nextauthjs / next-auth Goto Github PK
View Code? Open in Web Editor NEWAuthentication for the Web.
Home Page: https://authjs.dev
License: ISC License
Authentication for the Web.
Home Page: https://authjs.dev
License: ISC License
The package allows for a custom function for sending the sign in email, but to create the email i also need access to the req.locale
variable that is being set by a middleware based on the Accept-Language
headers sent by the browser and the supported locales of the app.
Is there other way to accomplish this?
Hi @iaincollins, Firstly, great library. Thanks for the effort you put into it :)
I'm having a bit of trouble trying to figure out an issue. I know you're not affiliated with the keycloak-passport
strategy that I'm using but I'm hoping your experience might be able to point me in the right direction.
My issue is related to the issue @garmeeh was having last week
I'd like to use keycloak.org as authentication on my project and I'm using your nextjs-starter
examples to test the flow of login and log out. I'm also leveraging the keycloak-passport
to handle the keycloak.org actions.
I've tested logging in and out using Google as an identity provider and it worked flawlessly so I'm doing something wrong with keycloak.org but I'm not sure what.
When I run your examples locally I can successfully log in using the keycloak-passport
strategy but when I logout, the client side says I'm logged out and when I try to log in again using keycloak-passport
I get the Unable to sign in
page.
It seems to be logging out from the client side but the session seems to be persisted on the server side. When I hit my login page directly it redirects me to the account admin section on my keycloak instance so I'm definitely still logged in on the server.
I've tried to debug the logout flow to see if I can determine the problem but none of the console.log
statements I placed in the handleSignOutSubmit()
and signout()
functions are firing.
I also opened an issue on the keycloak-passport
library, which can be found here, in the hopes that someone can help me with this issue.
Any help with this issue would be greatly appreciated
Getting this error after added next-auth module to my nextjs app i tried setting node fs to empty. But it lead to other issues and the app completely stops working.
Enclosed the log below for your reference.
`D:\Code\link-api>npm run build
[email protected] build D:\Code\link-api
next build
Failed to build
{ Error: (client) ./node_modules/next-auth/node_modules/destroy/index.js
Module not found: Error: Can't resolve 'fs' in 'D:\Code\link-api\node_modules\next-auth\node_modules\destroy'
@ ./node_modules/next-auth/node_modules/destroy/index.js 14:17-30
@ ./node_modules/next-auth/node_modules/send/index.js
@ ./node_modules/next-auth/node_modules/express/lib/response.js
@ ./node_modules/next-auth/node_modules/express/lib/express.js
@ ./node_modules/next-auth/node_modules/express/index.js`
Thanks!
I'm experiencing a bundle size increase of 92KB after upgrading from v1.10.0 to v1.11.0.
I suspect this is due to the addition of Babel-Polyfill, which adds all of core-js and regenerator-runtime to the bundle.
Before upgrading my main.js bundle was 213KB, and after upgrading it is 305KB, an increase of 43%.
I am of the opinion that opting into polyfills for IE support should be done at the app level, rather than the library level. In my own case, I have next-auth as a dependency, and would rather not include the babel-polyfill code in my code's bundle, and also would rather not take on babel-polyfill
, core-js
, and regenerator-runtime
as transitive dependencies. My app has no intention of supporting IE, and I'm trying to keep the bundle as small as possible, so I personally would rather not include these polyfills. I'm sure others would also take issue with the inclusion of these polyfills.
The change made in v1.11.0 makes it impossible to opt out of including these polyfills.
Would you kindly consider removing babel-polyfill
as a dependency of this library, and instead encourage your users who need IE support to add it to their app's codebase instead? Thank you very much.
How can we add our own express routers?
example:
server.use("/api/v1/users", users);
Hi,
I'm trying to handle some post callbacks from 3td party that are not sending CSRF. Are there any way to exclude some path from this security checks? I found this at lusca(krakenjs/lusca#58), but I didn't find any way here how to use it
We should try and return more detailed error information when sign in fails, perhaps by passing an additional query string parameter to the ./auth/error page with a detailed error.
