fix(AuthjsAuthStrategy): Respect auth.depth option of users collection

Author: CrawlerCode

packages/dev/package.json

@@ -19,6 +19,7 @@
     "@payloadcms/ui": "3.31.0",
     "@tailwindcss/postcss": "^4.0.16",
     "clsx": "^2.1.1",
+    "graphql": "^16.10.0",
     "jsonwebtoken": "^9.0.2",
     "next": "15.2.4",
     "next-auth": "5.0.0-beta.25",
@@ -33,6 +34,7 @@
     "tailwindcss": "^4.0.16"
   },
   "devDependencies": {
+    "@payloadcms/graphql": "3.31.0",
     "@types/jsonwebtoken": "^9.0.9",
     "@types/react": "19.0.12",
     "dotenv": "^16.4.7",

packages/dev/src/payload-types.ts

@@ -173,6 +173,7 @@ export interface User {
 export interface Example {
   id: number;
   someField?: string | null;
+  author?: (string | null) | User;
   updatedAt: string;
   createdAt: string;
 }
@@ -293,6 +294,7 @@ export interface UsersSelect<T extends boolean = true> {
  */
 export interface ExamplesSelect<T extends boolean = true> {
   someField?: T;
+  author?: T;
   updatedAt?: T;
   createdAt?: T;
 }

packages/dev/src/payload/collections/examples.ts

@@ -1,7 +1,7 @@
 import type { CollectionConfig } from "payload";
 import { hasRole } from "../access/hasRole";
 
-const Examples: CollectionConfig = {
+const Examples: CollectionConfig<"examples"> = {
   slug: "examples",
   admin: {
     useAsTitle: "someField",
@@ -17,6 +17,12 @@ const Examples: CollectionConfig = {
       name: "someField",
       type: "text",
     },
+    {
+      name: "author",
+      type: "relationship",
+      relationTo: "users",
+      maxDepth: 0,
+    },
   ],
 };
 

packages/dev/src/payload/collections/users.ts

@@ -2,7 +2,7 @@ import { SESSION_STRATEGY } from "@/auth/base.config";
 import type { CollectionConfig, Field } from "payload";
 import { createdAtField } from "../fields/createdAt";
 
-const Users: CollectionConfig = {
+const Users: CollectionConfig<"users"> = {
   slug: "users",
   admin: {
     useAsTitle: "name",
@@ -14,6 +14,7 @@ const Users: CollectionConfig = {
   },
   auth: {
     useAPIKey: true,
+    depth: 0,
   },
   fields: [
     {
@@ -164,6 +165,12 @@ const Users: CollectionConfig = {
         }),
       ],
     },
+    /* {
+      name: "examples",
+      type: "join",
+      collection: "examples",
+      on: "author",
+    }, */
   ],
   /* hooks: {
     afterLogout: [

packages/payload-authjs/src/payload/AuthjsAuthStrategy.ts

@@ -20,7 +20,7 @@ export function AuthjsAuthStrategy(
 
   return {
     name: AUTHJS_STRATEGY_NAME,
-    authenticate: async ({ payload }) => {
+    authenticate: async ({ payload, isGraphQL }) => {
       // Get session from authjs
       const { auth } = NextAuth(
         withPayload(pluginOptions.authjsConfig, {
@@ -36,6 +36,7 @@ export function AuthjsAuthStrategy(
       }
 
       // Find user in database
+      const sanitizedCollectionConfig = payload.collections[collection.slug].config;
       const payloadUser = (
         await payload.find({
           collection: collection.slug,
@@ -48,6 +49,8 @@ export function AuthjsAuthStrategy(
                   equals: session.user.email,
                 },
               },
+          depth: isGraphQL ? 0 : sanitizedCollectionConfig.auth.depth,
+          limit: 1,
         })
       ).docs.at(0);