The API calls using nextjs-auth0 are always showing as unauthenticated

ilankl · April 1, 2024, 4:40pm

I have created a Next.JS 14 application, using Auth0, based on the “@auth0/nextjs-auth0” library.
Login, session and protecting pages works fine.

I also implemented DB data fetching through an internal API system. When I run the fetch command, I can see the appSession cookie in the headers of the request in the browser developer tools network tab.
I want to secure the API endpoints using the session created during the login.

At first, I tried to use the provided function from the library:


import { withApiAuthRequired } from '@auth0/nextjs-auth0'

const GET = withApiAuthRequired(async (req: NextRequest) => {

But I always get the error:

{“error”:“not_authenticated”,“description”:“The user does not have an active session or is not authenticated”}

I then tried to check that the session is authenticated in the API handler directly:

import { getAccessToken , getSession } from '@auth0/nextjs-auth0'

export const GET = async (request) => {
    const session = await getSession(request, res)
    const { accessToken } = await getAccessToken()

In all cases, even though I have the cookie in the request, both session and accessToken are undefined.
I’ve also tried providing the request and response objects to these functions, but there is no change.

Furthermore, I tried to push the access token as an Authorization header as described here:

and that header did not appear on the call’s headers.

I’m at my wit’s end. Can anyone please help me resolve this?

RaphyPoo · April 2, 2024, 8:53pm

Hi I am currently also having this issue, were you able to fix this yet and if so how?

RaphyPoo · April 2, 2024, 9:18pm

I was actually just able to fix it by putting my async fetching in a useEffect in my component, if you want you can reply with more information and I would be more than happy to try and help you with you current issue

ilankl · April 3, 2024, 6:30pm

Thanks, @RaphyPoo. I check and you seem to be correct. when the request comes from a client component, the session is there. When it’s a server component, (and thus no useEffect), it is not.
This is, however, not a perfect solution. My system is mixed. I do have some client components, but I also have some server components I’d rather not convert to client side. This means that I have an inconsistent API interface which sometimes lets my fetches through and sometimes does not.
All very frustrating.

RaphyPoo · April 8, 2024, 9:00pm

Oh I see, I actually switched all of my components to CSR because I was having trouble with the whole hydration and using the two types of rendering together (I know it kind of removes the entire purpose of NextJS but whatever). However I’m not sure how your api and everything is set up but for me, all of my authentication is done server side. So I only use auth0 on the frontend for the { user } = useUser() from ‘@auth0/nextjs-auth0/client’. maybe you could try implementing it all on the backend and see how that works? I wish you best of luck!

Topic		Replies	Views
Access withApiAuthRequired endpoint in Next.js application with postman Help apis , application	1	221	August 31, 2024
How to access my custom protected API, created in Next JS Help management-api , client-grants	4	515	April 18, 2024
No Active Session or not authenticated [NextJS + App Router] Help sessions , authentication-sessions	0	70	July 25, 2024
Calling a protected NextJS API route from another Protected NextJS API route Help login-experience , new-universal-login-experience	3	602	July 29, 2024
getAccessToken from nextjs-auth0 is returning an empty token inside app router api and withApiAuthRequired Help sessions , authentication-sessions	0	753	February 28, 2024

The API calls using nextjs-auth0 are always showing as unauthenticated

Related Topics