We should allow the signIn()
method to throw an Error object and serialise it in the query string.
The copy on the example oauth error page could probably use another pass as well, to see if it can be shorter. It should probably have an email sign in option on the page.
See #45 for details.
To promote the practice of providing an easy way for users to delete their accounts, which all sites should provide, NextAuth should provide a POST endpoint to allow users to delete their account.
Note: The example project currently includes a remove(id)
method, but next-auth does not currently add a route that can be called to invoke it (e.g. /auth/delete
).
Reminder to update the README to thank recent PR contributors and to reflect the enhancements they have added to the next release (hopefully out this week).
Hi, instead of the mongodb package, I would like to use mongoose instead. I was wondering what would the mongoose schema be for the user model?
How/when does next-auth call the "insert" method in next-auth.functions? How can I use this method to insert a new user's info?
insert(user, oAuthProfile)??
While the goal of this project is to be make it easier to add authentication to Next.js projects, it could also be used with other React projects that don't use Next.js - as it doesn't use any Next.js specific hooks under the hood.
Crucially, there would need to be an example of how to consume NextAuth.init() in whatever the equivalent of getInitialProps() is in the Server Side Rendering system being used.
If anyone would like to see this, suggestions and input is welcome.
What is the purpose of the update/insert/remove methods in next-auth.functions? How would you, for example, use the "insert" function?
The following proposal is what is planned for NextAuth 2.0. Some of these features have already made it into 1.5. Others are in progress. It is an active work in progress but there is no fixed ETA yet.
Comments and feedback are welcome.
Updated 29 May, 2018.
The core rationale for NextAuth 2.0 is to make it much simpler to use, so that instead of 3 configuration files all you will need is to use it is to do something like this:
const next = require('next')
const nextAuth = require('next-auth')
require('dotenv').load()
const nextApp = next({
dir: '.',
dev: (process.env.NODE_ENV === 'development')
})
nextApp
.prepare()
.then(() => {
return nextAuth.load(nextApp, {
serverUrl: process.env.SERVER_URL,
port: process.env.PORT,
functions: NextAuth.Functions(process.env.CONNECTION_STRING),
sessions: NextAuth.Sessions(process.env.CONNECTION_STRING),
email: {
from: process.env.EMAIL_FROM,
host: process.env.EMAIL_SERVER,
port: process.env.EMAIL_PORT,
username: process.env.EMAIL_USERNAME,
password: process.env.EMAIL_PASSWORD
},
providers: {
"Facebook": {
provider: NextAuth.Facebook,
id: process.env.FACEBOOK_ID,
secret: process.env.FACEBOOK_SECRET
},
"Twitter": {
provider: NextAuth.Twitter,
id: process.env.TWITTER_ID,
secret: process.env.TWITTER_SECRET
}
}
})
})
.then(response => {
console.log(`Ready on http://localhost:${response.port}`)
})
.catch(err => {
console.log('An error occurred, unable to start the server')
console.log(err)
})
It will include built in support for at least Mongo DB and MySQL and use the connection string to detect database type (e.g. checking if it starts withmongodb://
or mysql://
).
It will still be possible to define your own functions to integrate with another database. Having examples for both an SQL and NoSQL database should make it easy to create adapters for other databases.
There are some changes to the way session storage will be handled:
The implementation of Cross Site Request Forgery tokens will switch to the Double Submit Cookie method, which does not require a server side session.
A session in a databases will only be created for a user when they log in, to reduce database load - this also helps provide some protection against trivial Denial of Service attacks.
CSRF will be an option, and it will be possible to set it to null or to explicitly pass a method which can be used to disable it on white listed routes if required.
Built in 'white labeled' pages for displaying a sign in dialog and linking/unlinking accounts.
Built in 'white labeled' pages for callbacks, error handling and email token messages.
