Skip to content

Fix: Prevent TypeError when config.providers is undefined #13002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix: Prevent TypeError when config.providers is undefined #13002

wants to merge 2 commits into from

Conversation

Matty-H
Copy link

@Matty-H Matty-H commented May 24, 2025

What does this PR do?

This pull request addresses a runtime error encountered when using @auth/express, specifically:

TypeError: Cannot read properties of undefined (reading 'map')
    at setEnvDefaults (.../node_modules/@auth/core/lib/utils/env.js:45:41)

Root Cause

The error is caused by the config.providers field being undefined when passed to getSession. The setEnvDefaults function in @auth/core/lib/utils/env.js expects config.providers to be an array and attempts to call .map() on it without null/undefined validation.

This happens when providers: [] is forgotten in the auth configuration, causing the server to crash instead of gracefully handling the missing field.

Fix

This PR adds defensive programming to handle cases where config.providers is undefined or omitted. The fix ensures that even when providers is forgotten in the auth configuration, the server won't crash:

// Before: Would crash if providers was omitted
const authConfig = {
  secret: process.env.AUTH_SECRET,
  trustHost: true,
  // providers: [] // ❌ If forgotten, causes TypeError
};

// After: Safe even if providers is omitted
// The fix handles this scenario gracefully

Why it matters

This change prevents server crashes when developers accidentally omit the providers field from their auth configuration. Instead of failing with a cryptic TypeError, the application continues to work, making the developer experience much more forgiving.

Notes

This change does not modify provider behavior or add any new functionality — it simply ensures the default structure expected by the underlying library is respected.

@Matty-H
Fix `Erreur session: TypeError: Cannot read properties of undefined (…
e4025ea 
…reading 'map')` when `Providers: []` is not provided
@Matty-H Matty-H requested a review from ThangHuuVu as a code owner May 24, 2025 10:27
@vercel Vercel
Copy link

vercel bot commented May 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 24, 2025 4:28pm
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview May 24, 2025 4:28pm

@vercel Vercel
Copy link

vercel bot commented May 24, 2025

@Matty-H is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label May 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Matty-H