[auth][error] CredentialsSignin, when return null for CredentialsProvider in the authorize function.

[AmphibianDev]

Environment

System:
OS: Windows 11 10.0.22631
CPU: (24) x64 AMD Ryzen 9 3900X 12-Core Processor
Memory: 25.36 GB / 47.93 GB
Binaries:
Node: 20.11.0 - C:\Program Files\nodejs\node.EXE
npm: 10.2.4 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: Chromium (121.0.2277.98)
Internet Explorer: 11.0.22621.1
npmPackages:
@auth/prisma-adapter: ^1.2.1 => 1.2.1
next: 14.1.0 => 14.1.0
next-auth: ^5.0.0-beta.5 => 5.0.0-beta.5
react: ^18 => 18.2.0

Reproduction URL

https://github.com/AmphibianDev/todo-app/tree/main

Describe the issue

The error occurs only when authorize returns null, if it's returning a user, it works.

How to reproduce

auth.config.ts

import { NextAuthConfig } from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";

export default {
  providers: [
    CredentialsProvider({
      async authorize(credentials, req) {
        return null;
      },
    }),
  ],
} satisfies NextAuthConfig;

auth.ts

import NextAuth from "next-auth";
import authConfig from "@/auth.config";
import prisma from "@/lib/prisma";
import { PrismaAdapter } from "@auth/prisma-adapter";

export const {
  handlers: { GET, POST },
  auth,
  signIn,
  signOut,
} = NextAuth({ adapter: PrismaAdapter(prisma), session: { strategy: "jwt" }, ...authConfig });

Error:

[auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin
    at Module.callback (C:\Users\Work\Desktop\todo-app\.next\server\chunks\node_modules_f27a4e._.js:2982:30)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Module.AuthInternal (C:\Users\Work\Desktop\todo-app\.next\server\chunks\node_modules_f27a4e._.js:3597:24)
    at async Module.Auth (C:\Users\Work\Desktop\todo-app\.next\server\chunks\node_modules_f27a4e._.js:3722:29)
    at async Module.signIn (C:\Users\Work\Desktop\todo-app\.next\server\chunks\node_modules_edd83f._.js:3286:17)
    at async logInAction (C:\Users\Work\Desktop\todo-app\.next\server\chunks\[root of the server]__19aaaf._.js:351:9)
    at async C:\Users\Work\Desktop\todo-app\node_modules\next\dist\compiled\next-server\app-page.runtime.dev.js:39:406
    at async t4 (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\compiled\next-server\app-page.runtime.dev.js:38:6379)
    at async rk (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\compiled\next-server\app-page.runtime.dev.js:39:25934)
    at async doRender (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:1394:30)
    at async cacheEntry.responseCache.get.routeKind (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:1555:28)
    at async DevServer.renderToResponseWithComponentsImpl (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:1463:28)
    at async DevServer.renderPageComponent (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:1856:24)       
    at async DevServer.renderToResponseImpl (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:1894:32)      
    at async DevServer.pipeImpl (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:911:25)
    at async NextNodeServer.handleCatchallRenderRequest (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\next-server.js:271:17)
    at async DevServer.handleRequestImpl (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\base-server.js:807:17)
    at async C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\dev\next-dev-server.js:331:20
    at async Span.traceAsyncFn (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\trace\trace.js:151:20)
    at async DevServer.handleRequest (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\dev\next-dev-server.js:328:24)      
    at async invokeRender (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\lib\router-server.js:163:21)
    at async handleRequest (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\lib\router-server.js:342:24)
    at async requestHandlerImpl (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\lib\router-server.js:366:13)
    at async Server.requestListener (C:\Users\Work\Desktop\todo-app\node_modules\next\dist\server\lib\start-server.js:140:13)

Expected behavior

Rejecting the singin attempt without throwing a server error in the console, and showing the user "Invalid credentials"

