getSession unable to authenticate user in NextJS server-side

I’m trying to protect a data request that’s made in the api. My basic setup is this:

In src/app/myroute/[id]/page.tsx:

import { getSession } from "@auth0/nextjs-auth0/edge";

export default async function page(props: Props) {
    const session = await getSession();
    const { id } = props.params;
    const url = `${process.env.BASE_URL}/api/myroute/${id}`;
    const req = new NextRequest(url);
    const res = await fetch(req);

Which sends a request to src/app/api/myroute/[id]/route.ts:

import { getSession } from "@auth0/nextjs-auth0/edge";

export async function GET(req: NextRequest, props: Props): Promise<Response> {
    const res =;
    const session = await getSession(req, res);

    if (!session) {
        return new Response("Not logged in", { status: 401 });

My issue is that getSession() always returns undefined regardless of the user’s authentication status on the front end.

I have tried everything that I can think of and scoured the forums but can’t see anything that suggests this should be an issue. I’ve also tried manually adding the accessToken cookie to the request object:

const req = new NextRequest(url, { headers: { cookie: session.accessToken as string } });

Any help is much appreciated!

Hi @keegan.r.s21

Welcome to the Auth0 Community.

I would suggest you check the Github repo examples like this one just an an example of protecting an API route as this may help you to spot what’s missing.

If you’re still having trouble you could post an issue here to get feedback directly from the SDK maintainers

Warm regards.

Thanks for getting back to me @SaqibHussain.

This solved the issue! I’m not sure why my implementation didn’t work though… It seems that making a request with the function wrapped in withPageAuthRequired() makes it work.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.