vercel[bot]
commented
1 month ago @ynng3 is attempting to deploy a commit to the authjs Team on Vercel.
A member of the Team first needs to authorize it.
Closed ynng3 closed 1 month ago
vercel[bot]
commented
1 month ago @ynng3 is attempting to deploy a commit to the authjs Team on Vercel.
A member of the Team first needs to authorize it.
vercel[bot]
commented
1 month ago The latest updates on your projects. Learn more about Vercel for Git โ๏ธ
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| auth-docs | โ Ready (Inspect) | Visit Preview | ๐ฌ Add feedback | Oct 16, 2024 3:24pm |
balazsorban44
commented
1 month ago @ynng3 could you please explain the intention a bit better? I'm not sure I understand fully. With the Credentials provider the session strategy being set to database should already throw the following error https://github.com/nextauthjs/next-auth/blob/a7491dcb9355ff2d01fb8e9236636605e2090145/packages/core/src/lib/utils/assert.ts#L194
If that's not the case, could you pleae open a bug report instead?
Or maybe if you get this error, but the action is unclear, maybe we could make the error message itself better instead.
We have no information related to the Credentials provider in our security policy https://authjs.dev/security
We do state however that you should be persisting passwords in a database with caution on our https://authjs.dev/getting-started/authentication/credentials
โ๏ธ Reasoning
If you use 'Credentials' Provider, you will get an error due to the security policy of auth.js. You must set the 'strategy' option, which is a sub-option of the 'session' option, to 'jwt'.
I wasted 5 hours due to the unfriendly error description and the Docs not describing the information in detail.
I thought it would be good to report this error at the stage of using Credentials, so I decided to make a Pull Request.
๐งข Checklist
๐ซ Affected issues
๐ Resources