DEV Community: Rafaat Ahmed The latest articles on DEV Community by Rafaat Ahmed (@rafaatxyz). https://dev.to/rafaatxyz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1572052%2Fb50b9460-ae75-4281-b76d-a8dc13f07a4a.jpg DEV Community: Rafaat Ahmed https://dev.to/rafaatxyz en Next-auth App Router Credentials - An Annotated Guide Rafaat Ahmed Tue, 04 Jun 2024 07:28:56 +0000 https://dev.to/rafaatxyz/next-auth-app-router-credentials-an-annotated-guide-4dmm https://dev.to/rafaatxyz/next-auth-app-router-credentials-an-annotated-guide-4dmm <p>This is an annotated guide on implementing Auth.js (NextAuth 5) on NextJS (app router). We will follow official steps outlined in respective docs.</p> <p>We want to implement </p> <ul> <li>a email+password based login system,</li> <li>set custom login pages</li> <li>protect routes, and</li> <li>add roles (ie extend user objects for additional vaues)</li> </ul> <p>Tldr: Git repo - <a href="https://github.com/kaizenworks/nextjs-authjs-example">https://github.com/kaizenworks/nextjs-authjs-example</a></p> <h2> NextJS Install </h2> <p>Source - <a href="https://nextjs.org/docs/getting-started/installation">https://nextjs.org/docs/getting-started/installation</a></p> <blockquote> <p>Create project<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-next-app@latest </code></pre> </div> <blockquote> <p>Project name and options<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>What is your project named? my-app Would you like to use TypeScript? Yes Would you like to use ESLint? Yes Would you like to use Tailwind CSS? Yes Would you like to use <span class="sb">`</span>src/<span class="sb">`</span> directory? Yes Would you like to use App Router? <span class="o">(</span>recommended<span class="o">)</span> Yes Would you like to customize the default import <span class="nb">alias</span> <span class="o">(</span>@/<span class="k">*</span><span class="o">)</span>? No </code></pre> </div> <p>On fresh install (ts version), every page inside <code>/src/app</code> will throw <code>module not found</code> errors on imports.<br> This is probably because in <code>tsconfig.json</code>, <code>moduleResoultion</code> is set to <code>bundler</code>. More here - <a href="https://github.com/vercel/next.js/discussions/41189">https://github.com/vercel/next.js/discussions/41189</a></p> <p>Setting <code>moduleResoultion: "node"</code> solves the issue.</p> <h2> Auth.js / NextAuth install </h2> <p>Source - <a href="https://authjs.dev/getting-started/installation">https://authjs.dev/getting-started/installation</a></p> <blockquote> <p>Package install<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>next-auth@beta </code></pre> </div> <blockquote> <p>Setup enironment<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx auth secret </code></pre> </div> <p>Supposed to create a <code>.env.local</code> file with <code>AUTH_SECRET=</code> value, but didn't. So had to manullay save the outputted value to <code>.env.local</code>.</p> <blockquote> <p>Create auth.js at the root of the project (ie <code>/src</code>)<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// path: ./src/auth.ts</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[],</span> <span class="p">})</span> </code></pre> </div> <blockquote> <p>Set auth related route handlers<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// path: ./src/app/api/auth/[...nextauth]/route.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">handlers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="c1">// Referring to the auth.ts we just created</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">POST</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">handlers</span> </code></pre> </div> <blockquote> <p>Add middleware<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">//path: ./src/middleware.ts</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">auth</span> <span class="k">as</span> <span class="nx">middleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> </code></pre> </div> <p>I expected it would protect all the routes by default. But you would have to define guard rules separately. This version will keep the session values updated.</p> <h2> Credential (Email+Password) Authentication Setup </h2> <p>Source - <a href="https://authjs.dev/getting-started/authentication/credentials">https://authjs.dev/getting-started/authentication/credentials</a></p> <blockquote> <p>Setup Credential Provider in <code>auth.ts</code> file<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Credentials</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nc">Credentials</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">email </span><span class="dl">"</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="p">},</span> <span class="p">},</span> <span class="na">authorize</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">credentials</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="p">{</span><span class="nx">email</span><span class="p">,</span><span class="nx">password</span><span class="p">}</span> <span class="o">=</span> <span class="nx">credentials</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="nx">email</span><span class="o">==</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ADMIN_EMAIL</span> <span class="o">&amp;&amp;</span> <span class="nx">password</span><span class="o">==</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ADMIN_PASS</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Admin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">],</span> <span class="p">})</span> </code></pre> </div> <p>Define database lookup and password matching inside the authorize callback. I have used static env variables to keep things simple.