Setting default roles on signUp, NextAuth
Hello,
I want to create a page where admin users can create roles and select what permissions other users have when using the app. But I also want the admin users to give other users multiple roles if they want.
Attached is the prisma schemas I am using. However with this approach when a user signs up for the first time they have no user role, unlike before where I used an enum containing a set number of Roles, but with the enum approach an admin cannot change or add roles. Is there a callback for NextAuth I can use that only executes on user signup so I can set a default role of User. To access user roles in the frontend I am attaching the user roles like this, also I am checking if a user has roles first, if not I add them to the user and attach it to the session. Is this a good approach, if not what can I do to improve it? What are your thoughts, thankyou.
Attached is the prisma schemas I am using. However with this approach when a user signs up for the first time they have no user role, unlike before where I used an enum containing a set number of Roles, but with the enum approach an admin cannot change or add roles. Is there a callback for NextAuth I can use that only executes on user signup so I can set a default role of User. To access user roles in the frontend I am attaching the user roles like this, also I am checking if a user has roles first, if not I add them to the user and attach it to the session. Is this a good approach, if not what can I do to improve it? What are your thoughts, thankyou.
9 Replies
The
signIn could be used to avoid checking for roles on every session callback since that occurs on every validation of the user session. With that minor exception I think it is a good approach.
Since you have a two-way link between roles and users where they both own each other in your schema I don't think there is a way to do this automatically in the DB. Otherwise you could just use a default value for roles on the user schemaHow exactly do I add default values for roles in the User Schema, when I am not using an enum? In my situation a role can be created by a User with the valid permissions.
The problem with adding the check for roles in the signIn callback is that on first sigin (signUp), the user.id is actually the actually the providerAccountId, so I cannot attach the roles to the user on first siginIn(SignUp), which is why I put it in the session callback. With the code above, it only makes additional queries when a user has no roles, but only ever does 1 query when a user already has roles.
This is the way I tried to do what u said, in the screenshots attached, did u mean another way?
Also on first sign in, even though there is a providerAccountID, therfore I technically should be able to find the user, but the User actually doesnt exist at that point, it only exists after the signIn callback has executed I beleive. Doesnt NextAuth have a callback for after signIn, or a signUp callback, to create the user in the DB manually?
Hmm, I actually wasn't aware of this behavior since it doesn't work the same way in Solid (which is where I last used NextAuth/Auth.js). There I manually insert the user if it doesn't exist so I can play with the user object as I please before sending it to the db
And you might be correct about the DB default value being a problem since you don't know what ID's the roles will have in your db.
Honestly I'd say don't sweat it too much. Doing it in the session isn't bad since you're not doing unnecessary api calls. One extra
if in your session callback really isn't anything to worry aboutHmm, fair enough, thanks for your advice, every time I implement something I am always wondering if I did it in a good way, especially when it comes to auth, is it difficult to implement to insert the user manually, do you have any resources you used that I can look at to do something like that, I have been mostly relying on the t3 setup for next auth with minor alternations
It's not difficult at all, here's how I do it (with drizzle instead of prisma but I think you get the point). I'm not sure how to stop your existing setup from creating users though if it's already happening automatically
You can of course save more of the data given by NextAuth but I don't need it for my purposes
And I do wish I had some resources to give you, but I don't have much else but the NextAuth docs (and the Auth.js docs) to show you
Thankyou for your help, I really appreciate it, are you using drizzle with t3? I kinda want to move over but since drizzle is new im kinda hesitant, also the fact that prisma does so many extra queries for simple joins seems bad.
The code i showed happens to be from a Solid project which is where I've tried drizzle the most. But I am in the process of migrating a live t3 project to drizzle in hopes of big performance gains. The migration has been very smooth for the most part. Atm I'm stuck on a very strange bug (which is most likely my fault and not drizzles), but with the exception of that I really like it.
Totally agreed on prismas handling of queries being really bad