I have a idea to fix the next-auth error when you return null in the authorize function in the next-auth v5@beta version (error: [auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror [auth][cause]: Error ,at Module.callback ))

[BertramYe]

Goals

1.to let user can customise the signIn details of the authorize functions not to directly stupidly thow the error
2.
3.

Non-Goals

Background

as when I use the next-auth@beta to customise the signIn actions with the functions of the authorize,just like below to return null ,which stands login failed or credentails invalid, it will directly throw an error like below:

next-auth version: "next-auth": "^5.0.0-beta.20"

const { handlers:{ GET, POST }, signIn, signOut, auth } = NextAuth({
    providers: [
        Credentials({
            async authorize(credentials,req) {
                // pretend that there were some of the codes to verify the user Credentials
                return null
            },
        })
    ],
    ................
    secret:process.env.AUTH_SECRET 
})

and also I have found the source code from the path(node_modules/@auth/core/lib/actions/callback/index.js ) where throw the error above , as we can see the details is here below:

and also as we can see the class of the CredentialsSignin just inherited from the Error class

but as we can see the callback functions already included the try...... catch....... logicals , here below in the souce code,

so in my opptions , there was totally stupid and redundant to thow this customise class (CredentialsSignin ),even thougth the coder know the user credentials' valid or not, and know how to handle the invalid credentails return, otherwise, you team still want keep thow this stupid and redundant customised class (CredentialsSignin ) , we should add a statement to judge the user object that the function authorize return is empty or not, I mean the ( user==null? thow new CredentialsSignin : (Object.keys(user).length ==0 ? do nothing: let the user login ))

Proposal

yes, to fix the error above , I think there should be two solutions here below:

solutuions 1: commented or remove the throw new CredentialsSignin(); from the souce code node_modules/@auth/core/lib/actions/callback/index.js when the user == null, which is totallly redundant, because the callback functions already include the try....catch ...... logical
just like here below:

// node_modules/@auth/core/lib/actions/callback/index.js
........
if (!user)
                // throw new CredentialsSignin();   // remove this `stupid` and `redundant` throw 
else
      user.id = user.id?.toString() ?? crypto.randomUUID();
......

and also , the coder can cutomised the authorize functions as they likes, just like here below:

// it dosen't matter  to use or not use the `try ... catch ... ` logical 
const { handlers:{ GET, POST }, signIn, signOut, auth } = NextAuth({
    providers: [
        Credentials({
            async authorize(credentials,req) {
                try{
                      // do some of the credentails verify actions
                      return user      // credentials valid
                }catch(error){
                      //  here the code can handle the error themselves
                 }
                return null   // means the credentials invalid
            },
        })
    ],
    ................
    secret:process.env.AUTH_SECRET 
})

solutions 2: also you can keep the stupid and redundant class throw CredentialsSignin(); and just change the in the souce ( from the souce code node_modules/@auth/core/lib/actions/callback/index.js) like here below:

// node_modules/@auth/core/lib/actions/callback/index.js
.......
if (!user)
        throw new CredentialsSignin();   //don't remove this `stupid` and `redundant` throw 
else{
      if(Object.keys(user).length == 0){
            // just stand that the coder know that the credentails is invalid, do nothing 
     }else{
           user.id = user.id?.toString() ?? crypto.randomUUID();
      }
}

........

so that when the coder use the authorize functions just like here below:

const { handlers:{ GET, POST }, signIn, signOut, auth } = NextAuth({
    providers: [
        Credentials({
            async authorize(credentials,req) {
                // do some of the credentails verify actions to get user
                return user      // the user is not empty , means credentials  valid , the user is empty, means the credentials invalid

               // also, the code can do the logical like here below:    
                   const user = ......    // do some of the credentails verify actions to get user objects
                  if(Obejcts.keys(user).length === 0) {
                            return {}    // retrun an empty objects
                      }
                  else{
                        retrun user     // return an not ampty objects
                   }
            },
        })
    ],
    ................
    secret:process.env.AUTH_SECRET 
})

[MakFly]

So even if we do this, it will return a 200 in the server action which calls, for example in my case, the await signin method.

So when the client component returns, I'll get a success alert when I normally wouldn't.

How can I manage this? I don't really have any ideas at the moment apart from making 2 call api. One before the signin method which will check if the credentials are ok and then I redo one in nextAuth.

Yes, I'm calling a remote api.

[BertramYe]

ok, it's easy, just no need do anything , and change the code like below，and also , you just need return null if you customised verification is invalid,

Credentials({
            name:'credentials',
            async authorize(credentials,request) {  
                try {
                    // pretended your own verification logical, if valid retrun user, otherwise, return null
                     const user = await doSomethingOfVerified()
                      return user         // you  own logical valid
                   
                } catch (err) {
                    // throw new customError("login failed, something went wrong !!!!")
                    return null
                }
                return null       // you own logical   invalid 
            },
        })

and then just do a little change in the files : node_modules/@auth/core/lib/actions/callback/index.js, the details just like below:
replace the code of the throw new CredentialsSignin() with the return { redirect:new URL(headers.referer),cookies}

[h-rajabi]

i try this and this not working , user just login and create a token instead return error to client

[BertramYe]

no, can you show me your code?, just a noted, you should defined the error youself, and in this way, it will avoid the error [auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror [auth][cause]: Error ,at Module.callback show up in your backend when you return null in the function of the authorize , and the user won't login, and also the page won't redirect to another page

[h-rajabi]

#11747 I write all my code in this issuse
If i got right ,you say i must show up error in backend And can't handle this for don't show any error in log server ?

[h-rajabi]

i fixed ,as you say i change my library code ,first thing You must pay attention redirect in signIn must true so nextauth try to redirect you but it cant and give 303 res so you must go to your action file and when you in try catch throw error just must be change to anything you want like return {validate :false,message :"username or passeord is not correct"} and in your page show to user

now see error is gone and evryithing work as well

now we can handle error from api

[BertramYe]

yeah， correct, that's what I want to say and done in my own project, and also in the future, I'm going to develop a new lib which just give out the customised result, not the response page like current lib of the "Next-AUTH", because I really get tired of the current stupid next-auth lib which only redirect and return to their customised page , but we can't easily customise the auth page we want, to be honest, just give out the auth response result is much better than help redirect to the customised page ........