Next-auth: Support for server side NextAuth.signin()

NextAuth fully supports server side rendering.

If you try the included example site with JavaScript disabled in the browser, you can still sign in, view pages and be recognised as being signed in, and sign out again using <form method="post"> submission to endpoints like /auth/signin and /auth/signout.

This works for all types of sign in – although some oAuth providers like Google require JavaScript to display their sign in pages.

Note that if you want to sign in as someone else programmatically, the easiest way to do that is probably to define your own signIn() method in next-auth.functions.js and then do an HTTP POST to /auth/signin.

Note that you will need to save the cookie to make subsequent requests as that user, including sign out. This is a an example using the node fetch module from NPM that posts a username and password and saves the returned session cookie in a cookie jar so it can be sent with future requests.

````javascript
const fetch = require('fetch')
const fetchUrl = fetch.fetchUrl
const cookieJar = new fetch.CookieJar()

const url = 'http://www.example.com/auth/signin'
const username = 'jsmith'
const password = 'abc123'

fetchUrl(url, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
},
body: username=${encodeURIComponent(username)}&password=${encodeURIComponent(password)},
cookieJar: cookieJar
}, (error, meta, body) => {
// Check response
console.log(body.toString())
})
````

You could add a Client ID / Secret pair or API Key to your user account object and accept that instead of a password in your signIn() function.

If you have any follow up questions please feel free to re-open.

Thanks for the update. I was hesitant to access the next-auth routes manually but was able to signin as you suggested above successfully.

One follow-up question, though. Is there a way to capture errors thrown in the next-auth.functions signin() method? For example, if signin() fails, next-auth redirects to error.js and passes '/auth/error?action=signin&type=credentials' in the query string. Is there a way to capture more detailed information regarding the failure - perhaps the error originally thrown during signin()??

Sorry for the delay in responding (been away for a few days)!

Hmm yes the error handling isn't very good there. We should make that at ticket and improve it.

Thanks for bringing it up! I think we could probably add another parameter to that query string with the original error message.

Hi Iain, thanks for great work with NextAuth!
I've started to use it for a blank-slate project, basically rebuilding from scratch an old and creaking Django project.

There's a particular page where I want anonymous users to be automatically signed in

Here's how it works using django-allauth in the old Django project:

from django.shortcuts import render

def my_view(request, obscure_uid=None):
    # Does some server-side logic before rendering html to client in full-page load
    …
    if not request.user.is_authenticated():
        user = infer_user_based_on_obscure_code(obscure_uid)
        # user is a User, but maybe they haven't yet set a password
        # If they haven't yet set a password, log them in now and present the "set password" form in html
        # (This is a one-off event for the user, as they'll always have .password non-blank in future)
        # if they have a password, then don't do this - they need to be logged in, or see the "login form" in html
        if user and not user.password:
            # user is a User object we created in advance (because of a webhook), with an email, but no password set yet
            # hence they can't log in the normal way, but we'll log them in server-side just this once
            from allauth.account.utils import perform_login
            perform_login(request, listener, email_verification=None)
    …
    return render(request, "template.html", {'user': user, …})

As you see, perform_login can sign the user in, server-side, before the page loads.

I'm having a bit of difficulty spotting the equivalent in next-auth, and am aware it's been a couple of years since you wrote this:

Note that if you want to sign in as someone else programmatically, the easiest way to do that is probably to define your own signIn() method in next-auth.functions.js and then do an HTTP POST to /auth/signin.

Am I correct in saying next-auth.functions.js is deprecated in v3?
What's the equivalent way to do perform_login, conditionally and server-side, using next-auth?

If it's bleedingly obvious in the docs, then apologies for missing it, feel free to just paste a link. This is not just my first foray into the world of Next, but my first React adventure too.