"use server";

import { signIn } from "@/auth";
import { $LogInSchema, LogInSchema } from "@/lib/validation";
import { DEFAULT_LOGIN_REDIRECT } from "@/routes";
import { AuthError } from "next-auth";

export async function logInAction(formData: LogInSchema) {
  const validatedFields = $LogInSchema.safeParse(formData);

  if (!validatedFields.success) return { error: "Invalid fields" };

  const { email, phone } = validatedFields.data;

  try {
    await signIn("credentials", { email, phone, redirectTo: DEFAULT_LOGIN_REDIRECT });
  } catch (error) {
    if (error instanceof AuthError) {
      switch (error.type) {
        case "CredentialsSignin":
          return { error: "Invalid credentials" };
        default:
          return { error: "Something went wrong" };
      }
    }

    throw error;
  }
}

[balazsorban44]

Returning null will show this error, this is currently expected. You can follow the development on #9099 for customizing the returned error type.

[Jay-Karia]

Here is the code solution:

Try adding a new case to your switch statement:

if (error instanceof AuthError) {
      switch (error.type) {
                case "CredentialsSignin":
                    return { msg: "Invalid credentials" , status: "error"};
                case "CredentialsSignin":
                    throw error;
                default:
                    return { msg: "Something went wrong", status: "error" };
            }
    }

This works for me!

[AdanSerrano]

great, error resolve @Jay-Karia

[BinaryScary]

@Jay-Karia's fix does not seem to work for me, "[auth][error] CredentialsSignin" logs are still printed to the console even with the additional switch case.

Is there really no method to handle invalid credentials in authenticate without throwing an error?

[auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin
    at Module.callback (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/actions/callback/index.js:225:23)
    at async AuthInternal (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/index.js:66:24)
    at async Auth (webpack-internal:///(action-browser)/./node_modules/@auth/core/index.js:126:34)
    at async signIn (webpack-internal:///(action-browser)/./node_modules/next-auth/lib/actions.js:51:17)
    at async authenticate (webpack-internal:///(action-browser)/./app/lib/appAuth.js:20:9)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:39:406
    at async t2 (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:38:6412)
    at async rS (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:41:1369)
    at async doRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1378:30)
    at async cacheEntry.responseCache.get.routeKind (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1539:28)
    at async DevServer.renderToResponseWithComponentsImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1447:28)
    at async DevServer.renderPageComponent (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1844:24)
    at async DevServer.renderToResponseImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1882:32)
    at async DevServer.pipeImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:895:25)
    at async NextNodeServer.handleCatchallRenderRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/next-server.js:269:17)
    at async DevServer.handleRequestImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:791:17)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:331:20
    at async Span.traceAsyncFn (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/trace/trace.js:151:20)
    at async DevServer.handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:328:24)
    at async invokeRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:174:21)
    at async handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:353:24)
    at async requestHandlerImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:377:13)
    at async Server.requestListener (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/start-server.js:140:13)

[liroyleshed]

@Jay-Karia's fix does not seem to work for me, "[auth][error] CredentialsSignin" logs are still printed to the console even with the additional switch case.

Is there really no method to handle invalid credentials in authenticate without throwing an error?

[auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin
    at Module.callback (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/actions/callback/index.js:225:23)
    at async AuthInternal (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/index.js:66:24)
    at async Auth (webpack-internal:///(action-browser)/./node_modules/@auth/core/index.js:126:34)
    at async signIn (webpack-internal:///(action-browser)/./node_modules/next-auth/lib/actions.js:51:17)
    at async authenticate (webpack-internal:///(action-browser)/./app/lib/appAuth.js:20:9)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:39:406
    at async t2 (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:38:6412)
    at async rS (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:41:1369)
    at async doRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1378:30)
    at async cacheEntry.responseCache.get.routeKind (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1539:28)
    at async DevServer.renderToResponseWithComponentsImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1447:28)
    at async DevServer.renderPageComponent (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1844:24)
    at async DevServer.renderToResponseImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1882:32)
    at async DevServer.pipeImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:895:25)
    at async NextNodeServer.handleCatchallRenderRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/next-server.js:269:17)
    at async DevServer.handleRequestImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:791:17)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:331:20
    at async Span.traceAsyncFn (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/trace/trace.js:151:20)
    at async DevServer.handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:328:24)
    at async invokeRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:174:21)
    at async handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:353:24)
    at async requestHandlerImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:377:13)
    at async Server.requestListener (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/start-server.js:140:13)

