee0404793'
}

I am also able to see the actual session in the DB, which then gets REMOVED but still gives errors that it was "unable to find the record"

prisma:error 
Invalid `prisma.verificationToken.delete()` invocation:


An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.
{"name":"PrismaClientKnownRequestError","code":"P2025","clientVersion":"5.3.1","meta":{"cause":"Record to delete does not exist."}}

prisma:error 
Invalid `prisma.verificationToken.delete()` invocation:


An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.
{"name":"PrismaClientKnownRequestError","code":"P2025","clientVersion":"5.3.1","meta":{"cause":"Record to delete does not exist."}}

ANY help is appreciated, I've been banging my head over this for hours now and I don't understand why it's acting like this

Solution

Jump to solution

NextAuth /verify-request double-triggering, invalidating token

NextAuth /verify-request double-triggering, invalidating token

Similar Threads

Similar Threads

Similar Threads