How to use NextAuth.js with Strapi?

[alfieqashwa]

Please refer to the documentation, the example project and existing issues before creating a new issue.

Configure using Strapi ??
If can, is there any example ?

What are you trying to do
A description of what you are trying to do.

[iaincollins]

Hi there! This has come up before in #474 #276 and #411.

tl;dr This is a good question to ask the Strapi folks about.

It's commercial software and they have a larger team so are better placed to be a starting point to ask about this.

From what I understand, Strapi has it's own authentication system but it seems NextAuth.js might be a really good fit for it the built-in authentication system isn't as full featured (as it's not a primary selling point). I think it should be able to integrate them and we just need an example and/or tutorial we can point folks to.

I'm really happy to collaborate with folks from Strapi if they want to get in touch.

[ivanandresdiaz]

https://www.gyanblog.com/javascript/next-js-strapi-authentication-credentials-jwt-next-auth/
Another article on how to do it with email provider of Strapi

[DitlevHB]

CredentialsProvider is used in that article, not the EmailProvider.

A Strapi adapter is needed to make next-auth work well with Strapi.

Nonetheless, it would be awesome if the next-auth EmailProvider was more flexible so that it can be tailored to work with external databases. For example, handling the token generation and sending of emails could happen in Strapi and all next auth would have to do is to trigger it and then on the email callback send a request to Strapi to verify it.

[alfieqashwa]

I hope they will give positive response #7477

[RiczCalixto]

They deleted the issue? what o.o

[FlacorLopes]

They just published this on strapi blog

https://strapi.io/blog/user-authentication-in-next-js-with-strapi

[batuhanbilginn]

Hey guys, thank you for this! Is there any chance to give me a suggestion to make this work with MongoDB database? I'm not able to use database connector with MongoDB. How can I make this work?

[jacintofleta]

Hello! Thank you so much!

I'm getting a 401 when const data = await response.json();

Do you have any clue what I'm getting this? the access_token seems right

Thank you

[luccinmasirika]

This is outdated and no longer works

@ghoshnirmalya Nice tutorial! I could give you some suggestions to simplify the example code:

import NextAuth from "next-auth"
import Providers from "next-auth/providers"

export default NextAuth({
  providers: [
    Providers.Google({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET
    })
  ],
  database: process.env.NEXT_PUBLIC_DATABASE_URL,
  callbacks: {
    async session (session, user) {
      session.jwt = user.jwt
      session.id = user.id
      return session
    },
    async jwt (token, _, account) {
      if (account) {
        const url = new URL(`${process.env.NEXT_PUBLIC_API_URL}/auth/${account.provider}/callback`)
        url.searchParams.set("access_token", account.accessToken)
        const response = await fetch(url.toString())
        const data = await response.json()
        token.jwt = data.jwt
        token.id = data.user.id
      }
      return token
    }
  }
})

Notes:

1. In newer versions of next-auth, you can just a simple object, to simplify initialization.
2. session: { jwt: true } has no effect, since you defined database
3. Mixing Promise and async/await is not recommended, and totally unnecessary here.
4. This one is just a nice thing I think, I split the URL up so it is easier to read.
5. You don't actually send the user object to the client, which is fine. I just made it less prominent.

About frontend/pages/index.js

Please note that returning session in getServerSideProps has no effect if you don't add a Provider in your _app. It is poorly documented, but this is how you can avoid unnecessary re-renders if you access session with useSession() from different places in your app.

If you have no other reason though, you could safely drop getServerSideProps

[sohammondal]

this article is for v3 of next-auth. Unfortunately v4 onwards this config won't work.

[EbrahimHeydari]

Hey guys, thank you for this! Is there any chance to give me a suggestion to make this work with MongoDB database? I'm not able to use database connector with MongoDB. How can I make this work?

As mentioned here:
https://strapi.io/blog/mongo-db-support-in-strapi-past-present-and-future

"Strapi v4 does not support MongoDB databases (see blog post announcement )."

