Thursday May 20, 2021 By David Quintanilla
How To Implement Authentication In Next.js With Auth0 — Smashing Magazine

About The Creator

Methods Engineer from Buenos Aires, Argentina, with 15+ years of expertise in software program growth. Full Stack Developer. Auth0 Ambassador. GitKraken …
More about

For the time being of including authentication and authorization to our net functions, there are some issues that we must always consider, e.g. whether or not we have to create our personal safety platform or whether or not we are able to depend on an current third-party service. Let’s see how we are able to implement authentication and authorization in Subsequent.js apps, with Auth0.

“Authentication” is the motion of validating {that a} consumer is who she or he claims to be. We normally do that by implementing a credentials system, like consumer/password, safety questions, and even facial recognition.

“Authorization” determines what a consumer can (or can’t) do. If we have to deal with authentication and authorization in our net software, we’ll want a safety platform or module. We are able to develop our personal platform, implement it, and keep it. Or we are able to take the benefit of current authentication and authorization platforms available in the market which can be supplied as companies.

When evaluating whether or not it’s higher for us to create our personal platform, or to make use of a third-party service, there are some issues that we must always think about:

  • Designing and creating authentication companies will not be our core talent. There are folks working specifically targeted on safety subjects that may create higher and safer platforms than us;
  • We are able to save time counting on an current authentication platform and spend it including worth to the services and products that we care about;
  • We don’t retailer delicate data in our databases. We separate it from all the info concerned in our apps;
  • The instruments third-party companies supply have improved usability and efficiency, which makes it simpler for us to administrate the customers of our software.

Contemplating these elements, we are able to say that counting on third-party authentication platforms could be simpler, cheaper, and much more safe than creating our personal safety module.

On this article, we’ll see how one can implement authentication and authorization in our Subsequent.js functions utilizing one of many current merchandise available in the market: Auth0.

What Is Auth0?

It permits you to add safety to apps developed utilizing any programming language or expertise.

“Auth0 is a versatile, drop-in resolution so as to add authentication and authorization companies to your functions.”

Dan Arias, auth0.com

Auth0 has a number of attention-grabbing options, reminiscent of:

  • Single Signal-On: When you log into an software that makes use of Auth0, you received’t should enter your credentials once more when coming into one other one which additionally makes use of it. You can be routinely logged in to all of them;
  • Social login: Authenticate utilizing your most popular social community profile;
  • Multi-Issue Authentication;
  • A number of commonplace protocols are allowed, reminiscent of OpenID Join, JSON Net Token, or OAuth 2.0;
  • Reporting and analytics instruments.

There’s a free plan that you should utilize to start out securing your net functions, overlaying as much as 7000 month-to-month energetic customers. You’ll begin paying when the quantity of customers will increase.

One other cool factor about Auth0 is that now we have a Next.js SDK obtainable to make use of in our app. With this library, created particularly for Subsequent.js, we are able to simply connect with the Auth0 API.

Auth0 SDK For Subsequent.js

As we talked about earlier than, Auth0 created (and maintains) a Subsequent.js targeted SDK, amongst different SDKs obtainable to connect with the API utilizing varied programming languages. We simply have to obtain the NPM package, configure some particulars about our Auth0 account and connection, and we’re good to go.

This SDK offers us instruments to implement authentication and authorization with each client-side and server-side strategies, utilizing API Routes on the backend and React Context with React Hooks on the frontend.

Let’s see how a few of them work in an instance Subsequent.js software.

Instance Subsequent.js App Utilizing Auth0

Let’s return to our earlier video platform instance, and create a small app to indicate how one can use Auth0 Subsequent.js SDK. We’ll arrange Auth0’s Universal Login. We could have some YouTube video URLs. They are going to be hidden underneath an authentication platform. Solely registered customers will have the ability to see the listing of movies by our net software.

Be aware: This text focuses on the configuration and use of Auth0 in your Subsequent.js software. We received’t get into particulars like CSS styling or database utilization. If you wish to see the entire code of the instance app, you possibly can go to this GitHub repository.

Create Auth0 Account And Configure App Particulars

To begin with, we have to create an Auth0 account utilizing the Sign Up page.

creation of an Auth0 account using the Sign Up page
(Large preview)

After that, let’s go to the Auth0 Dashboard. Go to Purposes and create a brand new app of kind [“Regular Web Applications”].

creation of a new app of type 'Regular Web Applications'.
(Large preview)

Now let’s go to the Settings tab of the appliance and, underneath the Utility URIs part, configure the next particulars and save the adjustments:

  • Allowed Callback URLs: add http://localhost:3000/api/auth/callback
  • Allowed Logout URLs: add http://localhost:3000/
Settings tab of the application.
(Large preview)

By doing this, we’re configuring the URL the place we wish to redirect the customers after they login our web site (Callback), and the URL the place we redirect the customers after they sign off (Logout). We should always add the manufacturing URLs once we deploy the ultimate model of our app to the internet hosting server.

Auth0 Dashboard has many configurations and customizations we are able to apply to our initiatives. We are able to change the kind of authentication we use, the login/sign-up web page, the info we request for the customers, allow/disable new registrations, configure customers’ databases, and so forth.

