Variable "$where" got invalid value { email: "email@email.com" }; Field "email" is not defined by type "UserWhereUniqueInput".

[tommyboylab]

Using the example provided in the repo, I get the following error when trying to login to an auth provider (in this case Twitter). I believe the example is out of date as I have only changed the port and DB being used in the case of the example.

Field "email" is not defined by type "UserWhereUniqueInput".

This is marked in the URL as such:

Variable%20"%24where"%20got%20invalid%20value%20%7B%20email%3A%20"email%40email.com"%20%7D%3B%20Field%20"email"%20is%20not%20defined%20by%20type%20"UserWhereUniqueInput".

The keystone config file:

import 'dotenv/config';
import { config } from '@keystone-6/core';
import { statelessSessions } from '@keystone-6/core/session';
import Twitter from 'keystone-6-oauth/providers/twitter';
import { createAuth } from 'keystone-6-oauth';
import { KeystoneContext } from '@keystone-6/core/types';
import { lists } from './schemas';
import * as Path from 'path';

let sessionSecret = 'xxxxxxxxxx;

const dbURL = process.env.DATABASE_URL || "file:./keystone.db";

if (!sessionSecret) {
 if (process.env.NODE_ENV === 'production') {
   throw new Error(
      'The SESSION_SECRET environment variable must be set in production'
    );
  } else {
    sessionSecret = '-- DEV COOKIE SECRET; CHANGE ME --';
  }
}

const sessionMaxAge = 60 * 60 * 24 * 30; // 30 days

const auth = createAuth({
  listKey: 'User',
  identityField: 'subjectId',
  sessionData: `id name email`,
  autoCreate: true,
  resolver: async ({user}:{user: any}) => {
    const username = user.name as string;
    const email = user.email as string;
    return { email, username };
  },
  keystonePath: '/admin',
  sessionSecret,
  providers: [
    Twitter({
      clientId: 'xxxxxxxxx',
      clientSecret: 'xxxxxxxxxxxx',
    }),
  ],
});

export default auth.withAuth(
  // @ts-ignore
  config({
    server: {
port:3001
    },
    db:  {
      provider: "sqlite",
      url: dbURL,
    },
    ui: {
      isAccessAllowed: (context: KeystoneContext) => !!context.session?.data,
      publicPages: ['/admin/auth/signin', '/admin/auth/error'],
      getAdditionalFiles: [
        async (config: any) => 
        [
          {
            mode: 'copy',
            inputPath: Path.join(__dirname, './customPages/signin.js'),
            outputPath: 'pages/auth/signin.js',
          },
          {
            mode: 'copy',
            inputPath: Path.join(__dirname, './customPages/error.js'),
            outputPath: 'pages/auth/error.js',
          }
        ]
      ]
    },
    lists,
    session: statelessSessions({
      maxAge: sessionMaxAge,
      secret: sessionSecret,
    }),
  })
);

[tommyboylab]

I also receive this error when loading the page and setting a session token as suggested in the docs produces the same error

[next-auth][error][JWT_SESSION_ERROR] 
https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
  message: 'decryption operation failed',
  stack: 'JWEDecryptionFailed: decryption operation failed\n' +
    '    at gcmDecrypt ....
}

[ScottAgirs]

Hey @tommyboylab, thank you for creating your first issue.

Could you please share your User list details.

I suspect that for you it may look something like this:

import { list } from '@keystone-6/core';
import { allowAll } from '@keystone-6/core/access';

import { text } from '@keystone-6/core/fields';

export const User = list({
  access: allowAll,
  fields: {
    subjectId: text({ isIndexed: 'unique' }),
    email: text(),
  },
});

If so, all you would need to do is:

import { list } from '@keystone-6/core';
import { allowAll } from '@keystone-6/core/access';

import { text } from '@keystone-6/core/fields';

export const User = list({
  access: allowAll,
  fields: {
    subjectId: text({ isIndexed: 'unique' }),
    email: text({ isIndexed: 'unique' }), // -- notice this field is now indexed.
  },
});

Please LMK if for whatever reason making email unique is not possible, I will be happy to find a solution.

