The latest articles on DEV Community by Capucine Trossat (@ctrossat). https://dev.to/ctrossat https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2373836%2Ff4d67c5a-1b36-4934-a1dc-e669ec274e06.jpg https://dev.to/ctrossat en Capucine Trossat Mon, 06 Jan 2025 14:11:00 +0000 https://dev.to/ctrossat/nextauth-and-spotify-api-a-2025-devs-guide-4p95 https://dev.to/ctrossat/nextauth-and-spotify-api-a-2025-devs-guide-4p95 <p>Hi, Capucine here. In this article we'll go over how to connect and retrieve data from Spotify API using NextAuth 5 and Nextjs 15.</p> <p>In practice that means by the end of it, you will have a page that allow a user to connects themselves using Spotify, and then retrieve some simple data to display.</p> <p><strong><em>Let's get started !</em></strong></p> <h2> Table of content </h2> <ul> <li>Setting up your Nexts project</li> <li>Creating a Spotify App</li> <li>Your <code>.env.local</code> file</li> <li>Configuring Auth.js for Spotify</li> <li>Handling Signin and Signout</li> <li>Setting up an API</li> <li>Displaying user data with SWR</li> <li>Implementing Refresh Token</li> <li>Going further</li> <li>Conclusion</li> </ul> <h2> Setting up your Nextjs project </h2> <p>We'll start by creating our new NextJS project as well as install some more dependencies. First of all let's run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npx create-next-app@latest </code></pre> </div> <p>You are free to give your project a cool name and choose whatever configuration best fits you. I will personally be using the following:</p> <pre> What is your project named? spotify-nextauth ✔ Would you like to use TypeScript? <b>No</b> / Yes ✔ Would you like to use ESLint? <b>No</b> / Yes ✔ Would you like to use Tailwind CSS? No / <b>Yes</b> ✔ Would you like your code inside a `src/` directory? <b>No</b> / Yes ✔ Would you like to use App Router? (recommended) No / <b>Yes</b> ✔ Would you like to use Turbopack for next dev? <b>No</b> / Yes ✔ Would you like to customize the import alias (@/* by default)? <b>No</b> / Yes </pre> <p>Now you can move down to your newly created folder with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd your-project-name </code></pre> </div> <p>Next you can add NextAuth to the project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#npm</span> npm <span class="nb">install </span>next-auth@beta <span class="c">#yarn</span> yarn add next-auth@beta </code></pre> </div> <p>Finally it is necessary to run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npx auth secret </code></pre> </div> <p>It will generate a random value for your NEXTAUTH_SECRET, a variable used for encryption, and put it in your <code>.env.local</code> file. For more information check out the <a href="https://authjs.dev/guides/environment-variables#auth-secret" rel="noopener noreferrer">documentation</a></p> <p>And you should now be good to go !</p> <h2> Creating a Spotify App </h2> <p>Unto creating your very own Spotify App. Head over to the <a href="https://developer.spotify.com/dashboard" rel="noopener noreferrer">Spotify dashboard for developers</a> and log in with your Spotify account. Click on the 'Create app' button.</p> <p><strong><strong>A Spotify account is required :)</strong></strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvj8nxgxjc0lrk7n2f0t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvj8nxgxjc0lrk7n2f0t.png" alt="Image description" width="800" height="450"></a></p> <p>You can give your app a name and a description. Fill in the 'Website' field with :</p> <p><code>http://localhost:3000/</code></p> <p>and 'Redirect URLs' :</p> <p><code>http://localhost:3000/api/auth/callback/spotify</code></p> <p>For wich API to use, We'll go with the WebAPI for this tutorial. You will also have to agree with the terms of service. By the end it should look something like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0wjrqowo3bu3ckcabbqk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0wjrqowo3bu3ckcabbqk.png" alt="Image description" width="800" height="453"></a></p> <p>Once your app is created, you can into the settings and retrieve you client ID as well as your client secret.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3n14nt77xoworyapdhd9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3n14nt77xoworyapdhd9.png" alt="Image description" width="800" height="453"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5sv3r4ngn73cs0uywhe.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5sv3r4ngn73cs0uywhe.png" alt="Image description" width="800" height="453"></a></p> <h2> Your <code>.env.local</code> file </h2> <p>Now that you've created your Spotify App and obtained your client id and secret you can add those to your <code>.env.local</code> file at the root of your project. It shoud look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AUTH_SECRET="jGTHwGl6ZdTp1fsXwI2oNinf4BH8PU3BFhA31QEV8Is=" #Added by `npx auth`. AUTH_SPOTIFY_ID=your-client-id AUTH_SPOTIFY_SECRET=your-client-secret </code></pre> </div> <p>The naming pattern of your <strong>client id</strong> and <strong>client secret</strong> is important. For Auth.js will automatically pick them when configuring the Spotify Provider. For more information check out the <a href="https://authjs.dev/guides/environment-variables#environment-variable-inference" rel="noopener noreferrer">documentation</a></p> <p>Additionally if you wish to use a custom base path for your Next.js application, you can add the <code>NEXTAUTH_URL</code> variable. More info <a href="https://next-auth.js.org/configuration/options#nextauth_url" rel="noopener noreferrer">here</a></p> <h2> Configuring Auth.js for Spotify </h2> <p>Time has now come to start coding a bit ! Yeah !! Let's start by creating a <code>auth.js</code> file at the root of your project, with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/auth.js</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Spotify</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/spotify</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nx">Spotify</span><span class="p">],</span> <span class="p">})</span> </code></pre> </div> <p>In this file we define our NextAuth configuration wich for now only include declaring Spotify as a provider. If your enviroment variables are done correctly Auth.js will automatically import the id and secret for the Spotify provider. We then export the configuration to be accesible all across your project. </p> <p>The <code>auth.js</code> file is one of the more important change going from <strong>NextAuth.js v4</strong> to <strong>Auth.js (v5)</strong>. Learn more <a href="https://authjs.dev/getting-started/migrating-to-v5" rel="noopener noreferrer">about it</a>. </p> <p>Inside of your app folder, create a new <a href="https://nextjs.org/docs/app/building-your-application/routing/route-handlers" rel="noopener noreferrer">Route Handler</a> for the <strong>api/auth/[...nextauth]</strong> directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/api/auth/[...nextauth]/route.