</p> <p>NextAuth uses a default user type, but you can extend it (more on that later)</p> <h2> Signin and Signout </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/login">https://authjs.dev/getting-started/session-management/login</a></p> <blockquote> <p>Create signin button<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/react</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">SignInButton</span> <span class="o">=</span> <span class="p">({</span><span class="nx">children</span><span class="p">}:</span><span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">className</span><span class="p">=</span><span class="s">"[redacted]."</span> <span class="na">type</span><span class="p">=</span><span class="s">"button"</span> <span class="na">onClick</span><span class="p">=</span><span class="si">{</span><span class="p">()</span><span class="o">=&gt;</span><span class="nf">signIn</span><span class="p">()</span><span class="si">}</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">children</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Clicking this button takes user to default sign in page.</p> <p>Note there are two ways of importin signin/out functions </p> <ul> <li>Your <code>auth.js</code> file or <code>@/auth</code> for server-side use</li> <li> <code>next-auth/react</code> for client-side use</li> </ul> <p>Define component render boundaries with <code>use client</code> and <code>use server</code> </p> <blockquote> <p>Create signout button</p> </blockquote> <p>Signout button is the same, but using <code>signOut</code> method.</p> <blockquote> <p>Add buttons to Home<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code> <span class="c1">//.... imports</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">...</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">?</span> <span class="p">(</span> <span class="p">&lt;&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">SignOutButton</span><span class="p">&gt;</span>Sign Out<span class="p">&lt;/</span><span class="nc">SignOutButton</span><span class="p">&gt;</span> <span class="p">&lt;/&gt;</span> <span class="p">)</span> <span class="p">:</span> <span class="p">(</span> <span class="p">&lt;&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span>Guest<span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">SignInButton</span><span class="p">&gt;</span>Sign In<span class="p">&lt;/</span><span class="nc">SignInButton</span><span class="p">&gt;</span> <span class="p">&lt;/&gt;</span> <span class="p">)}</span> <span class="p">&lt;</span><span class="err">/</span><span class="na">div</span><span class="p">&gt;</span> ... ) } </code></pre> </div> <h2> Protecting routes </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/protecting">https://authjs.dev/getting-started/session-management/protecting</a></p> <p>To demonstrate this, we will add another route <code>/dashboard</code> and make it protected (ie only visible to logged in users)</p> <blockquote> <p>Add middleware with routh matcher config<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="p">{</span> <span class="nx">auth</span> <span class="k">as</span> <span class="nx">middleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/((?!api|_next/static|_next/image|favicon.ico).*)</span><span class="dl">"</span><span class="p">],</span> <span class="p">}</span> </code></pre> </div> <p>This did not work out for me.</p> <p>But defining it inside a custom auth function works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">auth</span><span class="p">((</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">auth</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span> <span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">url</span> <span class="p">);</span> <span class="c1">// here "/login" is a custom login page, we havent defined it yet</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">url</span><span class="p">)</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>Another way is to define in the page.tsx of the specific route, in our case <code>/dashboard</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span><span class="p">,</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Dashboard</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">)</span> <span class="k">return</span> <span class="nf">signIn</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">...