DBC login provider for next-auth
login-nextjs is a provider for the next-auth library, that can be used to setup authentication for nextJS applications through login.bib.dk.
This plugin works with next-auth v4. Check out the migration guide, if you import directly from next-auth in your project.
By default this plugin will use JWT to store the session. The JWT is stored as a cookie, so there is no need for a database.
installation
npm i @dbcdk/login-nextjs
Environment Variables
These should be set for the Next.JS application that uses next-auth.
-
NEXTAUTH_SECRET
A secret that next-auth will use to encrypt JWT's
For generating the key you can use the following CLI
npm install -g node-jose-tools, and then runjose newkey -s 512 -t oct -a HS512, which will print out a json string to copy - NEXTAUTH_URL The canonical url of your site. For instance https://example.com.
Usage
To add NextAuth.js to a project create a file called [...nextauth].js in pages/api/auth.
/**
* @file
* pages/api/[...nextauth].js
* */
import NextAuth from "next-auth";
import {adgangsplatformen, callbacks} from "@dbcdk/login-nextjs";
import CONFIG from "../config";
const options = {
providers: [
adgangsplatformen({
clientId: CONFIG.clientId,
clientSecret: CONFIG.clientSecret,
}),
],
callbacks: {
...callbacks,
},
};
export default (req, res) => NextAuth(req, res, options);If your application requires anonymous session, for instance if you need to call FBI-API without a user is logged in, you can import NextAuth (a wrapper around the original NextAuth) like this:
import {NextAuth} from "@dbcdk/login-nextjs";adgangspaltformen is the provider function using login.bib.dk with next through next-auth and requires a ClientId and clientSecret
The provider automatically uses a CULR ID (from login.bib.dk it is called uniqueId) as profile ID. If another ID should be used or further validation is needed a custom profile function can be used:
adgangsplatformen({
clientId: CONFIG.clientId,
clientSecret: CONFIG.clientSecret,
profile: ({id, profile}) => {
//custom logic here
return {id: 'some-valid-id'}
}
}),callbacks contains next-auth specific callbacks that will expose the token recieved from login.bib.dk and redirect to login.bib.dk/logout at logout (See the specific implementation here).
For more information about callbacks see https://next-auth.js.org/configuration/callbacks
Client
The client library exposes three functions signIn, signOut and destroy. signIn and signOut are wrappers around next-auth's signIn and signOut functions. destroy can be called to clear all session cookies. This will trigger a fetch for a new fresh anonymous token. Logic for handling broken sessions should be custom implemented in the application.
import {signIn} from "@dbcdk/login-nextjs/client";
export default () => (
<button onClick={() => signIn()}>Sign in with login.bib.dk</button>
);import {signOut} from "@dbcdk/login-nextjs/client";
export default () => <button onClick={() => signOut()}>Sign out</button>;import {destroy} from "@dbcdk/login-nextjs/client";
export default () => {
// Validate session
if(...){
// Session is broken
destroy()
}
};Next.JS API routes
If you need to access the session inside an API route, you should use getServerSession
import {getServerSession} from "@dbcdk/login-nextjs/server";
export default async (req, res) => {
const session = await getServerSession(req, res);
...
}FBI-API Test user Login
If you want to use special FBI-API test users, you need to set the testUserProvider in the file [...nextauth].js.
providers: [
...,
testUserProvider({
clientId: "...",
clientSecret: "...",
fbiApiUrl: "...",
}),To enable/disable test users in a browser, you must call the function from somewhere in your webapp, for instance like:
import { enableFbiApiTestUsers } from "@dbcdk/login-nextjs/client";
...
<button onClick={() => enableFbiApiTestUsers(true)}>Enable FBI API test users</button>
...Test
npm run test