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">handlers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="c1">// Referring to the auth.js we just created</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">POST</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">handlers</span> </code></pre> </div> <p>This file initialize NextAuth and export it for the GET and POST request of the route, using the configuration of <code>auth.js</code></p> <h2> Handling Signin and Signout </h2> <p>In this guide we'll try to keep our frontend very minimalistic. That's why we'll only use the default page.js file today. </p> <p>Open <code>app/page.js</code> you'll see there's quite a lot of stuff in there created by the Nextjs quickstart, you can clean it all. Your file should look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/page.js</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>Now let's import and call the <code>auth()</code> function, the more conveniant replacement of <code>getServerSession()</code>. This function will allows to determine if our user is logged in or not; And if they are, give us acces to their information, <strong>while remaining on server side</strong>.</p> <blockquote> <p><em>Quick note: Using auth() will change our page to dynamic rendering, but will <strong>not</strong> turn it into a client components. <a href="https://nextjs.org/docs/app/building-your-application/routing/dynamic-routes" rel="noopener noreferrer">See</a></em><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/page.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">You</span> <span class="nx">are</span> <span class="nx">logged</span> <span class="k">in</span> <span class="o">!!!&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">You</span> <span class="nx">are</span> <span class="nx">NOT</span> <span class="nx">logged</span> <span class="k">in</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><em>Don't forget to make your function async ;)</em></p> <p>Finally let's add the sign in and sign out button. This would usually require to create a client component for interactivity but with a ingenious usage of the <strong>form</strong> HTML element, it is not needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/page.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">You</span> <span class="nx">are</span> <span class="nx">logged</span> <span class="k">in</span> <span class="o">!!!&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">action</span><span class="o">=</span><span class="p">{</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">use server</span><span class="dl">"</span> <span class="k">await</span> <span class="nf">signOut</span><span class="p">()</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Sign</span> <span class="nx">Out</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">You</span> <span class="nx">are</span> <span class="nx">NOT</span> <span class="nx">logged</span> <span class="k">in</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">action</span><span class="o">=</span><span class="p">{</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">use server</span><span class="dl">"</span> <span class="k">await</span> <span class="nf">signIn</span><span class="p">(</span><span class="dl">"</span><span class="s2">spotify</span><span class="dl">"</span><span class="p">)</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Sign</span> <span class="k">in</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now comes the time of truth, you can run <code>npm run dev</code>, go to your <a href="http://localhost:3000/" rel="noopener noreferrer">localhost:3000</a>, and if all goes well you should be able to log in and out of your spotify account. If it doesn't make sure that you have everything set up correctly, also beware that only the account with wich you created your spotify app will be allowed to connect to the aplication.</p> <p>You can also use the <code>session</code> variable to obtain some basic data of the user. You can play around with things like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">...</span> <span class="k">if</span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">Hi</span> <span class="p">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">},</span> <span class="nx">you</span> <span class="nx">are</span> <span class="nx">logged</span> <span class="k">in</span><span class="p">.</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> <span class="p">...</span> </code></pre> </div> <h2> Setting up an API </h2> <p>Now that you succesully connected yourself, it is time to set up your own API to be able to communicate and retrieve data from the Spotify API. First let's update our Auth.js configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/auth.js</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Spotify</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/spotify</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nc">Spotify</span><span class="p">({</span> <span class="na">authorization</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://accounts.spotify.com/authorize</span><span class="dl">"</span><span class="p">,</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">scope</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user-top-read</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">})</span> <span class="p">],</span> <span class="na">callbacks</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">jwt</span><span class="p">({</span><span class="nx">token</span><span class="p">,</span> <span class="nx">account</span><span class="p">})</span> <span class="p">{</span> <span class="c1">//first time login</span> <span class="k">if</span><span class="p">(</span><span class="nx">account</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">token</span><span class="p">,</span> <span class="na">access_token</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="na">expires_at</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">expires_at</span><span class="p">,</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">token</span> <span class="p">},</span> <span class="k">async</span> <span class="nf">session</span><span class="p">({</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">token</span> <span class="p">})</span> <span class="p">{</span> <span class="nx">session</span><span class="p">.