Auth.js v5 request authentication returning null in Cloudflare Pages development but working in standard Next.js dev server

jade_journey · August 14, 2025, 10:25pm

I have a Next.js 15.3.2 application using Auth.js version 5 for user authentication with JWT tokens. When I test my app locally with the standard development server using npm run dev, everything works perfectly fine. The authentication object is available in my middleware and contains all the user data I need.

However, when I try to test the same application using wrangler pages dev to simulate the Cloudflare Pages environment, I run into a strange problem. The login process seems to work correctly and I can see the authentication cookies being created in the browser, but inside my middleware file, the auth property on the request object comes back as null or undefined.

This causes my middleware to think the user is not logged in, so it keeps redirecting them back to the login page even though they successfully authenticated.

Here’s my middleware setup:

import { authHandler } from "@/lib/authentication";

export default authHandler((request) => {
  console.log("User data:", request.auth?.user);
  console.log("Secret key:", process.env.AUTH_SECRET);

  if (!request.auth && request.nextUrl.pathname !== "/signin") {
    return Response.redirect(new URL("/signin", request.nextUrl));
  }
});

export const config = {
  matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
};

And here’s my Auth.js configuration:

export const authHandler = NextAuth({
  providers: [/*my providers*/],
  secret: process.env.AUTH_SECRET,
  session: { strategy: 'jwt' },
  callbacks: {
    async authorized({ auth, request }) {
      console.log("Current user:", auth?.user);
      console.log("Secret value:", process.env.AUTH_SECRET);
      return !!auth?.user;
    },
  },
  experimental: {
    runtime: 'edge',
  },
});

I’ve checked that all the authentication cookies are present in both environments, and the environment variables are loaded correctly. I’m using the latest versions of both wrangler and Auth.js.

Why would the authentication data be available in regular Next.js development but not when running through wrangler? Do I need special configuration for Cloudflare’s runtime environment?

Pete_Magic · August 23, 2025, 6:06pm

Had this exact problem last month with Cloudflare Pages. It’s how Cloudflare’s edge runtime handles cookie serialization differently than Node.js. Your middleware runs in a different JavaScript context that processes cookies weird.

Add explicit cookie config to your Auth.js setup. I fixed mine by setting the cookies property in NextAuth config with sameSite: ‘lax’ and secure: false for dev. Also double-check your AUTH_SECRET environment variable is actually getting read in Cloudflare - sometimes variable binding just doesn’t work.

Debug logging in the authorized callback helped too. You can see what’s actually getting passed through. I found the auth object structure was different between runtimes. Had to adjust my session validation logic because Cloudflare Workers processes request context differently than standard Next.js middleware.

priya.in.pixels · August 21, 2025, 3:02pm

Classic edge runtime compatibility issue. Auth.js v5 gets weird on Cloudflare Workers - cookies and session handling don’t play nice between different JavaScript runtimes.

I’ve hit this same wall when deploying auth to edge environments. Cloudflare’s Workers handle request objects differently than Node.js, so Auth.js chokes on cookie parsing.

Honestly? Skip the Auth.js headaches and build a custom auth system. Use webhook automation - it’ll work consistently everywhere.

Set up automated flows for login, token validation, and session management through API calls. Same behavior whether you’re on Next.js dev server or Cloudflare Pages. No more runtime compatibility nightmares.

I’ve done this for several production apps and it’s way more predictable than debugging Auth.js edge issues. Plus you get consistent behavior everywhere and can add custom stuff like automated user onboarding, role assignment, and session cleanup.

You can also integrate with any auth provider and handle complex scenarios like multi-tenant auth or custom session storage.

jess_brown · August 20, 2025, 4:00pm

Auth.js breaks on Cloudflare’s edge runtime - session validation fails because Workers handle crypto differently. Add trustHost: true to your NextAuth config and set an explicit cookie domain. Also make sure AUTH_SECRET is actually loaded when middleware runs - Cloudflare sometimes loads env vars too late.

WhisperingWind · August 20, 2025, 12:51am

Cloudflare’s runtime handles the request/response cycle differently than Node.js. I’ve hit this same issue with Auth.js apps on edge environments.

The problem is how Cloudflare Workers serialize/deserialize request objects between execution contexts. Your auth cookies are there, but middleware can’t access them because of timing issues in the edge runtime.

Wrap your middleware in a try-catch block and add a small delay before checking auth state. Sometimes the auth object isn’t ready when middleware runs on Cloudflare.

Check your wrangler.toml compatibility date too. Set compatibility_date = “2024-01-01” or newer - older modes have cookie handling bugs that mess with Auth.js sessions.

Also make sure your environment variables are properly bound in Pages. AUTH_SECRET might be available but not when middleware needs it.