Custom provider OAuthCallbackError, how to get more info? #11402
-
|
Hi, I'm trying to implement a custom provider following the custom provider docs, but am running into an error that appears to be coming from the provider and I can't figure out how to get any more information about it out of NextAuth. My custom provider currently looks like this: {
id: 'custom-provider',
name: 'Custom Provider',
type: 'oauth',
clientId: process.env.CUSTOMPROVIDER_CLIENT_ID,
clientSecret: process.env.CUSTOMPROVIDER_CLIENT_SECRET,
authorization: 'https://customprovider.com/sso/login',
token: 'https://customprovider.com/api/authentication/token',
userinfo: 'https://customprovider.com/api/v2/my/profile',
checks: 'none', // disabled for debugging
profile(profile, tokens) {
// debug test
console.log('test', profile, tokens)
return null
},
}However when I complete the OAuth flow on the provider end and get redirected back to the app, it fails, and then I get an error that looks like this: [next-auth][error][OAUTH_CALLBACK_ERROR]
https://next-auth.js.org/errors#oauth_callback_error expected 200 OK, got: 400 Bad Request {
error: OPError: expected 200 OK, got: 400 Bad Request
at processResponse (webpack-internal:///(rsc)/../../node_modules/openid-client/lib/helpers/process_response.js:41:11)
at Client.grant (webpack-internal:///(rsc)/../../node_modules/openid-client/lib/client.js:1207:28)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Client.oauthCallback (webpack-internal:///(rsc)/../../node_modules/openid-client/lib/client.js:533:30)
at async oAuthCallback (webpack-internal:///(rsc)/../../node_modules/next-auth/core/lib/oauth/callback.js:111:16)
at async Object.callback (webpack-internal:///(rsc)/../../node_modules/next-auth/core/routes/callback.js:52:11)
at async AuthHandler (webpack-internal:///(rsc)/../../node_modules/next-auth/core/index.js:208:28)
at async NextAuthRouteHandler (webpack-internal:///(rsc)/../../node_modules/next-auth/next/index.js:69:28)
at async NextAuth._args$ (webpack-internal:///(rsc)/../../node_modules/next-auth/next/index.js:105:16)
at async /home/user/project/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:53238
at async e_.execute (/home/user/project/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:44501)
at async e_.handle (/home/user/project/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:54492)
at async doRender (/home/user/project/node_modules/next/dist/server/base-server.js:1372:42)
at async cacheEntry.responseCache.get.routeKind (/home/user/project/node_modules/next/dist/server/base-server.js:1582:40)
at async DevServer.renderToResponseWithComponentsImpl (/home/user/project/node_modules/next/dist/server/base-server.js:1502:28)
at async DevServer.renderPageComponent (/home/user/project/node_modules/next/dist/server/base-server.js:1919:24)
at async DevServer.renderToResponseImpl (/home/user/project/node_modules/next/dist/server/base-server.js:1957:32)
at async DevServer.pipeImpl (/home/user/project/node_modules/next/dist/server/base-server.js:915:25)
at async NextNodeServer.handleCatchallRenderRequest (/home/user/project/node_modules/next/dist/server/next-server.js:272:17)
at async DevServer.handleRequestImpl (/home/user/project/node_modules/next/dist/server/base-server.js:811:17)
at async /home/user/project/node_modules/next/dist/server/dev/next-dev-server.js:339:20
at async Span.traceAsyncFn (/home/user/project/node_modules/next/dist/trace/trace.js:154:20)
at async DevServer.handleRequest (/home/user/project/node_modules/next/dist/server/dev/next-dev-server.js:336:24)
at async invokeRender (/home/user/project/node_modules/next/dist/server/lib/router-server.js:174:21)
at async handleRequest (/home/user/project/node_modules/next/dist/server/lib/router-server.js:353:24)
at async requestHandlerImpl (/home/user/project/node_modules/next/dist/server/lib/router-server.js:377:13)
at async Server.requestListener (/home/user/project/node_modules/next/dist/server/lib/start-server.js:141:13) {
name: 'OAuthCallbackError',
code: undefined
},
providerId: 'custom-provider',
message: 'expected 200 OK, got: 400 Bad Request'
}
GET /api/auth/callback/custom-provider?code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 302 in 217ms
GET /api/auth/error?error=OAuthCallback 302 in 12ms
GET /api/auth/signin?error=OAuthCallback 302 in 7ms
○ Compiling /dashboard ...
✓ Compiled /dashboard in 1939ms (6538 modules)
[next-auth][warn][DEBUG_ENABLED]
https://next-auth.js.org/warnings#debug_enabled
GET /dashboard?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fdashboard&error=OAuthCallback 200 in 2311ms
GET /api/auth/session 200 in 65ms
[next-auth][warn][DEBUG_ENABLED]
https://next-auth.js.org/warnings#debug_enabled
GET /api/auth/session 200 in 107ms
POST /dashboard?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fdashboard&error=OAuthCallback 500 in 112msIs there any way to get more information out of NextAuth to better identify what the error is? I've been able to confirm by manually exchanging the code that the token exchange follows the RFC 6749 section 4.1.3 standard and validated that the userinfo endpoint works as expected as well, but I can't tell which one might be failing here. EDIT: I've also tried to see if I could capture the failing request through mitmproxy to see what's wrong but it doesn't appear that Next will play nice with the system proxy, I've also commented out the userinfo endpoint to see if that was the culprit but the same error was still thrown so it's most likely in the token exchange. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Couldn't figure this out in NextAuth itself, instead I followed the stacktrace in the error log and modified the libraries in my development environment for debugging purposes. |
Beta Was this translation helpful? Give feedback.
Couldn't figure this out in NextAuth itself, instead I followed the stacktrace in the error log and modified the libraries in my development environment for debugging purposes.