100%

[LabelMinsk]

@Jay-Karia's fix does not seem to work for me, "[auth][error] CredentialsSignin" logs are still printed to the console even with the additional switch case.

Is there really no method to handle invalid credentials in authenticate without throwing an error?

[auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin
    at Module.callback (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/actions/callback/index.js:225:23)
    at async AuthInternal (webpack-internal:///(action-browser)/./node_modules/@auth/core/lib/index.js:66:24)
    at async Auth (webpack-internal:///(action-browser)/./node_modules/@auth/core/index.js:126:34)
    at async signIn (webpack-internal:///(action-browser)/./node_modules/next-auth/lib/actions.js:51:17)
    at async authenticate (webpack-internal:///(action-browser)/./app/lib/appAuth.js:20:9)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:39:406
    at async t2 (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:38:6412)
    at async rS (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:41:1369)
    at async doRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1378:30)
    at async cacheEntry.responseCache.get.routeKind (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1539:28)
    at async DevServer.renderToResponseWithComponentsImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1447:28)
    at async DevServer.renderPageComponent (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1844:24)
    at async DevServer.renderToResponseImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:1882:32)
    at async DevServer.pipeImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:895:25)
    at async NextNodeServer.handleCatchallRenderRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/next-server.js:269:17)
    at async DevServer.handleRequestImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/base-server.js:791:17)
    at async /Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:331:20
    at async Span.traceAsyncFn (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/trace/trace.js:151:20)
    at async DevServer.handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/dev/next-dev-server.js:328:24)
    at async invokeRender (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:174:21)
    at async handleRequest (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:353:24)
    at async requestHandlerImpl (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/router-server.js:377:13)
    at async Server.requestListener (/Users/samwong/Security/Projects/imhere/node_modules/next/dist/server/lib/start-server.js:140:13)

Did you win it?

[LabelMinsk]

I have win it. But it looks like a crutch. Before use signIn('credentials',{...}) execute checkup on isExisting smt if result will be null we return {error: 'error'} and if we found for example user we got pure data to method signIn.
It is crutch dont got [auth][error] exeption

[missile-developer]

Why it this closed ?

[a-shalda]

I do not know about you guys, but I could not find a good way to handle errors in v5, so I switched to v4 instead

[Jay-Karia]

I agree with all of you about the error logs, but it solves the errors at frontend in the development server.

[negati-ve]

This needs to be reopened

[neil-py]

I have win it. But it looks like a crutch. Before use signIn('credentials',{...}) execute checkup on isExisting smt if result will be null we return {error: 'error'} and if we found for example user we got pure data to method signIn. It is crutch dont got [auth][error] exeption

so far, this is the only solution I can do with V5; simply check if the user actually exists or is valid before calling the authorization. It's not the best approach, unlike v4, but there's nothing we can do.

[wrongbyte]

Returning null will show this error, this is currently expected. You can follow the development on #9099 for customizing the returned error type.

@balazsorban44 so every time a login fails it will spawn an error on server side? It doesn't sound right to me. We should be able to handle failed login cases without treating it as an error, since it is not an error at all.

[iamvladw]

Returning null will show this error, this is currently expected. You can follow the development on #9099 for customizing the returned error type.

@balazsorban44 so every time a login fails it will spawn an error on server side? It doesn't sound right to me. We should be able to handle failed login cases without treating it as an error, since it is not an error at all.

I get it, it's frustrating as well, I am trying to find a good error handling method also but nothing seems to work. We need to understand tho that v5 is still in beta and it's not meant for production.