But maybe this helps you:
https://strapi.gitee.io/documentation/3.0.0-alpha.x/guides/databases.html#mongodb-installation

[erhankaradeniz]

I was wondering if registering with next-auth and for example the Twitter provider if it is possible to also create a user in Strapi? The login works fine with next-auth but it does not create a user in the strapi.

[balazsorban44]

Hmm.. Maybe #1322 is important after all, @iaincollins

[erhankaradeniz]

I'm dropping the comment here for those who are wondering how to get it working; strapi/strapi#9492

[VadimOnix]

I wrote solution in my project for this problem (Based on template from strapi blog)

NEXT_PUBLIC_API_URL - link to strapi.

Need to add new env variable:
COMMON_PASSWORD - secret password for all users in strapi. I know than it is not super secure, but if in your project all users use passwordless authenticate then this solution not look like so terrible because nobody see this except the developer (in strapi admin panel into user page password field is empty).

Idea is super simple! We check account.type in jwt callback and switch method of auth. Example code below:

// [...nextauth].js
// ...
jwt: async (token, user, account) => {
            // don't like when func params is mutate
            let _token = token

            const isSignIn = Boolean(user)
            if (isSignIn) {
                // collect user data into this variables
                let registerData = null
                let loginData = null

                // use switch to divide behavior. @account param has key "type" always when user exist (in my tests)
                switch (account.type) {
                    // our scenario when we used NextAuth email authentication
                    case 'email': {
                        // check user in Strapi users
                        const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/local`, {
                            method: 'POST',
                            headers: {'Content-Type': 'application/json'},
                            body: JSON.stringify({
                                identifier: user.email,
                                password: process.env.COMMON_PASSWORD
                            })
                        })
                        loginData = await response.json()
                        
                        // if user isn't exist register then! 
                        if (loginData.statusCode == 400) {
                            const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/local/register`, {
                                method: 'POST',
                                headers: {'Content-Type': 'application/json'},
                                body: JSON.stringify({
                                    username: account.providerAccountId,
                                    email: account.providerAccountId,
                                    password: process.env.COMMON_PASSWORD
                                })
                            })
                            // register data also has strapi jwt 
                            registerData = await response.json();
                        }
                        // use token data from register or login data
                        _token.jwt =  registerData ? registerData.jwt : loginData.jwt;
                        _token.id =  registerData ? registerData.user.id : loginData.user.id;
                        break
                    }
                    // default scenario when we used providers like Google, Facebook, etc...
                    default: {
                        const url = new URL(`${process.env.NEXT_PUBLIC_API_URL}/auth/${account.provider}/callback`)
                        url.searchParams.set("access_token", account.accessToken)
                        const response = await fetch(url.toString())
                        const data = await response.json();
                        _token.jwt = data.jwt;
                        _token.id = data.user.id;
                    }
                }
            }
            return _token;
        }
// ...

[RobinVW]

I wrote solution in my project for this problem (Based on template from strapi blog)

NEXT_PUBLIC_API_URL - link to strapi.

Need to add new env variable:
COMMON_PASSWORD - secret password for all users in strapi. I know than it is not super secure, but if in your project all users use passwordless authenticate then this solution not look like so terrible because nobody see this except the developer (in strapi admin panel into user page password field is empty).

Idea is super simple! We check account.type in jwt callback and switch method of auth. Example code below:

// [...nextauth].js
// ...
jwt: async (token, user, account) => {
            // don't like when func params is mutate
            let _token = token

            const isSignIn = Boolean(user)
            if (isSignIn) {
                // collect user data into this variables
                let registerData = null
                let loginData = null

                // use switch to divide behavior. @account param has key "type" always when user exist (in my tests)
                switch (account.type) {
                    // our scenario when we used NextAuth email authentication
                    case 'email': {
                        // check user in Strapi users
                        const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/local`, {
                            method: 'POST',
                            headers: {'Content-Type': 'application/json'},
                            body: JSON.stringify({
                                identifier: user.email,
                                password: process.env.COMMON_PASSWORD
                            })
                        })
                        loginData = await response.json()
                        