These will be the default but you will specify your own URLs if you wished:
pages: {
signin: "/signin",
callback: "/callback",
checkEmail: "/check-email",
error: "/error"
}
## NextAuth Components
We will also expose the components used to make these pages (e.g. <NextAuth.SignInButton/>
, <NextAuth.SignOutButton/>
), to make it easier to add them to a site.
Going further, a basic page will also be exported as NextAuth.React.Component
to automatically add session data to every page if used in place of React.Component
when declaring a page. It will otherwise work exactly like a React page in Next.js.
Example
import React from 'react'
import { NextAuth } from 'next-auth'
export default class extends NextAuth.React.Component {
render() {
if (this.props.session) {
return(
<React.Fragment>
<p>You are logged in as {this.props.session.user.name || this.props.session.user.email}.</p>
<NextAuth.SignOutButton/>
</React.Fragment>
)
} else {
return(
<React.Fragment>
<p>You are not logged in.</p>
<NextAuth.SignInButtons/>
</React.Fragment>
)
}
}
}
These components will take options like <NextAuth.SignInButtons className="btn btn-primary">
to allow them to be easily styled. They will be simple HTML elements with perhaps (optional) JavaScript behaviour bound to them.
Bundled strategies for both session and user databases - including as an in-memory DB, Mongo DB and MySQL.
It will still be possible to define your own methods for other session and database stores (and this will be easier than it is now - so it shouldn't matter which SQL or NoSQL DB you are using).
The session and user database stores will not have to be the same database or even the same type of database.
Internally, the functions might change to make this easier, so that instead of general purpose database methods like update()
and insert()
they might be named after actions such as createUser()
, linkProvider()
, unlinkProvider()
, generateSigninToken()
, etc.
This will mean slightly more functions will need to be defined than in 1.x, but they will be explicit in functionality so that they can be more single purpose and easier to adapt to different databases.
If the database type in the connection string is one of the supported types, it will load the appropriate config, connect (and check the table structure if an SQL database, creating tables and columns as required if they don't existing) then return pre-configured strategy so it "just works" out of the box.
NextAuth will of course need to be updated to only start once the promise returned by NextAuth.Functions() and NextAuth.Sessions() had returned
We'd only bundle support for a few simple commonly used strategies - such as Facebook, Twitter and Google, but you'd still be able to define your own for any oAuth provider - the same way they are already configured for NextAuth.
Optional parameters for each Provider will include:
Additionally, it will be easier to add support for password and/or two factor based authentication. Functionality for this has been added to 1.x but the support for this will improve.
I'd like to include nice looking HTML email templates for sending emails and bundle nodemailer.
This behaviour should of course still be able to be overridden as it is now.
I'd like to expose NextAuthClient directly in NextAuth (as NextAuth.Client) if this can be done simply and cleanly.
It will provide a simpler way to use NextAuth and ensure both will be updated easily and were always in sync.
NextAuth.Client is now already available in 1.x as it made sense to simplify how it was used and didn't require major changes client side.
The bundler for NextAuth.Client may change at some point, as there are some issues with newer webpack releases that mean it no longer generate isomorphic libraries that also run in service workers correctly (so for now we are not using the latest-and-greatest webpack to build it, as older versions work fine for universal apps) but even if we do that shouldn't change how it is used.
Rollup is one option and is much simpler, though it doesn't support Hot Module Replacement (HMR) and that might be a problem.
The following values should be set on the Express Session cookie option:
cookie: {
httpOnly: true,
secure: true
}
Currently it's set incorrectly:
expressApp.use(expressSession({
secret: sessionSecret,
store: sessionStore,
resave: false,
rolling: true,
saveUninitialized: false,
httpOnly: true,
cookie: {
maxAge: sessionMaxAge
}
}))
The documentation says that httpOnly is true by default in Express session, which is why it works as intended, even though the httpOnly option is specified in the wrong place.
