Next-auth: How to get scopes in serverside pages/api

Created on 7 Jul 2020 · 4Comments · Source: nextauthjs/next-auth

Your question
A have several types of api and depending pages. Users can have custom scopes, for example

users with sth.read scope
users with sth.read and sth.write scopes

I want to know in session (or by another way) user available scopes, but i didn't find solution in docs.

What are you trying to do
Trying to separate security groups for users in one application - read and write permissions

Documentation feedback

[ ] Found the documentation helpful
[x] Found documentation but was incomplete
[ ] Could not find relevant documentation
[ ] Found the example project helpful
[x] Did not find the example project helpful

question stale

Source

lavcraft

Most helpful comment

Although not fully documented yet, each provider supports a different set of options 🧐

For instance, if you're authenticating through GitHub you can supply the scopes you want when setting-up the provider on pages/api/auth/[...slug].js:

import Providers from `next-auth/providers`
...
providers: [
  Providers.GitHub({
    clientId: process.env.GITHUB_CLIENT_ID,
    clientSecret: process.env.GITHUB_CLIENT_SECRET
    scope: 'user public_repo repo repo_deployment'
  })
}
...

Looking at the source code you can check for instance than passing scopes to Github is supported.

I think the best is for you to look at the different config options for the providers you need.

I think anyway most of them support scopes through the scope config option.

You can also open a PR to improve the providers docs and like this help others with a similar issue like yours in the future 👍🏻

lluia on 7 Jul 2020

👍2

All 4 comments

Although not fully documented yet, each provider supports a different set of options 🧐

For instance, if you're authenticating through GitHub you can supply the scopes you want when setting-up the provider on pages/api/auth/[...slug].js:

import Providers from `next-auth/providers`
...
providers: [
  Providers.GitHub({
    clientId: process.env.GITHUB_CLIENT_ID,
    clientSecret: process.env.GITHUB_CLIENT_SECRET
    scope: 'user public_repo repo repo_deployment'
  })
}
...

Looking at the source code you can check for instance than passing scopes to Github is supported.

I think the best is for you to look at the different config options for the providers you need.

I think anyway most of them support scopes through the scope config option.

You can also open a PR to improve the providers docs and like this help others with a similar issue like yours in the future 👍🏻

lluia on 7 Jul 2020

👍2

@lluia thank you for reply. But i mean another thing

May be i want strange things, but i need scopes in consumer side (server/client)

For example

const Header = () => {
  const [session, loading] = useSession();
  session.scopes // <- how to achieve this

Because requested scopes may be not equals to returned from oidc server.

In my case, i have optional scopes (read/write) and some users can't write permissions.

Is it valid way to control optional permissions?

lavcraft on 7 Jul 2020

👍1

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

stale[bot] on 5 Dec 2020

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!

stale[bot] on 12 Dec 2020

Was this page helpful?

0 / 5 - 0 ratings