Users collection in Payload is intended to be used as application users?

default discord avatar
juliandm1995last year
7

I'm developing an application that implements Next-Auth for user authentication. I want to implement Payload as CMS. Should I migrate my auth provider to Payload?

  • discord user avatar
    jmikrut
    last year

    Yes!!!



    Payload's auth is 100% meant to be used for application users and we've done it a LOT



    https://github.com/payloadcms/next-auth-frontend


    https://github.com/payloadcms/next-auth-cms
  • default discord avatar
    juliandm1995last year

    I just run both repos. It's amazing how it works!!


    But now my question is: Is it possible to connect Payload with Next-auth?

    https://next-auth.js.org/

    If not, is there any way to use different providers like google or github for authentication?

  • discord user avatar
    jmikrut
    last year

    I haven't heard of anyone doing this yet, and honestly I haven't looked into Next Auth at all yet just because Payload can do it for us



    You can build your own google / github auth pattern but it's kinda tough tbh



    we maintain an Enterprise OAuth2.0 plugin which can be used in those contexts but that requires an enterprise license

  • default discord avatar
    marcusr513511 months ago

    I'm part way into trying to get next-auth to work with Payload mainly because I started a NextJS project with a template that used Auth.js (

    https://github.com/steven-tey/precedent

    ) - I was looking for something up to date, using the /app directory with Tailwind and Typescript.



    The Payload examples from the next-auth-frontend and template-ecommerce-nextjs are great and make sense so I don't know if I'm on a hiding to nothing with Auth.js and I should just pull it out and switch over. Are there any examples of NextJS with the /app directory and Payload?



    This is where I've got to with Auth.js treating Payload as a CredentialsProvider - the logon works and sets a next-auth.session-token (as long as there is a value in .env for NEXTAUTH_SECRET)



     // adding a credential provider to use PayloadCMS with email and password
        CredentialsProvider({
          // name: "Credentials",
          // The name to display on the sign in form (e.g. 'Sign in with...')
          name: 'PayloadCMS',
          // `credentials` is used to generate a form on the sign in page.
          // You can specify which fields should be submitted, by adding keys to the `credentials` object.
          // e.g. domain, username, password, 2FA token, etc.
          // You can pass any HTML attribute to the <input> tag through the object.
          credentials: {
            email: {
              label: 'Email',
              type: 'text',
              value: 'dev@payloadcms.com', // REMOVE!!
              placeholder: 'dev@payloadcms.com',
            },
            password: { label: 'Password', type: 'password' },
          },
          async authorize(credentials, req) {
             // Auth to PayloadCMS using REST
            const res = await fetch(`${process.env.NEXT_PUBLIC_CMS_URL}/api/users/login`, {
              method: 'POST',
              credentials: 'include',
              headers: { 'Content-Type': 'application/json' },
              body: JSON.stringify(credentials),
            })
    
            if (res.ok) {
              const { message, user, token, exp, errors } = await res.json()
              console.log(message, user)
              if (errors) throw new Error(errors[0].message)
              // setUser(data?.loginUser?.user)
              // setStatus('loggedIn')
              return user
            }
    
            return null // shows error message
            // throw new Error('Invalid login')
          },
        }),


    Looking at it a bit more I think next-auth (auth.js) is kind of fighting Payload because Payload already creates the JWT and adds it as a cookie so there is nothing really for AuthJS to do. It desn't make sense for next-auth/auth.js to be creating its own JWT

  • discord user avatar
    jmikrut
    11 months ago

    yeah i don't think we would ever need next-auth on top of payload honestly

  • default discord avatar
    valeriohq7 months ago

    I'm looking at the same problem and I'm thinking the same. However, it would be beneficial for teams like mine to manain the current next-auth APIs. What I will try is to crete a next-auth DB adapter instead, to adapt it to the Paylod CMS schema.

  • default discord avatar
    marcusr51357 months ago

    How are you getting on with the next-auth DB adapter? Is it a viable approach?

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.