Bypass auth with external accessToken

[atissedredecathlon]

Hey guys, this is not a common use case and even less a good practice, but for the purposes of my project, if an access token is passed as a parameter in the url (e.g.http://localhost:3000?accessToken=myAccessToken), I need to use it in my API calls and "disable" authentication with next auth.

The authentication process is just a fallback in case an accessToken is not passed.

My current implementation is:

• storing the accessToken in a cookie in _app.tsx, before the auth kicks and redirects to the login page :

// Retrieving the callbackURL query params.
  const { callbackUrl } = router.query;

  // Retrieving the storeNumber, accessToken and action from the callbackURL.
  const params = new URL(callbackUrl as string, 'https://example').searchParams;
  const accessToken = params.get('accessToken');

  // Storing it in a cookie.
  if (storeNumber) {
    document.cookie = `storeNumber=${storeNumber}`;
  }

• in my _middleware.ts file, trying to get this cookie, and authorize the login if the token is present.

export default withAuth({
  pages: {
    signIn: '/auth/signin',
  },
  callbacks: {
    authorized: ({ req, token }) => {
      const accessToken = getCookie('accessToken'); => returns null
      return !!accessToken;
    },
  },
});

I'm not even sure I can access the cookie from the _middleware.ts file, or if it's the right way to do this.

Any help would really be appreciated. Thank you guys.

[atissedredecathlon]

I managed to retrieve the token like this :

export default withAuth({
  pages: {
    signIn: '/auth/signin',
  },
  callbacks: {
    authorized: ({ req }) => {
      const cookie = req.headers.get('cookie');
      const accessToken = cookie.split('accessToken=')[1].split(';')[0];
      // Do your logic
      return !!accessToken
    },
  },
});