The best way to build a modern backend + admin UI. No black magic, all TypeScript, and fully open-source, Payload is both an app framework and a headless CMS.
In v2 I created a custom OAuth2.0 flow to generate a payload-token cookie. This was the only source of authentication so I would set disableLocalStrategy: true, everything worked as expected.
In v3, if I set disableLocalStrategy: true, the /api/users/me endpoint will return user as null when using the OAuth2.0 generated cookie. If I omit disableLocalStrategy: true, that same cookie will return as expected from /api/users/me.
Please note I'm not using strategies in the auth object; this wasn't necessary in v2.
Reproduction Steps
Set disableLocalStrategy: true.
Generate a payload-token cookie using an OAuth2.0 flow and sign it with the payload secret.
Link to reproduction
No response
Payload Version
3.0.0-beta.55
Node Version
20.15.0
Next.js Version
15.0.0-rc.0
Describe the Bug
In v2 I created a custom OAuth2.0 flow to generate a
payload-token
cookie. This was the only source of authentication so I would setdisableLocalStrategy: true
, everything worked as expected.In v3, if I set
disableLocalStrategy: true
, the/api/users/me
endpoint will return user asnull
when using the OAuth2.0 generated cookie. If I omitdisableLocalStrategy: true
, that same cookie will return as expected from/api/users/me
.Please note I'm not using
strategies
in theauth
object; this wasn't necessary in v2.Reproduction Steps
disableLocalStrategy: true
.payload-token
cookie using an OAuth2.0 flow and sign it with the payload secret./api/users/me
will return user asnull
.disableLocalStrategy: true
./api/users/me
will return the user as expected.Adapters and Plugins
@payloadcms/db-postgres, @payloadcms/next, @payloadcms/richtext-lexical