Access Token doesnt work. Nest js, Next JS and Next auth

Help
,
1

Hello everyone, I’m doing a project with nest js, next js and next auth. When I log in, my access token doesn’t work in my validator in Nest js. But, when I login with curl with url ‘…/token’ it works.
I’m using a custom API to validate the token and normal web application

Next auth: […nextauth].ts

import { Session } from "@/types/next-auth";
import NextAuth from "next-auth";
import Auth0Provider from "next-auth/providers/auth0";

export default NextAuth({
  cookies: {
    sessionToken: {
      name: "__Secure-next-auth.session-token",
      options: {
        httpOnly: true,
        sameSite: "lax",
        path: "/",
        secure: true,
        domain: "localhost",
      },
    },
    callbackUrl: {
      name: "__Secure-next-auth.callback-url",
      options: {
        sameSite: "lax",
        path: "/",
        secure: true,
        domain: "localhost",
      },
    },
    pkceCodeVerifier: {
      name: "__Secure-next-auth.pkce.code_verifier",
      options: {
        httpOnly: true,
        sameSite: "lax",
        path: "/",
        secure: true,
        domain: "localhost",
      },
    },
    state: {
      name: "__Secure-next-auth.state",
      options: {
        httpOnly: true,
        sameSite: "lax",
        path: "/",
        secure: true,
        domain: "localhost",
      },
    },
  },
  providers: [
    Auth0Provider({
      clientId: process.env.AUTH0_CLIENT_ID as string,
      clientSecret: process.env.AUTH0_CLIENT_SECRET as string,
      issuer: process.env.AUTH0_ISSUER_BASE_URL,
      token: {
        params: {
          audience: encodeURI(process.env.AUTH0_AUDIENCE as string),
        },
      },
      authorization: {
        params: {
          audience: encodeURI(process.env.AUTH0_AUDIENCE as string),
        },
      },
      idToken: true,
    }),
  ],
  callbacks: {
    session: async ({ session, token }: any) => {
      let universalUser: Session["universalUser"];
      let accessToken: Session["accessToken"];

      if (token) {
        universalUser = {
          auth0: {
            sub: token.sub ?? "",
            name: token.name ?? "",
            email: token.email ?? "",
            picture: token.picture ?? "",
          },
        };
        accessToken = token.accessToken as string;

        return { ...session, universalUser, accessToken };
      }

      return session;
    },
    async jwt({ token, account }: any) {
      if (account) {
        token.accessToken = account.access_token;
      }

      return token;
    },
    async redirect({ baseUrl }: any) {
      return baseUrl;
    },
  },
});

My validator in nest js:

import { Injectable } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";
import * as dotenv from "dotenv";
import { passportJwtSecret } from "jwks-rsa";
import { ExtractJwt, Strategy } from "passport-jwt";

dotenv.config();

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      secretOrKeyProvider: passportJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: `hidden_url=D/.well-known/jwks.json`,
      }),

      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      audience: "hidden_url=D",
      issuerBaseURL: "hidden_url=D",
      tokenSigningAlg: "RS256",
    });
  }

  validate(payload: unknown): unknown {
    return payload;
  }
}
2

At a certain point, I started to get the cookie token to test it on insomnia out of practicality. However, the access token in the cookies is not the same as the useSession token within the code. This useSession access token works normally :slight_smile:

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.