You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am working on a Next.js application that uses next-auth for authentication.
Set-up has been quite smooth so far: A click on the sign-in button redirects to the custom OAuth provider's sign-in page, and upon successful authentication the user gets redirected back to the app with a valid token and session. As it should be.
Now, the provider needs a secret. On the production server, the secret is provided through an environment variable which is set up and stored in a secure way. For local development, though, I have the secret in a .gitignored .env.development file. I don't want to have to deal with that file, though, as it adds an extra step for other developers setting up the app locally. They should not have to ask around what the contents of the .env file were.
What I would like to have instead:
When the app is run in the development environment, clicking the sign-in button should immediately sign in the user with a valid token linked to a test user ID, bypassing the need of a secret for the actual authentication provider.
I have a suspicion that I have to create my own custom authentication provider for that inside the app's api folder itself. Or something like that. But I don't know how to go about it. Or whether this is the right way at all.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, knowledgeable people,
I am working on a Next.js application that uses
next-authfor authentication.Set-up has been quite smooth so far: A click on the sign-in button redirects to the custom OAuth provider's sign-in page, and upon successful authentication the user gets redirected back to the app with a valid token and session. As it should be.
Now, the provider needs a secret. On the production server, the secret is provided through an environment variable which is set up and stored in a secure way. For local development, though, I have the secret in a
.gitignored.env.developmentfile. I don't want to have to deal with that file, though, as it adds an extra step for other developers setting up the app locally. They should not have to ask around what the contents of the.envfile were.What I would like to have instead:
When the app is run in the
developmentenvironment, clicking the sign-in button should immediately sign in the user with a valid token linked to a test user ID, bypassing the need of a secret for the actual authentication provider.I have a suspicion that I have to create my own custom authentication provider for that inside the app's
apifolder itself. Or something like that. But I don't know how to go about it. Or whether this is the right way at all.Has anyone got an idea? Thanks.
Beta Was this translation helpful? Give feedback.
All reactions