Nah....how about a MySpace login. Lol.

😂

Facebook login

next auth is discouraging the use of credentials due to the inherint security risk. Imo who the frick wants to log in with email and password anyways and then confirm - when i can let google / github / discord handle that? If an app does not offer SSO chances are people just dont try them

@@dinoDonga sure, personally I use auth0 for everything because I can't be bothered to set up auth myself. but it doesn't mean knowing how to set it up isn't useful.

Haha you're welcome 🙏

😂

Glad it helped! 🙏

Awesome! Glad it helped!

Haha the car was on, I live in Indonesia so would not have survived without the AC 😆

@@WebDevEducation Wait no way, I also live here in Indonesia (East Java, Malang). No wonder why you have that Suzuki Baleno car since that car is pretty popular here, and I guess I didn't notice the white and black license plate coloring format on the back of the car (0:08). Nice, keep up the good work!

Ahhh awesome! Yes I live in Bali :)

Nope. Check the docs: vercel.com/docs/storage/vercel-postgres/sdk#preventing-sql-injections

I have the same issue and need help

Same problem. I solved it by including if( user == null ) return null; before the const passwordCorrect and deleting a question mark in "user.password" in the compare function.

You're welcome 😊

😂

Both ways are correct, it just depends on if you're using the pages directory or app directory. With the app directory it should be app/api/auth/[...nextauth]/route.ts

@@WebDevEducation Thank you very much for the response

thank for the help @@WebDevEducation

It's something I've been thinking of doing for a while but just haven't had the time yet. Hopefully soon 🙏

🙏

I would assume it's possible but I've never tried to hook up next auth with express so I'm not sure.

yes should do, in next-auth v5 this is indeed the method outlined in the docs, i.e. calling signIn via a server action.

No need to send any tokens to backend. To get logged in user from backend you can use getServerSession next-auth.js.org/configuration/nextjs#getserversession

Glad it was helpful!

While the heart is awesome, answers would be even more appreciated. :) No pressure. I am genuinely wondering what the best setup for this is and some resources or something would be much appreciated. Thanks in advance, you deliver awesome content!

The route handlers in Next JS are the backend, and we can grab the session from getServerSession. You should be able to grab any headers you need from the route handler. If you're using a different backend then you'll probably need a different solution than next-auth as its next specific. With that said next-auth team have created authjs.dev/, (which I believe will be used instead of next-auth in the future) which provides more generic auth solutions for other frameworks and backends that may be more suited to your needs.

I think you can just add the jwt token your auth provider gives you and use it as a bearer token in all your requests

You know what? I'm not actually sure why I did it that way 😆 I think the pages as client components would be a better approach in this example.

It's just a good practise, it allows to load page faster, in this example it's not much, but in page with more elements it will do diffrence

because of async

Please read the docs. This method isn't vulnerable to sql injection 🙏 vercel.com/docs/storage/vercel-postgres/sdk#preventing-sql-injections

hashing client side doesn't really make anything more secure. to make it secure you need to be using https (which you should *always* be using in production), and so you can hash password server side before storing it. in next 13.5 and newer you can run https in development pretty easily as well.

@@WebDevEducation https makes total sense. Thanks for the guide, it is great showcase of bare minimum that illustrates the principle

I would suggest adding an additional field in the user database. Upon registering the field defaults to loginApproved=false. You would need an admin page where the account could be approved and then change the loginApproved=true. Modify the SQL query in your authorize function to include a WHERE loginApproved = true.

Thank you!@@Chambrln

This tutorial uses the app router. The setup is slightly different if you're using the pages router. If you check the next auth docs they have the differences in setup outline there 🙏

can you imagine I had the bugs for 2 weeks 😪 I was trying to use a session when the user was signed in or out but it was hard I found that I had to wrap the session provider in _app.tsx the useSession maybe next time better to give us the link who used different setup @@WebDevEducation

Unfortunately I've never used nest js so wouldn't know how to

it actually works, I were facing issues with middleware just not working but then I tried moving middleware.ts to the root directory and it worked, before that it was at approot/app

You're probably using an unstable beta version, downgrade next-auth instead to the latest stable one (4.24.7) by running "npm i next-auth@4.24.7" in your vs code terminal. This would fix the error message :)

I figured it out for the most part, except now the getSession (in v5 auth() ) returns null after a login and I don't understand why since the user in the authorize function is being logged in the console

What did I get wrong?

Also, the console logs I'm referring to the second time "we should see some console logs in our terminal" is the console log from the api endpoint, not the handlesubmit function. You're right tho, when I originally said we should see it in the terminal for handlesubmit, that's not the case and are indeed logged in the browser because it's within the client component.

You're right@@WebDevEducation , I got confused at 16:56 because the error message in the browser states "Client Component", but by default it's a server component in Next.js 13.4

it might be because I forgot to pass the authOptions to the getServerSession: next-auth.js.org/configuration/nextjs#in-app-router

Makasih kak 😊 Kalo mau tampilkan error bisa pake useState kayak ini (app/login/form.tsx): const router = useRouter(); const [error, setError] = useState(""); const handleSubmit = async (e: FormEvent) => { e.preventDefault(); const formData = new FormData(e.currentTarget); const response = await signIn('credentials', { email: formData.get('email'), password: formData.get('password'), redirect: false, }); console.log({ response }); if (!response?.error) { router.push('/'); router.refresh(); }else{ setError(response.error); } }; return (error ? {error} : Login );

@@WebDevEducation Terimakasih, tapi sudah solved kok dari kemarin-kemarin.

@@WebDevEducation Oh iya btw cara diatas kita tidak bisa mengatur custom message. async handleSubmit(...) { // Mencari pengguna const res = await fetch("/api/accounts/search?username="+username) const user = await res.json() if (res.ok && !user.found) { setMessage(user.message || "Nama pengguna tidak terdaftar.") } } Ini caraku sih buat mengatasi signIn() yang tidak bisa membuat custom message.

🙏

Watch this space 👀