We Keep Coding

NextAuth.js: JWT secret breaks application

[I'm using Next.js (11.1.2) + NextAuth (4.0.0-beta.7) to signin into a Strapi API, using only Credentials provider (JWT).]
Whole auth flow is "working" with this [...nextauth].js:
import NextAuth from "next-auth"
import CredentialsProvider from 'next-auth/providers/credentials'
export default NextAuth({
providers: [
CredentialsProvider({
name: 'AppName',
credentials: {
email: {label: "Email", type: "text", placeholder: "daveglow#foomail.com"},
password: { label: "Password", type: "password" },
},
async authorize(credentials, req) {
const res = await fetch(process.env.CREDENTIALS_AUTH_URL, {
method: 'POST',
body: JSON.stringify(credentials),
headers: { "Content-Type": "application/json" }
})
const user = await res.json()
if (res.ok && user) {
return user
}
return null
}
})
],
session: {
strategy: "jwt",
maxAge: 30 * 24 * 60 * 60 // 30 days
},
pages: {
signIn: '/signin',
signOut: '/signin',
error: '/signin'
},
})
But few seconds after the user login, terminal shows this message and drop the session:
[next-auth][warn][NO_SECRET] https://next-auth.js.org/warnings#no_secret
[next-auth][error][JWT_SESSION_ERROR] https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
message: 'decryption operation failed',
stack: 'JWEDecryptionFailed: decryption operation failed\n'
So, I tried to add:
secret: process.env.SECRET, //I've created using $ openssl rand -base64 32
Then I get two different messages
Browser console:
[next-auth][error][CLIENT_FETCH_ERROR]
https://next-auth.js.org/errors#client_fetch_error
VS Code Terminal:
[next-auth][error][CALLBACK_CREDENTIALS_JWT_ERROR]
https://next-auth.js.org/errors#callback_credentials_jwt_error Signin in with credentials only supported if JWT strategy is enabled UnsupportedStrategy [UnsupportedStrategyError]: Signin in with credentials only supported if JWT strategy is enabled
I tried a couple different options, but It's been so confuse.
And now, I have no clue what to do. :(
Can you help me?

I upgraded to version 4.0.1. Fixed the issue.

It is probably a bug introduced in beta 7 version of next-auth as discussed in https://github.com/nextauthjs/next-auth/issues/3216

I am not an expert. But I think this is a current problem with the library NEXT auth 4.0.0
I could solve the problem using the version "next-auth": "^3.25.0".
and followed this tutorial

Cannot read property 'Authorization' of undefined with Nuxt Auth & Axios

I have been using nuxt/auth-next and axios modules with nuxt project since last 3-4 months, everything was working fine since yesterday but now whenever I try to send axios request to public APIs without passing Authorization in headers, I get this error
Cannot read property 'Authorization' of undefined with Nuxt Auth & Axios
Attached is a screenshot of the page
below is my code in index.js store file
export const actions = {
async nuxtServerInit({ commit }, context) {
// Public profile
if (context.route.params && context.route.params.subdomain) {
context.$axios.onRequest((config) => {
config.progress = false
})
let { data } = await context.$axios.get(
`users/get_user_data_using_subdomain/${context.route.params.subdomain}`,
{
headers: {
'Content-Type': 'multipart/form-data',
},
}
)
await context.store.dispatch('artists/setPublicProfile', data.user_data)
}
},
}

This happend to me to when I was using context.app.$axios instead of context.$axios within a injection

Nuxt server is looking for config.headers.common.Authorization.
The example below is a quick win for you:
let { data } = await context.$axios.get(
`users/get_user_data_using_subdomain/${context.route.params.subdomain}`,
{
headers: {
common: null, // or something like this: context.$axios.defaults.headers?.common
'Content-Type': 'multipart/form-data',
},
}
)

Lighthouse PWA audit returns a "start_url does not respond with a 200 when offline" error

I'm having an issue with Lighthouse's PWA audit. I'm using a Service Worker sw.js that successfully caches both the offline.html fallback (for when the user has no network connection), and the start.html (which is defined as start_url in the manifest.json and is displayed if the user opens the website from the Homescreen icon).
The issue happens when I use Lighthouse to validate the PWA checklist, which throws this (only) error:
start_url does not respond with a 200 when offline
The start_url did respond, but not via a service worker.
I find this odd, because start.html is properly cached upon the service worker install process. My only guess is that the validator is trying to access start.html in offline mode before the service worker can actually cache it to the browser storage.
So, how can I validate that particular issue in Lighthouse's PWA checklist?
Here's my current code:
manifest.json
{
"name": "My Basic Example",
"short_name": "Example",
"icons": [
{
"src": "https://example.com/static/ico/manifest-192x192.png",
"sizes": "192x192",
"type": "image/png",
"purpose": "any maskable"
}
],
"start_url": "https://example.com/start.html",
"scope": "/",
"display": "standalone",
"orientation": "portrait",
"background_color": "#2196f3",
"theme_color": "#2196f3"
}
core.js
if('serviceWorker' in navigator) {
navigator.serviceWorker.register('sw.js', {
scope: '/'
}).then(function(registration) {
}).catch(function(err) {
});
navigator.serviceWorker.ready.then(function(registration) {
});
}
sw.js
//cache container
const CACHE_VERSION = 1;
const CACHE_NAME = 'cache-v' + CACHE_VERSION;
//resources
const URL_OFFLINE = 'offline.html';
const URL_START = 'start.html';
//install
self.addEventListener('install', (event) => {
event.waitUntil(
(async () => {
const cache = await caches.open(CACHE_NAME);
await Promise.all([
cache.add(new Request(URL_OFFLINE, { cache: 'reload' })),
cache.add(new Request(URL_START, { cache: 'reload' }))
]);
})()
);
//force the waiting service worker to become the active service worker
self.skipWaiting();
});
//activate
self.addEventListener('activate', (event) => {
event.waitUntil(
(async () => {
//enable navigation preload if it is supported.
//https://developers.google.com/web/updates/2017/02/navigation-preload
if('navigationPreload' in self.registration) {
await self.registration.navigationPreload.enable();
}
})()
);
//tell the active service worker to take control of the page immediately
self.clients.claim();
});
//fetch
self.addEventListener('fetch', (event) => {
//we only want to call event.respondWith() if this is a navigation request for an HTML page
if(event.request.mode === 'navigate') {
event.respondWith((async () => {
try {
//first, try to use the navigation preload response if it's supported
const preload_response = await event.preload_response;
if(preload_response) {
return preload_response;
}
//always try the network first
const network_response = await fetch(event.request);
return network_response;
} catch (error) {
//catch is only triggered if an exception is thrown, which is likely due to a network error
const cache = await caches.open(CACHE_NAME);
if(event.request.url.includes(URL_START)) {
return await cache.match(URL_START);
}
return await cache.match(URL_OFFLINE);
}
})());
}
});
Any ideas? Thanks!

