I’m trying to protect a data request that’s made in the api. My basic setup is this:
In src/app/myroute/[id]/page.tsx:
import { getSession } from "@auth0/nextjs-auth0/edge";
export default async function page(props: Props) {
const session = await getSession();
const { id } = props.params;
const url = `${process.env.BASE_URL}/api/myroute/${id}`;
const req = new NextRequest(url);
const res = await fetch(req);
Which sends a request to src/app/api/myroute/[id]/route.ts:
import { getSession } from "@auth0/nextjs-auth0/edge";
export async function GET(req: NextRequest, props: Props): Promise<Response> {
const res = NextResponse.next();
const session = await getSession(req, res);
if (!session) {
return new Response("Not logged in", { status: 401 });
}
My issue is that getSession() always returns undefined regardless of the user’s authentication status on the front end.
I have tried everything that I can think of and scoured the forums but can’t see anything that suggests this should be an issue. I’ve also tried manually adding the accessToken cookie to the request object:
const req = new NextRequest(url, { headers: { cookie: session.accessToken as string } });
Any help is much appreciated!