DEV Community: Aarón .A The latest articles on DEV Community by Aarón .A (@aaronaira). https://dev.to/aaronaira https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1091623%2Fe993540a-5c8d-431e-b29c-53f5ce72bd0e.jpeg DEV Community: Aarón .A https://dev.to/aaronaira en How to use Mongodb Adapter with CredentialsProvider in NextAuth Aarón .A Mon, 29 May 2023 11:44:28 +0000 https://dev.to/aaronaira/how-to-use-mongodb-adapter-with-credentialsprovider-in-nextauth-48hh https://dev.to/aaronaira/how-to-use-mongodb-adapter-with-credentialsprovider-in-nextauth-48hh <p>After long time looking for documentation about this problem finally I decided write this post to help devs who are in the same situation.</p> <p>Mongodb adapter is an utility that provides us a "method" to save users/accounts/sessions into Mongodb using providers like Google, Github, etc… But, what happen if you want store your self user data into mongodb ?</p> <p>At first I was using mongoose package to manage it, but nextauth gives us an implementation that speeds up the process without having to resort to other external libraries like mongoose.</p> <p>We just have to use MongoClient and write a little utility to keep the conecction alive.</p> <h2> Setup our Adapter </h2> <p><code>npm install next-auth @next-auth/mongodb-adapter mongodb</code></p> <p>Like the documentation says, Mongodb Adapter does not handle the connections automatically, so we have to pass the client connect to the adapter.</p> <blockquote> <p>The MongoDB adapter does not handle connections automatically, so you will have to make sure that you pass the Adapter a MongoClient that is connected already. Below you can see an example how to do this.<br> <a href="https://authjs.dev/reference/adapter/mongodb">https://authjs.dev/reference/adapter/mongodb</a></p> </blockquote> <h3> MongoDB Client </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// This approach is taken from https://github.com/vercel/next.js/tree/canary/examples/with-mongodb</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">MongoClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">mongodb</span><span class="dl">"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGODB_URI</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid/Missing environment variable: "MONGODB_URI"</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">uri</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGODB_URI</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{};</span> <span class="kd">let</span> <span class="nx">client</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">clientPromise</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">MongoClient</span><span class="o">&gt;</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">development</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// In development mode, use a global variable so that the value</span> <span class="c1">// is preserved across module reloads caused by HMR (Hot Module Replacement).</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">global</span><span class="p">.</span><span class="nx">_mongoClientPromise</span><span class="p">)</span> <span class="p">{</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">MongoClient</span><span class="p">(</span><span class="nx">uri</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="nb">global</span><span class="p">.</span><span class="nx">_mongoClientPromise</span> <span class="o">=</span> <span class="nx">client</span><span class="p">.</span><span class="nx">connect</span><span class="p">();</span> <span class="p">}</span> <span class="nx">clientPromise</span> <span class="o">=</span> <span class="nb">global</span><span class="p">.</span><span class="nx">_mongoClientPromise</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// In production mode, it's best to not use a global variable.</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">MongoClient</span><span class="p">(</span><span class="nx">uri</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="nx">clientPromise</span> <span class="o">=</span> <span class="nx">client</span><span class="p">.</span><span class="nx">connect</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// Export a module-scoped MongoClient promise. By doing this in a</span> <span class="c1">// separate module, the client can be shared across functions.</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">clientPromise</span><span class="p">;</span> </code></pre> </div> <p>Remember create an environment variable in your .env file with the mongodb uri.</p> <h3> Credentials &amp; Callbacks </h3> <p>You can use the methods given by next-auth adapter to find your user, for example getUserByEmail("your <a href="mailto:email@gmail.com">email@gmail.com</a>"). And of course you can take that email from the credentials, getUserByEmail(credentials.username)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">clientPromise</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/app/lib/mongodb</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">MongoDBAdapter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@next-auth/mongodb-adapter</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CredentialsProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">GitHubProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/github</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">authOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">adapter</span><span class="p">:</span> <span class="nx">MongoDBAdapter</span><span class="p">(</span><span class="nx">clientPromise</span><span class="p">),</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nx">GitHubProvider</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_ID</span><span class="p">,</span> <span class="na">clientSecret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_SECRET</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">CredentialsProvider</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">credentials</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Username</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">,</span> <span class="na">placeholder</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Aaron</span><span class="dl">"</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="p">},</span> <span class="p">},</span> <span class="k">async</span> <span class="nx">authorize</span><span class="p">(</span><span class="nx">credentials</span><span class="p">,</span> <span class="nx">req</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Find your user in the database using MongoDBAdapter</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">authOptions</span><span class="p">.