#PeteLe, I tried your sample and got following failure:
Navigated to https://basic-pwa-so-1.glitch.me/
The service worker navigation preload request failed with network error: net::ERR_INTERNET_DISCONNECTED.
Looks like something was updated in Lighthouse generating the error message

rest-hapi standalone endpoint not returning handler results

Forgive me if it's a silly question, but the last time I coded in javascript was almost 20 years ago... I'm re-learning javascript these weeks and I'm not sure I got it all.
I'm using hapi with rest-hapi and want to add some standalone endpoints, basically translating the backend portion of this Autodesk tutorial form express.
I'm using the basic rest-hapi example main script, and tried to add a route with the following code:
//api/forge.js
module.exports = function(server, mongoose, logger) {
const Axios = require('axios')
const querystring = require('querystring')
const Boom = require('boom')
const FORGE_CLIENT_ID = process.env.FORGE_CLIENT_ID
const FORGE_CLIENT_SECRET = process.env.FORGE_CLIENT_SECRET
const AUTH_URL = 'https://developer.api.autodesk.com/authentication/v1/authenticate'
const oauthPublicHandler = async(request, h) => {
const Log = logger.bind('User Token')
try {
const response = await Axios({
method: 'POST',
url: AUTH_URL,
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
data: querystring.stringify({
client_id: FORGE_CLIENT_ID,
client_secret: FORGE_CLIENT_SECRET,
grant_type: 'client_credentials',
scope: 'viewables:read'
})
})
Log.note('Forge access token retrieved: ' + response.data.access_token)
return h.response(response.data).code(200)
} catch(err) {
if (!err.isBoom){
Log.error(err)
throw Boom.badImplementation(err)
} else {
throw err
}
}
}
server.route({
method: 'GET',
path: '/api/forge/oauth/public',
options: {
handler: oauthPublicHandler,
tags: [ 'api' ],
plugins: {
'hapi-swagger': {}
}
}
})
}
The code works and I can display the access_token in nodejs console, but swagger doesn't get the response:
At first I thought that an async function cannot be used as handler, but my hapi version is 17.4.0, and it supports async handlers.
What am I doing wrong?

It turns out it was an easy fix: I just needed to specify the Hapi server hostname in my main script!
The problem was with CORS, since Hapi used my machine name instead of localhost. Using
let server = Hapi.Server({
port: 8080,
host: 'localhost'
})
solved my problem.

How to use Ionic proxy in conjunction with AWS SDK

Using Ionic 4.4.0 and aws-sdk 2.157.0. I'm trying to create an S3 bucket from my local web browser, but am running into CORS problems when attempting to run the following code, method createBucketByCompanyKey():
import { Injectable } from '#angular/core';
import * as AWS from 'aws-sdk';
#Injectable()
export class AwsProvider {
private accessKeyId:string = 'myAccessKey';
private secretAccessKey:string = 'mySuperSecret';
private region:string = 'us-east-1';
constructor() {
AWS.config.update({accessKeyId: this.accessKeyId, secretAccessKey: this.secretAccessKey, region: this.region});
}
createBucketByCompanyKey(companyKey){
let s3 = new AWS.S3();
let params = {
Bucket: companyKey,
CreateBucketConfiguration: {
LocationConstraint: this.region
}
};
s3.createBucket(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
}
}
This gives me the error
Failed to load https://s3.amazonaws.com/-KwzdjmyrHiMBCqHH1ZC: Response
to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:8100' is therefore not allowed
access. The response had HTTP status code 403.
Which led me to this post here after several hours of googling. It appears I need to run ionic through a proxy. I've also tried changing my "path" to http://localhost:8100, but stuck I remain.
{
"name": "MyApp",
"app_id": "",
"type": "ionic-angular",
"integrations": {},
"proxies": [
{
"path": "/",
"proxyUrl": "https://s3.amazonaws.com/"
}
]
}
I've also come across posts telling my to download a Chrome extension that disables CORS, but that didn't work either.
Any ideas on how to setup this proxy to work with AWS' SDK?

Forget the proxies. For Mac, enter in the following in the terminal to open a Google Chrome browser with CORS disabled.
open -a Google\ Chrome --args --disable-web-security --user-data-dir
Compliments of this post.