Next App Router use JWT as bearer token

[c0rdeiro]

Hey, so I'm using next app router and I already have a session working. The problem is that I need to call an external API with the JWT as the bearer token but I cannot access it.
I've seen this problem fix nextauthjs/next-auth#1290, but I'm not being able to retrieve any access token on siwe callback, and I'm not sure if this is possible for web3 auth or if I should do something differently
This is my config

export const authOptions: NextAuthOptions = {
  providers: [
    CredentialsProvider({
      name: 'Ethereum',
      credentials: {
        message: {
          label: 'Message',
          type: 'text',
          placeholder: '0x0',
        },
        signature: {
          label: 'Signature',
          type: 'text',
          placeholder: '0x0',
        },
      },
      async authorize(credentials, req) {
        try {
          const siwe = new SiweMessage(JSON.parse(credentials?.message || '{}'))
          const nextAuthUrl = new URL(throwIfUndefined(process.env.NEXTAUTH_URL, 'Env NEXTAUTH_URL is undefined'))
          const result = await siwe.verify({
            signature: credentials?.signature || '',
            domain: nextAuthUrl.host,
            nonce: await getCsrfToken({ req: { headers: req.headers } }),
          })
          console.log('AUTHORIZE', { siwe, result })
          if (result.success) {
            return {
              id: siwe.address,
            }
          }
          return null
        } catch (e) {
          return null
        }
      },
    }),
  ],
  session: {
    strategy: 'jwt',
  },
  secret: process.env.NEXTAUTH_SECRET,
  callbacks: {
    async jwt({ token, account, profile, user, trigger }) {
      // Persist the OAuth access_token and or the user id to the token right after signin
      console.log('JWT CALLBACK', { token, account, profile, user, trigger })
      if (account) {
        token.accessToken = account.access_token
      }
      return token
    },
    async session({ session, token }: { session: Session; token: JWT }) {
      session.user = token
      return session
    },
  },
}

[magiziz]

@c0rdeiro I would suggest that you handle all the jwt and verification with siwe on backend (server-side). It's kind of complicated and might introduce security risk if you were to do this in client side.

Here is what i would do:

1. Use siwe on frontend to sign the message and get back signature
2. On your backend auth api make sure to get that signature, verify it and then if it's valid pass back bearer token to frontend
3. Frontend gets that bearer token and keeps the user signed in

Remember this is just an example you might have your own database structure and custom logics as well.

Does that answer your question ?

[c0rdeiro]

Thank you for the reply, we ended up doing things differently archiqueture wise so this was not a problem anymore