|
| 1 | +--- |
| 2 | +id: auth-js |
| 3 | +title: Integrate authentication into Auth.js and NextAuth |
| 4 | +sidebar_label: Auth.js and NextAuth |
| 5 | +--- |
| 6 | + |
| 7 | +This guide covers integrating Ory with Auth.js, a popular authentication library for Next.js applications. Auth.js is a flexible |
| 8 | +authentication library that supports multiple authentication providers, including Ory Network out of the box. |
| 9 | + |
| 10 | +Auth.js is the successor to NextAuth.js, which is a popular authentication library for Next.js applications. The Ory provider |
| 11 | +works with both Auth.js and NextAuth.js, so you can use either library to integrate Ory with your Next.js application. |
| 12 | + |
| 13 | +To connect your Next.js application with Ory we: |
| 14 | + |
| 15 | +1. Clone an example Next.js application with Auth.js |
| 16 | +2. Create an OAuth2 client in Ory and configure Auth.js to use it |
| 17 | +3. Perform a demo flow to see the integration in action |
| 18 | + |
| 19 | +Let's get started! |
| 20 | + |
| 21 | +## Clone the example Next.js application |
| 22 | + |
| 23 | +First, clone the example Next.js application with Auth.js: |
| 24 | + |
| 25 | +```shell-session |
| 26 | +git clone https://github.com/nextauthjs/next-auth-example.git |
| 27 | +cd next-auth-example |
| 28 | +npm i |
| 29 | +cp .env.local.example .env.local |
| 30 | +npx auth secret |
| 31 | +``` |
| 32 | + |
| 33 | +In the `auth.ts` file, replace the `profiders` array with just Ory: |
| 34 | + |
| 35 | +```ts title="auth.ts" |
| 36 | +import { OryNetworkCta } from "./ory-network-cta" |
| 37 | +export const config = { |
| 38 | + theme: { logo: "https://authjs.dev/img/logo-sm.png" }, |
| 39 | + providers: [ |
| 40 | + // Apple, |
| 41 | + // AzureB2C, |
| 42 | + Ory, |
| 43 | + ], |
| 44 | + // ... |
| 45 | +} |
| 46 | +``` |
| 47 | + |
| 48 | +## Create OAuth2 Client in Ory Network |
| 49 | + |
| 50 | +To create the OAuth2 client, you need to know the redirect URL of your Next.js application. The redirect URL is the URL where Ory |
| 51 | +will send the user after they log in. When running NextJS locally, the redirect URL for Auth.js is usually |
| 52 | +`http://localhost:3000/auth/callback/ory`. |
| 53 | + |
| 54 | +1. Log into your Ory Network account. |
| 55 | +2. create a new project, or select an existing one. |
| 56 | +3. Go to ["OAuth 2" -> "Clients"](https://console.ory.sh/projects/current/oauth) and click |
| 57 | + ["Create OAuth 2.0 Client"](https://console.ory.sh/projects/current/oauth/create). |
| 58 | +4. Select "Server App". |
| 59 | +5. Choose a client name, e.g. "NextAuth Example". |
| 60 | +6. Scopes `openid` and `offline_access` are preselected. Add `email` and `profile` to the list. |
| 61 | +7. Add redirect URLs for your NextAuth integration. In case of NextJS with Auth.js / Next-Auth, add these two URLs: |
| 62 | + - `http://localhost:3000/api/auth/callback/ory` |
| 63 | + - `http://localhost:3000/auth/callback/ory` |
| 64 | +8. Scroll to the bottom and click "Create Client". |
| 65 | +9. Copy the Client Secret and click "Done" and save it in your `.env.local` file. |
| 66 | +10. Copy the Client ID from the client list and save it in your `.env.local` file. |
| 67 | + |
| 68 | +## Configure Auth.js to use Ory |
| 69 | + |
| 70 | +Your `.env.local` file should now look like this: |
| 71 | + |
| 72 | +```env |
| 73 | +# Needed by Auth.js |
| 74 | +AUTH_SECRET=... |
| 75 | +
|
| 76 | +# Needed for Ory |
| 77 | +AUTH_ORY_ID=... |
| 78 | +AUTH_ORY_SECRET=... |
| 79 | +``` |
| 80 | + |
| 81 | +Next, add the Ory Issuer URL to your `.env.local` file. The Issuer URL is the "Ory Network Project API Endpoint" you can find |
| 82 | +[here](https://console.ory.sh/projects/current/developers/guides). Unless you have a custom domain set up for your Ory Network |
| 83 | +project, it will be in the form of: |
| 84 | + |
| 85 | +``` |
| 86 | +https://{project.slug}.projects.oryapis.com |
| 87 | +``` |
| 88 | + |
| 89 | +Your final `.env.local` file should look like this: |
| 90 | + |
| 91 | +```env |
| 92 | +# Needed by Auth.js |
| 93 | +AUTH_SECRET=... |
| 94 | +
|
| 95 | +# Needed for Ory |
| 96 | +AUTH_ORY_ID=... |
| 97 | +AUTH_ORY_SECRET=... |
| 98 | +AUTH_ORY_ISSUER=... |
| 99 | +``` |
| 100 | + |
| 101 | +## Test the flow |
| 102 | + |
| 103 | +Now everything is set up and you can run `npm run dev` to start the app and click on the top left "Sign in" button to start the |
| 104 | +login flow. |
| 105 | + |
| 106 | +## Going to production |
| 107 | + |
| 108 | +When you are ready to go to production, you need to update the redirect URL in the Ory client settings to the production URL of |
| 109 | +your Next.js application. |
| 110 | + |
| 111 | +## Trouble Shooting |
| 112 | + |
| 113 | +### Incorrect `redirect_uri` |
| 114 | + |
| 115 | +If the server responds with |
| 116 | + |
| 117 | +``` |
| 118 | +The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. |
| 119 | +The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls. |
| 120 | +``` |
| 121 | + |
| 122 | +please ensure that the redirect URL is correct. You can find the redirect URL you are sending to Ory by checking the network tab |
| 123 | +of your browser and look for calls to `/oauth2/auth`. |
0 commit comments