-
I recently started learning NextAuth and I have three questions:
next-auth.session-token (only shows on browser)
-- Please see the text in bold and caps above. Sorry if the issue is trivial but I don't know if I'm missing something... |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 3 replies
-
I found the solutions to my problems: Issues 1) and 2) were because I didn't add the csrfToken key-value pair that was showing in my Postman html form to my request body. Issue 3) I just declared separate variables to the top of the file and saved the req and res objects there instead, which allows me to access it everywhere |
Beta Was this translation helpful? Give feedback.
-
Ok thanks let me try it
…On Mon, Dec 27, 2021, 12:12 PM Darnell Noel ***@***.***> wrote:
Hi, I started by adding the following script to the 'Tests' tab under
Postman Collections to see what cookies I was getting. For it to work you
need to receive and pass the following three NextAuth cookies:
1. next-auth.callback-url
2. next-auth.csrf-token
3. next-auth.session-token
Script:
console.log("Response: Test script");
pm.cookies.each(cookie => console.log(cookie));
let csrfToken = pm.cookies.get("next-auth.csrf-token");
let csrfTokenValue = csrfToken.split('|')[0];
let sessionTokenValue = pm.cookies.get("next-auth.session-token");
console.log('csrf token value: ', csrfTokenValue);
console.log('session token value: ', sessionTokenValue);
pm.environment.set("csrfToken", csrfTokenValue, "<your-environment-name>");
pm.environment.set("sessionToken", sessionTokenValue, "<your-environment-name>");
Send a GET request to localhost:{{PORT}}/api/auth/signin (api/auth is
default and would depend on your file structure), then check the HTML in
the 'Body' tab below. You should see the csrfToken value in the form input.
You can save it and persist it in an environment variable manually if you
want but the script is supposed to handle that.
Next, send a POST request to
localhost:{{PORT}}/api/auth/callback/credentials, be sure to include the
key 'csrfToken' and its value as the variable {{csrfToken}} in the request
Body tab, with x-www-form-urlencoded selected.
If it does not save the session cookie, try restarting your server and
then send the POST request again. You can save the sessionToken as an
environment variable manually as well, but the script is also supposed to
handle that. Let me know if works!
—
Reply to this email directly, view it on GitHub
<#2273 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD7GCPB4V6F6PKG2MLVWRPTUTBJHZANCNFSM47PKBCGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Thank you @DNoel26 DNoel26. I did try and this worked! awesome! here's my workaround: First, clear all the current-request-url's cookies by this script in 'Pre-request Script' URL: http://localhost:{{PORT}}/api/auth/signin
under the Tests tab, get the csrfToken and put it in the Environment
before sending a GET request to http://localhost:{{PORT}}/api/auth/signin Second: you should unset the 'next-auth.session-token' in 'Pre-request Script' //always fresh cookie, so whenever there's an error, the previous cookie is always unset.
then in 'Tests' tab, paste this:
then in the 'Body' tab add the key-value pair of your auth with key 'csrfToken' and its value as the variable {{csrfToken}} in the request Body tab, with x-www-form-urlencoded selected, nd the username/password credentials. |
Beta Was this translation helpful? Give feedback.
-
Now, you can get your csrf token from this endpoint:
|
Beta Was this translation helpful? Give feedback.
-
Troubleshooting Session and API Issues with NextAuth.js and Next.jsProblem 1: Session Token Shows in Browser, Not in PostmanReason:Session tokens are handled automatically by browsers but not in Postman. Solution:Manually copy the session token from the browser and add it to Postman. Steps:
Problem 2: Postman Skipping Authorize Function and CallbacksReason:Postman does not automatically handle OAuth redirects or authentication flows. Solution:Disable automatic redirects in Postman and manually add the session token. Steps:
Problem 3: req and res Objects UndefinedReason:Incorrect API route configuration or missing request/response arguments. Solution:Ensure your API route handler correctly accepts Steps:
|
Beta Was this translation helpful? Give feedback.
I found the solutions to my problems:
Issues 1) and 2) were because I didn't add the csrfToken key-value pair that was showing in my Postman html form to my request body.
Issue 3) I just declared separate variables to the top of the file and saved the req and res objects there instead, which allows me to access it everywhere