I'd like to flip cookies to secure (HTTPS only) by default, though the secure option should still default to false for development and I need to figure out the best way to handle it. I might just expose it as an option for anyone that really wants to, but if not specified set it to 'true' if NODE_ENV=production (otherwise, leave it off).
Currently the default value for sessionResave
is false
. The default for this option should be true
.
Having it set to false is causes sessions to eventually expire after sessionMaxAge
(which has a default of 7 days) instead of rotating (the expiry time being bumped every time the session is active).
Some people will prefer to be able to control this option so it should still be exposed, but the default should be to automatically rotate sessions once active.
A fix will be coming this week. To work around this for now, just specify sessionResave : true
in the options in next-auth.config.js
.
I tried an npm install on the example folder here and received a no such file or directory, rename on .staging\next-auth.... error
This is related to #9 as it is about doing local authentication, but it is about using a custom Passport LocalStrategy I have written. Is it possible to use Passport LocalStrategy with next-auth? I tried creating a provider and passing the strategy in the Strategy property, but that wouldn't work. I wonder if I am doing something wrong. Does it only work with OAuth providers?
providers.push({
providerName: 'Local Login',
providerOptions: {
scope: ['profile', 'email'],
},
Strategy: require('./passport/local-login'),
strategyOptions: {
},
getProfile(profile) {
// Normalize profile into one with {id, name, email} keys
return {
id: profile.id,
name: profile.displayName,
email: profile.emails[0].value,
};
}
});
Hi! I am making some tests using mocha and chai for the app that I am building using next-auth.
I have to make some tests for the API, as anon and as a logged user.
The method we are using is by sending the log-in token.
I would love to know how to get the log-in token so i can test my API as different users.
Is there any examples of how to test it properly?
If in next-auth.functions.js pass Model instance of Mongoose rather then Object Collection instance of MongoClient, in this case user.emailToken stays after signing in till next email sign in.
// User.js
const mongoose = require('mongoose')
const UserSchema = new mongoose.Schema({
_id : mongoose.Schema.Types.ObjectId,
pass : String,
name : String,
email : String,
google : Object,
admin : Boolean,
emailVerified: Boolean,
emailToken : String
})
mongoose.model('User', UserSchema)
// next-auth.functions.js
const mongoose = require('mongoose')
require('./models/User')
const User = mongoose.model('User')
module.exports = () => {
new Promise((resolve, reject) => {
if (!User) reject('new Error(\'\\n connection error\')')
resolve(User)
}).then((User) => {
return Promise.resolve({
find: ({id, email, emailToken, provider} = {}) => {
let query = {}
if (id) {
query = {_id: ObjectId(id)}
} else if (email) {
query = {email: email}
} else if (emailToken) {
query = {emailToken: emailToken}
} else if (provider) {
query = {[`${provider.name}.id`]: provider.id}
}
return new Promise((resolve, reject) => {
User.findOne(query, (err, user) => {
return err ? reject((err)) : resolve(user)
})
})
},
insert: (user, oAuthProfile) => {
return new Promise((resolve, reject) => {
User.insert(user, (err, response) => {
if (err) return reject(err)
if (!user._id && response._id) user._id = response._id
return resolve(user)
})
})
},
update: (user, profile) => {
return new Promise((resolve, reject) => {
User.update({_id: ObjectId(user._id)}, user, {}, err => {
**// it passes user.emailToken after sign in**
return err ? reject(err) : resolve(user)
})
})
},
remove: (id) => {
return new Promise((resolve, reject) => {
User.remove({_id: ObjectId(id)}, (err) => {
if (err) return reject(err)
return resolve(true)
})
})
},
serialize: (user) => {
if (user.id) {
return Promise.resolve(user.id)
} else if (user._id) {
return Promise.resolve(user._id)
} else {
return Promise.reject(new Error("Unable to serialise user"))
}
},
deserialize: (id) => {
return new Promise((resolve, reject) => {
User.findOne({_id: ObjectId(id)}, (err, user) => {
!!err && reject(err)
!user && resolve(null)
return resolve({
id : user._id,
name : user.name,
email : user.email,
emailVerified: user.emailVerified,
admin : user.admin || false,
})
})
})
},
sendSignInEmail: ({
email = null,
url = null
} = {}) => {
nodemailer
.createTransport(nodemailerTransport)
.sendMail({
to : email,
from : process.env.EMAIL_FROM,
subject: 'Sign in link',
text : `Use the link below to sign in:\n\n${url}\n\n`,
html : `<p>Use the link below to sign in:</p><p>${url}</p>`
}, (err) => {
if (err) {
console.error('Error sending email to ' + email, err)
}
})
if (process.env.NODE_ENV === 'development') {
console.log('------>>>>> Generated sign in link ' + url + ' for ' + email)
}
}
})
})
}
}
or am i wrong somewhere?
