How do I manage the user's authentication state when creating users? nextjs-auth0 has limited capability

Overall, the problem boils down to “how do I update the login state on the client side in nextjs-auth0 with valid credentials/information?”. Below is the more detailed description.

I successfully set up the login flow and protected some pages using withPageAuthRequired. I am using Nextjs 13 and Apollo Client in conjunction with Auth0. However, I’m looking to add support for a few things:

  1. custom user creation I need to sign the user on after they go through a custom user creation process. How would i get back a token then update the state in nextjs-auth0? It’s very unclear to me

  2. token refresh cycle I would like to continue refreshing my users’ tokens while they are actively using the site. How would I update the state in nextjs-auth0/consume a refresh token to keep my user logged in?

Hi @ajtoo

Welcome to the Auth0 Community!

  1. Custom User creation and token fetching:
    For the given example I would suggest checking out Authorization Code Flow with Proof Key for Code Exchange (PKCE), which is done behind the curtains if you use [auth0-spa-js](https://What exactly happens behind the curtains here?)

  1. Silent Auth:
    From what I’ve checked there’s no plug-in function that will do silent auth in the next-js=auth0 (according to our GitHub repository), but I found a discussion on how to implement this. feature What is the best way to do silent authentication in V2? · Issue #1207 · auth0/nextjs-auth0 · GitHub

I would also recommend checking out our latest guide about Next.js Authentication

Thanks
Dawid

Hi Dawid,

I actually had a look through these options. I think the problem here is that I need to support a custom sign up via a Rails API that also populates data on that API side. I’ve been trying to consume Auth0 more as an API while waiting for the reply. I think the big kicker overall is the App Router making it difficult to handle the credentials.

In any scenario, I need to be able to pass the credentials along with my GraphQL request and it seems to be a bit of a struggle depending on where I am in the render cycle. In the RSC render, it seems like we’re cut off from anywhere that we could retrieve a token from to make a request. On SSR, it seems like it depends on the scenario. (Client side is obviously simple and straightforward).

Auth0 describes that we should store the token in memory and not on, say, localSession. Where exactly would this be?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.