Open markflorkowski opened 2 years ago
@markflorkowski I came into this issue yesterday, and was digging into it already..
So here's what I know:
VARCHAR(255)
(length limited to 255 characters) instead of TEXT
(unlimited length) for string fieldsid_token
field when using the Google provider:
access_token
and or refresh_token
/w Google provider (see https://developers.google.com/identity/protocols/oauth2#size) (does anyone know where in the next-auth schema we find the "Authorization codes" that the linked page talks about?)scope
if you're requesting more scopes than the default ones (e.g. with Google provider and default scopes, the scope field is already 102 bytes: openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
)session_state
if used (if your session strategy is "database) can easily be more than 255 bytes if you're adding properties to your session objectid_token
field: #336The workaround has been presented:
Change the field type of id_token
(or whatever field doesn't have enough room.. I suggest doing it for all string fields) from VARCHAR(255)
to TEXT
.
ALTER
the fields@markflorkowski Can I ask, what Provider(s) and what Adapter you are using?
Provider was Google for this particular user, and we are using the Prisma adapter.
We have already made the id_token field a TEXT
column using Prisma's @db.text directive prior to experiencing this issue, will try with the other fields as well.
The error message comes directly from Prisma, so the issue is likely with the model, what we can do is explore if we don't accidentally hide some details about the stack (like which column this is about).
I also had the same issue with google auth despite having Text type on id_token as you had too. The logs helped me where it broke. line 18
linkAccount: (data) => {
console.log(data);
return p.account.create({ data });
},
I found out the access_token is above 200 characters, I made it to Text type as well and it solved the issue for me.
model Account {
access_token String? @db.Text
id_token String? @db.Text
}
I'm having this same issue using mysql and the TypeORMLegacyAdapter adapter. If I change the data type to TEXT manually it changes back once a new call is made to the database. I've also updated the lib/entities.ts to use TEXT but id_token keeps changing back to VARCHAR (255).
Anyone know where this VARCHAR is coming from?
Also If I use synchronize: false I get an error [next-auth][error][adapter_error_getUserByAccount] https://next-auth.js.org/errors#adapter_error_getuserbyaccount metadata.findEmbeddedWithPropertyPath is not a function
this error is still happening, for google provider at least
My solution was to change the varchar to mediumtext in the /node_modules/@next-auth/typeorm-legacy-adapter/dist/entities.js file for the id_token, but you also have to remove all data from the database columns users, sessions, and accounts to start fresh. Restart the app and it should keep the mediumtext setting and issues resolved :)
Found the same issue when using @auth/core
with the DrizzleAdapter
paired with a MySQL database and Google Authentication.
The solution was to simply change the id_token
field from varchar('id_token', { length: 255 })
to just text('id_token')
.
Seems like a simple correction in the docs is needed.
@genyrosk Where is the correction in docs needed? And isn't a correction in the ORM's schema definition needed too? That definition is provided by nextauth (unless this adapter is different from the rest) so that would be a breaking change I believe.
@genyrosk Where is the correction in docs needed? And isn't a correction in the ORM's schema definition needed too? That definition is provided by nextauth (unless this adapter is different from the rest) so that would be a breaking change I believe.
@zenflow
Here's the docs: https://authjs.dev/reference/adapter/drizzle#mysql
The following line:
export const accounts = mysqlTable(
"account",
{
[...]
id_token: varchar("id_token", { length: 255 }),
[...]
},
[...]
)
I just changed it to:
export const accounts = mysqlTable(
"account",
{
[...]
id_token: text("id_token"),
[...]
},
[...]
)
And everything worked fine. The original error was due to the Google jwt token being a lot longer than 255 characters.
@zenflow Just a quick follow up, seems like this can be found in the following files
Environment
Reproduction URL
http://ping.gg
Describe the issue
We had a user try to log in this morning and they were unable, and kept hitting an auth error.
Upon checking the logs, we found this error:
The only thing out of the ordinary about this user's email was that it had a pretty long / multi-part domain (
@history.ucla.edu
).How to reproduce
We have been unable to reproduce this since the user ran into the issue in production this morning. We would greatly appreciate any assistance in sorting out what happened here.
Expected behavior
User should be able to log in.