Add the a list of routes configured by next-auth to the README and explain what each endpoint does.
Add support for some additional oAuth providers (e.g. GitHub).
Is there a way to perform signin & logout from the server side? NextAuth.signin()/logout() only work client side. Is there any work around (i.e, intercepting the post on /auth/signin ???)
Assume we have a local account for [email protected]
email. All attempts to sign in using external identity providers (through a passport strategy) that have [email protected]
as email in profile info are rejected because of this line:
It's probably reasonable (according to the comment before this line), but IMHO instead of just rejecting successful sign-in in this case, it's better to redirect to another page with a prompt to enter user's passport to confirm the intent.
If it makes sense, I would try to prepare a PR to resolve it this way (or probably the other way you might suggest) since it's a blocker for me.
I have wrangled babel and rollup and as of 1.11.0 NextAuth works in Internet Explorer again.
The information below is outdated.
The current release of NextAuth supports the latest browser from all major vendors, including Google, Microsoft, Apple and Mozilla.
The current release of NextAuth does not support Microsoft Internet Explorer, which was superseded Microsoft Edge in 2015 (and is the default browser on Microsoft Windows).
See issue #31 for the history of this issue.
It is still possible to log in with NextAuth in Internet Explorer, thanks to falling back to server side rendering, but there is no client side support - and you will see it fail and generate a syntax error in the console if you are using Internet Explorer.
You can see what this looks like by visiting http://nextjs-starter.now.sh in Internet Explorer.
Note: If you intend to support Internet Explorer explicitly, you may want to provide a callback page that has specific CSS or HTML for Internet Explorer as the browser will not be redirected automatically (you should not use a refresh without a browser conditional or will negatively impact other users).
It will probably not be resolved, as getting Internet Explorer to work at all with client sider rendering recent releases of Next.js is somewhat of a hassle at this point (see vercel/next.js#1943) but pull requests to address the issue (e.g. an updated rollup.config.js
or .babelrc
with suitable config) are very welcome and will be accepted.
In development mode - I think due to the hot reloading code - extra sessions are created in the session database being used, because Next.js makes page request without cookies to URLs under /_next (so Express Session interprets this as a new user, and creates a new session for them).
I think we can fix this by adding something like this before the Express Session is added:
expressApp.all('/_next/*', (req, res) => {
let nextRequestHandler = nextApp.getRequestHandler()
return nextRequestHandler(req, res)
})
Hi,
as the title asks away, its not obvious why can't i set the attributes that are returns from "getProfile" function in the "next-auth.providers.js" file.
its very limiting, what if i want the user profile pic and extra info?
in my twitter provider i set the return object to have extra fields i am interested in but they are never get to the "...this.props.session.user" prop.
how can this be resolved?
thank you!
Is it possible to add wordpress rest api as provider?
Instead of mongo db i'd like to use wp. I have a project where i get the user data and but i want to make the auth persistent.
How should one go about securing some urls? I'm guessing if one requires authentication, it means we want to protect about unauthenticated parties.
Ideally, when rendering server-side, if a url is protected it should be redirected to an auth page /auth
, and when calling a protected api from browser, the server should return some error.
