Dummies guide to authorisation next next-auth.

[dartmoordunbar]

Apologies if this is an easy query - I have checked through the documentation, which is excellent, but perhaps I an not fully aware of what I am looking for.

I want to implement some authorisation into my app. I would do this with additional metadata in the session. My two questions are..

1. Is there a dummies guide to augmenting the session object? I added a column to the users table (eek, i know, hacky) but this is not automatically added to the session.

2. Is best practice something else? Perhaps a user_permissions table and making the additional query?

• Found the documentation helpful
• Found documentation but was incomplete
• Could not find relevant documentation
• Found the example project helpful
• Did not find the example project helpful

[BenjaminWFox-Lumedic]

Have you looked at the session & jwt callback functionality?

You can decorate the JWT with additional properties, which might be your best bet. (You can check for the profile object in the JWT callback to only do this on sign-in).

That information will then be available in the session callback, if needed, and you can access it elsewhere via the jwt.

Disclaimer, I'm not the expert here, but I think that would be a better option than trying to modify the session. I'm also not using database functionality, which may change things.

[dartmoordunbar]

Ah... I think I see now. I'll give it a go! Thanks.

[rmeruva29]

When using Okta, on the jwt back, the profile always comes back as undefined. Is this a something thats a known issue or may be i am doing something wrong. Posting to see if anyone else faced something similar.

[curiolearner]

I had the same problem with Okta. Tried but did not even get it to work, though it was working for google. The documentation was not clear enough, just replacing google with okta did not work out. I did not want to dig into the nitty gritty as it is preliminary evaluation. Kindly assist if someone knows. thanks