TTC
Theo's Typesafe Cult5mo ago
Michael

NextAuth and role based access control

Can someone explain to me how to modify the the auth.ts file in the server folder when you set up a boilerplate t3 app with next auth in order to enable role based access control? I have been using a profile() callback (https://authjs.dev/guides/basics/role-based-access-control) with a GitHubProvider but I get an error with my prisma schema. 
   GitHubProvider({
      profile(profile) {
        return {
          ...profile,
          role: profile.role ?? "user",
          id: profile.id.toString(),
          image: profile.avatar_url,
        }
      },
      clientId: process.env.GITHUB_ID as string,
      clientSecret: process.env.GITHUB_SECRET as string,
    }),
   GitHubProvider({
      profile(profile) {
        return {
          ...profile,
          role: profile.role ?? "user",
          id: profile.id.toString(),
          image: profile.avatar_url,
        }
      },
      clientId: process.env.GITHUB_ID as string,
      clientSecret: process.env.GITHUB_SECRET as string,
    }),
I added this in my User model role String @default("user") but no luck. Would really appreciate some insight on how to do this.
Role-based access control | Auth.js
There are two ways to add role-based access control (RBAC) to your application, based on the session strategy you choose. Let's see an example for each of these.
2 Replies
Michael
Michael5mo ago
I think I figured this out. The User interface needs to be in the next-auth module that's declared. I also was spreading in the profile object from the GitHubProvider which I think was not compatible with the prisma User Schema. Instead, I just grabbed the values I wanted. 
declare module "next-auth" {
  interface Session extends DefaultSession {
    user: {
      id: string;
      name: string;
      login: string;
      // ...other properties
      role: string;
    } & DefaultSession["user"];
  }

  //Must include this interface to allow sesssion access to user.role and user.name
  interface User {
    role: string;
    name: string;
  }
}
declare module "next-auth" {
  interface Session extends DefaultSession {
    user: {
      id: string;
      name: string;
      login: string;
      // ...other properties
      role: string;
    } & DefaultSession["user"];
  }

  //Must include this interface to allow sesssion access to user.role and user.name
  interface User {
    role: string;
    name: string;
  }
}
export const authOptions: NextAuthOptions = {
  adapter: PrismaAdapter(db),
  providers: [
    GitHubProvider({
      profile(profile: GithubProfile) {
        return {
          //this will populate the user schema based on information pulled from the auth provider
          name: profile.login,
          email: profile.email,
          role: profile.role ?? "user",
          id: profile.id.toString(),
          image: profile.avatar_url,
        }
      },
      clientId: process.env.GITHUB_ID as string,
      clientSecret: process.env.GITHUB_SECRET as string,
    }),
  ],
  callbacks: {
    session: ({ session, user }) => ({
      ...session,
      user: {
        ...session.user,
        id: user.id,
        name: user.name,
        role: user.role,
        email: user.email
      },
    }),
    async redirect({url, baseUrl}) {
      return baseUrl
    }
  },

};

/**
 * Wrapper for `getServerSession` so that you don't need to import the `authOptions` in every file.
 *
 * @see https://next-auth.js.org/configuration/nextjs
 */
export const getServerAuthSession = () => getServerSession(authOptions);
export const authOptions: NextAuthOptions = {
  adapter: PrismaAdapter(db),
  providers: [
    GitHubProvider({
      profile(profile: GithubProfile) {
        return {
          //this will populate the user schema based on information pulled from the auth provider
          name: profile.login,
          email: profile.email,
          role: profile.role ?? "user",
          id: profile.id.toString(),
          image: profile.avatar_url,
        }
      },
      clientId: process.env.GITHUB_ID as string,
      clientSecret: process.env.GITHUB_SECRET as string,
    }),
  ],
  callbacks: {
    session: ({ session, user }) => ({
      ...session,
      user: {
        ...session.user,
        id: user.id,
        name: user.name,
        role: user.role,
        email: user.email
      },
    }),
    async redirect({url, baseUrl}) {
      return baseUrl
    }
  },

};

/**
 * Wrapper for `getServerSession` so that you don't need to import the `authOptions` in every file.
 *
 * @see https://next-auth.js.org/configuration/nextjs
 */
export const getServerAuthSession = () => getServerSession(authOptions);
Michael
Michael5mo ago
Here is my full repo if anyone else is struggling to figure this out: https://github.com/DocMDC/RoleBasedAccessControlT3NextAuth
GitHub
GitHub - DocMDC/RoleBasedAccessControlT3NextAuth
Contribute to DocMDC/RoleBasedAccessControlT3NextAuth development by creating an account on GitHub.
Want results from more Discord servers?
Add your server
More Posts
what tool do you use for api testingI have used postman over the years but for a few years now its been too buggy I also tried InsomniNext js Form weird behaviorI am building a form where when i click on submit, the data does get updated but the ui starts to upHow do you gain an edge in the job market through resume experience only?I'm currently on the job market after working as a nodejs/react developer and my opportunity I like Zustand leaking stateIn the app, we have an event page that contains multiple views. Normal users only see the default viwhat is the correct way to use prefix in tailwindcssi'm working on a plugin for a certain application, that allows for custom css and whatever. i'm tryisetuping prettier and eslint with new next apphey folks here is my eslint config and prettier config I'm using with the t3-app ```cjs /** @type {iTrying to implement auto suggest/auto complete [python] in monaco editor, working with NextJsHas anybody here worked with monaco editor before??How to protect pages using Next AuthI am really confused right now. I'm being told it's not recommended to use JWT for OAuth but I need CORS while fetching data from apii'm trying to fetch a data from geoDataSource. since i need to translate latitude and longitude intoType error with Clerk, Just trying to use useUser()Hey yall I'm having an error using the useUser function in my nextjs app router project. Its saying