                        // if user isn't exist register then! 
                        if (loginData.statusCode == 400) {
                            const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/local/register`, {
                                method: 'POST',
                                headers: {'Content-Type': 'application/json'},
                                body: JSON.stringify({
                                    username: account.providerAccountId,
                                    email: account.providerAccountId,
                                    password: process.env.COMMON_PASSWORD
                                })
                            })
                            // register data also has strapi jwt 
                            registerData = await response.json();
                        }
                        // use token data from register or login data
                        _token.jwt =  registerData ? registerData.jwt : loginData.jwt;
                        _token.id =  registerData ? registerData.user.id : loginData.user.id;
                        break
                    }
                    // default scenario when we used providers like Google, Facebook, etc...
                    default: {
                        const url = new URL(`${process.env.NEXT_PUBLIC_API_URL}/auth/${account.provider}/callback`)
                        url.searchParams.set("access_token", account.accessToken)
                        const response = await fetch(url.toString())
                        const data = await response.json();
                        _token.jwt = data.jwt;
                        _token.id = data.user.id;
                    }
                }
            }
            return _token;
        }
// ...

How do you implement the database parameter that is needed for email provider in nextauth? Do you link it to the Strapi database?

[VadimOnix]

I have one database for nextauth and strapi backend. In it there are 3 entity: accounts for third party providers, users for email nextauth provider and users-permissions_user for strapi users. I blocked modify userdata permissions via admin panel for content-managers.
If you need option to edit programmatically user emails in account you can create triggers for db on change data, but i think it's not good practice in this case

[RobinVW]

How do you connect then to your strapi database? Can you maybe show this part of your code? Op wo 7 apr. 2021 om 08:56 schreef Vadim Korolev ***@***.***>:

…

I have one database for nextauth and strapi backend. In it there are 3 entity: accounts for third party providers, users for email nextauth provider and users-permissions_user for strapi users. I blocked modify userdata permissions via admin panel for content-managers. If you need option to edit programmatically user emails in account you can create triggers for db on change data, but i think it's not good practice in this case — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#574 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACTLWC65JH5QSM5TVDJYRCDTHP6Z3ANCNFSM4V2YRV6Q> .

[trangchongcheng]

i wonder next-auth save credentials in cookies but strapi return jwt in response, so how can strapi understand authenticaion each request.
And next, with type login by email, NextAuth create Account, Session, User in database but strapi has table User so how can it work together.

[flosrn]

Hi all, anyone has found a better solution for implementing next-auth passwordless with strapi? Have one db with multiple versions of the same user object (one in accounts collection, and another one in users collection) is not really good practice no? 😕

[balazsorban44]

See https://next-auth.js.org/adapters/models to understand the difference between users and accounts.

[flosrn]

Thank you @balazsorban44, really helpfull

[ebengtso]

Hi, I was using Strapi for authentication with next-auth, but I decided to go with a completely different approach. Instead of relying on Strapi for authentication, I only use Strapi data model, which was extended, for user and account storage. The solution relies on a next auth adapter that uses prisma to connect to strapi database. Strapi then is not used to mediate the authentication.

Strapi model

`{
"kind": "collectionType",
"collectionName": "accounts",
"info": {
"singularName": "account",
"pluralName": "accounts",
"displayName": "Account",
"description": ""
},
"options": {
"draftAndPublish": false
},
"pluginOptions": {},
"attributes": {
"user": {
"type": "relation",
"relation": "manyToOne",
"target": "plugin::users-permissions.user",
"inversedBy": "accounts"
},
"accountid": {
"type": "string",
"unique": true
},
"email": {
"type": "email"
},
"provider": {
"type": "string"
},
"name": {
"type": "string"
},
"providerAccountId": {
"type": "string"
},
"refresh_token": {
"type": "text"
},
"access_token": {
"type": "text"
},
"token_type": {
"type": "string"
},
"expires_at": {
"type": "integer"
},
"scope": {
"type": "string"
},
"id_token": {
"type": "text"
},
"session_state": {
"type": "string"
},
"type": {
"type": "string"
}
}
}

