Thank you so much for this video Sakura 😄

This is the best and most informative video I've seen on this topic ❤ Meanwhile, tens of popular channels are playing around with github credentials with no further context

Why other youtube channels doesnt address this problem at all? Had to go through other channels, to come across yours, that has the right solution. thanks!!

Thank you so much! You were the only one who could give the problem a working and clean solution, with an awesome explanation!

Tks for this content, Sakura. You having a great help me. 🙌🏼 Sorry my "English" 😂

Thanks a lot, one of the gem tutorial on external API handling with auth

داداش ありがとうございました It really saved me. By the way your content is amazing. I just subscribed.

WOw literaly saved my life! thank you

I love you, I was having this problem for two days, this is so good bro

You have been solving all my NextAuth issues, thanks!!

Thank I have been looking for this today the whole day...

Great tutorial, especially `as any` part

Best video ever

you saved me a lot of headaches, thanks a lot!

Absolute lifesaver! Thanks :)

Thanks so much. This is exactly what I was looking for.

this approach only modifies the client side session what if I want to get the accessToken in some serverComponent where I can't use useSession() ?? getServerSession() is giving me the original session without any info but (name, email, image)

Great! You saved my days.

Your are the best thanks 🙏🏾❤❤❤❤❤

Thanks for the great video, I am able to get attach the user data to session object. The only problem I am having is this attached user object information is only available at client side (when using useSession() ) but when using getServerSideSession this information is not there - server session only have the user's name and email. How can i pass the same information (user information) to server session as well?

Thank you so much. God bless you and your family 🤍

nice, just one question, how to deal with TS?

My nextAuth don't even have a credential when i open a new tab (tab 2); it's require me to login again, although I log in at tab 1

Awesome,thank you very much for making this video.

Hello, thanks for the video. I have everytihin but the access token. do i have to configure it in the database?

Great video, I've been working on a similar problem. The issue is by marking your provider as "use-client" now you've limited all of the children / pages of your apps to be client components. Is there a way to do this with NextAuth so that the server or cache refreshes after login updating the session state for server components?

great video thanks, sir how do you make the session expires at the time the jwt token from the backend expires?

I understand that you need the access token for client side fetch requests (which is why I only use server actions instead). However, I am wondering if that is not a security risk, because you are storing the access token inside the session, which is not secure, as it exposes the access token. That is also why the session does not have the token by default. I am confused there is no securer way to do this...

i have question, it is does matter if JWT on back-end expire first before on front-end? or they need both expire at the same time?

Thank you so much, brother!

Very helpful video. Thank you!

First of all it's a great lesson. I really appreciate it! But I have a question: What happens if the access token that I get from the server expires, how can I also expire the NextAuth session in that case? As I want to user to be logged out.

Helped me get the idea of next auth with credentials and how I can use it with a login server that already exits. Thank you.

Legend

It is hard to combine Next-auth with iron-session to secure cookies data

Thanks. very useful.

Thank you so much such a wonderful video, how can we save accessToken when we using any provider like google. the jwt is method is not working in that case.🙌

Thank you for the video. I have a feq questions. if I wrap in the layout with the provider and its a use client, does it make all of my components a client components? also, is this the best practice to handle the accessToken? because as far as I know we should store it as a cookie. is it secured this way?

I appreciate you

Hi thanks for your video, I dont understan how is the authorization validated in the backend? If I use postman and send any code as the authorization i will retrieve the information

Thanks so much. This is exactly what I was looking for. For the token part where you add "as any", i think it might as well be possible to define a JWT interface that extends the User. Please, tell me what you think about it.

Where is the api that you used a the end to retrieve posts defined?

Wow u didnt forget! thank you.

Hi Sakura, so if I’d like to use tue credentials provider, the token that’s acquired from database should be also set in cookie - next auth session token, right?

Hi sakura, thanks for your effort, just wanna ask is it safe to store the access token in the session?

hi, when do i use useSession and getSession? Also, what is the point of having use client at the top??

I have tried several apps with next-auth and they all work ok in development, but none in a droplet in digital ocean, any ideas?

How can i do that with Google Provider?

Thank you!

Thanks brother ❤

Great video, quick question. How do you handle the sign out when token is expired?

how to protect the route api/auth/session/ where you can directly see the token?

Such an amazing video, thanks for sharing. I'm trying to follow this tutorial but have a small issue. Nextauth redirect to error page when credentials are invalid. I'm using django on backend. can you provide a small code on error handling? my backend give { non_field_errors: [ 'Unable to log in with provided credentials.' ] } when invalid credentials and {password/email: ["Password/Email fields are missing"] when I miss any of the fields. also let me know how to show this custom error on the frontend? thanks

sir how to set access token and refresh token in cookies pls help me 🙏

very useful thank you

How to make the backend that provide decode jwt like that?

Last part, 1.How about token expired, need to use refresh token get new token 2. Should session exp set up same as refresh token exp?