</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Custom Login Page </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/custom-pages">https://authjs.dev/getting-started/session-management/custom-pages</a></p> <blockquote> <p>Define custom signIn path in <code>auth.ts</code><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Credentials</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">pages</span><span class="p">:</span> <span class="p">{</span> <span class="na">signIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">...</span> <span class="p">})</span> </code></pre> </div> <blockquote> <p>Create a Login page and implement signin()</p> </blockquote> <p>We will do this using server actions - </p> <ol> <li>create signin request action</li> <li>create signin form component (client side). Bind reqeuestSignIn using <code>useFormState</code> </li> <li> create login page on <code>login/page.tsx</code> that holds the form component</li> </ol> <p><code>@/actions/request-sign-in.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">"</span><span class="s2">use server</span><span class="dl">"</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/navigation</span><span class="dl">"</span><span class="p">;</span> <span class="kd">type</span> <span class="nx">FormState</span> <span class="o">=</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requestSignIn</span><span class="p">(</span><span class="nx">formState</span><span class="p">:</span><span class="nx">FormState</span><span class="p">,</span><span class="nx">formData</span><span class="p">:</span> <span class="nx">FormData</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span><span class="p">{</span> <span class="kd">const</span> <span class="nx">email</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">)</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">)</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="k">await</span> <span class="nf">signIn</span><span class="p">(</span><span class="dl">"</span><span class="s2">credentials</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span><span class="nx">email</span><span class="p">,</span><span class="nx">password</span><span class="p">,</span> <span class="na">redirect</span><span class="p">:</span><span class="kc">false</span><span class="p">});</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">error</span><span class="p">){</span> <span class="k">return</span> <span class="p">{</span><span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid login</span><span class="dl">"</span><span class="p">};</span> <span class="p">}</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000/</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><br> `</p> <p>When called from <code>useFormState</code> the first param is the state and the second on is FormData. Got it mixed up.</p> <p>Its weird that you have to pass <code>reidirect</code> or <code>reidrectTo</code> inside the data param in <code>signIn</code>.</p> <p>But it throws a <code>NEXT_REDIRECT</code> error. Keeping <code>redirect</code> out of try/catch works somehow.</p> <p><em>@/components/sign-in-form.client.tsx</em></p> <p><code></code>`jsx<br> "use client"</p> <p>import { requestSignIn } from "@/actions/request-sign-in";<br> import { useEffect } from "react";<br> import { useFormState } from "react-dom";</p> <p>const initState = { error: '' };</p> <p>export const SignInForm = () =&gt; {<br> const [fstate, action] = useFormState(requestSignIn, initState);</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>useEffect(() =&gt; { let { error } = fstate; if (error) alert(error); }, [fstate]) return ( &lt;form action={action} &gt; &lt;label&gt; Email &lt;input name="email" type="email" /&gt; &lt;/label&gt; &lt;br /&gt; &lt;label&gt; Password &lt;input name="password" type="password" /&gt; &lt;/label&gt; &lt;br /&gt; &lt;button&gt;Sign In&lt;/button&gt; &lt;/form&gt; ) </code></pre> </div> <p>}<br> `<code></code></p> <p><em>@/app/login/page.tsx</em></p> <p><code></code>`tsx<br> import { SignInForm } from "@/components/sign-in-form.client";</p> <p>export default function SignInPage() {</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>return ( &lt;div className="flex flex-col gap-2"&gt; &lt;SignInForm /&gt; &lt;/div&gt; ) </code></pre> </div> <p>}</p> <p>`<code></code></p> <h2> Session Data </h2> <p>Source : Extending Session - <a href="https://authjs.dev/guides/extending-the-session">https://authjs.dev/guides/extending-the-session</a></p> <p>Source: Role Based Access Example - <a href="https://authjs.dev/guides/role-based-access-control">https://authjs.dev/guides/role-based-access-control</a></p> <p><em>@/auth.ts</em></p> <p><code></code>`ts<br> export const { handlers, signIn, signOut, auth } = NextAuth({<br> providers: [<br> Credentials({<br> ...