azure active directory – Why does my AzureAD next-auth provider generate an access token that is encrypted?

I am using next-auth with AzureAD as a provider. This is a snippet of my authOptions

export const authOptions: NextAuthOptions = {
  providers: [
    AzureADProvider({
      clientId: process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID ?? "",
      clientSecret: process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_SECRET ?? "",
      tenantId: process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID ?? "",
    })
  ],
  pages: {
    signIn: '/auth/signin',
  },
  callbacks: {
    async jwt({ token, account }) {
      if (account) {
        // Store the token received from Azure AD
        token.accessToken = account.access_token;
      }
      return token;
    },
    async session({ session, token }) {
      session.accessToken = token.accessToken;
      return session;
    },
  },
};

And even though I set my “tokenEncryptionKeyId”: null, the generated token I find in my cookies is a JWE not a JWT and I don’t have any key to decrypt it. Any leads?

Read more here: Source link