{
"kind": "collectionType",
"collectionName": "accounts",
"info": {
"singularName": "account",
"pluralName": "accounts",
"displayName": "Account",
"description": ""
},
"options": {
"draftAndPublish": false
},
"pluginOptions": {},
"attributes": {
"user": {
"type": "relation",
"relation": "manyToOne",
"target": "plugin::users-permissions.user",
"inversedBy": "accounts"
},
"accountid": {
"type": "string",
"unique": true
},
"email": {
"type": "email"
},
"provider": {
"type": "string"
},
"name": {
"type": "string"
},
"providerAccountId": {
"type": "string"
},
"refresh_token": {
"type": "text"
},
"access_token": {
"type": "text"
},
"token_type": {
"type": "string"
},
"expires_at": {
"type": "integer"
},
"scope": {
"type": "string"
},
"id_token": {
"type": "text"
},
"session_state": {
"type": "string"
},
"type": {
"type": "string"
}
}
}

{
"kind": "collectionType",
"collectionName": "up_users",
"info": {
"name": "user",
"description": "",
"singularName": "user",
"pluralName": "users",
"displayName": "User"
},
"options": {
"draftAndPublish": false,
"timestamps": true
},
"attributes": {
"username": {
"type": "string",
"minLength": 3,
"unique": true,
"configurable": false,
"required": true
},
"email": {
"type": "email",
"minLength": 6,
"configurable": false,
"required": true
},
"provider": {
"type": "string",
"configurable": false
},
"password": {
"type": "password",
"minLength": 6,
"configurable": false,
"private": true
},
"resetPasswordToken": {
"type": "string",
"configurable": false,
"private": true
},
"confirmationToken": {
"type": "string",
"configurable": false,
"private": true
},
"confirmed": {
"type": "boolean",
"default": false,
"configurable": false
},
"blocked": {
"type": "boolean",
"default": false,
"configurable": false
},
"role": {
"type": "relation",
"relation": "manyToOne",
"target": "plugin::users-permissions.role",
"inversedBy": "users",
"configurable": false
},
"emailVerified": {
"type": "datetime"
},
"image": {
"type": "string"
},
"accounts": {
"type": "relation",
"relation": "oneToMany",
"target": "api::account.account",
"mappedBy": "user"
},
"sessions": {
"type": "relation",
"relation": "oneToMany",
"target": "api::session.session",
"mappedBy": "user"
}
}
}
`

Prisma model

`generator client {
provider = "prisma-client-js"
}

generator docs {
provider = "node node_modules/prisma-docs-generator"
}

datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}

model accounts {
id Int @id @default(autoincrement())
providerAccountId String? @db.VarChar(255) @Map("accountid")
email String? @db.VarChar(255)
provider String? @db.VarChar(255)
created_at DateTime? @db.Timestamp(6)
updated_at DateTime? @db.Timestamp(6)
created_by_id Int?
updated_by_id Int?
name String? @db.VarChar(255)
refresh_token String? @db.Text
access_token String? @db.Text
token_type String? @db.VarChar(255)
expires_at Int?
scope String? @db.VarChar(255)
id_token String? @db.Text
session_state String? @db.VarChar(255)
type String? @db.VarChar(255)
accounts_user_links accounts_user_links[]
@@unique([provider, providerAccountId])
}

/// The underlying table does not contain a valid unique identifier and can therefore currently not be handled by the Prisma Client.
model accounts_user_links {
account_id Int
user_id Int
accounts accounts? @relation(fields: [account_id], references: [id], onDelete: Cascade, onUpdate: NoAction, map: "accounts_user_links_fk")
up_users up_users? @relation(fields: [user_id], references: [id], onDelete: Cascade, onUpdate: NoAction, map: "accounts_user_links_inv_fk")
@@id([account_id, user_id])
}

model sessions {
id Int @id @default(autoincrement())
sessionToken String @db.VarChar(255) @Map("session_token")
expires DateTime? @db.Timestamp(6)
created_at DateTime? @db.Timestamp(6)
updated_at DateTime? @db.Timestamp(6)
created_by_id Int?
updated_by_id Int?
sessions_user_links sessions_user_links[]

