Understanding Next-Auth role in my app.
Hi everyone, I'm working on my first project with the T3 stack, and apart from TypeScript , Next.js, Prisma, and Tailwind, the rest is pretty new to me. I have already created the signup and login flow with tRPC and Next-Auth, but I'm in serious doubt about whether my understanding of what Next-Auth is for is correct. I mean, I'm using MongoDB but a JWT strategy for the session. I'm using the credentials approach as it is a requirement from the project. I'm using Next-Auth for the login process and to pass required data to be used in the frontend through the session, but nothing else other than that. Should I be using any token somewhere? Or is just using a protected procedure with tRPC enough for security? I'm really used to the "old way" of doing backend where you send the access token as part of the header to validate permissions. Also, the refresh token as part of the cookies and a lot of strategies like token rotation and token reuse. I'm not using any of that, or at least as far as I know, so I'm really confused and insecure about my app's security.
1 Reply
Hey Maxi, just came across your post about this and I am thinking the exact same thing. Not 100% sure if this would help but I've come across this document about setting up your own custom OAuth provider https://next-auth.js.org/configuration/providers/oauth#using-a-custom-provider
OAuth | NextAuth.js
Authentication Providers in NextAuth.js are OAuth definitions that allow your users to sign in with their favorite preexisting logins. You can use any of our many predefined providers, or write your own custom OAuth configuration.