In my project with NextJS 15 and AuthV5, I am running into this well known error when attempting to signin with credentials:

Error: `headers` was called outside a request scope. Read more: 

I have already read through this other question Error: `headers` was called outside a request scope and a few others.

I have tested a few scenarios and currently I am trying to run my project in Bolt.new (with npm because it's the only option), which is where I am seeing this error. I also have tried:

• Running locally with npm and bun - work in both situations
• Running in a Vercel project with both npm and bund - work in both situations too

here's a simplified version of all the related files. From the page component to the server action, form client component and auth.ts definition:

What am I missing or doing wrong here?

• page.ts for /auth/signin

import { AuthForm } from "@/components/auth/auth-form";
import { login } from "@/app/actions/auth-actions";

export default function SignInPage() {
  return <AuthForm type="signin" action={login} />;
}

• auth-action.ts

"use server";

import { signIn, signOut } from "@/auth";

export const login = async (values: z.infer<typeof SignInSchema>) => {
  ...

  try {
    await signIn("credentials", {
      email,
      password,
      redirectTo: DEFAULT_LOGIN_REDIRECT(existingUser.defaultWorkspaceId!),
    });
    return { success: "Logged in!" };
  } catch (error) {
    ...
};

"use client";

...

export function AuthForm({ type, action }: AuthFormProps) {
  ...
  function onSubmit(values: z.infer<typeof schema>) {
    setError("");
    setSuccess("");

    startTransition(() => {
      action(values).then((data) => {
        setError(data?.error);
        setSuccess(data?.success);
      });
    });
  }

  return (
       ...
        <Form {...form}>
          <form onSubmit={form.handleSubmit(onSubmit)}>
            ...
          </form>
        </Form>

        
  );
}

• auth.ts

export const {
  handlers: { GET, POST },
  auth,
  signIn,
  signOut,
} = NextAuth({
  pages: {
    signIn: "/auth/signin",
    error: "/auth/error",
  },
  
  callbacks: {
    async signIn({ user, account }) {
      // Allow OAuth without email verification
      if (account?.provider !== "credentials") return true;

      const existingUser = await getUserById(user.id!);

      // Prevent sign-in if user does not exist or email is not verified
      if (!existingUser || !existingUser?.emailVerified) return false;

      // TODO: Add any additional sign-in checks here if needed

      return true;
    },
    ...
});