I’m using the credentials provider of Auth.js for signing in users to a Next.js app. The sign in is working as calling auth() returns an object once signed in where previously it was null.

// not signed in
const session = await auth();
console.log(session)
// null

// signed in
const session = await auth();
console.log(session)
// { user: {}, expires: '2024-07-28T14:03:13.208Z' }

What I’m interested in is why user is an empty object {} and what it should be instead. Note, my expectation may be wrong as a result of misunderstanding the patterns at work here.

I don’t have direct access to the project’s database. I have to hit a specific endpoint of an API. The API returns something like this (obfuscated for brevity).

{
  result: { status_code: 0, status: 'Ok', message: 'Sign in' },
  payload: {
    data: {
      auth: [Object],
      refresh_token: [Object],
      user: [Object],
      project: [Object]
    }
  }
}

The auth property and refresh_token properties contain bearer and refresh tokens respectively. The user and project properties contain the information I’m interested in about the signed in user.

How do these properties relate to the session? How should they relate to the session? Are they not the ‘session’? It’s my assumption that the user property of what auth() returns should contain everything I want to know about the user and also reference my bearer and refresh tokens (to be injected in further api calls etc).

Or, am I just misunderstanding the patterns/concepts here?

Here is auth.ts

import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";

export const {
  handlers: { GET, POST },
  auth,
  signIn,
  signOut
} = NextAuth({
  session: {
    strategy: "jwt",
  },
  providers: [
    CredentialsProvider({
      async authorize(credentials){
        try {
          const login = await fetch(`https://some_project/login`, {
            method: "POST",
            headers: {
              "Content-Type": "application/json",
            },
            body: JSON.stringify(credentials),
          });
          const user = await login.json();
          console.log(user);
          return user;
        } catch (error) {
          throw new Error("")
        }
      }
    })
  ]
})

In other words, how do/how should user returned in the above and user of the session object relate?