</span><span class="nx">access_token</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nx">access_token</span> <span class="k">return</span> <span class="nx">session</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>We do two things here: </p> <ul> <li>First of all we add an authorization and scope string for our provider, granting us acces to part of the Spotify API.</li> <li>Secondly we uses <a href="https://next-auth.js.org/configuration/callbacks#jwt-callback" rel="noopener noreferrer">callbacks</a> to save our tokens and expiration time. We then then in the session callback make <code>acces_token</code> accesible with the <code>auth()</code> function. You can even test it out if you want: log out, login, and your session object in <code>page.js</code> should now contain access tokens.</li> </ul> <p>And now that our acces token are accesible let's create our own API that will retrieve user data from Spotify's. Create a new <a href="https://nextjs.org/docs/app/building-your-application/routing/route-handlers" rel="noopener noreferrer">Route Handler</a> for the <strong>app/api/user/top/tracks</strong> directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/api/user/top/tracks/route.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">GET</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">()</span> <span class="c1">//checks if user is logged in</span> <span class="k">if</span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="c1">//make the fetch call to spotify's API</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`https://api.spotify.com/v1/me/top/tracks`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span> <span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">session</span><span class="p">.</span><span class="nx">access_token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">//return the data</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="k">await</span> <span class="nx">data</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">you must be logged in</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This is quite simple but effective. When the API is called, it retrieves the session using <code>auth()</code> and sends the request to the Spotify API with the appropriate Authorization Bearer token. The response is then returned. </p> <p>By using this additional interface instead of fetching data directly within our pages, we gain the flexibility to fetch data from anywhere in our application without worrying about accessing the session or inadvertently exposing sensitive information—especially in client components.</p> <h2> Displaying user data with SWR </h2> <p>With our API now functional, let’s display user data dynamically on the page. We’ll use <a href="https://swr.vercel.app/" rel="noopener noreferrer">SWR</a> for client-side data fetching, which makes caching, revalidation, and error handling effortless. For more on data fetching on the client in Nextjs 15 check out <a href="https://nextjs.org/docs/app/building-your-application/data-fetching/fetching#fetching-data-on-the-client" rel="noopener noreferrer">the official docs</a>.</p> <p>Install SWR with the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#npm</span> npm i swr <span class="c">#yarn</span> yarn add swr </code></pre> </div> <blockquote> <p><em>Note: If you're using React 19, you might need to downgrade to ensure compatibility</em></p> </blockquote> <p>Next, create a new client component. It will handle data fetching and dynamically display the results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/app/songs.js</span> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span> <span class="k">import</span> <span class="nx">useSWR</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">swr</span><span class="dl">'</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">Songs</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">fetcher</span> <span class="o">=</span> <span class="p">(...</span><span class="nx">args</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">fetch</span><span class="p">(...</span><span class="nx">args</span><span class="p">).</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span><span class="p">,</span> <span class="nx">isLoading</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useSWR</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/user/top/tracks</span><span class="dl">'</span><span class="p">,</span> <span class="nx">fetcher</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Failed</span> <span class="nx">to</span> <span class="nx">load</span><span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="k">if </span><span class="p">(</span><span class="nx">isLoading</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Loading</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="c1">// Render data</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">ul</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">(({</span> <span class="nx">name</span><span class="p">,</span> <span class="nx">artists</span><span class="p">,</span> <span class="nx">id</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">id</span><span class="p">}</span> <span class="o">&gt;</span><span class="p">{</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span> <span class="p">))}</span> <span class="o">&lt;</span><span class="sr">/ul</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Here’s what’s happening:</p> <ul> <li> <strong>Fetcher Function</strong>: We create a fetcher function, which is just a wrapper of the native fetch.</li> <li> <strong>SWR Integration</strong>: The <code>useSWR</code> hook retrieves data from our API, providing states like isLoading and error.</li> <li> <strong>Rendering the Data</strong>: Once the data is successfully fetched, we iterate over it using map() and render each item dynamically as a list element.