params.auth0, cookies().getAll(), and cookies().set('appSession', ...)`. `cookies() should be awaited errors - Next 15.0.2

sterno2510 commented 1 week ago

Checklist

[X] The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
[X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

When using the getSession function imported from auth0/nextjs-auth0, I get a few errors in the console when the app compiles.

Specifically these 3:

Error: Route "/dashboard" used cookies().getAll(). cookies() should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
Error: Route "/dashboard" used cookies().set('appSession', ...). cookies() should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
Error: Route "/api/auth/[auth0]" used params.auth0. params should be awaited before using its properties. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis

All three errors appear to be coming from here:

at get (file:///Users/brianstern/code/ai-companion-next/node_modules/next/src/server/base-server.ts:3121:48)

  29 |     ...args: A
  30 |   ): ReturnType<F> {
> 31 |     return fn.call(thisArg, ...args);
     |              ^
  32 |   }
  33 |
  34 |   bind<T>(_context: types.Context, target: T): T {

Reproduction

Use getSession()
Run app with npm run dev
Go to route and errors appear in console.

Additional context

No response

nextjs-auth0 version

3.5.0

Next.js version

15.0.2

Node.js version

22.8.0

nicolopadovan commented 1 week ago

The same issue arises when using any of the other functions that use headers() or cookies(), such as getAccessToken and similar. This is due to the breaking changes that were implemented in NextJS 15. I am guessing that this is a very important issue: it breaks the possibility to correctly authenticate server-side code.

A fix should be relatively simple using the specific codemod provided by NextJS

MrSimmmons commented 1 week ago

Many discussions have been made over at https://github.com/auth0/nextjs-auth0/issues/1779

TLDR; NextJS 15 IS NOT SUPPORTED until v4 is released.

V4 is effectively a rewrite and has many breaking changes, but is in beta. So id recommend using the beta if you want to use Next 15, or waiting for the official release whenever that happens

auth0 / nextjs-auth0