#ISSUE IN DOCS : SSR OAuth in NextJS

19 messages · Page 1 of 1 (latest)

drowsy steeple
#

Okay so i just setup my OAuth (with google) in my nextjs app , using server side sdks ( cause I just wanted that extra security and didnt wanted to reveal my appwrite stuff over to the client ) and I followed these docs for the reference : https://appwrite.io/docs/tutorials/nextjs-ssr-auth/step-7

but I feel there is a major problem with the way these docs mention to setup oauth
if you see the server side oauth files

// src/lib/server/oauth.js
"use server";

import { createAdminClient } from "@/lib/server/appwrite";
import { redirect } from "next/navigation";
import { headers } from "next/headers";
import { OAuthProvider } from "node-appwrite";

export async function signUpWithGithub() {
    const { account } = await createAdminClient();

  const origin = headers().get("origin");
  
    const redirectUrl = await account.createOAuth2Token(
        OAuthProvider.Github,
        `${origin}/oauth`,
        `${origin}/signup`,
    );

    return redirect(redirectUrl);
};

here the OAuth2 token is created and then redirects are done
but these redirects are not enough for the session to be created n set
and then we will have to create a server side api endpoint in the /oauth (as mentioned in the docs )

// src/app/oauth/route.js
import { createAdminClient } from "@/lib/server/appwrite";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";

export async function GET(request) {
  const userId = request.nextUrl.searchParams.get("userId");
  const secret = request.nextUrl.searchParams.get("secret");

  const { account } = await createAdminClient();
  const session = await account.createSession(userId, secret);

  cookies().set("my-custom-session", session.secret, {
    path: "/",
    httpOnly: true,
    sameSite: "strict",
    secure: true,
  });

  return NextResponse.redirect(`${request.nextUrl.origin}/account`);
}

and its over here that we create the session client and set the cookies for the users

OAuth authentication with SSR - Docs - Appwrite

Add authentication to a Next.js project using Appwrite.

#

all the code and the procedure till now is from the docs itself

#

but I dont feel this is a nice way of setting the oauth up

#

cause now the session that is created on the user client

#

if u try to get that session

#

it states that session as a NON-OAUTH session because that session is created by using the adminAccount.createSession(userId, secret);
(instead of the session being created by the google Oauth)

and the OAuth provider , the providerID , the providerAccessToken
everything is empty

#

and due to that

#

its absolutely impossible to do stuff like getting user profle photos and to do other interactions with the google api's using the AccessTokens

#

so is there any better way to set up the server side oauth in nextjs?

drowsy steeple
drowsy steeple
# drowsy steeple it states that session as a NON-OAUTH session because that session is created by...

cz comparitively
if I were to use the client side sdk
then I would have been able to call thing like

// Go to OAuth provider login page
account.createOAuth2Session(
    OAuthProvider.Github, // provider
    'https://example.com/success', // redirect here on success
    'https://example.com/failed', // redirect here on failure
    ['repo', 'user'] // scopes (optional)
);

which would automatically not just create the token but also would set the session with proper oauth provider

drowsy steeple
#

can anyone please look into it once?

lone inlet
#

Does getSession("current") not return the provider information?

drowsy steeple
drowsy steeple
drowsy steeple
glass terrace
#

Hey, Booyah!
I've been stuck on this issue for three days, wen through all the docs and proper solutions.

I even tried to combine both client side and server side SDKs, by login the user using the client side sdk, get all the information I need from the provider and then save the session to the cookies, but I had an issue when it came to logout the user for the same reason you mentioned. The session had been created using client sdk, while the logout and session deletion is issued using server sdk.

#

So, I'm wondering if you ware able to find any work-around or a solution ?

azure zephyr