</li> </ul> <p>For a cleaner look, you can add some simple styling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">...</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">ul</span> <span class="nx">className</span><span class="o">=</span><span class="dl">'</span><span class="s1">flex flex-col gap-2 my-8</span><span class="dl">'</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">(({</span> <span class="nx">name</span><span class="p">,</span> <span class="nx">artists</span><span class="p">,</span> <span class="nx">id</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">id</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">'</span><span class="s1">flex flex-col</span><span class="dl">'</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">'</span><span class="s1">text-white</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">'</span><span class="s1">text-gray-400</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">artists</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span> <span class="p">))}</span> <span class="o">&lt;</span><span class="sr">/ul</span><span class="err">&gt; </span><span class="p">)</span> </code></pre> </div> <p>You can now visit your localhost page to see your favorite songs displayed! 🎉</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffxyec7nh7wet3erxl4dn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffxyec7nh7wet3erxl4dn.png" alt="Image description" width="800" height="450"></a></p> <h2> Implementing Refresh Token </h2> <p>This is the final stretch: setting up a refresh token mechanism to keep your app connected to the Spotify API.</p> <p><strong>Why Implement a Refresh Token you might ask ?</strong> Well, for security reasons, Access Tokens have a short lifespan. For exemple Spotify's is only 20 minute, it might run out while your user is still browsing your page !! To maintain access without forcing users to log in repeatedly, a refresh token is used to request a new access token when the original one expires. This ensures a seamless user experience and keeps your application functional.</p> <p>Unfortunately, there's currently a bug with Auth.js when it comes to refreshing tokens using Next.js's app router. You can read more about it <a href="https://github.com/nextauthjs/next-auth/discussions/9715#discussioncomment-8476838" rel="noopener noreferrer">here</a>.</p> <p>Since we can’t rely on the simple built-in method, we’ll use middleware instead. First, create a file called <code>middleware.js</code> at the root of your project (not in the app folder):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// @/middleware.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">encode</span><span class="p">,</span> <span class="nx">getToken</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next-auth/jwt</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="c1">//cookie name changes depending on context</span> <span class="kd">const</span> <span class="nx">sessionCookie</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">?.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://</span><span class="dl">'</span><span class="p">)</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">__Secure-authjs.session-token</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">authjs.session-token</span><span class="dl">'</span><span class="p">;</span> <span class="c1">//refreshing token logic here</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">refreshToken</span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">basic</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SPOTIFY_ID</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SPOTIFY_SECRET</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://accounts.spotify.com/api/token</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Basic </span><span class="p">${</span><span class="nx">basic</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">,</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">,</span> <span class="p">})</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">newTokens</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">newTokens</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Refresh token succufully updated</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">token</span><span class="p">,</span> <span class="na">access_token</span><span class="p">:</span> <span class="nx">newTokens</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="na">expires_at</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">/</span> <span class="mi">1000</span> <span class="o">+</span> <span class="nx">newTokens</span><span class="p">.</span><span class="nx">expires_in</span><span class="p">),</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">newTokens</span><span class="p">.</span><span class="nx">refresh_token</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error refreshing access token:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="nx">token</span><span class="p">.</span><span class="nx">error</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">RefreshTokenError</span><span class="dl">"</span> <span class="k">return</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/api/user/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> <span class="c1">// Middleware logic here</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Middleware triggered for API route:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getToken</span><span class="p">({</span> <span class="na">req</span><span class="p">:</span> <span class="nx">request</span><span class="p">,</span> <span class="na">secret</span><span class="p">:</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SECRET</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="c1">//refresh token logic here</span> <span class="k">if </span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">&gt;</span> <span class="nx">token</span><span class="p">.