Cookie errors using next-auth

I have Nuxt 3 app that is using the @sidebase/nuxt-auth library to add user authentication. That library is itself a wrapper around the next-auth library, but adapts it to work with Nuxt 3.

The app is: https://ctg-main-dev.netlify.app

User authentication is working 100% fine on my local machine. But I’m hitting a strange issue when deployed to Netlify. The entire OAuth flow works up until the very last step of setting the __Secure-next-auth.session-token at the very end of the auth exchange.

I have verified that:

• All the configuration on the OAuth provider side is correct
• All the deployment steps required for deploying next-auth are done
• I can see the full OAuth exchange happen successfully… the callback back to my app is successful. I can see my user found. I see in the DB that a new session ID is created. And I can see that the __Secure-next-auth.session-token cookie is attempted to be set (see screenshot).

CleanShot 2023-08-09 at 20.15.051507×540 111 KB

However, the cookie is not persisted in the browser for some reason, and so the authentication does not succeed and I remain logged out.

Even more strange is that if I deploy the exact same app/code/configuration to Vercel it works perfectly fine. So it seems that something on the Netlify side is interrupting this cookie from being set properly, but I cannot figure out what it is.

Hi @bweisel,

We’re also discussing this in the helpdesk. So we’ll continue there.

Posting this here in case it’s helpful to anyone else trying to deploy to Netlify.

This issue is/was caused by a bug in Nitro with how the set-cookie headers were handled. It was fixed just recently here: https://github.com/unjs/nitro/pull/1452.

As of writing this, that fix is not yet in a new tagged release of Nitro, but you can pull in the latest edge release by adding this in your package.json file:

"resolutions": {
  "nitropack": "npm:nitropack-edge@latest"
}

Thank you for the help @hrishikesh