signIn with redirect: false returns invalid response on error

[makkeu]

Environment

System:
OS: macOS 13.0.1
CPU: (10) arm64 Apple M1 Pro
Memory: 101.13 MB / 32.00 GB
Shell: 3.5.1 - /opt/homebrew/bin/fish
Binaries:
Node: 16.18.1 - ~/.local/share/nvm/v16.18.1/bin/node
npm: 9.2.0 - ~/.local/share/nvm/v16.18.1/bin/npm
Browsers:
Chrome: 108.0.5359.98
Firefox: 107.0.1
Safari: 16.1
Safari Technology Preview: 16.4
npmPackages:
next: ^13.0.6 => 13.0.6
next-auth: ^4.18.6 => 4.18.6
react: ^18.2.0 => 18.2.0

Reproduction URL

https://codesandbox.io/s/beautiful-heisenberg-myfm11?file=/pages/auth/signin.tsx

Describe the issue

signIn method with { redirect: false } and invalid credentials produces an invalid response:

{
  error: "CredentialsSignin",
  ok: true,
  status: 200,
  url: null
}

According to docs (https://next-auth.js.org/getting-started/client#using-the-redirect-false-option), response should be

   error: "CredentialsSignin",
   ok: false,
   status: 401,
   url: null

This seems to break with 4.18.1 version, 4.18.0 is fine.

How to reproduce

• Include a credentials provider and return null from authorize callback.
• Call const response = await signIn('cred_test', { username: 'invalid', password: 'invalid', redirect: false, callbackUrl: '/})
• Check the response: {error: "CredentialsSignin", status: 200, ok: true, url: null}

Expected behavior

Response should include {error: "CredentialsSignin", status: 401, ok: false, url: null}

[arvl130]

It looks like this issue is fixed in v4.18.7.

I'm getting the correct result already:

{
  error: "CredentialsSignin",
  status: 401,
  ok: false,
  url: null
}

[tomas223]

I am having similar issue on v5.0.0-beta.25.

The returned response looks something like this:

{
    "error": "CredentialsSignin",
    "code": "credentials",
    "status": 200,
    "ok": true,
    "url": null
}

That could be solvable easily, but the bigger issue is that the credentials POST response has status code 200, so the browser also thinks the response was a success.