@@unique([sessionToken])
@@index([created_by_id], map: "sessions_created_by_id_fk")
@@index([updated_by_id], map: "sessions_updated_by_id_fk")
}

/// The underlying table does not contain a valid unique identifier and can therefore currently not be handled by the Prisma Client.
model sessions_user_links {
session_id Int
user_id Int
sessions sessions? @relation(fields: [session_id], references: [id], onDelete: Cascade, onUpdate: NoAction, map: "sessions_user_links_fk")
up_users up_users? @relation(fields: [user_id], references: [id], onDelete: Cascade, onUpdate: NoAction, map: "sessions_user_links_inv_fk")
@@id([session_id, user_id])
}

model up_users {
id Int @id @default(autoincrement())
name String? @db.VarChar(255) @Map("username")
email String? @db.VarChar(255)
provider String? @db.VarChar(255)
password String? @db.VarChar(255)
reset_password_token String? @db.VarChar(255)
confirmation_token String? @db.VarChar(255)
confirmed Boolean?
blocked Boolean?
created_at DateTime? @db.Timestamp(6)
updated_at DateTime? @db.Timestamp(6)
created_by_id Int?
updated_by_id Int?
emailVerified DateTime? @db.Timestamp(6) @Map("email_verified")
image String? @db.VarChar(255)
accounts_user_links accounts_user_links[]
sessions_user_links sessions_user_links[]

@@index([created_by_id], map: "up_users_created_by_id_fk")
@@index([updated_by_id], map: "up_users_updated_by_id_fk")
}

model verification_tokens {
id Int @id @default(autoincrement())
identifier String? @db.VarChar(255)
token String? @db.VarChar(255)
expires DateTime? @db.Timestamp(6)
created_at DateTime? @db.Timestamp(6)
updated_at DateTime? @db.Timestamp(6)
created_by_id Int?
updated_by_id Int?

@@index([created_by_id], map: "verification_tokens_created_by_id_fk")
@@index([updated_by_id], map: "verification_tokens_updated_by_id_fk")
}

`

Adapter:

`import { PrismaClient } from '@prisma/client';
/**
*

• @param {PrismaClient} p

• @returns
  /
  export function CustomPrismaAdapter(p) /: PrismaClient): Adapter*/ {
  return {

  createUser(data) {
  console.debug("createUser");
  console.debug(data);
  return p.up_users.create({ data });
  },
  getUser(id) {
  console.debug("getUser");
  console.debug(id);
  return p.up_users.findUnique({ where: { id } });
  },
  getUserByEmail(email) {
  console.debug("getUserByEmail");
  console.debug(email);
  return p.up_users.findFirst({ where: { email } });
  },
  async getUserByAccount(data) {
  console.debug("getUserByAccount");
  console.debug(data);
  var filter = {providerAccountId:data.providerAccountId, provider:data.provider};
  console.debug(filter);
  const account = await p.accounts.findFirst({
  where: filter,
  select: { accounts_user_links: true },
  });
  console.debug(account);
  if(account?.accounts_user_links && account?.accounts_user_links.length>0)
  {
  const user = await p.up_users.findUnique({ where: { id: account?.accounts_user_links[0].user_id } });
  return user;
  }
  else
  return null;
  //return account?.accounts_user_links ?? null;
  },
  updateUser: ({ id, ...data }) => p.up_users.update({ where: { id }, data }),
  deleteUser: (id) => p.up_users.delete({ where: { id } }),

  async linkAccount(data) {
  console.debug("linkAccount");
  console.debug(data);
  const { userId, ...dataR } = data;

