Why is sidebase/nuxt-auth not working in production without ssr?
15:13 16 May 2025

I'm using sidebase's nuxt-auth to setup authentication, and everything works fine in development mode, but not when deployed with npm run build. Specifically, the getServerSession() function always returns null, despite on the client useAuth() working perfectly fine.

I'm using these environment variables:

export AUTH_ORIGIN="http://localhost:3000"
export AUTH_TRUST_HOST=true
export NUXT_AUTH_ORIGIN="$AUTH_ORIGIN"
export NUXT_AUTH_URL="$AUTH_ORIGIN"
export AUTH_SECRET=""
export NEXT_AUTH_SECRET="$AUTH_SECRET"
export NEXTAUTH_SECRET="$AUTH_SECRET"
export NEXTAUTH_URL="$AUTH_ORIGIN"
export CLIENT_ID=""
export CLIENT_SECRET=""

With this configuration for nuxt.config.ts:

export default defineNuxtConfig({
  compatibilityDate: "2024-11-01",
  devtools: { enabled: false },
  ssr: false,
  modules: ["@sidebase/nuxt-auth"],
  auth: {
    globalAppMiddleware: false,
    provider: {
      type: "authjs",
      defaultProvider: "github",
      addDefaultCallbackUrl: true,
    },
    baseURL: 'http://localhost:3000/api/auth',
  },
});

And this for server/api/auth/[...].ts:

import GithubProvider from "next-auth/providers/github";
import { NuxtAuthHandler } from "#auth";

export default NuxtAuthHandler({
  secret: process.env.AUTH_SECRET,
  providers: [
    // @ts-expect-error Use .default here for it to work during SSR.
    GithubProvider.default({
      clientId: process.env.CLIENT_ID,
      clientSecret: process.env.CLIENT_SECRET,
    }),
  ],
  cookies: {
    sessionToken: {
      name: 'next-auth.session-token',
      options: {
        httpOnly: false,
        sameSite: 'lax',
        path: '/',
        secure: false,
      }
    }
  },
  callbacks: {
    async signIn({ user, account, profile }) {
      const role = await $fetch(
        `/api/role/${(profile as any).login as string}`,
      );

      return role && role != "unknown";
    },
    jwt({ token, account, profile }) {
      if (profile && account) {
        token.username = (profile as any).login as string;
        token.id = (profile as any).id as number;
      }

      return token;
    },
    async session({ session, token }) {
      const role = await $fetch(`/api/role/${token.username}`);
      return {
        ...session,
        user: {
          name: token.username as string,
          id: token.id,
          role,
        },
      };
    },
  },
});

Lastly, I am also using the newest version of @sidebase/nuxt-auth, with the newest recommended version of next-auth.

I have tried for hours to troubleshoot the problem, but nothing has worked. Can anyone help? Also, I’m fully aware that there are security holes in my code, but I just want it to work before patching them.

I’ve tried playing around with environment variables, changing the config, and the only piece of advice I have seen is to enable SSR which is something I just can’t do.

vue.js oauth-2.0 nuxt3.js next-auth nuxt-auth