I'm trying to update a user session via NextAuth.js v5 using JWT strategy.

My end goal is switch to another active company in server side. As I use their unstable_update function and it actually triggers my JWT callback.

    async jwt({ token, user, trigger, session }) {
      if (user) {
        const userId = token.sub as string;
        const user = await prisma.user.findUnique({
          where: { id: +userId },
        });
        token.role = user?.role as Role;
        token.username = user?.username as string;
        token.firstName = user?.firstName as string;
        token.lastName = user?.lastName as string;
        token.activeCompanyId = user?.activeCompanyId;
      }
      if (trigger === 'update') {
        console.log('Update triggered, session:');
        console.log(session);
        token.activeCompanyId = session.user.activeCompanyId;
      }
      return token;
    },
    async session({ token, session }: { token: JWT; session: Session }) {
      console.log('Token in session callback');
      console.log(token);
      const userId = token.sub as string;
      session.user.userId = +userId;
      session.user.role = token.role as Role;
      session.user.firstName = token.firstName;
      session.user.lastName = token.lastName;
      session.user.username = token.username;
      session.user.activeCompanyId = token.activeCompanyId;
      return session;
    },
  }

After it was triggered my session was updated, but with the other call of session it was nullified, and the final result in session.user.activeCompanyId is null. Am I doing it correctly?

I'm trying to update a user session via NextAuth.js v5 using JWT strategy.

My end goal is switch to another active company in server side. As I use their unstable_update function and it actually triggers my JWT callback.

    async jwt({ token, user, trigger, session }) {
      if (user) {
        const userId = token.sub as string;
        const user = await prisma.user.findUnique({
          where: { id: +userId },
        });
        token.role = user?.role as Role;
        token.username = user?.username as string;
        token.firstName = user?.firstName as string;
        token.lastName = user?.lastName as string;
        token.activeCompanyId = user?.activeCompanyId;
      }
      if (trigger === 'update') {
        console.log('Update triggered, session:');
        console.log(session);
        token.activeCompanyId = session.user.activeCompanyId;
      }
      return token;
    },
    async session({ token, session }: { token: JWT; session: Session }) {
      console.log('Token in session callback');
      console.log(token);
      const userId = token.sub as string;
      session.user.userId = +userId;
      session.user.role = token.role as Role;
      session.user.firstName = token.firstName;
      session.user.lastName = token.lastName;
      session.user.username = token.username;
      session.user.activeCompanyId = token.activeCompanyId;
      return session;
    },
  }

After it was triggered my session was updated, but with the other call of session it was nullified, and the final result in session.user.activeCompanyId is null. Am I doing it correctly?

• javascript
• session
• next.js
• oauth
• jwt

1 Answer 1

As the documentation says: The arguments user, account, profile and isNewUser are only passed the first time this callback is called on a new session, after the user signs in. In subsequent calls, only token will be available.

So, you should only assign token.activeCompanyId if session != null.

I'ld expect that the session argument received in the session callback still has the user.activeCompanyId value, so I don't think you need to parse it from token at all.