Add role based authentication using next-auth in NextJS
I was implementing a role based authentication using next-auth v4 using CognitoProvider which I modified to add a role but the role attribute is not passed in the final session json
import NextAuth from "next-auth/next";
function CognitoProvider(options) {
return {
id: "cognito",
name: "Cognito",
type: "oauth",
wellKnown: `${options.issuer}/.well-known/openid-configuration`,
idToken: true,
profile(profile) {
console.log(profile);
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: profile.picture,
role: profile["cognito:groups"],
};
},
options,
};
}
export default NextAuth({
providers: [
CognitoProvider({
clientId: process.env.COGNITO_CLIENT_ID,
clientSecret: process.env.COGNITO_CLIENT_SECRET,
issuer: process.env.COGNITO_DOAMIN,
}),
],
callbacks: {
session: (props) => {
console.log(props);
return props.session;
},
},
});
Below is the console log of profile object
role: profile["cognito:groups"]
Actual Object
I have added a user to admin group and wanted him to access a specific route in my NextJS app.
Any help would be appreciated.
Solution
You need to configure the jwt and session callbacks to include more data in the session.
From Next-Auth docs:
If you want to make something available you added to the token [...] via the
jwt()callback, you have to explicitly forward it here [thesession()callback] to make it available to the client.
To add the user's role:
export default NextAuth({
// ...
callbacks: {
jwt({ token, account, profile }) {
if (account) {
// modify token
token.role = profile.role;
}
return token;
},
session({ session, token }) {
// Send properties to the client
if (session.user) {
// modify session
session.user.roles = token.role;
}
return session;
},
},
});
Then in your route, you would get the user's role from the session session.user.role
- AWS CLI Create Default VPC
- Email address is not verified (AWS SES)
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"
- mTLS on AWS ALBs across multiple regions
- How to debug a aws lambda function?
- AWS SAM retrieve secret value from Secret Manager with dynamic referencing
- Cloudfront redirect when signed cookies not present
- Is there a wildcard character in AWS EventBridge rules?
- Laravel file upload s3 Multipart
- Increase EC2 disk storage without losing any data
- AWS Lambda triggers SES in VPC
- Setting HTTP Headers with Lambda@Edge
- How to find an Amazon EC2 AMI if I only have the id?
- AWS Lambda - Can't set memory larger than 3008 MB
- Which one is the cheapest to use AWS RDS or my own database?
- AWS Glue Please verify role's TrustPolicy
- How to create event bus events with source 'aws.'?
- Terraform and AWS: No Configuration Files Found Error
- How to transfer the packets through NAT gateway instead of public IP?
- Is Aws well architected framework supports API's?
- Can't delete AWS internet Gateway
- Unable to Trigger Lambda function in AWS using Python code from my local setup
- How to login with AWS CLI using credentials profiles
- How to retrieve multiple endpoints using data "aws_vpc_endpoint" resource?
- When pushing to ECS, Docker image errors out with module not found error
- Is there a way to drop file extensions when using AWS CLI with --recursive?
- On-demand self-hosted AWS EC2 runner for GitHub Actions
- How to manage dev and prod environments in a SAM project with CloudFormation Stacks, API Gateway, Lambda, and other AWS services?
- EC2 Instance error telling me multiple IAM Roles are attached when I try to change it...?
- (NoSuchVersion) when calling the GetObject operation: The specified version does not exist