/zitadel-nextjs

This is our ZITADEL [Next.js](https://nextjs.org/) template. If shows how to authenticate as a user and retrieve user information from the OIDC endpoint.

Primary LanguageTypeScriptMIT LicenseMIT

This is our ZITADEL Next.js template. It shows how to authenticate as a user and retrieve user information from the OIDC endpoint.

Deploy your own

Deploy with Vercel

Getting Started

First, to install the dependencies run:

yarn install

then create a file .env in the root of the project and add the following keys to it. You can find your Issuer Url on the application detail page in console.

NEXTAUTH_URL=http://localhost:3000
ZITADEL_ISSUER=[yourIssuerUrl]
ZITADEL_CLIENT_ID=[yourClientId]
ZITADEL_CLIENT_SECRET=[randomvalue]
NEXTAUTH_SECRET=[randomvalue]

next-auth requires a secret for all providers, so just define a random value here. then open http://localhost:3000 with your browser to see the result.

Configuration

NextAuth.js exposes a REST API which is used by your client. To setup your configuration, create a file called [...nextauth].tsx in pages/api/auth. You can directly import our ZITADEL provider from next-auth.

import NextAuth from 'next-auth';
import ZitadelProvider from 'next-auth/providers/zitadel';

export default NextAuth({
  providers: [
    ZitadelProvider({
      issuer: process.env.ZITADEL_ISSUER,
      clientId: process.env.ZITADEL_CLIENT_ID,
      clientSecret: process.env.ZITADEL_CLIENT_SECRET,
    }),
  ],
});

You can overwrite the default callbacks too, just append them to the ZITADEL provider.

...
ZitadelProvider({
    issuer: process.env.ZITADEL_ISSUER,
    clientId: process.env.ZITADEL_CLIENT_ID,
    clientSecret: process.env.ZITADEL_CLIENT_SECRET,
    async profile(profile) {
        return {
          id: profile.sub,
          name: profile.name,
          firstName: profile.given_name,
          lastName: profile.family_name,
          email: profile.email,
          loginName: profile.preferred_username,
          image: profile.picture,
        };
    },
}),
...

We recommend using the Authentication Code flow secured by PKCE for the Authentication flow. To be able to connect to ZITADEL, navigate to your Console Projects, create or select an existing project and add your app selecting WEB, then CODE, and then add http://localhost:3000/api/auth/callback/zitadel as redirect url to your app.

For simplicity reasons we set the default to the one that next-auth provides us. You'll be able to change the redirect later if you want to.

Hit Create, then in the detail view of your application make sure to enable dev mode. Dev mode ensures that you can start an auth flow from a non https endpoint for testing.

Once you have created the application, you will see a dialog providing the clientId and clientSecret.

Copy the secret as it will not be shown again.

Now go to Token settings and check the checkbox for User Info inside ID Token to get your users name directly on authentication.

User interface

Now we can start editing the homepage by modifying pages/index.tsx. Add this snippet your file. This code gets your auth session from next-auth, renders a Logout button if your authenticated or shows a Signup button if your not. Note that signIn method requires the id of the provider we provided earlier, and provides a possibilty to add a callback url, Auth Next will redirect you to the specified route if logged in successfully.

import { signIn, signOut, useSession } from 'next-auth/client';

export default function Page() {
    const { data: session } = useSession();
    ...
    {!session && <>
        Not signed in <br />
        <button onClick={() => signIn('zitadel', { callbackUrl: 'http://localhost:3000/profile' })}>
            Sign in
        </button>
    </>}
    {session && <>
        Signed in as {session.user.email} <br />
        <button onClick={() => signOut()}>Sign out</button>
    </>}
    ...
}

Session state

To allow session state to be shared between pages - which improves performance, reduces network traffic and avoids component state changes while rendering - you can use the NextAuth.js Provider in /pages/_app.tsx. Take a loot at the template _app.tsx.

import { SessionProvider } from 'next-auth/react';

function MyApp({ Component, pageProps }) {
  return (
    <SessionProvider session={pageProps.session}>
      <Component {...pageProps} />
    </SessionProvider>
  );
}

export default MyApp;

Last thing: create a profile.tsx in /pages which renders the callback page.

Learn More

To learn more about Next.js, take a look at the following resources:

You can check out the Next.js GitHub repository - your feedback and contributions are welcome!

Deploy on Vercel

The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.

Check out our Next.js deployment documentation for more details.