I would be happy to submit a PR for docs/code/whatever, just need some pointers.
I tried using passport-steam as Strategy, but it doesn't work, because the callback used in passport-strategies.js mismatches what passport-steam uses.
At least that is what I think might be the reason. I'm going to have another look at it this week, but would greatly appreciate any help.
Cheers!
I read that it is possible to set the "hd" parameter (https://stackoverflow.com/questions/10858813/restrict-login-email-with-google-oauth2-0-to-specific-domain-name) to restrict Google logins to a specific domain. Is this possible with next-auth?
Hi,
I updated nextjs from 5 to 7 and callbacks from Google, or email links are not working. Google send me to error page, while query is null, even it is http://localhost:3000/auth/error?action=signin&type=oauth&service=Google
. Email link show just blank page on http://localhost:3000/auth/callback?action=signin&service=email
Is it working with next 7?
Without setting resave = true, connect-redis is not updating session TTL, so active users experience session timeout.
As of Express Session 1.5 the cookie-parser middleware is no longer required.
We can drop it to reduce a dependancy and make configuration of sessions easier.
The current example next-auth.functions.js works with Mongo and NeDB.
I'd like to add support for other databases, including SQL databases like MySQL/MariaDB and Postgres - as well as other NoSQL databases and alternate drivers such as Mongoose.
Example alternative configs are welcome.
Are there any typescript typings or any plans to make them?
If not I might whip some up.
While this library does a lot of heavy lifting, it's still complicated to follow as there are several instructions. It would be better if it provided common functionality with as little configuration out of the box as possible.
I might bundle build in helpers for it, so it's easy to use with common oAuth providers and Mongo DB out of the box, just by passing oAuth Credentials for the providers and a Mongo DB URI, so that no other configuration is required (but can still be specified if desired).
I have been trying to use next-auth with this keycloak-passport Strategy. (I did have to modify the strategy's name to be lowercase to be able to test it out)
I can log in no problem and it creates a session. Only problem is, getProfile()
doesn't seem to fire at all so the session just contains the csrfSecret
but no user. Keycloak recognises I'm already logged in when trying to log in.
Have been trying to debug through what could be happening but couldn't get to the bottom of it. Any direction on what might be the issue would be great. If I get it working would be happy to submit some documentation on it.
callbackURL is derived like this and not allowing set using StrategyOptions from outside.
serverUrl = null // assigned earlier
strategyOptions.callbackURL = (serverUrl || '') + `${pathPrefix}/oauth/${providerName.toLowerCase()}/callback`
Please check callbackUrl in strategyOptions if it's already set, leave it untouched to allow overriding from outside.
Is it possible to return client Twitter accessTokenSecret with accessToken on authentication? If not are you able to suggest a method to get accessTokenSecret
Please add email and password based authentication example.
I am trying to authenticate using API in signIn() method and returning user object but it is not getting stored in local storage.
OAuth is working great.
Currently tokens are single use only, and change when a new token is requested, but old tokens to not expire.
They should be updated to expire email sign in links if not used in a reasonable time (e.g. after an hour), and they should be stored hashed with bcrypt.
It's undecided if this will be a feature that makes it into a future 1.x release or if it will wait till 2.0.
This is more of a feature request than an issue if we don't mind the possibility of automatic signins, i would like to use a recaptcha to prevent this.
One way could be instead of checking the token right away after user clicks the link in the email, it could be forwarded to a page where a recaptcha could verify its not a bot and then perform the token checking via ajax, i assume the recaptcha validation is only needed for the email authentication not for the identity providers, this way only the email authentication flow gets validated by recaptcha.
This page could also set the token in localstorage triggering the 'storage' event letting the other open tab know the user is now logged and sync.
(Sorry if last part is unrelated, i think this package is amazing, thanks btw)
Is this code licensed the same as the Next.js Starter boilerplate (and how is that licensed—I posted the same question in its GitHub repo)?
