next-auth v(5) Middleware Fails to Retrieve Token in Production (Vercel Deployment)

[TanzimHossain2]

Environment

  System:
    OS: Windows 11 10.0.22631
    CPU: (6) x64 Intel(R) Core(TM) i5-8600K CPU @ 3.60GHz
    Memory: 5.42 GB / 15.83 GB
  Binaries:
    Node: 20.13.1 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.22 - ~\AppData\Roaming\npm\yarn.CMD
    npm: 10.8.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Chromium (123.0.2420.97)
    Internet Explorer: 11.0.22621.3527

Reproduction URL

https://github.com/TanzimHossain2/LwsKart

Describe the issue

When using next-auth in a Next.js middleware, the token is retrieved correctly in the local environment but returns null when deployed to Vercel. "next-auth": "^5.0.0-beta.18",

How to reproduce

1. Configure next-auth in a Next.js application.
2. Set up a custom middleware to use getToken.
3. Deploy the application to Vercel.
4. Observe that the token is null in the middleware logs in the Vercel deployment, while it is correctly retrieved in the local environment.

Expected behavior

The token should be retrieved correctly in both local and production environments.

---

Logs from Local Environment

authuser in middleware -----> {
  user: {
    name: 'Tanzim Hossain',
    email: '[email protected]',
    image: 'https://res.cloudinary.com/dhdkudig4/image/upload/v1716959586/sltq5yd1pfrxw5nzv7wk.png'
  },
  expires: '2024-06-29T04:37:16.107Z'
}
Token in middleware---------- {
  name: 'Tanzim Hossain',
  email: '[email protected]',
  picture: 'https://res.cloudinary.com/dhdkudig4/image/upload/v1716959586/sltq5yd1pfrxw5nzv7wk.png',
  sub: '66520d2c9a4afcbfc807b58e',
  image: 'https://res.cloudinary.com/dhdkudig4/image/upload/v1716959586/sltq5yd1pfrxw5nzv7wk.png',
  username: 'lKR-1-tanzimhossain2',
  isOAuth: false,
  role: 'user',
  isTwoFactorEnabled: false,
  number: '01738647384',
  accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2NjUyMGQyYzlhNGFmY2JmYzgwN2I1OGUiLCJlbWFpbCI6InRhbnppMDFob3NzYWluMkBnbWFpbC5jb20iLCJyb2xlIjoidXNlciIsImlhdCI6MTcxNzA0MzUwMywiZXhwIjoxNzE3MDQ0NDAzfQ.2lPXj7FXRpyhUkfiVYPuCHVbSyF4uo0_TcOup8stryE',
  refreshToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2NjUyMGQyYzlhNGFmY2JmYzgwN2I1OGUiLCJlbWFpbCI6InRhbnppbTAxaG9zc2FpbjJAZ21haWwuY29tIiwicm9sZSI6InVzZXIiLCJpYXQiOjE3MTY5Njg1MTMsImV4cCI6MTcxNzU3MzMxM30.3shH83Kan2KJMU8B0ZRQJmNjsETkyf3gcUnOYBgDCCQ',
  accessTokenExpires: 1717044403400,
  iat: 1717043784,
  exp: 1719635784,
  jti: 'bf93c870-0f8c-45b3-9d12-50fceb2a72bd'
}

---

Logs from Vercel Deployment

authuser in middleware -----> {
  user: {
    name: 'Tanzim',
    email: '[email protected]',
    image: '/images/avatar.png'
  },
  expires: '2024-06-29T04:39:51.842Z'
}
Token in middleware---------- null

---

[Ali-Raza764]

Instead of using session in middleware try using the web token from cookies

`
import { NextResponse } from "next/server";
import { getToken } from "next-auth/jwt";

export async function middleware(req) {
const token = await getToken({ req, secret: process.env.AUTH_SECRET });

if (!token) {
// Redirect to sign-in page if the token is not found
return NextResponse.redirect(new URL("/auth/signin", req.url));
}

return NextResponse.next();
}

export const config = {
matcher: "/protected",
};

`
Cookies are better and they are not as slow as the session.

[Ali-Raza764]

You must close the issue if the error is resolved