Testing Next.js API routes protected by next-auth in Postman

[PavelSrom]

Hi, I wonder if there's a way how to test a Next.js API route that is protected by next-auth's getSession in Postman? I'm using a JWT authentication and I know that by default next-auth uses cookies behind the scenes. I've tried to sync my cookies with Postman using the Postman interceptor tool, but it can't access the cookies used by next-auth for whatever reason, and therefore I cannot verify in Postman that my protected routes work properly.

Is there a way to test the protected endpoints from Postman with cookies, or alternatively is there a way to make next-auth use authorization headers with the JWT included instead of cookies?

Here's my simple protected route that I want to test from Postman (/api/hello):

export default async (req: NextApiRequest, res: NextApiResponse) => {
  const session = await getSession({ req })
  if (!session) return res.status(403).json({ message: 'Access denied' })

  return res.status(200).json({ name: 'John Doe' })
}

and here's my my [...nextauth] file:

export default NextAuth({
  session: {
    jwt: true,
  },
  providers: [
    Providers.Credentials({
      async authorize(credentials: { email: string; password: string }) {
        const user = await prisma.user.findFirst({
          where: { email: credentials.email },
        })
        if (!user) throw new Error('Invalid credentials')

        const match = await bcrypt.compare(credentials.password, user.password)
        if (!match) throw new Error('Invalid credentials')

        return { id: user.id }
      },
    }),
  ],
  callbacks: {
    jwt: async (token, user) => {
      if (user?.id) token.id = user.id

      return token
    },
    session: async (session, user) => {
      session.user = user

      return Promise.resolve(session)
    },
  },
})

Thanks a lot for your feedback!

[CoderSid063]

@PavelSrom Did you find the solution for test the nextAuth protected api routes using postman ?, if yes plz tell me how you done it ...

[ezraamos]

any updates on this?

[CoderSid063]

not yet .

[harshal255]

Hi, I wonder if there's a way how to test a Next.js API route that is protected by next-auth's getSession in Postman? I'm using a JWT authentication and I know that by default next-auth uses cookies behind the scenes. I've tried to sync my cookies with Postman using the Postman interceptor tool, but it can't access the cookies used by next-auth for whatever reason, and therefore I cannot verify in Postman that my protected routes work properly.

Is there a way to test the protected endpoints from Postman with cookies, or alternatively is there a way to make next-auth use authorization headers with the JWT included instead of cookies?

Here's my simple protected route that I want to test from Postman (/api/hello):

export default async (req: NextApiRequest, res: NextApiResponse) => {
  const session = await getSession({ req })
  if (!session) return res.status(403).json({ message: 'Access denied' })

  return res.status(200).json({ name: 'John Doe' })
}

and here's my my [...nextauth] file:

export default NextAuth({
  session: {
    jwt: true,
  },
  providers: [
    Providers.Credentials({
      async authorize(credentials: { email: string; password: string }) {
        const user = await prisma.user.findFirst({
          where: { email: credentials.email },
        })
        if (!user) throw new Error('Invalid credentials')

        const match = await bcrypt.compare(credentials.password, user.password)
        if (!match) throw new Error('Invalid credentials')

        return { id: user.id }
      },
    }),
  ],
  callbacks: {
    jwt: async (token, user) => {
      if (user?.id) token.id = user.id

      return token
    },
    session: async (session, user) => {
      session.user = user

      return Promise.resolve(session)
    },
  },
})

Thanks a lot for your feedback!

any update on this??