DEV Community: Franco8888 The latest articles on DEV Community by Franco8888 (@franco00000). https://dev.to/franco00000 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1037826%2Fe9721921-bc27-4fc6-8f1b-211eea8751b0.png DEV Community: Franco8888 https://dev.to/franco00000 en Building a t3-app : A Step-by-Step Guide to NextAuth Franco8888 Wed, 08 Mar 2023 00:26:48 +0000 https://dev.to/franco00000/building-a-t3-app-a-step-by-step-guide-to-nextauth-pea https://dev.to/franco00000/building-a-t3-app-a-step-by-step-guide-to-nextauth-pea <p>NextAuth not only does handle most of your client and server-side logic with ease, but you can also create multiple authentication providers. You will understand how NextAuth works and how to use the <code>credentials provider</code> to create a JWT accessToken and refresh it. So, let's dive in and use <a href="https://create.t3.gg/">t3-app</a> and MongoDB to build a full-stack authentication application with NextAuth. </p> <blockquote> <p>1) Create a t3 app project</p> </blockquote> <p>use npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npm create t3-app@latest </code></pre> </div> <p>or yarn:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn create t3-app@latest </code></pre> </div> <blockquote> <p>2) Setup a MongoDB in Prisma</p> </blockquote> <p>To make Prisma work in MongoDB , we need to get a Replica Set on <a href="https://www.mongodb.com/cloud/atlas/signup">MongoDB Atlas</a></p> <p>Edit .env file in root directory, and change <code>DATABASE_URL</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DATABASE_URL="mongodb+srv://YOUR_DB_URL" </code></pre> </div> <p>Make sure to replace special characters to <a href="https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding">ASCII value</a> e.g. <code>"?"</code> replace to <code>"%3F"</code></p> <p>To store user data, we need to create a User schema. We'll need to replace the current schema located at ./prisma/schema.prisma with the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">generator</span> <span class="nx">client</span> <span class="p">{</span> <span class="nx">provider</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">prisma-client-js</span><span class="dl">"</span> <span class="p">}</span> <span class="nx">datasource</span> <span class="nx">db</span> <span class="p">{</span> <span class="nx">provider</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">mongodb</span><span class="dl">"</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">env</span><span class="p">(</span><span class="dl">"</span><span class="s2">DATABASE_URL</span><span class="dl">"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">model</span> <span class="nx">User</span> <span class="p">{</span> <span class="nx">id</span> <span class="nb">String</span> <span class="p">@</span><span class="nd">id</span> <span class="p">@</span><span class="nd">default</span><span class="p">(</span><span class="nx">cuid</span><span class="p">())</span> <span class="p">@</span><span class="nd">map</span><span class="p">(</span><span class="dl">"</span><span class="s2">_id</span><span class="dl">"</span><span class="p">)</span> <span class="nx">name</span> <span class="nb">String</span> <span class="nx">password</span> <span class="nb">String</span> <span class="p">}</span> </code></pre> </div> <p>Then run <code>npx prisma db push</code> command to sync our changes with MongoDB.</p> <blockquote> <p>3) Setup a NextAuth</p> </blockquote> <p>If you're new to JWT authentication, you can watch this video for a more detailed explanation of the process:</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/iD49_NIQ-R4"> </iframe> </p> <p>In NextAuth, we can choice <a href="https://authjs.dev/guides/basics/refresh-token-rotation#jwt-strategy">JWT strategy</a> or <a href="https://authjs.dev/guides/basics/refresh-token-rotation#database-strategy">Database strategy</a>. In this demo, we will use <code>JWT strategy</code> for setup NextAuth.</p> <p>Add <code>JWT_SECRET</code> and <code>NEXTAUTH_SECRET</code> in <code>.env</code> file. The secret is a hash key to sign and verify JWT.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">...</span> <span class="nx">DATABASE_URL</span><span class="o">=</span><span class="dl">"</span><span class="s2">mongodb+srv://your db url</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">JWT_SECRET</span><span class="o">=</span><span class="dl">"</span><span class="s2">your secret</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">NEXTAUTH_SECRET</span><span class="o">=</span><span class="dl">"</span><span class="s2">your secret</span><span class="dl">"</span> </code></pre> </div> <p>If you're using a Mac OS or Linux system, you can generate secret using the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>openssl rand -base64 32 </code></pre> </div> <p>Next, we need to install bcrypt in order to hash the user's password:</p> <p>use npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npm install bcrypt -D @types/bcrypt </code></pre> </div> <p>or yarn:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn add bcrypt --dev @types/bcrypt </code></pre> </div> <p>Let's take a closer look at the main steps involved in how NextAuth works within our app:</p> <ol> <li><p><a href="https://next-auth.js.org/configuration/providers/credentials">Providers</a>: When a user initiates the authentication process, it will send authentication providers and their configuration options to the client-side. We will use <code>credentials</code> provider <code>Username</code> and <code>Password</code> for user login/signup. In addition, you can add addition <a href="https://next-auth.js.org/providers/">provider</a> to your nextAuth.If the authentication process is successful, the function will return {user:{id: string, name: string}}. If authentication fails, it will return null. In either case, the data is passed to the JWT callback function as <code>{user}</code></p></li> <li><p><a href="https://authjs.dev/guides/basics/callbacks#jwt-callback">Callback - JWT</a>: This function is called whenever a request is made to <code>/api/auth/signin</code>, as well as after the <code>signIn</code> callback function has been executed. And pass <code>{token}</code> to session callback function. After the user has successfully logged in, we can retrieve their data from the params <code>{user}</code>. If the user exists, we can then proceed to create both the <code>accessToken</code> and <code>refreshToken</code>. Subsequently, the callback function is also called during requests made to <code>getSession()</code>, <code>unstable_getServerSession()</code>, and <code>useSession()</code>. During each of these requests, the callback function is the first to check whether the JWT access token has expired. If it has, the JWT callback will attempt to refresh the token using the refresh token. For a more detailed look at how to implement this process: <a href="https://authjs.dev/guides/basics/refresh-token-rotation">refresh token rotation</a>.