Thank you so much for this video Sakura 😄

This is the best and most informative video I've seen on this topic ❤ Meanwhile, tens of popular channels are playing around with github credentials with no further context

Why other youtube channels doesnt address this problem at all? Had to go through other channels, to come across yours, that has the right solution. thanks!!

Thank you so much! You were the only one who could give the problem a working and clean solution, with an awesome explanation!

Thanks a lot, one of the gem tutorial on external API handling with auth

Tks for this content, Sakura. You having a great help me. 🙌🏼 Sorry my "English" 😂

WOw literaly saved my life! thank you

You have been solving all my NextAuth issues, thanks!!

I love you, I was having this problem for two days, this is so good bro

Thank I have been looking for this today the whole day...

داداش ありがとうございました It really saved me. By the way your content is amazing. I just subscribed.

Thanks so much. This is exactly what I was looking for.

this approach only modifies the client side session what if I want to get the accessToken in some serverComponent where I can't use useSession() ?? getServerSession() is giving me the original session without any info but (name, email, image)

you saved me a lot of headaches, thanks a lot!

Absolute lifesaver! Thanks :)

Awesome,thank you very much for making this video.

My nextAuth don't even have a credential when i open a new tab (tab 2); it's require me to login again, although I log in at tab 1

Thanks for the great video, I am able to get attach the user data to session object. The only problem I am having is this attached user object information is only available at client side (when using useSession() ) but when using getServerSideSession this information is not there - server session only have the user's name and email. How can i pass the same information (user information) to server session as well?

Thank you so much. God bless you and your family 🤍

Such an amazing video, thanks for sharing. I'm trying to follow this tutorial but have a small issue. Nextauth redirect to error page when credentials are invalid. I'm using django on backend. can you provide a small code on error handling? my backend give { non_field_errors: [ 'Unable to log in with provided credentials.' ] } when invalid credentials and {password/email: ["Password/Email fields are missing"] when I miss any of the fields. also let me know how to show this custom error on the frontend? thanks

Hello, thanks for the video. I have everytihin but the access token. do i have to configure it in the database?

great video thanks, sir how do you make the session expires at the time the jwt token from the backend expires?

First of all it's a great lesson. I really appreciate it! But I have a question: What happens if the access token that I get from the server expires, how can I also expire the NextAuth session in that case? As I want to user to be logged out.

I understand that you need the access token for client side fetch requests (which is why I only use server actions instead). However, I am wondering if that is not a security risk, because you are storing the access token inside the session, which is not secure, as it exposes the access token. That is also why the session does not have the token by default. I am confused there is no securer way to do this...

nice, just one question, how to deal with TS?

Thanks so much. This is exactly what I was looking for. For the token part where you add "as any", i think it might as well be possible to define a JWT interface that extends the User. Please, tell me what you think about it.

Thank you so much such a wonderful video, how can we save accessToken when we using any provider like google. the jwt is method is not working in that case.🙌

Hi Sakura, great video! I have one question about this set-up. Is the session object from nextauth a httpOnly cookie or is it stored locally on the client side?

Great! You saved my days.

Hi Sakura, so if I’d like to use tue credentials provider, the token that’s acquired from database should be also set in cookie - next auth session token, right?

Helped me get the idea of next auth with credentials and how I can use it with a login server that already exits. Thank you.

i have question, it is does matter if JWT on back-end expire first before on front-end? or they need both expire at the same time?

How do You suggest structuring auth with the app if I want to have nothing, except the login form in the middle of the screen with no app bar, etc? Now my appar is in layout above the children.

Great video, I've been working on a similar problem. The issue is by marking your provider as "use-client" now you've limited all of the children / pages of your apps to be client components. Is there a way to do this with NextAuth so that the server or cache refreshes after login updating the session state for server components?

Hi sakura, thanks for your effort, just wanna ask is it safe to store the access token in the session?

I have tried several apps with next-auth and they all work ok in development, but none in a droplet in digital ocean, any ideas?

what if im using a custom backend using a framework like NestJS and the jwt token is generated by the backend so i don't need next-auth to generate a jwt for me

Thank you for the video. I have a feq questions. if I wrap in the layout with the provider and its a use client, does it make all of my components a client components? also, is this the best practice to handle the accessToken? because as far as I know we should store it as a cookie. is it secured this way?

Hello Sakura Dev, thank you for this video! I have a question. I'm using Next13 and I implemented an Authentication with Facebook and Google providers. When I login using Facebook or Google. I already got the user object with access_token from these providers. Then after that on success I'm also doing another login with external API endpoints to actually get user data from our application. This also returned user object with access_token and refresh_token. My question is how can I pass or access this user object from external API to another page so that I can make request from different endpoints that require a Bearer Token. I need to use the access_token from external API not from the providers I used (Facebook/Google). I hope you notice my question and help me out with this one. Thank you!

Very helpful video. Thank you!

My friend, i have everything like jti and etc, except accessToken in session object. why do u think it doesnt appear in my session object?

Great video, quick question. How do you handle the sign out when token is expired?