<br> authorize: async (credentials) =&gt; {</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> let { email, password } = credentials; if (email == process.env.ADMIN_EMAIL &amp;&amp; password == process.env.ADMIN_PASS) { return { id: '1', name: 'Admin', role: 'staff' } } return null; }, }), ], callbacks: { jwt({ token, user }) { if (user) { token.role = user.role; } return token; }, session({ session, token }) { session.user.role = token.role return session }, } </code></pre> </div> <p>})<br> `<code></code></p> <p>We defined two callbacks here</p> <p><code>jwt</code> </p> <blockquote> <p>During sign-in, the jwt callback exposes the user’s profile information coming from the provider. You can leverage this to add the user’s id to the JWT token.</p> </blockquote> <p>Here will will add the user role to token data</p> <p><code>session</code></p> <blockquote> <p>This callback is called whenever a session is checked. (i.e. when invoking the /api/session endpoint, using useSession or getSession). The return value will be exposed to the client, so be careful what you return here! If you want to make anything available to the client which you've added to the token through the JWT callback, you have to explicitly return it here as well.</p> </blockquote> <p>In our case we are exposing role in session.</p> <h3> Typescript error </h3> <p>When extending user with role field, there will be a type error in the callbacks.</p> <blockquote> <p>Property <code>role</code> does not exist on type <code>User | AdapterUser</code></p> </blockquote> <p>Solution is to extend the User and Session tyoes from Next Auth</p> <p><code>@/types/next-auth.d.ts</code></p> <p><code></code><code>ts<br> import { DefaultUser } from 'next-auth';<br> declare module 'next-auth' {<br> interface Session {<br> user?: DefaultUser &amp; { id: string; role: string };<br> }<br> interface User extends DefaultUser {<br> role: string;<br> }<br> }<br> </code><code></code></p> <p>Source - <a href="https://stackoverflow.com/questions/74425533/property-role-does-not-exist-on-type-user-adapteruser-in-nextauth">https://stackoverflow.com/questions/74425533/property-role-does-not-exist-on-type-user-adapteruser-in-nextauth</a></p> <h2> Additional resources - </h2> <ol> <li>(Youtube) Next.js App Router Authenication - <a href="https://www.youtube.com/watch?v=DJvM2lSPn6w">https://www.youtube.com/watch?v=DJvM2lSPn6w</a> </li> <li>Practical overview of Nextjs forms and server actions - <a href="https://www.robinwieruch.de/next-forms/">https://www.robinwieruch.de/next-forms/</a> </li> </ol> beginners javascript nextjs webdev Next-auth App Router Credentials - An Annotated Guide Rafaat Ahmed Tue, 04 Jun 2024 07:28:56 +0000 https://dev.to/rafaatxyz/next-auth-app-router-credentials-an-annotated-guide-4ijp https://dev.to/rafaatxyz/next-auth-app-router-credentials-an-annotated-guide-4ijp <p>This is an annotated guide on implementing Auth.js (NextAuth 5) on NextJS (app router). We will follow official steps outlined in respective docs.</p> <p>We want to implement </p> <ul> <li>a email+password based login system,</li> <li>set custom login pages</li> <li>protect routes, and</li> <li>add roles (ie extend user objects for additional vaues)</li> </ul> <p>Tldr: Git repo - <a href="https://github.com/kaizenworks/nextjs-authjs-example">https://github.com/kaizenworks/nextjs-authjs-example</a></p> <h2> NextJS Install </h2> <p>Source - <a href="https://nextjs.org/docs/getting-started/installation">https://nextjs.org/docs/getting-started/installation</a></p> <blockquote> <p>Create project<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-next-app@latest </code></pre> </div> <blockquote> <p>Project name and options<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>What is your project named? my-app Would you like to use TypeScript? Yes Would you like to use ESLint? Yes Would you like to use Tailwind CSS? Yes Would you like to use <span class="sb">`</span>src/<span class="sb">`</span> directory? Yes Would you like to use App Router? <span class="o">(</span>recommended<span class="o">)</span> Yes Would you like to customize the default import <span class="nb">alias</span> <span class="o">(</span>@/<span class="k">*</span><span class="o">)</span>? No </code></pre> </div> <p>On fresh install (ts version), every page inside <code>/src/app</code> will throw <code>module not found</code> errors on imports.<br> This is probably because in <code>tsconfig.json</code>, <code>moduleResoultion</code> is set to <code>bundler</code>. More here - <a href="https://github.com/vercel/next.js/discussions/41189">https://github.com/vercel/next.js/discussions/41189</a></p> <p>Setting <code>moduleResoultion: "node"</code> solves the issue.</p> <h2> Auth.js / NextAuth install </h2> <p>Source - <a href="https://authjs.dev/getting-started/installation">https://authjs.dev/getting-started/installation</a></p> <blockquote> <p>Package install<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>next-auth@beta </code></pre> </div> <blockquote> <p>Setup enironment<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx auth secret </code></pre> </div> <p>Supposed to create a <code>.env.local</code> file with <code>AUTH_SECRET=</code> value, but didn't. So had to manullay save the outputted value to <code>.env.local</code>.