  const account= await p.accounts.create({ data:dataR });
  await p.accounts_user_links.create({data:{account_id:account.id,user_id:userId}});
  return account;
  },
  unlinkAccount: (provider_providerAccountId) =>
  p.account.delete({ where: { provider_providerAccountId } }),

  async getSessionAndUser(sessionToken) {
  console.debug("getSessionAndUser");
  console.debug(sessionToken);
  var filter = { session_token:sessionToken};
  const userAndSession = await p.sessions.findFirst({
  where: { sessionToken },
  include: { sessions_user_links: true },
  });
  console.debug("userAndSession is null");
  console.debug(userAndSession);
  if (!userAndSession) return null;
  const { sessions_user_links, ...session } = userAndSession;
  const user = await p.up_users.findUnique({ where: { id: sessions_user_links[0].user_id } });

  console.debug(session);
  console.debug(sessions_user_links);
  return { user, session };
  },

  async createSession(data) {
  console.debug("createSession");
  console.debug(data);
  var params = {data: { session_token:data.sessionToken, expires:data.expires }};
  console.debug(params);
  var { userId, sessionToken, expires} = data;
  const session = await p.sessions.create({data:{sessionToken: sessionToken, expires: expires}});
  await p.sessions_user_links.create({data:{session_id:session.id,user_id:userId}});
  return session;
  },
  updateSession(data) {
  console.debug("updateSession");
  console.debug(data);
  var params = {data:{ session_token:data.sessionToken, expires:data.expires }};
  console.debug(params);
  return p.sessions.update({ where: { sessionToken: data.sessionToken }, data });
  },
  deleteSession: (sessionToken) =>
  p.sessions.delete({ where: { sessionToken } }),
  async createVerificationToken(data) {
  // @ts-ignore
  const { id: _, ...verificationToken } = await p.verificationTokens.create({
  data,
  })
  return verificationToken
  },
  async useVerificationToken(identifier_token) {
  try {
  // @ts-ignore
  const { id: _, ...verificationToken } =
  await p.verificationTokens.delete({ where: { identifier_token } })
  return verificationToken
  } catch (error) {
  // If token already used/deleted, just return null
  // https://www.prisma.io/docs/reference/api-reference/error-reference#p2025
  if ((error /as Prisma.PrismaClientKnownRequestError/).code === "P2025")
  return null
  throw error
  }
  },
  }
  }`

nextauth options

`import NextAuth from 'next-auth';
import axios from 'axios';
import CredentialsProvider from 'next-auth/providers/credentials';
import GoogleProvider from 'next-auth/providers/google';
import FacebookProvider from 'next-auth/providers/facebook';
import TwitterProvider from 'next-auth/providers/twitter';
import EmailProvider from "next-auth/providers/email";
import { CustomPrismaAdapter } from '../../../lib/auth/adapter';
import { PrismaClient } from "@prisma/client";

const prisma = new PrismaClient({
log: ['query', 'info', 'warn', 'error'],
});

export const authOptions = {
adapter: CustomPrismaAdapter(prisma),
secret:process.env.NEXT_AUTH_SECRET,
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
}),
FacebookProvider({
clientId: process.env.FACEBOOK_CLIENT_ID,
clientSecret: process.env.FACEBOOK_CLIENT_SECRET
}),
TwitterProvider({
clientId: process.env.TWITTER_CLIENT_ID,
clientSecret: process.env.TWITTER_CLIENT_SECRET,
version: "2.0", // opt-in to Twitter OAuth 2.0
})
/,
EmailProvider({
server: {
host: process.env.EMAIL_SERVER_HOST,
port: process.env.EMAIL_SERVER_PORT,
auth: {
user: process.env.EMAIL_SERVER_USER,
pass: process.env.EMAIL_SERVER_PASSWORD
}
},
from: process.env.EMAIL_FROM
}),/
],
//database: process.env.NEXT_PUBLIC_DATABASE_URL,
session: {
strategy: "jwt"
},
jwt: {
// The maximum age of the NextAuth.js issued JWT in seconds.
// Defaults to session.maxAge.
maxAge: 60 * 60 * 24 * 30
},
debug: true,
pages: {signIn: "/sign"}
,callbacks: {

async session({ session, token, user }) {
  // Send properties to the client, like an access_token from a provider.