</span><span class="nx">adapter</span><span class="p">.</span><span class="nx">getUser</span><span class="p">(</span> <span class="dl">"</span><span class="s2">6471f710f772cf139bc5142e</span><span class="dl">"</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">],</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_SECRET</span><span class="p">,</span> <span class="na">session</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// Set it as jwt instead of database</span> <span class="na">strategy</span><span class="p">:</span> <span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">callbacks</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nx">jwt</span><span class="p">({</span> <span class="nx">token</span><span class="p">,</span> <span class="nx">user</span> <span class="p">})</span> <span class="p">{</span> <span class="c1">// Persist the OAuth access_token and or the user id to the token right after signin</span> <span class="k">if</span> <span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">token</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">access_token</span><span class="p">;</span> <span class="nx">token</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">token</span><span class="p">;</span> <span class="p">},</span> <span class="k">async</span> <span class="nx">session</span><span class="p">({</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">token</span> <span class="p">})</span> <span class="p">{</span> <span class="c1">// Send properties to the client, like an access_token and user id from a provider.</span> <span class="nx">session</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="k">return</span> <span class="nx">session</span><span class="p">;</span> <span class="p">},</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">handler</span> <span class="o">=</span> <span class="nx">NextAuth</span><span class="p">(</span><span class="nx">authOptions</span><span class="p">);</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">handler</span> <span class="k">as</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">handler</span> <span class="k">as</span> <span class="nx">POST</span> <span class="p">};</span> </code></pre> </div> <p>Note that if you want to persist the credentials session, you need to set session.strategy as 'jwt'. Credentials provider does not persist the session in the database.</p> <blockquote> <p>The Credentials provider can only be used if JSON Web Tokens are enabled for sessions. Users authenticated with the Credentials provider are not persisted in the database.<br> <a href="https://next-auth.js.org/configuration/providers/credentials">https://next-auth.js.org/configuration/providers/credentials</a></p> </blockquote> <p>Even you could save custom data into the session user. Just pass more options into the session callback.</p> <h3> Session Provider </h3> <p>Remember wrap your layout.js with SessionProvider component to get access the user on the entire app<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">SessionProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">./globals.css</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">metadata</span> <span class="o">=</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Create Next App</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Generated by create next app</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nx">RootLayout</span><span class="p">({</span> <span class="nx">children</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">html</span> <span class="nx">lang</span><span class="o">=</span><span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">SessionProvider</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">body</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">children</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/body</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/SessionProvider</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/html</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Now you can access the url <a href="http://localhost:3000/api/auth/signin/credentials">http://localhost:3000/api/auth/signin/credentials</a> and sign in with your credentials or through your provider<br> After this, you should have access to the session and its properties using useSession hook.<br> Client side session and from the backend using getServerSession.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">authOptions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../auth/[...nextauth]/route</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getServerSession</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">GET</span><span class="p">(</span><span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">getServerSession</span><span class="p">(</span><span class="nx">authOptions</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">session</span><span class="p">),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">Not authenticated user!</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Links<br> Github: <a href="https://github.com/aaronaira/next-auth-example-mongodbadapter">https://github.com/aaronaira/next-auth-example-mongodbadapter</a><br> Linkedin: <a href="https://www.linkedin.com/in/aaron-aira/">https://www.linkedin.com/in/aaron-aira/</a></p>