I had spent a lot of time looking for this particular solution then I came across your tutorial, Thanks a lot it really helped me.! Now I am looking for a solution for how to handle google login with custom backend using next auth. Can you briefly explain me here or can you create another video for that. Thanks again !

Hello, I have a query..!! Whenever we use useSession() hook, data which it returns changes from undefined to session object which flickers the rendered UI for a moment as it state changes from undefined to session object..!! How to deal with that problem..!! What fallback to show between that flickering moment?

what if im using a custom backend using a framework like NestJS and the jwt token is generated by the backend so i don't need next-auth to generate a jwt for me

Hi Sakura, great video! I have one question about this set-up. Is the session object from nextauth a httpOnly cookie or is it stored locally on the client side?

I'm enjoying the video. Thank you so much. I have one question. How can I validate the accessToken on the api server?

hey nextauth is not sending session to the rootlayout but storing in cookies despite using the same methods that you were teaching in last video how could I solve this problem? right know I am using next/cookies.get() to get session

Hi Sakura, I have implemented a new app with nextjs 13 my initial route ("/") should be signin page and then when user logins in i should redirect him to home page. i have more screens like forgot password,sign up,verify otp in auth module. inside home i have some other screens. now i have an api for signin from where i get all data related to user and token will be sent in the response, once user login and we get a token from backend api,i need to redirect user to home page. How should i build my layout properly in order to build this whole thing properly. Because with current app folder structure i am unable to implement this. Can you pls provide some inputs in this.

can this same thing be done with Google provider? I'm just getting name , expires at , image etc , but not the accessToken

How do You suggest structuring auth with the app if I want to have nothing, except the login form in the middle of the screen with no app bar, etc? Now my appar is in layout above the children.

Thank you

Thanks for the video! I got a question is that the token object passed into my async jwt() only contains keys name, sub, id, password, iat, exp and jti, there isn't any "access token" in it. Is the latest version of next auth change the format of the token object? Thank you very much!

Thanks!!!!!!

thank you, its a great video. What do you think is it possible to use different authentication provider (facebook, google etc.) and a custom backend. So when I authenticate with facebook, somehow my backend should know about that, and also give me an accessToken.

Very informative video, I just want to ask , how does the backend returns a jwt token

Please give me an advice, I really need it. For a social media apps what is the best way to fetch data such as all posts, single post etc.? Fetching on client or server?

My friend, i have everything like jti and etc, except accessToken in session object. why do u think it doesnt appear in my session object?

amazing

how to do the same but for a signin endpoint with OAuth, instead of credentials, if the backed send back the JWT token after OAuth

is there any difference if you put next auth /pages/api/auth/[...nextauth] and app/api/auth/[...nexauth]/route.ts

Hi! Thanks for the explanation, it was super userful :) I have a question though: it seems that after the authentication, before the callback function comes to play, next.js decodes by itself the jwt to make it more human readable, what if i just want to retrieve the entire jwt?

Super helpful man thank you. I have 1 question still - How did you know about the route "/test/user/1/posts" because it's not defined in the app? How is that route working? Cheers. Thank you for not doing a github login lol

Çok teşekkürler

How about if we use Serverside component how can we use that access token ?

Thank u!!! new sub ❤ Amazing content you are sharing, keep on hacking!

Where can I see the backend code? How is user session verified?

I love u

how to do automatic logout when token expired?

Where in Your files is api router /auth/login?

can you provide us with an example handler for this requests to the backend? I'm still learning and I don't know how to validate if the token is correct/valid when it is sent to the backend. For now I only validate if the token exists on the headers (using a node.js API server with express)> Thanks a lot for your video

please can you make video on how we can refresh token if expired?

But how do I get the jwt token that is generated by next-auth?

Hello Sakura Dev, thank you for this video! I have a question. I'm using Next13 and I implemented an Authentication with Facebook and Google providers. When I login using Facebook or Google. I already got the user object with access_token from these providers. Then after that on success I'm also doing another login with external API endpoints to actually get user data from our application. This also returned user object with access_token and refresh_token. My question is how can I pass or access this user object from external API to another page so that I can make request from different endpoints that require a Bearer Token. I need to use the access_token from external API not from the providers I used (Facebook/Google). I hope you notice my question and help me out with this one. Thank you!

How do we handle refresh token with next auth

Great stuff! :) Will the token with this method be available also in getserversession? In case we need it for fetching data in ssr.

how about with sso (google / facebook), i'm getting issue when hit to external API

i'm getting an error Unauthorized 401 whenever i try to make a request inside authorize function, probably i missing the csrf token, but i have no idea where to send it, can you help me?

I am using Next 14, do you know if this method can also apply to server component?

Hi Can you help? I'm getting this error 'Cannot POST /api/auth/callback/credentials'

¡Thanks! Just in time

I am using app router how it is gonna work in that ?

nice, but what if backend have access and refresh token

Can we use Django as backend using this configuration?

It doesn't work with Firefox, but it works well with Edge