I'd like to use Next.js Starter to use email & password-based authentication. It seems next-auth takes care of this now as it adds the /email/signin route.
Is it possible to add a way to supply a username and password validation function to next-auth (that I can connect to MongoDB inside of)?
Something else to consider is using bcrypt to generate password hashes. I don't need this now since I will not be doing user registration (only login), but I might need it later on for other projects.
There has been a report of incompatibility with the NextAuth Client and Microsoft Internet Explorer 11.
iaincollins/nextjs-starter#79
Note: There are no reports of issues with Microsoft Edge, this issue relates only to the legacy browser Microsoft Internet Explorer.
This issue is currently unconfirmed and has not been replicated / confirmed. It used to work in Microsoft Internet Explorer but there may have been breaking changes at some point.
Since the original issue was raised, there have been further updates to next-auth and webpack (which has had an update addressing an issue in an upstream package that seems to relate directly to this issue) and also changes to how NextAuth Client is bundled.
The demo at https://nextjs-starter.now.sh should always run the latest version and be a useful reference to confirm if there is still an issue with next-auth and Internet Explorer 11 or not.
Both feedback and pull requests are welcome.
Note: If it is (as reported) an issue with webpack it may further the case for moving to Rollup instead of webpack - recent versions of webpack are already causing problems for universal libraries like the NextAuth Client.
Is it possible to pass down options to raw-body? Currently stuck on the 100kb default limit.
Add a method which auto-updates AccessTokens for APIs which support rotating tokens (like Google) automatically, whenever the current AccessToken expires.
This would be useful for anyone who wants to make API calls as a user once they have signed in with an oAuth service.
I already have handlers to do this, I just need to import them into the project.
Hi,
After adding a generic passport-oauth2
provider in next-auth.providers.js
, I'm running into this error on /auth/oauth/mycoolprovider
:
TypeError: strategy.authenticate is not a function
at attempt (/Users/joshkadis/Repos/themostlaps_v2/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (/Users/joshkadis/Repos/themostlaps_v2/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/Users/joshkadis/Repos/themostlaps_v2/node_modules/express/lib/router/layer.js:95:5)
at next (/Users/joshkadis/Repos/themostlaps_v2/node_modules/express/lib/router/route.js:137:13)
# etc., etc...
It seems like Passport can't find the function registered for the named authentication strategy. Can you provide some documentation for this step from AUTHENTICATE.md?
Add a field to your User model (in 'index.js') with the name of the provider
Thanks for the rad library!
I tried using the first example from the Using NextAuth with Express and Custom Routes wiki, but I noticed that it wasn't working properly. After taking a look at the source, I realized there was a change that affects how this example should work.
Please see the proposed update below:
diff --git a/Using-NextAuth-with-Express-and-Custom-Routes.md b/Using-NextAuth-with-Express-and-Custom-Routes.md
index b94f233..2371b39 100644
--- a/Using-NextAuth-with-Express-and-Custom-Routes.md
+++ b/Using-NextAuth-with-Express-and-Custom-Routes.md
@@ -29,21 +29,21 @@ nextApp
return nextAuth(nextApp, nextAuthOptions)
})
-.then(nextAuthApp.express => {
+.then(nextAuthApp => {
// Get instance of Express from NextAuth instance
- const express = nextAuthApp.express
+ const expressApp = nextAuthApp.expressApp
// Configure additional routes here
- express.use("/api/v1/users", () => {})
+ expressApp.use("/api/v1/users", () => {})
// Default catch-all handler to allow Next.js to handle all other routes
- express.all('*', (req, res) => {
+ expressApp.all('*', (req, res) => {
let nextRequestHandler = nextApp.getRequestHandler()
return nextRequestHandler(req, res)
})
- express.listen(process.env.PORT, err => {
+ expressApp.listen(process.env.PORT, err => {
if (err) throw err
console.log('> Ready on http://localhost:' + process.env.PORT)
})
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.