Theo's Typesafe Cult•2y ago

How do I send sign-in links to New Users in Next-Auth, but disallow new registrations?

I am using the E-mail Provider with magic links in next-auth & I want users to be able to sign-in, when they already have an account, but not be able to sign-in when they don't: For new users, I want to manually check their applications and then send them a sign-in link. I am stuck as to how to do this though: The problem seems to be that sign-in & sign-up go via the same callback in next-auth: signIn(). There is no separate callback for signUp. Basically, what I want is: 1. Users who are already registered in the db can sign-in 2. New Users (who don't exist in the database yet) cannot sign-in / register via the sign-in callback. 3. When a new user signs up, I can send them a first-time sign-in link, that creates their profile in the db. From this point onwards, they can sign-in themselves Right now, what I've got is this:

async signIn(props) {
    let { user, account, profile, email, credentials } = props;
    const userExists = await prisma.user.findUnique({
      where: {
        email: user.email
      }
    });

    if (!userExists) {
      return false;
    }

    return true;
  }

async signIn(props) {
    let { user, account, profile, email, credentials } = props;
    const userExists = await prisma.user.findUnique({
      where: {
        email: user.email
      }
    });

    if (!userExists) {
      return false;
    }

    return true;
  }

This allows only users who already are in the database to sign-in. New users will see an error. But how can I now create new users in the backend / programmatically? I would like to have a setup like an admin dashboard, where I can simply type in an email and the user gets their sign-in link. The problem seems to be however that I would be using the very same signIn function, which would block creating the new user, if they don't exist in the database.

9 Replies

Unknown User•2y ago

Message Not Public

plyglt•2y ago

omg i can't believe it didn't think about that at all!! thank you so much, yeah totally true, that works i for some reason thought that next-auth does some other background stuff when creating users, sessions etc. that i won't be able to replicate when I just insert a user in my user table

Unknown User•2y ago

Message Not Public

plyglt•2y ago

hey thanks a lot for this!! just did a bit of googling, but there doesn't seem to be a lot of info on this. how did you realise that creating the users in the db manually isn't the best way to go about it? did anything break or wasn't working properly anymore?

Unknown User•2y ago

Message Not Public

BarisP•2y ago

This is actually pretty smart, great workaround, I was thinking similar thing for the private app that I am building where a company only will let it's vendor use the app, and I want them to singin with magic link, I was thinking, setting the role of the new users to "non-verified" or something so that wouldn't have access to app, and would have a panel to change them to "Vendor", "Sales-Manager" or whatever, which would eat up my e-mail quota for some degree But also would allow new vendors to sign-up with an easy approval step from the managers, which is not bad too

Unknown User•2y ago

Message Not Public

BarisP•2y ago

Thanks for the info :), but I am already using the role-based authorization like in that example, just haven't implemented the magic link thingy, going with providers for now until our offer gets accepted and stuff. I was thinking letting them create regular user but with a role that can do nothing and redirected to waiting for approval page, until an admin can approve that user in a user list component that sets their role to useful one Anyway this is a subject for another chat room I feel like 🙂 I hope OP got some valuable info

Unknown User•2y ago

Message Not Public

Gaming

Programming

How do I send sign-in links to New Users in Next-Auth, but disallow new registrations?