Adding custom value to NextAuth session - [next-auth][error][JWT_SESSION_ERROR]
I am trying to add a username field to my NextAuth session data in my t3 app and am getting the following error:
https://next-auth.js.org/errors#jwt_session_error Cannot read properties of undefined (reading 'username')
I have added an optional username field to both my User
and Session
overrides like this:
And here are my session
and jwt
callbacks:
The strange part is the log in the jwt
callback logs the correct user obejct (with the username) once, then logs undefined, and then logs the error above. Any idea why my user would be getting set to undefined and passed into the jwt callback? (logs below)
19 Replies
ah your using jwts
Yeah
I found this example: https://www.answeroverflow.com/m/1096969046227943584
iirc there was some fuckery I had to do to get that to work right
why are you using jwt vs db sessions?
Which seems to be exactly what I am running into. But their solution didnt seem to fix it for me
I wanted to use middleware with nextauth and iirc you need jwt for that
https://create.t3.gg/en/usage/next-auth#usage-with-nextjs-middleware
ah
yeah you can't ping the db iirc
for some weird reason
do you need something in the client jwt? or just that the user is logged in
So I found a "solution" to this, if I append the username to my jwt like this:
I can pull the username from
token
in the session()
callback instead of the user (because its undefined). Is that the fuckery youre talking about?
Because that feels gross lol idk why I cant just access the user
Just auth state tbh. I was just following Theo's youtube video and wanted to add the middleware to stay in sync/learn. But I am more familiar with NextAuth than Clerk and use it in other projects so wanted to stay consistentahhhh yep that's it
ah okay hold on then
if you only care if the user is logged in, just check if the nextauth cookie is present in their request
technically, it's not 100000% secure, because it could be an outdated token, but the idea is you are optimistically assuming they are logged in, and when they actually get to a page that grabs the session, next auth will bounce them to the sign in page
if you have it configured that way atleast
you're middle ware runs every request so you want that to be as fast as possible
and imo db states are just easier to use /manage
I use this method in our products and it works like a charm
Yeah okay fair. Appreciate the input. At this point Im committed to solving this lol but if I change my mind I will try that approach
word
for your problem I'm 99% sure this was it for me
cause I use jwt's during development
and then swap to db sessions in prod
Yeah it looks like this is the answer in their github too: https://github.com/nextauthjs/next-auth/discussions/4117
Thats crazy lmao
Wtf is the point of accepting the user in the callback if its undefined
who knows lmao
btw, do you remember what you did about the types yelling at you? Since the
User
type isnt on the JWT
, it freaks out lolIf I do use this appraoch temporarily I dont want typesript yelling at me
yeah I can find it
Beast thank you
supposedly I'm doing this
Ahh just casting it, Im dumb idk why I didnt do that lmao thank you
yur
In case you wanna bump the issue with me or share this in case someone asks in the future: https://github.com/nextauthjs/next-auth/discussions/9438. Seriously apprecaite your help @Josh