</p> <blockquote> <p>Create auth.js at the root of the project (ie <code>/src</code>)<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// path: ./src/auth.ts</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[],</span> <span class="p">})</span> </code></pre> </div> <blockquote> <p>Set auth related route handlers<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// path: ./src/app/api/auth/[...nextauth]/route.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">handlers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="c1">// Referring to the auth.ts we just created</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">POST</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">handlers</span> </code></pre> </div> <blockquote> <p>Add middleware<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">//path: ./src/middleware.ts</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">auth</span> <span class="k">as</span> <span class="nx">middleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> </code></pre> </div> <p>I expected it would protect all the routes by default. But you would have to define guard rules separately. This version will keep the session values updated.</p> <h2> Credential (Email+Password) Authentication Setup </h2> <p>Source - <a href="https://authjs.dev/getting-started/authentication/credentials">https://authjs.dev/getting-started/authentication/credentials</a></p> <blockquote> <p>Setup Credential Provider in <code>auth.ts</code> file<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Credentials</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nc">Credentials</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">email </span><span class="dl">"</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="p">},</span> <span class="p">},</span> <span class="na">authorize</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">credentials</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="p">{</span><span class="nx">email</span><span class="p">,</span><span class="nx">password</span><span class="p">}</span> <span class="o">=</span> <span class="nx">credentials</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="nx">email</span><span class="o">==</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ADMIN_EMAIL</span> <span class="o">&amp;&amp;</span> <span class="nx">password</span><span class="o">==</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ADMIN_PASS</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Admin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">],</span> <span class="p">})</span> </code></pre> </div> <p>Define database lookup and password matching inside the authorize callback. I have used static env variables to keep things simple.</p> <p>NextAuth uses a default user type, but you can extend it (more on that later)</p> <h2> Signin and Signout </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/login">https://authjs.dev/getting-started/session-management/login</a></p> <blockquote> <p>Create signin button<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/react</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">SignInButton</span> <span class="o">=</span> <span class="p">({</span><span class="nx">children</span><span class="p">}:</span><span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">className</span><span class="p">=</span><span class="s">"[redacted]."</span> <span class="na">type</span><span class="p">=</span><span class="s">"button"</span> <span class="na">onClick</span><span class="p">=</span><span class="si">{</span><span class="p">()</span><span class="o">=&gt;</span><span class="nf">signIn</span><span class="p">()</span><span class="si">}</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">children</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Clicking this button takes user to default sign in page.</p> <p>Note there are two ways of importin signin/out functions </p> <ul> <li>Your <code>auth.js</code> file or <code>@/auth</code> for server-side use</li> <li> <code>next-auth/react</code> for client-side use</li> </ul> <p>Define component render boundaries with <code>use client</code> and <code>use server</code> </p> <blockquote> <p>Create signout button</p> </blockquote> <p>Signout button is the same, but using <code>signOut</code> method.</p> <blockquote> <p>Add buttons to Home<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code> <span class="c1">//.... imports</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">...</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">?