  session.user.id = token.sub;
  //if(!session.user.email) session.user.email=null;
  return session;
}

}
};

const Auth = (req, res) => NextAuth(req, res, authOptions);

export default Auth; `

[ebengtso]

based on my example you can try the emailprovider. I havent tried it myself. It might be already working, otherwise you will have to fix the prisma model and the adapter on the verification methods

[ShahriarKh]

After testing different examples, tutorials, and posts around the web, I finally came up with a solution.
Please don't hesitate to comment below & improve the code.

SessionProvider

Inside _app.js:

for NextAuth v4:

import { SessionProvider } from "next-auth/react";

function MyApp({ Component, pageProps: { session, ...pageProps }}) {
  return (
    <SessionProvider session={session}>
        <Component {...pageProps} />
    </SessionProvider>
  );
}

export default MyApp

for NextAuth v3:

import { Provider } from 'next-auth/client'

function MyApp({ Component, pageProps: { session, ...pageProps }}) {
  return (
    <Provider session={session}>
        <Component {...pageProps} />
    </Provider>
  );
}

export default MyApp

Environment Variables

Create .env.local at the root of your project:

STRAPI_URL=https://your-strapi-url.com
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=aWiA8Io/dbwYlV8mGoMzofinSS0H4HNXKqJ014FX7b8=

You may want to generate a secret using openssl (you can use cryptool.org online terminal if you don't have openssl on your machine)

$ openssl rand -base64 32

NextAuth Config

Create pages/api/auth/[...nextauth].js:
I'll be using Credentials for the sake of this "tutorial".

import axios from "axios";
import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";

export default NextAuth({
    // the secret is required, otherwise you will face 'JWEDecryptionFailed' error
    secret: process.env.NEXTAUTH_SECRET,

    // Configure one or more authentication providers
    providers: [
        CredentialsProvider({
            name: "Sign in with Email",
            credentials: {
                email: { label: "Email", type: "text" },
                password: { label: "Password", type: "password" },
            },
            async authorize(credentials, req) {
                // return (
                /**
                 * This function is used to define if the user is authenticated or not.
                 * If authenticated, the function should return an object contains the user data.
                 * If not, the function should return `null`.
                 */
                if (credentials == null) return null;
                /**
                 * credentials is defined in the config above.
                 * We can expect it contains two properties: `email` and `password`
                 */

                // using axios is recommended but optional. You can use native fetch() or other libraries.
                try {
                    const { user, jwt } =
                        (await axios
                            .post(`${process.env.STRAPI_URL}/api/auth/local`, {
                                identifier: credentials.email, /* identifier can be the username, instead of the email */
                                password: credentials.password,
                            })
                            .then((response) => {
                                return response.data;
                            })
                            .catch((error) => {
                                console.log(error.response);
                                throw new Error(error.response.data.message);
                            })) || null;

                    return { jwt, ...user };
                } catch (error) {
                    console.warn(error);
                    // Sign In Fail
                    // return null;
                }
                // );
            },
        }),
    ],
    callbacks: {
        jwt: async ({ token, user }) => {
            if (user) {
                token.id = user.id;
                token.jwt = user.jwt;
                token.username = user.username; /* ### */
            }
            return Promise.resolve(token);
        },
        session: async ({ session, token }) => {
            session.id = token.id;
            session.jwt = token.jwt;
            session.user.username = token.username; /* ### */
            return Promise.resolve(session);
        },
    },
});

To add additional fields (returned from Strapi) to your session object, you can modify the callbacks. (look for /* ### */ comment in the code above)

Custom Sign-in page

Create a new js file in pages. It can be anywhere, for example: pages/auth/sign-in.js.