</span><span class="nx">expires_at</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">token need to be refreshed</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">newToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">refreshToken</span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">newSessionToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">encode</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SECRET</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="nx">newToken</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nx">sessionCookie</span><span class="p">,</span> <span class="p">})</span> <span class="nx">response</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">sessionCookie</span><span class="p">,</span> <span class="nx">newSessionToken</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span> <span class="p">}</span> </code></pre> </div> <p>This is quite the block of code, but let's try to walk you throught it:</p> <ul> <li> <strong>Session Cookie Name</strong>: To find and update the user's session token securely, we need to set the correct cookie name based on whether the app is running over HTTPS. Auth.js uses different names for secure and non-secure environments: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">sessionCookie</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">?.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://</span><span class="dl">'</span><span class="p">)</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">__Secure-authjs.session-token</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">authjs.session-token</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <ul> <li> <strong>Token Refresh Logic</strong>:The <code>refreshToken()</code> function is responsible for getting a new access token from Spotify when the current one expires. It starts by authenticating the request with Spotify by encoding your client ID and secret in Base64, as required by their API: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">basic</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SPOTIFY_ID</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SPOTIFY_SECRET</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>A POST request is then sent to the /api/token endpoint. If the request succeeds, the response provides a new access token, its expiration time, and a new refresh token. These are then used to return the updated token.</p> <p>In the event of a failure, the function logs the error and flags the token with a RefreshTokenError.</p> <ul> <li> <strong>Configuration</strong>: The config object ensures that the middleware only runs for specific routes: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/api/user/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>This helps avoid unnecessary middleware processing for other routes, optimizing the performance of your application.</p> <ul> <li> <strong>Middleware Execution</strong>: The <code>middleware()</code> function is fairly straightfoward: when a request is made, the middleware retrieves the current token using <code>getToken()</code>. It then checks whether the token's expiration time has passed: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">if </span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">&gt;</span> <span class="nx">token</span><span class="p">.</span><span class="nx">expires_at</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Token needs refreshing</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If the token is expired, the middleware calls refreshToken() to obtain a new access token. The updated token is then encoded and stored as a cookie to maintain the session:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">newSessionToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">encode</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AUTH_SECRET</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="nx">newToken</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nx">sessionCookie</span><span class="p">,</span> <span class="p">});</span> <span class="nx">response</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">sessionCookie</span><span class="p">,</span> <span class="nx">newSessionToken</span><span class="p">);</span> </code></pre> </div> <p>This setup ensures that API requests remain authenticated without user interruption by automatically updating the token when necessary.</p> <p>And with that you should have a functionning refresh token mechanism ! Although using middleware might be more complex than the standard approach, it provides a robust solution in the current context. With this setup, your app is now well-equipped to maintain secure and persistent user sessions !</p> <h2> Going further </h2> <p>While this guide aimed to keep things simple, there’s plenty of room to extend your Spotify-connected app into something even more robust. Here are some ideas to consider:</p> <ul> <li><p><strong>Separate Connected and Disconnected States:</strong> <br> Consider creating distinct pages for when a user is connected versus not connected. With Next.js's parallel rendering, you can efficiently render these different states, ensuring a smoother user experience.</p></li> <li><p><strong>Enhanced UI for User Data:</strong> <br> Improve the visual presentation of the data retrieved from Spotify. Experiment with different layouts, animations, or even integrate a design library to make your app more visually appealing.</p></li> <li><p><strong>Advanced API Requests:</strong> <br> Extend your API to handle more complex queries, such as accepting dynamic range parameters to fetch specific segments of user data. This could allow for features like custom time ranges or pagination.</p></li> <li><p><strong>Build a Music Player:</strong> <br> Take it a step further by integrating a music player into your app. This could let users preview tracks directly from your interface, making for a more interactive experience.</p></li> </ul> <p>These improvements provide a great opportunity to deepen your understanding of Next.js and NextAuth; with the potential to transform your project from a simple demo into a fully-featured, interactive application !</p> <h2> Conclusion </h2> <p>In this guide, we built a complete Spotify-connected app using a robust tech stack using NextAuth 5 and Next.js 15. We covered everything from creating your Spotify app and configuring environment variables to integrating secure authentication with NextAuth 5, fetching user data with SWR, and even implementing a refresh token mechanism via middleware. With these modern tools at your disposal, you now have a solid foundation to expand your application’s functionality and enhance the user experience.</p> <p>Happy coding !!</p> nextjs tutorial webdev api