I have created a Next.JS 14 application, using Auth0, based on the “@auth0/nextjs-auth0” library.
Login, session and protecting pages works fine.
I also implemented DB data fetching through an internal API system. When I run the fetch command, I can see the appSession cookie in the headers of the request in the browser developer tools network tab.
I want to secure the API endpoints using the session created during the login.
At first, I tried to use the provided function from the library:
import { withApiAuthRequired } from '@auth0/nextjs-auth0'
const GET = withApiAuthRequired(async (req: NextRequest) => {
But I always get the error:
{“error”:“not_authenticated”,“description”:“The user does not have an active session or is not authenticated”}
I then tried to check that the session is authenticated in the API handler directly:
import { getAccessToken , getSession } from '@auth0/nextjs-auth0'
export const GET = async (request) => {
const session = await getSession(request, res)
const { accessToken } = await getAccessToken()
In all cases, even though I have the cookie in the request, both session and accessToken are undefined.
I’ve also tried providing the request and response objects to these functions, but there is no change.
Furthermore, I tried to push the access token as an Authorization header as described here:
and that header did not appear on the call’s headers.
I’m at my wit’s end. Can anyone please help me resolve this?