I'm feeling a bit lost when it comes to understanding how the credentials provider and redirects work. The documentation mentions that the credentials provider doesn't support a callback and is specifically for OAuth providers, which I understand. However, instead of handling errors on the same page or logging in like demonstrated in this video, it redirects to
https://localhost/api/auth/callback/[credentials-provider-name]This is my setup for the provider:
import NextAuth from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials"
export default NextAuth({
// Configure one or more authentication providers
providers: [
CredentialsProvider({
credentials: {
username: { label: "Username", type: "text", placeholder: "someuser69" },
password: { label: "Password", type: "password" },
},
name: "User Pass",
type: "credentials",
async authorize(credentials, req) {
// Add logic here to look up the user from the credentials supplied
return {
id: 2,
name: "user",
email: "<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7401071106341319151d185a171b19">[email protected]</a>",
}
return null;
}
})
// ...add more providers here
],
callbacks: {
async jwt({ token, account }) {
// Persist the OAuth access_token to the token right after signin
if (account) {
token.accessToken = account.access_token
}
return token
},
async session({ session, token, user }) {
// Send properties to the client, like an access_token from a provider.
session.accessToken = token.accessToken
return session
},
async redirect({ url, baseUrl, }) {
console.log("");
return baseUrl;
},
async signIn({ user, account, profile, email, credentials }) {
return '/home';
}
},
session: {
jwt: true,
maxAge: 30 * 24 * 60 * 60,
},
secret: "CHANGE!!!",
jwt: {
maxAge: 60 * 60 * 24 * 30,
secret: "afdsfi",
},
})
I've gone through the documentation, but I can't seem to figure out if I'm missing something important here. Some key points of confusion for me are:
Where exactly is this callback defined, and is there a way to disable it in the default provider?
I suspect that the
authorizefunction isn't functioning as expected. Even when I place a console log within it, nothing gets printed to the terminal. So, I can't confirm whether it's actually being called.