Im currently building an app with Next.js and Next-auth with credentials provider. Im trying to understand how it would be possible to restrict my api's inside my pages folder, and somehow use the JWT token created by next-auth as bearer token in authorization headers when trying to access the api - to really make secure that a person will have right to access this. Or maybe this is not even the best way to secure your api? Im just trying to understand what the best praxis would be to restrict and secure my api's. Would appreciate if someone could point me in the right direction because im getting a bit confused when trying to figure out the documentation of next-auth:)
Heres my nextauth file if that helps
[...nexthauth].tsx file
import NextAuth, { NextAuthOptions } from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
const authOptions: NextAuthOptions = {
session: {
strategy: "jwt",
},
providers: [
CredentialsProvider({
type: "credentials",
credentials: {},
async authorize(credentials, req) {
const { username: inputUsername, password: inputPassword } =
credentials as {
username: string;
password: string;
};
//Logic for checking user against Database.
// User not found in database
if (
inputUsername !== responseUsername ||
inputPassword !== responsePassword
) {
throw new Error("Invalid credentials");
}
//If everything is fine
return { id: responseId, name: responseUsername, email: responseEmail };
},
}),
],
pages: {
signIn: "/auth/login",
},
};
export default NextAuth(authOptions);
