Protect Your API - Next Auth Middleware

Some of you have this concern, when you use ['/admin'] for matcher config. only the /admin is going to be private not all admin routes like /admin/posts. You can use ["/admin/:path*"] to restrict all of the admin path.

Simple, Easy to Understand,
Thank for so much Niraj for this video

AMAZING!! Simple, fast and understandable explanation

goddamn bro you are awesome !! you will go big soon

Your next auth tutorials have been helpful and very straight forward, thanks.

This approach only works for JWT tokens at the moment, next-auth middleware dos not support session based auth.

Yes a fix,
Especially for a client website

Very nice, just everything I was looking for.

Very clean and simple explanation. Thank You

Thanks for the video. One question though, how could you use withAuth for multiple cases on middleware routes? After NextJS removed support for multiple middleware files, withAuth looks like pretty useless. Creating a standard NextJS middleware function and catching session and then applying rules is a better idea, am I right?

2 days looking for solution thank you

Can you declare matchers so that it matches all routes except /login?

when deployed on vercel middleware is broken it just redirect to signin even i try login and successfully loggedin it do not consider protected routes of nextauth and always redirect to signin when i access them

Awesome video, man! many thanks :)

Hi. if the "pages" folder is nested in the "src" folder, which is located along with the middleware file in the root of the project, will the middleware work?

how to change the redirect url when we try to access secured page without being authenticated

do one video of how to connect with an api and fetch users in login

thanks

in this example, no matter which page you go to, if you are an admin, the url will be rewritten to admin page. In other words, no matter which page you go to, it will always show the admin page?

How do you get your VSCode to show the param definitions on hover for the jwt callback at 6:22? Having something like this in my ide would make my life much easier.

I'm using Rails devise-jwt as my backend, and I'm trying to figure out how to take the JWT created by my backend and use it in my Next client...

Hie Niraj great tut once again. I have a question. I have two tables a users and workspaces table linked by a one to many relationship. I would like to implement an onboarding experience whereby after the user is signed in I would like to check if that user has a workspace linked to his/her user account if not then redirect to the page where you can create the workspace. I'm failing to figure out how I can implement that in the middleware. I'm using postgre and prisma adapter by the way.

Hey Niraj, is it possible to user a matcher that works on dynamic pages that use a slug? Please help me with a solution if you know how to, Thanks!

I'm running into the issues where role doesn't seem to exist in the (params.user?.role) callback function of [...nextauth].ts. I added it in the list of returns for a user but it still doesn't seem to exist. Has anyone else run into this issue?

I have added this to export const config = { matcher: ["/shop/portal/:path*"] }. But, when I try to access/shop/portal I get "TypeError: Class extends value undefined is not a constructor or null". Can anybody help?

But i can still go to /signup page or /signin page, how to prevent from visiting this routes when being authenticated?

how do you authenticate users if they want to login with gmail or github for example?

Possible to further the next episode with Prisma mongo?

Thx for awesome tutorial sir. My problem is that i added exactly these two lines on my middleware.js on root folder export { default } from "next-auth/middleware"
export const config = { matcher: ["/", "/admin/privilages/dashboard"] } and i can still visit these pages..... its like middleware doesnt woek at all. any idea why. ty in advance!

Wow, great video

Thanks for the simplified explanation. At 6:46 can we add more user roles and redirect to different routes?

Hi, please implement with next js 13

Hi. Is there any way to prevent user not to go admin pages and also prevent admin for go to user pages. I don't wanna make folder for each user and check startwith [ if(url.startwith('/admin')) ] the example given in google. Please help if you can. I'm new to nextjs.

the jwt callback is not working for me
the roles is there when i console log the params object but not in the response after signing in

I have a question, what if you want to make some routes admin protected and others basic user protected routes?

"Go to hell" 😂

why among indians pronouncing "sh" correctly is a huge issue?