Hi Tobi! Great video, but I am quite confused by one thing in your set up: At what point exactly are you handling the auth check? I am asking because I am currently running into issues with verifying DB sessions in middleware, which runs on the edge runtime, which doesn't work with the drizzle adaptor. In your middleware file, you seem to check authentication by assigning isLoggedIn to if the request contains a cookie authjs.session-token , but are you certain that this token is synced to your DB sessions?
@@tobitacklestech I am not sure that's the case. I rewatched the video again, and I believe that the only auth check you are doing is at 7.16, but at no point are you relying on Auth.js to actually verify the authentication though? You are just checking if there is a authjs.session-token present in the cookies, but at what point is this being verified?
@@tobitacklestech I might miss something, but I truly don't see where authentication is actually taking place in your video. Here are few examples: 1. If you manually set a authjs.session-token cookie in your browser, you'll be authenticated. You are never relying on auth.js to verify this. Anyone could manually set this cookie with an empty value to be signed in as far as I am aware. 2. I double checked your auth.js file and you aren't specifying a session strategy; so Auth.js is automatically setup to handle auth using database sessions. If you handle this in the middleware, you'll have to separate your auth config from the rest since the drizzle adaptor won't run on edge runtime, and if you would actually validate a db session in the middleware, you'd get an error. Again: I could be missing something, but the only check I am seeing is to verify if a cookie exists by name, but anyone can manually set a cookie by name in a browser session.
@@tobitacklestech I cloned the project and opened it. It's what I thought: there is no auth check. If you go the middleware you'll see that your isLoggedIn variable is always set to true as long as authjs.session-token is present by name. I didn't even have to sign in here as i had another project open on localhost:3000 that had the cookie as well, and it sets your isLoggedIn to true just because it was present. I've set up auth with different libraries before, and frankly Auth.js sucks, but you should ensure that auth actually happens, even if the library "abstracts" it away. There's other cool stuff in your repo, but it might be worth re doing this video as it essentially shows how to set up auth without actually performing it.
I have been struggling to implement authjs properly as the docs is not very helpful, and being new there aren't much resources on how to implement it properly especially on production. Thank you very much, really appreciate it! Also a few questions: 1) if a user does login with google, github or magic links, where and when do you save the user information in the db? 2) what editing software are you using? The animations in the video look sick
Hey Alfred, 1. the User Information is Safed automatically and under the hood with auth.js but you can implement hooks inside the auth.ts to implement additional functionality while this is happening 2. thanks! I use ScreenStudio for mac ✌🏻
@@tobitacklestech yes, it was something else (dumb) ... I think the drizzle config was messed up pointing to an old schema. Thanks for putting this together, I got all my auth working now, prolly just want to switch to jwt sessions.
good work, i am also building auth for my open community project defiantly will check it
Thanks, I hope you wont face to many Problems!
Please show the process of setting up user authentication from scratch using Next.js, Drizzle, and Resend.
With Auth.js?
@@tobitacklestech It can be done with Auth.js or Clerk.
Hi Tobi! Great video, but I am quite confused by one thing in your set up:
At what point exactly are you handling the auth check?
I am asking because I am currently running into issues with verifying DB sessions in middleware, which runs on the edge runtime, which doesn't work with the drizzle adaptor.
In your middleware file, you seem to check authentication by assigning isLoggedIn to if the request contains a cookie authjs.session-token , but are you certain that this token is synced to your DB sessions?
This is done by auth.js itself… so the sync with the db
@@tobitacklestech I am not sure that's the case. I rewatched the video again, and I believe that the only auth check you are doing is at 7.16, but at no point are you relying on Auth.js to actually verify the authentication though?
You are just checking if there is a authjs.session-token present in the cookies, but at what point is this being verified?
@@tobitacklestech I might miss something, but I truly don't see where authentication is actually taking place in your video.
Here are few examples:
1. If you manually set a authjs.session-token cookie in your browser, you'll be authenticated. You are never relying on auth.js to verify this. Anyone could manually set this cookie with an empty value to be signed in as far as I am aware.
2. I double checked your auth.js file and you aren't specifying a session strategy; so Auth.js is automatically setup to handle auth using database sessions.
If you handle this in the middleware, you'll have to separate your auth config from the rest since the drizzle adaptor won't run on edge runtime, and if you would actually validate a db session in the middleware, you'd get an error.
Again: I could be missing something, but the only check I am seeing is to verify if a cookie exists by name, but anyone can manually set a cookie by name in a browser session.
@@paleo3142 honestly I can’t tell you all the magic… this project already was a bit older :/ the exact auth logic is abstracted away from the user
@@tobitacklestech I cloned the project and opened it. It's what I thought: there is no auth check. If you go the middleware you'll see that your isLoggedIn variable is always set to true as long as authjs.session-token is present by name.
I didn't even have to sign in here as i had another project open on localhost:3000 that had the cookie as well, and it sets your isLoggedIn to true just because it was present.
I've set up auth with different libraries before, and frankly Auth.js sucks, but you should ensure that auth actually happens, even if the library "abstracts" it away.
There's other cool stuff in your repo, but it might be worth re doing this video as it essentially shows how to set up auth without actually performing it.
awesome video, I needed that 😮
🙀
I have been struggling to implement authjs properly as the docs is not very helpful, and being new there aren't much resources on how to implement it properly especially on production. Thank you very much, really appreciate it!
Also a few questions:
1) if a user does login with google, github or magic links, where and when do you save the user information in the db?
2) what editing software are you using? The animations in the video look sick
Hey Alfred,
1. the User Information is Safed automatically and under the hood with auth.js but you can implement hooks inside the auth.ts to implement additional functionality while this is happening
2. thanks! I use ScreenStudio for mac ✌🏻
Im trying to adapt this code but keep getting this error:
Module not found: Can't resolve '@auth/drizzle-adapter'
Did you install it? Npm install …
@@tobitacklestech yes, it was something else (dumb) ... I think the drizzle config was messed up pointing to an old schema. Thanks for putting this together, I got all my auth working now, prolly just want to switch to jwt sessions.
Do you have the discord group?
Which one do you need?
@@tobitacklestech the next-auth and I don't mind if you can provide the two 😊
@@tobitacklestech the next-auth. I don't mind if u can provide the two groups