</span> <span class="p">(</span> <span class="p">&lt;&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">SignOutButton</span><span class="p">&gt;</span>Sign Out<span class="p">&lt;/</span><span class="nc">SignOutButton</span><span class="p">&gt;</span> <span class="p">&lt;/&gt;</span> <span class="p">)</span> <span class="p">:</span> <span class="p">(</span> <span class="p">&lt;&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span>Guest<span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">SignInButton</span><span class="p">&gt;</span>Sign In<span class="p">&lt;/</span><span class="nc">SignInButton</span><span class="p">&gt;</span> <span class="p">&lt;/&gt;</span> <span class="p">)}</span> <span class="p">&lt;</span><span class="err">/</span><span class="na">div</span><span class="p">&gt;</span> ... ) } </code></pre> </div> <h2> Protecting routes </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/protecting">https://authjs.dev/getting-started/session-management/protecting</a></p> <p>To demonstrate this, we will add another route <code>/dashboard</code> and make it protected (ie only visible to logged in users)</p> <blockquote> <p>Add middleware with routh matcher config<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="p">{</span> <span class="nx">auth</span> <span class="k">as</span> <span class="nx">middleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/((?!api|_next/static|_next/image|favicon.ico).*)</span><span class="dl">"</span><span class="p">],</span> <span class="p">}</span> </code></pre> </div> <p>This did not work out for me.</p> <p>But defining it inside a custom auth function works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">auth</span><span class="p">((</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">auth</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span> <span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">url</span> <span class="p">);</span> <span class="c1">// here "/login" is a custom login page, we havent defined it yet</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">url</span><span class="p">)</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>Another way is to define in the page.tsx of the specific route, in our case <code>/dashboard</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">auth</span><span class="p">,</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Dashboard</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">)</span> <span class="k">return</span> <span class="nf">signIn</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">...</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Custom Login Page </h2> <p>Source - <a href="https://authjs.dev/getting-started/session-management/custom-pages">https://authjs.dev/getting-started/session-management/custom-pages</a></p> <blockquote> <p>Define custom signIn path in <code>auth.ts</code><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="nx">Credentials</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span> <span class="k">export</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">handlers</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span><span class="p">,</span> <span class="nx">auth</span> <span class="p">}</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">pages</span><span class="p">:</span> <span class="p">{</span> <span class="na">signIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">...</span> <span class="p">})</span> </code></pre> </div> <blockquote> <p>Create a Login page and implement signin()</p> </blockquote> <p>We will do this using server actions - </p> <ol> <li>create signin request action</li> <li>create signin form component (client side). Bind reqeuestSignIn using <code>useFormState</code> </li> <li> create login page on <code>login/page.tsx</code> that holds the form component</li> </ol> <p><code>@/actions/request-sign-in.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">"</span><span class="s2">use server</span><span class="dl">"</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">signIn</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/navigation</span><span class="dl">"</span><span class="p">;</span> <span class="kd">type</span> <span class="nx">FormState</span> <span class="o">=</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requestSignIn</span><span class="p">(</span><span class="nx">formState</span><span class="p">:</span><span class="nx">FormState</span><span class="p">,</span><span class="nx">formData</span><span class="p">:</span> <span class="nx">FormData</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span><span class="p">{</span> <span class="kd">const</span> <span class="nx">email</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">)</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">)</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="k">await</span> <span class="nf">signIn</span><span class="p">(</span><span class="dl">"</span><span class="s2">credentials</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span><span class="nx">email</span><span class="p">,</span><span class="nx">password</span><span class="p">,</span> <span class="na">redirect</span><span class="p">:</span><span class="kc">false</span><span class="p">});</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">error</span><span class="p">){</span> <span class="k">return</span> <span class="p">{</span><span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid login</span><span class="dl">"</span><span class="p">};</span> <span class="p">}</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000/</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><br> `</p> <p>When called from <code>useFormState</code> the first param is the state and the second on is FormData. Got it mixed up.