fix(core): respect NEXTAUTH_SECRET in unstable_getServerSession

[balazsorban44]

Thanks for @gt-codes pointing this out.

☕️ Reasoning

What changes are being made? What feature/bug is being fixed here?

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

Please scout and link issues that might be solved by this PR.

Fixes: INSERT_ISSUE_LINK_HERE

📌 Resources

• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Updated
next-auth	⬜️ Ignored (Inspect)		Jun 27, 2022 at 11:57AM (UTC)

[github-actions]

🎉 Experimental release published on npm!

npm i next-auth@0.0.0-pr.4774.a31ef368

yarn add next-auth@0.0.0-pr.4774.a31ef368

[ndom91]

LGTM 👍

[colbyfayock]

hey! is there a related issue here I can follow up on? I'm getting:

TypeError: Cannot read property 'secret' of undefined
    at unstable_getServerSession (/Users/colbyfayock/Code/cld.media/node_modules/next-auth/next/index.js:78:48)

on "next-auth": "^4.9.0", and unsure if it's related?

providing a secret via:

NEXTAUTH_SECRET="1234"

and simple usage via:

import { unstable_getServerSession } from 'next-auth/next';
import { authOptions } from '@src/pages/api/auth/[...nextauth]';

try {
    const session = await unstable_getServerSession(req, res, authOptions)
    console.log('session', session);
  } catch(e) {
    console.log('e', e);
  }

[ndom91]

hey! is there a related issue here I can follow up on? I'm getting:

TypeError: Cannot read property 'secret' of undefined
    at unstable_getServerSession (/Users/colbyfayock/Code/cld.media/node_modules/next-auth/next/index.js:78:48)

on "next-auth": "^4.9.0", and unsure if it's related?

providing a secret via:

NEXTAUTH_SECRET="1234"

and simple usage via:

import { unstable_getServerSession } from 'next-auth/next';
import { authOptions } from '@src/pages/api/auth/[...nextauth]';

try {
    const session = await unstable_getServerSession(req, res, authOptions)
    console.log('session', session);
  } catch(e) {
    console.log('e', e);
  }

Okay, maybe a dumb question, but just to cover our bases - you're running that try/catch block in a getServerSideProps or some kind of function like that, right? This can only be run server-side

[colbyfayock]

hey yup! it was in a serverless function.

[ndom91]

hey yup! it was in a serverless function.

Maybe the import is incorrect? Cause its trying to read secret off of the authOptions, right?

I think there might need to be a / between @ and src

Or maybe your exporting the authOptions as a default export from your [...nextauth] file?

[colbyfayock]

okay so thats a good lead. i also tried to recreate this in a codesandbox which gives me an error:

Attempted import error: 'authOptions' is not exported from './auth/[...nextauth]'.

which i dont get locally when trying to import it

https://codesandbox.io/s/bold-dust-5jjbwf?file=/pages/api/test.js:152-385

if i try logging out the default export from [...nextauth].js i get [AsyncFunction (anonymous)] so its somewhat expected i wouldn't be able to destructure that to get authOptions

is there a proper example for accessing this? i just copy and pasted the example from the docs

https://next-auth.js.org/getting-started/example#backend---api-route

also im thinking this might be out of scope so happy to move this conversation elsewhere, whatever you prefer :)