Docs/Add Hardware-Backed Sign-In to Your Application/ Next.js (NextAuth.js)

Next.js (NextAuth.js)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

Install NextAuth.js:

npm install next-auth

Create the auth configuration in app/api/auth/[...nextauth]/route.js:

import NextAuth from "next-auth";

const handler = NextAuth({
  providers: [
    {
      id: "vouch",
      name: "Vouch",
      type: "oidc",
      issuer: "https://us.vouch.sh",
      clientId: process.env.VOUCH_CLIENT_ID,
      clientSecret: process.env.VOUCH_CLIENT_SECRET,
      authorization: { params: { scope: "openid email" } },
      profile(profile) {
        return {
          id: profile.sub,
          name: profile.name,
          email: profile.email,
        };
      },
    },
  ],
  callbacks: {
    async jwt({ token, account, profile }) {
      if (account) {
        token.accessToken = account.access_token;
        token.vouchId = profile.sub;
      }
      return token;
    },
    async session({ session, token }) {
      session.accessToken = token.accessToken;
      session.user.vouchId = token.vouchId;
      return session;
    },
  },
});

export { handler as GET, handler as POST };

Add environment variables to .env.local:

NEXTAUTH_URL=https://your-app.example.com
NEXTAUTH_SECRET=your-session-secret
VOUCH_CLIENT_ID=your-client-id
VOUCH_CLIENT_SECRET=your-client-secret