0

I am currently developing a web application using NextJs (13.1.1). On the other side, an external backend has been provided to me, in order to be able to connect (username/password), and get an access token, a refresh token (and its expiration, but not in a cookie) in response body, in order to be able to use the different routes of this backend. I then created my own system to refresh my access token (with a react context), and a component to protect my pages that need authentication, but some pages, because of my guard system can take several seconds to load, which offers a bad user experience in my opinion.

I tried to learn more about the next-auth package. I saw that there was a credentials provider, which allowed to connect with a username/password, but I'm not sure if I can automatically regenerate my access token, and protect more efficiently the pages that need authentication, because if i'm understanding well, next-auth use cookie strategy.

So my question is, considering my project, is next-auth a viable solution, and does it allow me to do the same thing I already do, but in a more optimized way?

thanks

Nathaniael
  • 15
  • 5

1 Answers1

1

You can store your JWT tokens in the next-auth session if they are sent in the response body.
Here is an example of how you can achieve this using the Credentials provider and how to access data stored in the session from the client side.
You can also find here how to protect pages that require authentification.

Ahmed Sbai
  • 10,695
  • 9
  • 19
  • 38
  • Thanks for your answer ! So I don't need my backend to use JWT strategy. Next-auth will just use this method to keep my session, right ? – Nathaniael Apr 06 '23 at 14:02
  • yes you can manage the backend strategy tas from frontend but the best approach is to do it on both back and front – Ahmed Sbai Apr 06 '23 at 14:34
  • Ok, thanks. I'm not the one developing the backend so I can't really change it, but I'll try doing it on my side ! – Nathaniael Apr 06 '23 at 16:03