import { signIn } from "next-auth/react";
import { useRouter } from "next/router";

export default function SignIn() {
    const router = useRouter();

    const onSubmit = async (e) => {
        e.preventDefault();

        signIn("credentials", {
            email: e.target.email.value,
            password: e.target.password.value,
            redirect: false,
        }).then(({ ok, error }) => {
            if (ok) {
                router.push("/profile");
            } else {
                console.warn("error: ", error);
            }
        });
    };

    return (
        <form onSubmit={onSubmit}>
            <input id="email" name="email" type="text" />
            <input id="password" name="password" type="password" />
            <button>Sign In</button>
        </form>
    );
}

Check Session

import { useSession } from "next-auth/react";
import { useEffect } from "react";

export default function Home() {
    const { data: session } = useSession();

    useEffect(() => {
        console.log(session);
    }, [session]);

    /* rest of your code ... */

---

Resources:

• https://medium.com/@tom555my/strapi-next-js-email-password-authentication-a8207f72b446 ⭐
• https://github.com/tom555my/strapi-next-credentials-frontend
• https://stackoverflow.com/questions/68142134/next-auth-signin-with-credentials-is-not-working-in-nextjs
• https://www.gyanblog.com/javascript/next-js-strapi-authentication-credentials-jwt-next-auth/
• https://next-auth.js.org/
• https://strapi.io/blog/user-authentication-in-next-js-with-strapi
• https://medium.com/nextjs/how-to-set-up-the-next-auth-library-for-development-and-production-in-nextjs-103e9e4e9691

[tan-ahmed]

@ShahriarKh Sorry i'm new to this, How to implement it into your previous code, should i create a new provider in [...nextauth].js or ? Thank you for your help.

Mate, it's all here. Just grab it from here
https://github.com/tan-ahmed/nextjs-strapi-nextauth

[tan-ahmed]

1. It depends on your project. Many websites ask users to log in again after signing up, and if you want to do the same thing, then using NextAuth for sign-up is unnecessary. However, if you want to automatically log the user in after signing up, things are different and I don't really know how NextAuth handles this (maybe there's something built-in, or maybe you can use the jwt that /auth/local/register returns to do so 🤷‍♂️).
2. Do you mean Google+Strapi+NextAuth or Google+NextAuth?
3. 🙂 Thank you for your kind words!

Yes I mean, google+strapi+NextAuth (do you know?)
If so, are you able to open an issue on this github repo we can speak here.
Many thanks
Tan

[xmoroix]

@tan-ahmed Thank you, i already have all that, i'm looking for signup method.

[ShahriarKh]

@Rango-dz For sign-up, you don't necessarily need NextAuth. All you need to do is to send a POST request to Strapi's register endpoint. Here's a simple example:

function handleSignup(username, email, password) {
    axios
        .post("https://your-strapi-url.com/api/auth/local/register", {
            username: username,
            email: email,
            password: password
        })
        .then((response) => {
            console.log("User profile", response.data.user);
            console.log("User token", response.data.jwt);
        })
        .catch((error) => {
            console.log("An error occurred:", error);
        });
}

<button onClick={() => handleSignup("name", "test@test.com", "PaSsWoRd")}>Sign up</button>

[vitali-duckma]

I followed your demo but I'm getting redirected to a strange page: how to fix that?? thanks

[james-devapps]

Hi ShahriarKh, thanks for the code, it works perfectly. I only have one small detail, when it returns the user information when logging in, I only get the username, email and name data, the rest of the data in the user's strapi is not shown, what could it be?

thank you!

[ShahriarKh]

Hi @codiweb-cat
You can add more fields by customizing the callback:

callbacks: {
    jwt: async ({ token, user }) => {
      if (user) {
        // ...
        token.myfield = user.myfield;
        // ...
      }
      return Promise.resolve(token);
    },
    session: async ({ session, token }) => {
      // ...
      session.user.myfield= token.myfield;
      // ...
      return Promise.resolve(session);
    },
  },

[james-devapps]

You'are the best!!
Thank you for your time