NextAuth session injection
Hello, I am pretty new to T3 stack and Next.js (
App Router
). I am working on an application, it should support 2 types of authentications.
The first one is OAuth with NextAuth, the second is a sophisticated third-party script ID provider, let's call it ScriptAuth
. The app requires user to be logged in, so all the pages are unaccessible, until user is logged it.
While OAuth is simple, ScriptAuth works like that:
1. an external script is loaded via <Script src="..." onReady={createGlobalObject}>
, which creates a global object, representing that ScriptAuth data.
2. a tRPC request is performed with this data from the script
3. the server validates the data, and if it is valid, the user should be considered authenticated, otherwise - the app redirects them to the OAuth login page. I can make server return a token at this point, then store it on the client and use it as the prove of identity.
The problem is: even if the user is logged in with ScriptAuth
, tRPC server assumes 403, which is expected, because the ScriptAuth workflow never creates the session. I need a way to inject state of session into the NextAuth context, so it will allow protected requests via ScriptAuth-ed users. I have no idea how to do it.1 Reply
Basically, 3) can return a JWT token with some credentials and set it to cookies. I need a way to make sure NextAuth.js understands that this JWT is legit.
document.cookie = "next-auth.session-token=" + req.data.identity.token;