Login from other nextjs site using SSO #794
Comments
This comment has been minimized.
This comment has been minimized.
|
I'm trying to implement this but my sites are in subdomains of the main site, I believe that this way I can redirect the login to the main site and all subdomains will have access to the cookie |
|
Yea I think it might be easier with subdomain, but like I gave as an example, envato does with different domains. |
|
let's think about how to solve this, I would like to do something like it works on google services, you log into google and when you enter youtube you are already logged in |
|
Well, I know how Envato does this, they use JWT. When I'm on themeforest.net and I sign in using my user/pass are sent to an API on account.envato.com and I gets me a token that I can use to request a JWT token. The JWT token is then sent to the user API in point on themeforest.net which generates a sessions with that domain.
So technically you aren't actually logging in with themeforest.net, but are granted a token to create a temporary and revocable session with themeforest.net from account.evato.com My question is... how do we make this work with next-auth 😂 |
balazsorban44
added
the
help-needed
|
https://arunoda.me/blog/add-auth-support-to-a-next-js-app-with-a-custom-backend I think this article I found on the nextauth tutorial page is close to what I'm wanting, but not really a full example |
|
in the next few days i will try to implement this on my sites, i will keep you informed of how i will do |
|
@itxtoledo Any luck? |
|
@dcantatore I gave up using this package and did everything by hand, this package does not allow you to use your own server to sign the jwt token |
|
@dcantatore Same here, I gave up on trying to get it to work. I did end up finding some ways around it but kept running into new issues. The nail in the coffin was reading this: https://next-auth.js.org/faq#does-nextauthjs-support-signing-in-with-a-username-and-password I don't necessarily disagree with this, but it's clear this is probably the wrong package for this particular project I'm working on. That said, I do plan on using this for future projects, I just have a requirement on this one project where the login server needs to be external for use on multiple sites and needs to be user/password. |
|
Hi there!
You can absolutely use your own token with NextAuth.js as per the example code in the JSON Web Token option. You can tell it to work with a token that is encrypted / signed / encoded / compressed anyway you like. The functions you can use to define how a cookie should be encoded and decoded are named jwt: {
// You can define your own encode/decode functions for signing and encryption
// if you want to override the default behaviour.
// async encode({ secret, token, maxAge }) { /* input is token object; should return an encoded string */ },
// async decode({ secret, token, maxAge }) { /* input is encoded string; should return object */ },
}The |
You can use just about any existing username/pasword service with the This is different to consuming a JSON Web Token that has been set somewhere else though. (Though you could do both!) |
|
Yes, I got all of that working quite well. It was very flexible and pretty easy to create my own provider with JWT and I was using credentials on my custom database. Worked great for the primary accounts app I was building. I ran into issues and got stuck trying to allow my clients' other sites to be able to easily login from a totally separate nextjs project. I'm looking at Envato as an example of how it's done and in very simple terms I was not able to replicate this or something similar. I poked around the issues here for a bit and there are people trying to do similar things, like login from a mobile app or secondary web app, with some successful workarounds. I was just never able to get there and ran out of time. |
|
Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep it open. (Read more at #912) Thanks! |
|
Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks! |
|
A quick question on this, Also when Nextjs is deployed with docker with |
|
Hi guys. Did you guys resolve this issue? I wanna use SSO on next-auth but it seems Custom Provider is not a solution for SSO. Thanks. |
|
Could anyone advance with this? I need to provide sessions for multiple next.js apps using SSO. The credentials one works fine but how to achieve the same using OAuth providers? |
|
@MartinDawson thanks for linking that, now I think I understand what should be done, we should overwrite the default strategy to set the cookie for all subdomains, is that right? I see an example here. Would be great to have a boilerplate with this setup, I've moved on to React + express for the project that I'm working on but for future projects having this working would be great |
|
@geniusit I was wondering the same, I guess you can use the and then use that to redirect on successful login I'm doing so in my express up like this, you should be able to do the same: const authRouter = Router()
authRouter.get('/connect/:provider', (req, res, next) => {
let scope: string[] = []
switch (req.params.provider) {
case 'google':
scope = ['profile', 'email']
break
case 'discord':
scope = ['identify', 'email']
break
}
return passport[req.user ? 'authenticate' : 'authorize'](
req.params.provider,
{
state: JSON.stringify({ origin: req.origin }),
scope,
passReqToCallback: true
}
)(req, res, next)
})
authRouter.get(
'/connect/:provider/callback',
(req, res, next) => {
passport.authenticate(req.params.provider, {
failureRedirect:
JSON.parse(req.query.state as string)?.origin ||
req.origin,
successRedirect:
JSON.parse(req.query.state as string)?.origin ||
req.origin
})(req, res, next)
}
) |
Your question
Is it possible to login using SSO?
What are you trying to do
I have a few websites that have accounts and I'd like to centralize all my accounts to one. So a new app specifically for mananage account and profile data and the other sites will use that same login session. Best example I can think of is Envato:
https://account.envato.com/ (centralized account page)
https://themeforest.net/ (if you are logged in to your envato account and sign in you are automatically signed in)
It looks like they are using JWT but I don't know if this is possible with NextAuth or if there are any examples out there of other people doing something similar. I did find this, which looks like it could work for logging in remotely via user/pass:
https://next-auth.js.org/configuration/pages#credentials-sign-in
Anybody done anything like that?
The text was updated successfully, but these errors were encountered: