Next-Auth PassportJs Compatibility

[Eftychiou]

Our company started started the project using for api's the Serverless functions of NextJs, therefore we chose Next-auth for Authentication. Now that the project became much bigger, the team decided to move the Apis to an express server. The question is can we keep using Next-auth for Sign-in purposes(easy implementation with various providers) and use passportJs on Express to protect Api Routes with a JWT token ? Is this a bad approach ? Any examples of implementing it ? We are open to all sugestions.
Thanks in advance team

[balazsorban44]

Extending NextAuth.js to places outside of Next.js is planned, and there are some examples already that use it in an Express-like server. See #2294

[Eftychiou]

Do you think sending the token that was generated from nex-auth(vercel hosted) to my backend(own express serverhosted on vps) is a good approach ? And if it's okay how to we get the token in the client side and send it together with the http request ? Thanks for your early response Balazsorban44

[balazsorban44]

Check out the jwt and session callbacks. your backend probably won't need our JWT itself, but the one it creates/sends on login.

https://next-auth.js.org/configuration/callbacks

[Eftychiou]

The real problem is how to get the encrypted jwt token so it can be send to the backend so the authentication for the api's will be done there. I tried to get the cookie on the front-end but this can't be done because next-auth.session-token is a HttpOnly cookie . Any further ideas ?

…

________________________________ From: Balázs Orbán ***@***.***> Sent: Tuesday, September 28, 2021 10:53 AM To: nextauthjs/next-auth ***@***.***> Cc: Eftychiou ***@***.***>; Author ***@***.***> Subject: Re: [nextauthjs/next-auth] Next-Auth PassportJs Compatibility (Discussion #2845) Check out the jwt and session. your backend probably won't need our JWT itself, but the one it creates/sends on login. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#2845 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ARL4ZVKKAPQF2UW6PT5Y2ZLUEFX7DANCNFSM5E2R5H4Q>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[balazsorban44]

Yes, check the docs, as I suggested 😉
#2845 (reply in thread)