Next.js Discord

Discord Forum

Force OAuth flow when user enters secure page

Unanswered
Pavement ant posted this in #help-forum
Open in Discord
Original message was deleted.

19 Replies

Original message was deleted
B33fb0n3
you can check if the user is logged in for example to be able to view the page. If he's logged in, you can show him the page. If he's not, then redirect him to the login page.

That system works the best when using it with middleware
Original message was deleted
B33fb0n3
don't you have a login page?
@B33fb0n3 don't you have a login page?
Luke
He may have a system kind of like what we use at our company where we protect our apps behind Google IAP, but then we also verify those headers automatically (using a custom next auth provider) when the user signs in
In our case, the "sign in" page is just the / page for the website, which checks if the user has a session, and then if they don't, it automatically hits a server action to authorize them
And then we have middleware that redirects to that page if no session is found as well
B33fb0n3
... it automatically hits a server action to authorize them
Why don't you do the same for a secure page?
@B33fb0n3 > ... it automatically hits a server action to authorize them Why don't you do the same for a secure page?
Luke
Like instead of middleware that redirects to the index page?
Or are you saying just check the headers on middleware?
B33fb0n3
yes, checking the headers in middleware and if they are not present, then authorize them
@B33fb0n3 yes, checking the headers in middleware and if they are not present, then authorize them
Luke
Fantastic point, I should have mentioned that we also take those headers and call an internal company endpoint to get additional data about that employee from our employees DB, and double check if they're on probation, get roles, etc
So unfortunately can't just do the headers, it's kind of a double process of check headers, get internal data, and then attach relevant info to the session
but if we didn't have that step, only using middleware would be the way to go all day
I can post a rough example of how we do it here if that'd be helpful @Pavement ant
B33fb0n3
@Pavement ant@Luke are you working for the same company?
Luke
Haha, I don't think so, that'd be a crazy coincidence though
B33fb0n3
haha alright. I guess that's to confusing for me
Luke
Hahaha, I'll post try and put a basic demo on github
It's definitely a little bit contrived, feels weird using a custom credentials provider without any actual credentials
But it works great 😂 we've been using it on prod for awhile and no issues...