[tommyboylab]

Absolutely here is the current user list.. I'll update the list as suggested.

import { list } from '@keystone-6/core';
import { text, relationship } from '@keystone-6/core/fields';
import { permissions, rules } from '../access';


export const User = list({
  access: {
    operation: {
      create: () => true,
      // only people with the permission can delete themselves!
      // You can't delete yourself
      delete: permissions.canManageUsers,
    },
    filter: {
      query: rules.canManageUsers,
      update: rules.canManageUsers,
    },
  },
  ui: {
    // hide the backend UI from regular users
    hideCreate: (args) => !permissions.canManageUsers(args),
    hideDelete: (args) => !permissions.canManageUsers(args),
  },
  fields: {
    name: text({ validation: { isRequired: true } }),
    email: text({ validation: { isRequired: true }, isIndexed: true}),
    signUpProvider: text(),
    subjectId: text({ isIndexed: 'unique' }),
    role: relationship({
      ref: 'Role.assignedTo',
    }),
  },
});

[ScottAgirs]

Great, you I think I'll you need is:

 email: text({ validation: { isRequired: true }, isIndexed: true}),  

to be

 email: text({ validation: { isRequired: true }, isIndexed: "unique"}),  

In future we will try to iron out more flexibility so the email doesn't have to be unique, but, for now, if this works for your use-case you can apply those changes and it should roll through smoothyl

[tommyboylab]

I believe another issue has appeared.. I'll double checked my Twitter application but seems like the name is not being set.

I have read permissions on the app and request the email from users.

admin/api/auth/error?error=You%20provided%20invalid%20data%20for%20this%20operation.%0A%20%20-%20User.name%3A%20Name%20must%20not%20be%20empty

[ScottAgirs]

  name: text({ validation: { isRequired: true } }),

Can you make this field not required and then have them add the name later?

I am working on a course that walks through all this in detail, but, generally speaking, isRequired can be tricky on signup, unless you control the signup data piped into the plugin manually.

Again, easiest for you now would be to do this:

  name: text(),

and then let them update through form or similar.

Please LMK if this works.

[tommyboylab]

Thank you for the help. I ran into the same issue with the email validation and so also needed to remove it.

Getting a little closer...

I found the callback is set to the default port (3000) even when I have the port set in the keystone.ts and in the .env for FRONTEND_URL="http://localhost:3001" and NEXTAUTH_URL="http://localhost:3001/admin/api/auth"

Once authenticated It seems to re-direct correctly to the /admin path (on 3000) but reverting the port just keeps sending me back to the http://localhost:3000/admin/api/auth/signin page.

I don't know if it made a difference, but I also needed to remove the pages object under createAuth as it was throwing an error saying I have been re-directed too many times

[ScottAgirs]

Thank you for the help. I ran into the same issue with the email validation and so also needed to remove it.

Getting a little closer...

I found the callback is set to the default port (3000) even when I have the port set in the keystone.ts and in the .env for FRONTEND_URL="http://localhost:3001" and NEXTAUTH_URL="http://localhost:3001/admin/api/auth"

Once authenticated It seems to re-direct correctly to the /admin path (on 3000) but reverting the port just keeps sending me back to the http://localhost:3000/admin/api/auth/signin page.

I don't know if it made a difference, but I also needed to remove the pages object under createAuth as it was throwing an error saying I have been re-directed too many times

I’m glad I could help. And thank you for providing these details.

Just to confirm - did you get it working now? You’re very welcome to make a PR to add this to docs, otherwise I’ll note this and include this in near future.

[tommyboylab]

Currently still facing an issue with the redirect to the /admin path.

If I have the port as default (3000) when I complete the sign in attempt the application re-directs me back to http://localhost:3000/admin/api/auth/signin.

Re-running the sign-in attempt throws an error localhost:3000/admin/api/auth/error?error=Email%20already%20in%20use%20with%20undefined

If the port is changed (3001) once I complete the sign-in attempt it re-directs correctly to localhost:3000/admin but since that's not the proper path... yeah :P

I'd be happy to submit a PR to add this and update the example once I get it resolved 👍🏼