How to handle oauth callback errors

[kirkegaard]

Our oauth service does a few checks on our users and will return an error code based on the current status of the user. Say a user is blocked the oauth service will return { error: "USER_BLOCKED" } or rather http://localhost/api/auth/callback/{provider}?error=USER_BLOCKED. However nextauth seems to swallow errors and return a default error like http://localhost/auth/login?callbackUrl=http%3A%2F%2Flocalhost%2Fauth%2Flogin&error=Callback#_=_ which is not useable for us. I rather have /auth/login?error=USER_BLOCKED.

Just found this issue and it looks a lot like the same we're experiencing. But its a quite old issue so..
#1819

An example of the log when a user cancels a signin. How can i access error_description or forward it to the frontend?

[next-auth][error][OAUTH_CALLBACK_HANDLER_ERROR]
https://next-auth.js.org/errors#oauth_callback_handler_error access_denied {
  error: {
    message: 'access_denied',
    stack: 'Error: access_denied\n' +
      '    at oAuthCallback (.../node_modules/next-auth/core/lib/oauth/callback.js:39:19)\n' +
      '    at Object.callback (.../node_modules/next-auth/core/routes/callback.js:52:39)\n' +
      '    at AuthHandler (.../node_modules/next-auth/core/index.js:208:41)\n' +
      '    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n' +
      '    at async NextAuthApiHandler (.../node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async NextAuth._args$ (.../node_modules/next-auth/next/index.js:106:14)\n' +
      '    at async .../node_modules/@sentry/nextjs/cjs/server/wrapApiHandlerWithSentry.js:139:35',
    name: 'Error'
  },
  error_description: 'mitid_user_aborted',
  providerId: 'mitid',
  message: 'access_denied'
}
[next-auth][error][OAUTH_CALLBACK_ERROR]
https://next-auth.js.org/errors#oauth_callback_error access_denied {
  message: 'access_denied',
  stack: 'Error: access_denied\n' +
    '    at oAuthCallback (.../node_modules/next-auth/core/lib/oauth/callback.js:39:19)\n' +
    '    at Object.callback (.../node_modules/next-auth/core/routes/callback.js:52:39)\n' +
    '    at AuthHandler (.../node_modules/next-auth/core/index.js:208:41)\n' +
    '    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n' +
    '    at async NextAuthApiHandler (.../node_modules/next-auth/next/index.js:22:19)\n' +
    '    at async NextAuth._args$ (.../node_modules/next-auth/next/index.js:106:14)\n' +
    '    at async .../node_modules/@sentry/nextjs/cjs/server/wrapApiHandlerWithSentry.js:139:35',
  name: 'Error'
}
[next-auth][debug][OAUTH_CALLBACK_HANDLER_ERROR] { body: '' }

The only way ive found to actually catch the error is by hijacking the requests to nextauth like below, but it seems veeeery hacky. Is there no other way?

export default async (req, res) => {
  if (
    req.method === "GET" &&
    req.url.startsWith(`/api/auth/callback/omnigame?error=`)
  ) {
    const isErrorCallback = req.query?.error && req.query?.error_description;
    if (isErrorCallback) {
      const query = req.query;
      console.error("Provider error: ", query.error);
      console.error("Provider error_description: ", query.error_description);
      return res.redirect("/auth/login");
    }
  }

  const authOptions = {
    providers: [
      CredsProvider,
      MitIDProvider,
    ],

    pages: {
      signIn: "/auth/login",
      signOut: "/auth/logout",
    },

    session: {
      strategy: "jwt",
      maxAge: 3600,
    },

    debug: process.env.NODE_ENV === "development",

    callbacks: { /*...*/ }
  };

  return await NextAuth(req, res, authOptions);
};

[jacobmaizel]

Still nothing on this? Is there really no way to access callback error details?

[nmaddp1995]

I really need this one.
Anybody can solve this?

[kirkegaard]

We ended up doing something like

import NextAuth from "next-auth";
import { authOptions } from "@utils/auth";

export default async (req, res) => {
  if (req.method === "GET" && req.url.includes("callback")) {
    if (req.query?.error && req.query?.error_description) {
      return res.redirect(`/auth/login?error=${req.query.error_description}`);
    }
  }

  return await NextAuth(req, res, authOptions);
};