Bug: user cookie is not set properly on callback, causing error on middleware

[50BytesOfJohn]

Prerequisites

• [X] I have searched the repository’s issues and Kinde community to ensure my issue isn’t a duplicate
• [X] I have checked the latest version of the library to replicate my issue
• [X] I have read the contributing guidelines
• [X] I agree to the terms within the code of conduct

Describe the issue

After redirect back to Nextjs page, it seems that user cookie is not set. User cookie is expected in authMiddleware

  if (isAuthorized && onSuccess) {
    return await onSuccess({
      token: accessTokenValue,
      user: JSON.parse(req.cookies.get('user').value)
    });
  }

Because user cookie is not present, this is throwing reading from undefined error.

I found this, by removing all cookies and site data and refreshing the page. I've checked my setup and it's same as in the guide.

export default withAuth(async function middleware(request: NextRequest) {
  const pathname = request.nextUrl.pathname;
  // Home page does not need any special protection
  if (
    !pathname ||
    pathname === "" ||
    pathname === "/" ||
    pathname.startsWith("/new")
  )
    return;

import { handleAuth } from "@kinde-oss/kinde-auth-nextjs/server";

export const GET = handleAuth();

I'm not sure why it occurred right now, I tested with previous version of library and same issue is happening. My wild guess is that maybe it's not about the library but something else has changed?

Library URL

https://github.com/kinde-oss/kinde-auth-react

Library version

2.2.4

Operating system(s)

macOS

Operating system version(s)

Sonoma 14.4.1

Further environment details

Newest version of Nextjs, Web browser: Newest Firefox, tested with github auth and email/password login

Reproducible test case URL

No response

Additional information

No response

[50BytesOfJohn]

Can be connected to: https://github.com/kinde-oss/kinde-typescript-sdk/issues/59

Also, just to mention, other cookie, access token, refresh token and id token are set properly. Manually setting user cookie fixes the issue.

[DanielRivers]

Does this happen on 2.2.3?

Last version had a dependancy update on the cookie package

[50BytesOfJohn]

Same thing with 2.3.3, even checked with Next.js 14.2.1. Not sure what's happening, maybe the root cause is somewhere else. As this happened for me without updating libraries. Because I worked on e2e tests, and they started to fail with this error. I was not doing any changes on Kinde, or in packages, or not touching auth stuff at all.

[50BytesOfJohn]

Also wondering, since all other cookies, access_token, refresh_token, id_token are set properly, then can it be issue with cookies at all? I've tried yesterday to trace the exact code, but couldn't find it. I'll try again today. Maybe for some reason user cannot be fetched from kinde and that's why only the user cookie is not set.

[50BytesOfJohn]

One thing interesting for me based on typescript-sdk. Shouldn't be the user object created from id_token? Like it's done here: Link and not from the user cookie?

[peterphanouvong]

Hey @50BytesOfJohn, thank you for raising. Seems like the TS SDK stopped setting the 'user' cookie. So In 2.2.5-1 I removed the dependency on the cookie and grabbed the data from the id_token instead

[50BytesOfJohn]

Thanks, @peterphanouvong. Resolved.