Hi thanks for your video, I dont understan how is the authorization validated in the backend? If I use postman and send any code as the authorization i will retrieve the information

I had spent a lot of time looking for this particular solution then I came across your tutorial, Thanks a lot it really helped me.! Now I am looking for a solution for how to handle google login with custom backend using next auth. Can you briefly explain me here or can you create another video for that. Thanks again !

Where is the api that you used a the end to retrieve posts defined?

hi, when do i use useSession and getSession? Also, what is the point of having use client at the top??

Your are the best thanks 🙏🏾❤❤❤❤❤

hey nextauth is not sending session to the rootlayout but storing in cookies despite using the same methods that you were teaching in last video how could I solve this problem? right know I am using next/cookies.get() to get session

how to protect the route api/auth/session/ where you can directly see the token?

I'm enjoying the video. Thank you so much. I have one question. How can I validate the accessToken on the api server?

is there any difference if you put next auth /pages/api/auth/[...nextauth] and app/api/auth/[...nexauth]/route.ts

Hello, I have a query..!! Whenever we use useSession() hook, data which it returns changes from undefined to session object which flickers the rendered UI for a moment as it state changes from undefined to session object..!! How to deal with that problem..!! What fallback to show between that flickering moment?

Hi Sakura, I have implemented a new app with nextjs 13 my initial route ("/") should be signin page and then when user logins in i should redirect him to home page. i have more screens like forgot password,sign up,verify otp in auth module. inside home i have some other screens. now i have an api for signin from where i get all data related to user and token will be sent in the response, once user login and we get a token from backend api,i need to redirect user to home page. How should i build my layout properly in order to build this whole thing properly. Because with current app folder structure i am unable to implement this. Can you pls provide some inputs in this.

can this same thing be done with Google provider? I'm just getting name , expires at , image etc , but not the accessToken

Thanks for the video! I got a question is that the token object passed into my async jwt() only contains keys name, sub, id, password, iat, exp and jti, there isn't any "access token" in it. Is the latest version of next auth change the format of the token object? Thank you very much!

Please give me an advice, I really need it. For a social media apps what is the best way to fetch data such as all posts, single post etc.? Fetching on client or server?

Hi Can you help? I'm getting this error 'Cannot POST /api/auth/callback/credentials'

How can i do that with Google Provider?

Super helpful man thank you. I have 1 question still - How did you know about the route "/test/user/1/posts" because it's not defined in the app? How is that route working? Cheers. Thank you for not doing a github login lol

How to make the backend that provide decode jwt like that?

Thank you so much, brother!

Very informative video, I just want to ask , how does the backend returns a jwt token

Last part, 1.How about token expired, need to use refresh token get new token 2. Should session exp set up same as refresh token exp?

can you provide us with an example handler for this requests to the backend? I'm still learning and I don't know how to validate if the token is correct/valid when it is sent to the backend. For now I only validate if the token exists on the headers (using a node.js API server with express)> Thanks a lot for your video

thank you, its a great video. What do you think is it possible to use different authentication provider (facebook, google etc.) and a custom backend. So when I authenticate with facebook, somehow my backend should know about that, and also give me an accessToken.

i'm getting an error Unauthorized 401 whenever i try to make a request inside authorize function, probably i missing the csrf token, but i have no idea where to send it, can you help me?

Wow u didnt forget! thank you.

Hi! Thanks for the explanation, it was super userful :) I have a question though: it seems that after the authentication, before the callback function comes to play, next.js decodes by itself the jwt to make it more human readable, what if i just want to retrieve the entire jwt?

please add an oauth 2.0 to this project

It is hard to combine Next-auth with iron-session to secure cookies data

Where in Your files is api router /auth/login?

How about if we use Serverside component how can we use that access token ?

how about with sso (google / facebook), i'm getting issue when hit to external API

Great stuff! :) Will the token with this method be available also in getserversession? In case we need it for fetching data in ssr.

Best video ever

please can you make video on how we can refresh token if expired?

I am using Next 14, do you know if this method can also apply to server component?

Thanks. very useful.

Greetings friend, this video is worth GOLD, I finally understood the JWT thing in Next... thanks For the DISCORD group... I left you a question... I hope you have a chance to review and your possible response... thank you very much in advance

nice, but what if backend have access and refresh token

sir how to set access token and refresh token in cookies pls help me 🙏

How do we handle refresh token with next auth

I appreciate you

Where can I see the backend code? How is user session verified?

very useful thank you

I am using Next 13.2.4 + appDir, where should I place [...nextauth].ts file??? Please help

how to do automatic logout when token expired?

Hello, could you show about nextjs 13 crud api with server side rendering?

But how do I get the jwt token that is generated by next-auth?

It doesn't work with Firefox, but it works well with Edge

Thank you!

The tutorial is really nice, but that "any" type at the end wasn't good at all x.x Edit: Sorry that i might sound ungrateful, i really liked the tutorial and wanted to edit to express my gratitude 🙏

How do i do this with google authentication?

Can we use Django as backend using this configuration?

Thanks brother ❤

I am using app router how it is gonna work in that ?

Thank you

this solution won't scale, as it entails having to set the headers for each single request

What if I have separate backend that provides token

Thank u!!! new sub ❤ Amazing content you are sharing, keep on hacking!