An example application that demonstrates using HTTP-only cookies for secure authentication with Next.js.
This project contains demo login/logout pages, an API Proxy, as well as two endpoints that simulate an API.
git clone git@github.com:maximilianschmitt/next-auth.git
cd next-auth
yarn
yarn dev
The API Proxy implementation.
A demo API endpoint for logging in.
- Responds with
200 { "authToken" "..." }
if login was successful - Responds with
400 { "error" "..." }
if login was not successful
A demo API endpoint for getting the currently authenticated user.
- Responds with
200 { "email" "..." }
if a validauth-token
HTTP header is set - Responds with
401 { "error" "..." }
ifauth-token
is missing - Responds with
403 { "error" "..." }
ifauth-token
is invalid
The demo login page. Makes client-side AJAX requests to the API Proxy as well as server-side requests to the API in getServerSideProps()
.
Client-side requests are made to /api/proxy/*
. Server-side requests are made to /api/*
.
The logout page. Unsets the auth-token
cookie and redirects back home.