Deleting session fails when using a custom PK and SK attribute name with the DynamoDB Adapter

[arvl130]

Adapter type

@auth/dynamodb-adapter

Environment

  System:
    OS: Linux 6.4 Arch Linux
    CPU: (4) x64 Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
    Memory: 7.39 GB / 11.50 GB
    Container: Yes
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.16.0 - /usr/bin/node
    Yarn: 1.22.19 - /usr/bin/yarn
    npm: 8.19.2 - /usr/bin/npm
    pnpm: 8.6.2 - /usr/bin/pnpm
    Watchman: 20230615.184443.0 - /usr/bin/watchman
  Browsers:
    Brave Browser: 114.1.52.129
    Chromium: 114.0.5735.198

Reproduction URL

https://github.com/arvl130/nextauth-bug-repro-dynamodb-delete-session

Describe the issue

When using the Next Auth DynamoDB adapter with a custom primary key (PK) and sort key (SK) attribute name, deleting the session (e.g. during sign out) fails with a SIGNOUT_ERROR.

On the frontend the sign out will still continue, but the following stack trace will be printed on the terminal:

[next-auth][error][adapter_error_deleteSession]
https://next-auth.js.org/errors#adapter_error_deletesession The number of conditions on the keys is invalid {
  message: 'The number of conditions on the keys is invalid',
  stack: 'ValidationException: The number of conditions on the keys is invalid\n' +
    '    at throwDefaultError (/home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+smithy-client@1.0.4/node_modules/@smithy/smithy-client/dist-cjs/default-error-handler.js:8:22)\n' +
    '    at /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+smithy-client@1.0.4/node_modules/@smithy/smithy-client/dist-cjs/default-error-handler.js:18:39\n' +
    '    at de_DeleteItemCommandError (/home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+client-dynamodb@3.363.0/node_modules/@aws-sdk/client-dynamodb/dist-cjs/protocols/Aws_json1_0.js:741:20)\n' +
    '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
    '    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+middleware-serde@1.0.2/node_modules/@smithy/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24\n' +
    '    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+lib-dynamodb@3.365.0_@aws-sdk+client-dynamodb@3.363.0_@aws-sdk+types@3.357.0/node_modules/@aws-sdk/lib-dynamodb/dist-cjs/baseCommand/DynamoDBDocumentClientCommand.js:26:34\n' +
    '    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+middleware-signing@3.363.0/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20\n' +
    '    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+middleware-retry@1.0.4/node_modules/@smithy/middleware-retry/dist-cjs/retryMiddleware.js:27:46\n' +
    '    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+middleware-logger@3.363.0/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26\n' +
    '    at async deleteSession (file:///home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@auth+dynamodb-adapter@1.0.0_@aws-sdk+client-dynamodb@3.363.0_@aws-sdk+lib-dynamodb@3.365.0/node_modules/@auth/dynamodb-adapter/index.js:410:25)',
  name: 'ValidationException'
}
[next-auth][error][SIGNOUT_ERROR]
https://next-auth.js.org/errors#signout_error The number of conditions on the keys is invalid ValidationException: The number of conditions on the keys is invalid
    at throwDefaultError (/home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+smithy-client@1.0.4/node_modules/@smithy/smithy-client/dist-cjs/default-error-handler.js:8:22)
    at /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+smithy-client@1.0.4/node_modules/@smithy/smithy-client/dist-cjs/default-error-handler.js:18:39
    at de_DeleteItemCommandError (/home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+client-dynamodb@3.363.0/node_modules/@aws-sdk/client-dynamodb/dist-cjs/protocols/Aws_json1_0.js:741:20)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+middleware-serde@1.0.2/node_modules/@smithy/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+lib-dynamodb@3.365.0_@aws-sdk+client-dynamodb@3.363.0_@aws-sdk+types@3.357.0/node_modules/@aws-sdk/lib-dynamodb/dist-cjs/baseCommand/DynamoDBDocumentClientCommand.js:26:34
    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+middleware-signing@3.363.0/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20
    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@smithy+middleware-retry@1.0.4/node_modules/@smithy/middleware-retry/dist-cjs/retryMiddleware.js:27:46
    at async /home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@aws-sdk+middleware-logger@3.363.0/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26
    at async deleteSession (file:///home/arvl/src/nextauth-bug-repro-dynamodb-delete-session/node_modules/.pnpm/@auth+dynamodb-adapter@1.0.0_@aws-sdk+client-dynamodb@3.363.0_@aws-sdk+lib-dynamodb@3.365.0/node_modules/@auth/dynamodb-adapter/index.js:410:25) {
  name: 'DeleteSessionError',
  code: undefined
}

Inspecting the contents of the database confirms the error printed on the terminal. Sessions are not properly deleted due to a validation error.

From my investigation, this is because the deleteSession function of the adapter always uses pk and sk as the primary key (PK) and sort key (SK) attribute name, even when a custom PK and SK are defined.

How to reproduce

Here are the general steps to reproduce this issue:

1. You will need to run a local instance of DynamoDB. Follow the instructions here to get it setup and have it running on your computer.

2. Next, create a table following the schema in the documentation. Make sure to change PK and SK attribute name. Otherwise, the issue won't be observed.

3. Create a Next.js application and setup Next Auth using any provider (I'm using GitHub in my repro). Use the DynamoDB Adapter with a custom partition key and sort key.

const adapter = DynamoDBAdapter(dynamodbDocument, {
  tableName: "CustomTableName",
  partitionKey: "CustomPK", // required
  sortKey: "CustomSK", // required
  indexName: "CustomGSI1",
  indexPartitionKey: "CustomGSI1PK",
  indexSortKey: "CustomGSI1SK",
})

NOTE: You may use the project I've linked for this step.

4. Once the Next Auth application is set up, run the application and sign in with any user.
5. Sign out and observe the terminal.
6. The stack trace shown above will appear along with a SIGNOUT_ERROR.
7. You can check the database contents using the command below and see that the previous session has not been deleted.

aws dynamodb --endpoint-url http://localhost:8000 scan --table-name <table_name>

Expected behavior

Deleting a session from the database should not fail.

I already have a branch that fixes this issue. If you'd like me to send a PR or if you have any suggestions on how it should be fixed, please let me know.