getSession unable to authenticate user in NextJS server-side

I’m trying to protect a data request that’s made in the api. My basic setup is this:

In src/app/myroute/[id]/page.tsx:

import { getSession } from "@auth0/nextjs-auth0/edge";

export default async function page(props: Props) {
    const session = await getSession();
    const { id } = props.params;
    const url = `${process.env.BASE_URL}/api/myroute/${id}`;
    const req = new NextRequest(url);
    const res = await fetch(req);

Which sends a request to src/app/api/myroute/[id]/route.ts:

import { getSession } from "@auth0/nextjs-auth0/edge";

export async function GET(req: NextRequest, props: Props): Promise<Response> {
    const res = NextResponse.next();
    const session = await getSession(req, res);

    if (!session) {
        return new Response("Not logged in", { status: 401 });
    }

My issue is that getSession() always returns undefined regardless of the user’s authentication status on the front end.

I have tried everything that I can think of and scoured the forums but can’t see anything that suggests this should be an issue. I’ve also tried manually adding the accessToken cookie to the request object:

const req = new NextRequest(url, { headers: { cookie: session.accessToken as string } });

Any help is much appreciated!

Hi @keegan.r.s21

Welcome to the Auth0 Community.

I would suggest you check the Github repo examples like this one just an an example of protecting an API route https://github.com/auth0/nextjs-auth0/blob/main/EXAMPLES.md#protect-an-api-route as this may help you to spot what’s missing.

If you’re still having trouble you could post an issue here to get feedback directly from the SDK maintainers https://github.com/auth0/nextjs-auth0/issues

Warm regards.

Thanks for getting back to me @SaqibHussain.

This solved the issue! I’m not sure why my implementation didn’t work though… It seems that making a request with the function wrapped in withPageAuthRequired() makes it work.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.