</p></li> <li><p><a href="https://authjs.dev/guides/basics/callbacks#session-callback">Callback - session</a>: The session callback will return session object that can be used to display the user's name or any other user data that's relevant to the application. The callback function will be called when <code>getSession()</code>, <code>useSession()</code>, <code>/api/auth/session</code></p></li> </ol> <p>To create and verify JWT tokens, we need to create a function within the <code>src/utils/</code> directory called <code>jwtHelper.ts</code>. This function will handle the creation and verification of the JWT tokens that are used throughout our app.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">encode</span><span class="p">,</span> <span class="nx">decode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/jwt</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">env</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/env.mjs</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">User</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@prisma/client</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">AuthUser</span> <span class="kd">extends</span> <span class="nx">Omit</span><span class="o">&lt;</span><span class="nx">User</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">tokenOneDay</span> <span class="o">=</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">tokenOnWeek</span> <span class="o">=</span> <span class="nx">tokenOneDay</span> <span class="o">*</span> <span class="mi">7</span> <span class="kd">const</span> <span class="nx">craeteJWT</span> <span class="o">=</span> <span class="p">(</span><span class="nx">token</span><span class="p">:</span><span class="nx">AuthUser</span><span class="p">,</span> <span class="nx">duration</span><span class="p">:</span> <span class="nx">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">encode</span><span class="p">({</span><span class="nx">token</span><span class="p">,</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="nx">duration</span><span class="p">})</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">jwtHelper</span> <span class="o">=</span> <span class="p">{</span> <span class="na">createAcessToken</span><span class="p">:</span> <span class="p">(</span><span class="na">token</span><span class="p">:</span><span class="nx">AuthUser</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">craeteJWT</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">tokenOneDay</span><span class="p">),</span> <span class="na">createRefreshToken</span><span class="p">:</span> <span class="p">(</span><span class="na">token</span><span class="p">:</span><span class="nx">AuthUser</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">craeteJWT</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">tokenOnWeek</span><span class="p">),</span> <span class="na">verifyToken</span><span class="p">:</span> <span class="p">(</span><span class="na">token</span><span class="p">:</span><span class="nx">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">decode</span><span class="p">({</span><span class="nx">token</span><span class="p">,</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>We need to define the NextAuthType type in order to integrate it properly within our app. To do so, we'll create a new file called <code>next-auth.d.ts</code> within the <code>src/pages/types/ directory</code>. For more information on how to <a href="https://next-auth.js.org/getting-started/typescript#extend-default-interface-properties">extend default</a> interface properties and properly define this type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/next</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">JWT</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/jwt</span><span class="dl">"</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/utils/jwtHelper</span><span class="dl">"</span><span class="p">;</span> <span class="nx">declare</span> <span class="nx">module</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nx">userId</span><span class="p">?:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">name</span><span class="p">?:</span> <span class="nx">string</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">Session</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="p">{</span> <span class="nx">userId</span><span class="p">?:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">name</span><span class="p">?:</span> <span class="nx">string</span> <span class="p">},</span> <span class="nx">error</span><span class="p">?:</span> <span class="dl">"</span><span class="s2">RefreshAccessTokenError</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">declare</span> <span class="nx">module</span> <span class="dl">"</span><span class="s2">next-auth/jwt</span><span class="dl">"</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">JWT</span><span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="nx">AuthUser</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">accessTokenExpired</span><span class="p">:</span> <span class="nx">number</span><span class="p">,</span> <span class="nx">refreshTokenExpired</span><span class="p">:</span> <span class="nx">number</span><span class="p">,</span> <span class="nx">error</span><span class="p">?:</span> <span class="dl">"</span><span class="s2">RefreshAccessTokenError</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Change <code>src/pages/api/auth/[...nextauth].ts</code> as follow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">type</span> <span class="nx">GetServerSidePropsContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getServerSession</span><span class="p">,</span> <span class="nx">type</span> <span class="nx">NextAuthOptions</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CredentialsProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PrismaAdapter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@next-auth/prisma-adapter</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">prisma</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/server/db</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthUser</span><span class="p">,</span> <span class="nx">jwtHelper</span><span class="p">,</span> <span class="nx">tokenOneDay</span><span class="p">,</span> <span class="nx">tokenOnWeek</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/utils/jwtHelper</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">authOptions</span><span class="p">:</span> <span class="nx">NextAuthOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">adapter</span><span class="p">:</span> <span class="nx">PrismaAdapter</span><span class="p">(</span><span class="nx">prisma</span><span class="p">),</span> <span class="na">session</span><span class="p">:</span> <span class="p">{</span> <span class="na">strategy</span><span class="p">:</span> <span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="p">},</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nx">CredentialsProvider</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Login with email</span><span class="dl">"</span><span class="p">,</span> <span class="k">async</span> <span class="nx">authorize</span><span class="p">(</span><span class="nx">credentials</span><span class="p">,</span> <span class="nx">req</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">findFirst</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">credentials</span><span class="p">?.