riprsa
Explore posts from serversTTCTheo's Typesafe Cult
•Created by riprsa on 7/10/2024 in #questions
NextAuth session injection
Hello, I am pretty new to T3 stack and Next.js (
App Router). I am working on an application, it should support 2 types of authentications.
The first one is OAuth with NextAuth, the second is a sophisticated third-party script ID provider, let's call it ScriptAuth. The app requires user to be logged in, so all the pages are unaccessible, until user is logged it.
While OAuth is simple, ScriptAuth works like that:
1. an external script is loaded via <Script src="..." onReady={createGlobalObject}>, which creates a global object, representing that ScriptAuth data.
2. a tRPC request is performed with this data from the script
3. the server validates the data, and if it is valid, the user should be considered authenticated, otherwise - the app redirects them to the OAuth login page. I can make server return a token at this point, then store it on the client and use it as the prove of identity.
The problem is: even if the user is logged in with ScriptAuth, tRPC server assumes 403, which is expected, because the ScriptAuth workflow never creates the session. I need a way to inject state of session into the NextAuth context, so it will allow protected requests via ScriptAuth-ed users. I have no idea how to do it.4 replies