Access token + nextjs + react native

lucas.melo · February 24, 2023, 1:54pm

Hi there,

I am trying to figure out how to protect my api and make requests from react native using a nextjs application as server.

So what I tested so far:
→ Auth0 with nextjs using cookies: All good.
→ Auth0 withApiAuth to protect routes: All good.
→ Auth0 withSsr: all good.

So since nextjs and auth0 make use of cookies I created my own validation (protectedRoute()) that I first check if the request is coming from mobile, if so I wanna verify the access_token from the authorization bearer token and I am struggling to figure this part out. So…

So far I have the access_token issued from react native and I need it in my nextjs api route to verify the access_token get the user details and continue. How can I do that?

If I could resolve this issue, then my custom function would work with both jwt and cookies depending on the origin of the request.

tyf · February 28, 2023, 1:54am

Hello @lucas.melo !

While not specific to React Native/Nextjs (I’m not an expert either), the general idea is outlined in our Architecture Scenarios documentation here. As in most all cases, the access token should be included in the Authorization header in calls to your API.

https://auth0.com/docs/get-started/architecture-scenarios/mobile-api/part-3#call-the-api

Hope this helps!

lucas.melo · February 28, 2023, 10:40am

yeah, that’s the general implementation I am following, now I am just not sure how to verify the token in a serverless route and continue or block the user access, or refresh the token and continue…