An example application that demonstrates using HTTP-only cookies for secure authentication with Next.js.
This project contains demo login/logout pages, an API Proxy, as well as two endpoints that simulate an API.
git clone [email protected]:maximilianschmitt/next-auth.git
cd next-auth
yarn
yarn dev
The API Proxy implementation.
A demo API endpoint for logging in.
200 { "authToken" "..." }
if login was successful400 { "error" "..." }
if login was not successfulA demo API endpoint for getting the currently authenticated user.
200 { "email" "..." }
if a valid auth-token
HTTP header is set401 { "error" "..." }
if auth-token
is missing403 { "error" "..." }
if auth-token
is invalidThe demo login page. Makes client-side AJAX requests to the API Proxy as well as server-side requests to the API in getServerSideProps()
.
Client-side requests are made to /api/proxy/*
. Server-side requests are made to /api/*
.
The logout page. Unsets the auth-token
cookie and redirects back home.