NextJS - correct place for after auth logic?

Hey folks.

I have a very simple NextJS SPA which is working great with nextjs-auth0. I now need our users to complete a one-off form after they first authenticate. Until they have done this the only thing they should be able to do is log out.

Should I be performing this check in the global app code and perhaps saving a boolean in the session to indicate that they have completed the form (and therefore prevent it from firing on every request) or is there a better way?


Hi @StaringSkyward,

Welcome to the Auth0 Community!

Have you considered building this into a Redirect with Actions?

This approach allows you to integrate the form fill into the auth flow.

Let me know if you have questions.

Another option is to use the management api and modify the user’s app_metadata on form submission. Then query the userinfo endpoint to get this data if I remember correctly @dan.woda keep me honest Get Management API Access Tokens for Single-Page Applications


That is a great thought, and thanks for suggesting it! Unfortunately, a Management API access token that is requested from a SPA does not have the necessary scope for updating a user’s app_metadata. This is because the application is a client side app and the end user has access to the token, which would allow them to make updates to their own app_metadata.

Hope that helps!