</p> <p>Its weird that you have to pass <code>reidirect</code> or <code>reidrectTo</code> inside the data param in <code>signIn</code>.</p> <p>But it throws a <code>NEXT_REDIRECT</code> error. Keeping <code>redirect</code> out of try/catch works somehow.</p> <p><em>@/components/sign-in-form.client.tsx</em></p> <p><code></code>`jsx<br> "use client"</p> <p>import { requestSignIn } from "@/actions/request-sign-in";<br> import { useEffect } from "react";<br> import { useFormState } from "react-dom";</p> <p>const initState = { error: '' };</p> <p>export const SignInForm = () =&gt; {<br> const [fstate, action] = useFormState(requestSignIn, initState);</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>useEffect(() =&gt; { let { error } = fstate; if (error) alert(error); }, [fstate]) return ( &lt;form action={action} &gt; &lt;label&gt; Email &lt;input name="email" type="email" /&gt; &lt;/label&gt; &lt;br /&gt; &lt;label&gt; Password &lt;input name="password" type="password" /&gt; &lt;/label&gt; &lt;br /&gt; &lt;button&gt;Sign In&lt;/button&gt; &lt;/form&gt; ) </code></pre> </div> <p>}<br> `<code></code></p> <p><em>@/app/login/page.tsx</em></p> <p><code></code>`tsx<br> import { SignInForm } from "@/components/sign-in-form.client";</p> <p>export default function SignInPage() {</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>return ( &lt;div className="flex flex-col gap-2"&gt; &lt;SignInForm /&gt; &lt;/div&gt; ) </code></pre> </div> <p>}</p> <p>`<code></code></p> <h2> Session Data </h2> <p>Source : Extending Session - <a href="https://authjs.dev/guides/extending-the-session">https://authjs.dev/guides/extending-the-session</a></p> <p>Source: Role Based Access Example - <a href="https://authjs.dev/guides/role-based-access-control">https://authjs.dev/guides/role-based-access-control</a></p> <p><em>@/auth.ts</em></p> <p><code></code>`ts<br> export const { handlers, signIn, signOut, auth } = NextAuth({<br> providers: [<br> Credentials({<br> ...<br> authorize: async (credentials) =&gt; {</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> let { email, password } = credentials; if (email == process.env.ADMIN_EMAIL &amp;&amp; password == process.env.ADMIN_PASS) { return { id: '1', name: 'Admin', role: 'staff' } } return null; }, }), ], callbacks: { jwt({ token, user }) { if (user) { token.role = user.role; } return token; }, session({ session, token }) { session.user.role = token.role return session }, } </code></pre> </div> <p>})<br> `<code></code></p> <p>We defined two callbacks here</p> <p><code>jwt</code> </p> <blockquote> <p>During sign-in, the jwt callback exposes the user’s profile information coming from the provider. You can leverage this to add the user’s id to the JWT token.</p> </blockquote> <p>Here will will add the user role to token data</p> <p><code>session</code></p> <blockquote> <p>This callback is called whenever a session is checked. (i.e. when invoking the /api/session endpoint, using useSession or getSession). The return value will be exposed to the client, so be careful what you return here! If you want to make anything available to the client which you've added to the token through the JWT callback, you have to explicitly return it here as well.</p> </blockquote> <p>In our case we are exposing role in session.</p> <h3> Typescript error </h3> <p>When extending user with role field, there will be a type error in the callbacks.</p> <blockquote> <p>Property <code>role</code> does not exist on type <code>User | AdapterUser</code></p> </blockquote> <p>Solution is to extend the User and Session tyoes from Next Auth</p> <p><code>@/types/next-auth.d.ts</code></p> <p><code></code><code>ts<br> import { DefaultUser } from 'next-auth';<br> declare module 'next-auth' {<br> interface Session {<br> user?: DefaultUser &amp; { id: string; role: string };<br> }<br> interface User extends DefaultUser {<br> role: string;<br> }<br> }<br> </code><code></code></p> <p>Source - <a href="https://stackoverflow.com/questions/74425533/property-role-does-not-exist-on-type-user-adapteruser-in-nextauth">https://stackoverflow.com/questions/74425533/property-role-does-not-exist-on-type-user-adapteruser-in-nextauth</a></p> <h2> Additional resources - </h2> <ol> <li>(Youtube) Next.js App Router Authenication - <a href="https://www.youtube.com/watch?v=DJvM2lSPn6w">https://www.youtube.com/watch?v=DJvM2lSPn6w</a> </li> <li>Practical overview of Nextjs forms and server actions - <a href="https://www.robinwieruch.de/next-forms/">https://www.robinwieruch.de/next-forms/</a> </li> </ol> beginners javascript nextjs webdev