</span><span class="nx">username</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="nx">user</span> <span class="o">&amp;&amp;</span> <span class="nx">credentials</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">validPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nx">compare</span><span class="p">(</span><span class="nx">credentials</span><span class="p">?.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">validPassword</span><span class="p">){</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">error</span><span class="p">){</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Username</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">,</span> <span class="na">placeholder</span><span class="p">:</span> <span class="dl">"</span><span class="s2">jsmith</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">})</span> <span class="p">],</span> <span class="na">callbacks</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nx">jwt</span><span class="p">({</span><span class="nx">token</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">profile</span><span class="p">,</span> <span class="nx">account</span><span class="p">,</span> <span class="nx">isNewUser</span><span class="p">}){</span> <span class="c1">// credentials provider: Save the access token and refresh token in the JWT on the initial login</span> <span class="k">if</span> <span class="p">(</span><span class="nx">user</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">authUser</span> <span class="o">=</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span> <span class="k">as</span> <span class="nx">AuthUser</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwtHelper</span><span class="p">.</span><span class="nx">createAcessToken</span><span class="p">(</span><span class="nx">authUser</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwtHelper</span><span class="p">.</span><span class="nx">createRefreshToken</span><span class="p">(</span><span class="nx">authUser</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">accessTokenExpired</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nx">now</span><span class="p">()</span> <span class="o">/</span><span class="mi">1000</span> <span class="o">+</span> <span class="nx">tokenOneDay</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">refreshTokenExpired</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nx">now</span><span class="p">()</span> <span class="o">/</span><span class="mi">1000</span> <span class="o">+</span> <span class="nx">tokenOnWeek</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">token</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">,</span> <span class="nx">accessTokenExpired</span><span class="p">,</span> <span class="nx">refreshTokenExpired</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">authUser</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">token</span><span class="p">){</span> <span class="c1">// In subsequent requests, check access token has expired, try to refresh it</span> <span class="k">if</span> <span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nx">now</span><span class="p">()</span> <span class="o">/</span><span class="mi">1000</span> <span class="o">&gt;</span> <span class="nx">token</span><span class="p">.</span><span class="nx">accessTokenExpired</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">verifyToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwtHelper</span><span class="p">.</span><span class="nx">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">verifyToken</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">findFirst</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="nx">user</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwtHelper</span><span class="p">.</span><span class="nx">createAcessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">accessTokenExpired</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nx">now</span><span class="p">()</span> <span class="o">/</span><span class="mi">1000</span> <span class="o">+</span> <span class="nx">tokenOneDay</span><span class="p">;</span> <span class="k">return</span> <span class="p">{...</span><span class="nx">token</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="nx">accessTokenExpired</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{...</span><span class="nx">token</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">RefreshAccessTokenError</span><span class="dl">"</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">token</span> <span class="p">},</span> <span class="k">async</span> <span class="nx">session</span><span class="p">({</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">token</span> <span class="p">}){</span> <span class="k">if</span> <span class="p">(</span><span class="nx">token</span><span class="p">){</span> <span class="nx">session</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">session</span><span class="p">.</span><span class="nx">error</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nx">error</span><span class="p">;</span> <span class="k">return</span> <span class="nx">session</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>Now that we've implemented NextAuth, we can easily protect unauthorized access from both the front-end and back-end of our application.</p> <p>In t3-app, we can use the <code>protectedProcedure</code> to protect our API from unauthorized access by checking for a valid session. Additionally, we can use the <code>useSession()</code> hook to check whether a client is authorized to access certain features of the app.</p> <p>I hope you found this tutorial helpful, the full source code is available on GitHub, so feel free to check it out and customize it to fit your needs. In the next tutorial, we'll explore how to build a multi-factor authentication to further bolster your app's security. Stay tuned! 👾👾👾👾 </p> <p>Full code on <a href="https://github.com/Francoshum95/t3-auth-example">GitHub</a></p> tutorial nextjs webdev react