React native + nextjs + auth0

lucas.melo · February 21, 2023, 3:51pm

Hey there,

Is there a guide to implement auth0 with react-native and a nextjs serverless backend?

thank you!

dan-auth0 · February 22, 2023, 11:57am

Hello, Lucas! Welcome to the Auth0 Community.

I want to understand your use case better, please.

Are you looking to use Auth0 to secure a React Native client application and then also use Auth0 to secure access to an API that you are creating using Next.js (perhaps also hosting it on Vercel)? Does the Next.js application also have a client component or is it only an API?

Thanks!

lucas.melo · February 22, 2023, 12:10pm

Hey Dan, thanks for reaching out.

Yes, I am looking for a secure api + web + react native authentication with auth0.

Currently, I am adding auth0 to my nextjs (web and api) and the next step would be allow user to also sign in/up using the react native app.

dan-auth0 · February 22, 2023, 12:34pm

Awesome! That’s a fun stack. Let me research this scenario and I’ll get back to you as soon as I have an answer.

dan-auth0 · February 22, 2023, 1:04pm

I got an answer: The Auth0 Next.js SDK is intended for web login and it uses cookie-based authentication and authorization instead of a token-based approach. Therefore, calling a protected Next.js API from another client is not supported.

lucas.melo · February 22, 2023, 2:12pm

can I share the same user details between the two projects?

dan-auth0 · February 28, 2023, 1:58am

What do you mean exactly by user details in this context?

If both applications are registered under the same tenant, every user that logs in to one of your client apps will have the same ID token. Are you looking to share user metadata?

lucas.melo · February 28, 2023, 10:48am

okay so I will try to be more clear.

I am trying to figure out how to protect my api and make requests from react native using a nextjs application as server.

So what I tested so far:
→ Auth0 with nextjs using cookies: All good.
→ Auth0 withApiAuth to protect routes: All good.
→ Auth0 withSsr: all good.

So since nextjs and auth0 make use of cookies I created my own validation (protectedRoute()) that implements a jwt verify or withApiAuth from auth0-nextjs lib. The general idea is that I first check if the request is coming from mobile, if so I wanna verify the access_token from the authorization bearer token and I am struggling to figure this part out. So…

So far I have the access_token issued from react native and I need it in my nextjs api route to verify the access_token get the user details and continue. How can I do that?

iamkc · January 5, 2024, 7:43pm

Lucas - Just to be clear, you’re using the nextjs-auth0 SDK library, right? (you refer to auth-nextjs in your message above.)
If that’s the case, I believe it doesn’t support JWT Bearer tokens.
See this - Authentication with access token not working · Issue #1266 · auth0/nextjs-auth0 · GitHub

Is this the scenario you’re trying to attempt?