Create Subsequent.js App

To create a model new Subsequent.js app, we’ll use create-next-app, which units up all the pieces routinely for you. To create the mission, run:

npx create-next-app [name-of-the-app]


yarn create next-app [name-of-the-app]

To begin the develop server domestically and see the location simply created in your browser, go to the brand new folder that you just created:

cd [name-of-the-app]

And run:

npm run dev


yarn dev

Set up And Configure The Auth0 Subsequent.js SDK

Let’s set up the Auth0 Subsequent.js SDK in our app:

npm set up @auth0/nextjs-auth0


yarn add @auth0/nextjs-auth0

Now, in our env.native file (or the surroundings variables menu of our internet hosting platform), let’s add these variables:

AUTH0_SECRET="[A 32 characters secret used to encrypt the cookies]"
AUTH0_ISSUER_BASE_URL="https://[Your tenant domain. Can be found in the Auth0 dashboard under settings]"
AUTH0_CLIENT_ID="[Can be found in the Auth0 dashboard under settings]"
AUTH0_CLIENT_SECRET="[Can be found in the Auth0 dashboard under settings]"
configuration options for the Auth0 Next.js SDK.
(Large preview)

If you’d like extra configuration choices, you possibly can take a look at the docs.

Create the Dynamic API Route

Subsequent.js affords a technique to create serverless APIs: API Routes. With this characteristic, we are able to create code that shall be executed in each consumer request to our routes. We are able to outline fastened routes, like /api/index.js. However we are able to even have dynamic API routes, with params that we are able to use in our API routes code, like /api/weblog/[postId].js.

Let’s create the file /pages/api/auth/[...auth0].js, which shall be a dynamic API route. Inside the file, let’s import the handleAuth methodology from the Auth0 SDK, and export the outcome:

import { handleAuth } from '@auth0/nextjs-auth0';

export default handleAuth();

It will create and deal with the next routes:

  • /api/auth/login
    To carry out login or join with Auth0.
  • /api/auth/logout
    To log the consumer out.
  • /api/auth/callback
    To redirect the consumer after a profitable login.
  • /api/auth/me
    To get the consumer profile data.

And that may be the server-side a part of our app. If we wish to log in to our software or join a brand new account, we must always go to http://localhost:3000/api/auth/login. We should always add a hyperlink to that route in our app. Identical for logging out from our web site: Add a hyperlink to http://localhost:3000/api/auth/logout.

Add The UserProvider Part

To deal with consumer authentication state on the frontend of our net software we are able to use UserProvider React part, obtainable on Auth0 Subsequent.js SDK. the part makes use of React Context internally.

If you wish to entry the consumer authentication state on a Part, it’s best to wrap it with a UserProvider part.

  <Part {...props} />

If we wish to entry the entire pages in our software, we must always add the part to the pages/_app.js file. pages/_app.js overrides the React App part. It’s a characteristic that Subsequent.js exposes to customise our software. You’ll be able to learn extra about it here.

import React from 'react';
import { UserProvider } from '@auth0/nextjs-auth0';

export default operate App({ Part, pageProps }) {
  return (
      <Part {...pageProps} />

We’ve a React hook useUser that accesses to the authentication state uncovered by UserProvider. We are able to use it, as an example, to create a form of welcome web page. Let’s change the code of the pages/index.js file:

import { useUser } from "@auth0/nextjs-auth0";

export default () => {
 const { consumer, error, isLoading } = useUser();

 if (isLoading) return <div>Loading...</div>;

 if (error) return <div>{error.message}</div>;

 if (consumer) {
   return (
       <p>{consumer.electronic mail}</p>
       <a href="https://smashingmagazine.com/api/auth/logout">Logout</a>
 return <a href="http://smashingmagazine.com/api/auth/login">Login</a>;

The consumer object accommodates data associated to the consumer’s identification. If the individual visiting the web page will not be logged in (we don’t have a consumer object obtainable), we’ll show a hyperlink to the login web page. If the consumer is already authenticated, we’ll show consumer.title and consumer.electronic mail properties on the web page, and a Logout hyperlink.

Let’s create a movies.js file, with a listing of three YouTube video URLs that can solely be seen for registered folks. To solely enable logged customers to see this web page, we’ll use withPageAuthRequired methodology from the SDK.

import { withPageAuthRequired } from "@auth0/nextjs-auth0";

export default () => {
 return (
     <a href="https://www.youtube.com/watch?v=5qap5aO4i9A">LoFi Music</a>
     <a href="https://www.youtube.com/watch?v=fEvM-OUbaKs">Jazz Music</a>
     <a href="https://www.youtube.com/watch?v=XULUBg_ZcAU">Piano Music</a>

export const getServerSideProps = withPageAuthRequired();

Consider that our net software permits any individual to enroll in an account, utilizing the Auth0 platform. The consumer also can re-use an current Auth0 account, as we’re implementing Common Login.

We are able to create our personal registration web page to request extra particulars in regards to the consumer or add cost data to invoice them month-to-month for our service. We are able to additionally use the strategies uncovered within the SDK to deal with authorization in an automated method.


On this article, we noticed how one can safe our Subsequent.js functions utilizing Auth0, an authentication and authorization platform. We consider the advantages of utilizing a third-party service for the authentication of our net functions in comparison with creating our personal safety platform. We created an instance Subsequent.js app and we secured it utilizing Auth0 free plan and Auth0 Subsequent.js SDK.

If you wish to deploy an Auth0 instance software to Vercel, you are able to do it here.

Additional Studying And Assets

Smashing Editorial
(vf, yk, il)

Source link