Auth.js
Answered
West African Lion posted this in #help-forum
West African LionOP
if I'm using PHP as my backend api, and a mysql adapter isn't listed as an official adapter, what's the next bext alternative to implement an auth system that's compatible with my api?
Answered by B33fb0n3
If I would be in your situation I would use next-auth in combination with the credentials provider. I know, you said: "stay away from a traditional email and password". Read this:
Why:
You can use next-auth to handle the whole auth process, refreshing, rotating, verifing, ... and still have a passwordless login.
Imagine the following:
you build a login page. The user entered his email and clicked "submit". Now a request to your php endpoint will be send to send a one time link to the specific email address. The user receives the email address and enteres (the code or the link) inside his browser. Inside your next-auth credentials provider you make a request to your php endpoint to verify the link/code/... and say "yea it's correct". And with that next-auth will do the rest.
Protecting is nearly the same: the client sends his session token and your php backend checks this token
Why:
You can use next-auth to handle the whole auth process, refreshing, rotating, verifing, ... and still have a passwordless login.
Imagine the following:
you build a login page. The user entered his email and clicked "submit". Now a request to your php endpoint will be send to send a one time link to the specific email address. The user receives the email address and enteres (the code or the link) inside his browser. Inside your next-auth credentials provider you make a request to your php endpoint to verify the link/code/... and say "yea it's correct". And with that next-auth will do the rest.
Protecting is nearly the same: the client sends his session token and your php backend checks this token
14 Replies
@West African Lion if I'm using PHP as my backend api, and a mysql adapter isn't listed as an official adapter, what's the next bext alternative to implement an auth system that's compatible with my api?
what should "the auth service" do at the end? Does your backend api (auth server) already do everything that you need? What's missing? Give us a bit more information what you are looking for
West African LionOP
authenticating users, perhaps I wanna try out different auth methods, like passowrdless auth, handling sessions and cookies, my api still doesn't implement any authorization or authentication.
I need to also implement client-side auth, to make sure my my nextjs routes are protected
ok, so the php backend should be the backend that will be protected at the end and has nothing to do with auth stuff. Did I understand you right?
West African LionOP
nope, the php api should be integrated because I have to add authorization for the api endpoints, as well as storing the auth tokens that will be sent to the user by email in case I use passwordless authentication
ok and how should the users be able to login at the end? With what kind of methods (google, facebook, username & password, ...)
West African LionOP
yes .. I wanna try out this passwordless method and stay away from a traditional email and password approach. I think m gonna try auth0 as they have a php api sdk, what do you think?
@West African Lion yes .. I wanna try out this passwordless method and stay away from a traditional email and password approach. I think m gonna try auth0 as they have a php api sdk, what do you think?
If I would be in your situation I would use next-auth in combination with the credentials provider. I know, you said: "stay away from a traditional email and password". Read this:
Why:
You can use next-auth to handle the whole auth process, refreshing, rotating, verifing, ... and still have a passwordless login.
Imagine the following:
you build a login page. The user entered his email and clicked "submit". Now a request to your php endpoint will be send to send a one time link to the specific email address. The user receives the email address and enteres (the code or the link) inside his browser. Inside your next-auth credentials provider you make a request to your php endpoint to verify the link/code/... and say "yea it's correct". And with that next-auth will do the rest.
Protecting is nearly the same: the client sends his session token and your php backend checks this token
Why:
You can use next-auth to handle the whole auth process, refreshing, rotating, verifing, ... and still have a passwordless login.
Imagine the following:
you build a login page. The user entered his email and clicked "submit". Now a request to your php endpoint will be send to send a one time link to the specific email address. The user receives the email address and enteres (the code or the link) inside his browser. Inside your next-auth credentials provider you make a request to your php endpoint to verify the link/code/... and say "yea it's correct". And with that next-auth will do the rest.
Protecting is nearly the same: the client sends his session token and your php backend checks this token
Answer
West African LionOP
then I will have to use an email provider in my api not nextjs right?
@West African Lion then I will have to use an email provider in my api not nextjs right?
yes, use either a service that can send emails or do it yourself. Everything would be easier if everything is just nodejs/nextjs but I guess that's impossible for you (email provider exists for next-auth)
West African LionOP
I see, but then, why not use an sdk where everything is setup for you api side and then you just need to handle the auth and sessions in the nextjs client side?
@West African Lion I see, but then, why not use an sdk where everything is setup for you api side and then you just need to handle the auth and sessions in the nextjs client side?
you can read and update the session clientside, but somewhere there need to be a server that verifies the changes and talks to the database (where the sessions are saved). So having an auth system only clientside wouldn't be good
West African LionOP
Alright thank you, I'll try implementing this approach
happy to help