search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
24.91k stars 3.51k forks source link

SvelteKit: The callback error code doesn't change #7530

Closed skyf0l closed 1 year ago

skyf0l commented 1 year ago

Question 💬

I'm using AuthJs in a SvelteKit application with @auth/sveltekit. I figured out that all callbacks errors are redirected to https://example.com/auth/error?error=CallbackRouteError. Is it a bug or it's not possible to be redirected with a more specific error code like AccountNotLinked?

Here my logs:

[auth][error][AccountNotLinked]: Read more at https://errors.authjs.dev#accountnotlinked
[auth][cause]: AccountNotLinked: Another account already exists with the same e-mail address
    at handleLogin (file:///workspaces/monorepo/node_modules/.pnpm/@auth+core@0.5.1/node_modules/@auth/core/lib/callback-handler.js:158:27)
    at async Module.callback (file:///workspaces/monorepo/node_modules/.pnpm/@auth+core@0.5.1/node_modules/@auth/core/lib/routes/callback.js:46:50)
    at async AuthInternal (file:///workspaces/monorepo/node_modules/.pnpm/@auth+core@0.5.1/node_modules/@auth/core/lib/index.js:64:38)
    at async Proxy.Auth (file:///workspaces/monorepo/node_modules/.pnpm/@auth+core@0.5.1/node_modules/@auth/core/index.js:100:30)
    at async Module.respond (/@fs/workspaces/monorepo/node_modules/.pnpm/@sveltejs+kit@1.15.10_svelte@3.58.0_vite@4.3.4/node_modules/@sveltejs/kit/src/runtime/server/respond.js:259:20)
    at async file:///workspaces/monorepo/node_modules/.pnpm/@sveltejs+kit@1.15.10_svelte@3.58.0_vite@4.3.4/node_modules/@sveltejs/kit/src/exports/vite/dev/index.js:506:22
[auth][details]: {
  "provider": "github"
}

How to reproduce ☕️

.

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

klaemo commented 1 year ago

Yep, I'm experiencing the same. I'd like to show a more descriptive error message to the user on my custom error page.

I'm using @auth/core@0.7.1.

In the logs you can see that auth0 (in my case) responds with access_denied and even a human readable error_description. Those then get turned into a generic CallbackRouteError.

Is there a way to get at this more specific error?

GET /api/auth/login 302 Found (163.72ms)
[auth][error][OAuthCallbackError]: Read more at https://errors.authjs.dev#oauthcallbackerror
[auth][cause]: OAuthCallbackError: access_denied
    at handleOAuth (/private/Users/clemens/Projects/webapp/node_modules/@auth/core/lib/oauth/callback.js:52:15)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at callback (/private/Users/clemens/Projects/webapp/node_modules/@auth/core/lib/routes/callback.js:20:41)
    at AuthInternal (/private/Users/clemens/Projects/webapp/node_modules/@auth/core/lib/index.js:65:38)
    at Auth (/private/Users/clemens/Projects/webapp/node_modules/@auth/core/index.js:100:30)
    at next (/private/Users/clemens/Projects/webapp/node_modules/wrangler/templates/pages-template-worker.ts:152:22)
    at errorHandler (/private/Users/clemens/Projects/webapp/functions/api/_middleware.ts:166:12)
    at next (/private/Users/clemens/Projects/webapp/node_modules/wrangler/templates/pages-template-worker.ts:152:22)
    at next (/private/Users/clemens/Projects/webapp/node_modules/wrangler/templates/pages-template-worker.ts:152:22)
    at next (/private/Users/clemens/Projects/webapp/node_modules/wrangler/templates/pages-template-worker.ts:152:22)
[auth][details]: {
  "provider": "auth0"
}
GET /api/auth/callback/auth0?error=access_denied&error_description=Please%20verify%20your%20email%20before%20logging%20in. 302 Found (235.00ms)
GET /api/auth/error?error=CallbackRouteError 302 Found (4.12ms)
GET /auth/error?error=CallbackRouteError 200 OK (6.05ms)
zimonitrome commented 1 year ago

Same with SolidStart.

Ideally I'd like to make it such that each user is unique on provider and id instead of email like mentioned in #7731.

But since idk how that is possible, displaying an error would do, but unfortunately that also isn't possible.

github-actions[bot] commented 1 year ago

We cannot recreate the issue with the provided information. Please add a reproduction in order for us to be able to investigate.

Why was this issue marked with the incomplete label?

To be able to investigate, we need access to a reproduction to identify what triggered the issue. We prefer a link to a public GitHub repository (template), but you can also use a tool like CodeSandbox or StackBlitz.

To make sure the issue is resolved as quickly as possible, please make sure that the reproduction is as minimal as possible. This means that you should remove unnecessary code, files, and dependencies that do not contribute to the issue.

Please test your reproduction against the latest version of NextAuth.js (next-auth@latest) to make sure your issue has not already been fixed.

I added a link, why was it still marked?

Ensure the link is pointing to a codebase that is accessible (e.g. not a private repository). "example.com", "n/a", "will add later", etc. are not acceptable links -- we need to see a public codebase. See the above section for accepted links.

What happens if I don't provide a sufficient minimal reproduction?

Issues with the incomplete label that receives no meaningful activity (e.g. new comments with a reproduction link) are closed after 7 days.

If your issue has not been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction. (It's less likely that we check back on already closed issues.)

I did not open this issue, but it is relevant to me, what can I do to help?

Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps. Furthermore, you can upvote the issue using the :+1: reaction on the topmost comment (please do not comment "I have the same issue" without repro steps). Then, we can sort issues by votes to prioritize.

I think my reproduction is good enough, why aren't you looking into it quicker?

We look into every NextAuth.js issue and constantly monitor open issues for new comments.

However, sometimes we might miss one or two. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.

Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.

Useful Resources