After login, what callback scenarios should I use to create a new user in the backend using the ID token? #12036

ozooxo · 2024-10-13T02:24:16Z

ozooxo
Oct 13, 2024

As suggested in e.g. https://developers.google.com/identity/sign-in/web/backend-auth#create-an-account-or-session after login, I can use the ID token from the Auth provider to create a new user/establish sessions on my own API backend.

After you have verified the token, check if the user is already in your user database. If so, establish an authenticated session for the user. If the user isn't yet in your user database, create a new user record from the information in the ID token payload, and establish a session for the user. You can prompt the user for any additional profile information you require when you detect a newly created user in your app.

I have known that I can save the ID token by

jwt({ token, trigger, session, account }) {
    token.idToken = account?.id_token;
    return token
}
async session({ session, token }) {
    session.idToken = token.idToken
    return session
}

So I can retrieve it by

const session = await auth();
...
await fetch(... `${session?.idToken}` ...

in my API call. However, it is not clear to me what's the best approach to inject this user creation API call.

I have tried to

Call a async function createUserFromIdToken() in the jwt() callback when trigger === "signIn".
- Locally I run into a race condition. Callback has returned, and system started to GET from the backend, while the user haven't been created yet. API backend can receive the user creation request.
- In Vercel, it ends up with a Vercel server-side error. API backend cannot receive the user creation request.
Put trigger into session. When the page detect session.trigger === "signIn", redirect to a /welcome page which calls the API backend to create a user.
- It seems for me that a trigger flag in session shouldn't be something I should do.

Any suggestion?

Answered by ozooxo

Oct 14, 2024

I found out a solution here.

So I redirect signIn to a new /welcome page.

import { signIn } from "@/auth";

await signIn(... { redirectTo: "/welcome" });

I define an idempotent createUserFromIdToken() which call the backend API to create the user, and do nothing if the user already exists.

Then in the welcome page, I do a

import { redirect } from "next/navigation"; 

export default async function Welcome() {
  await createUserFromIdToken();
  redirect("/dashboard");
}

to the real login landing page (/dashboard in this case).

This solves the problem.

View full answer

ozooxo · 2024-10-14T18:12:05Z

ozooxo
Oct 14, 2024
Author

I found out a solution here.

So I redirect signIn to a new /welcome page.

import { signIn } from "@/auth";

await signIn(... { redirectTo: "/welcome" });

I define an idempotent createUserFromIdToken() which call the backend API to create the user, and do nothing if the user already exists.

Then in the welcome page, I do a

import { redirect } from "next/navigation"; 

export default async function Welcome() {
  await createUserFromIdToken();
  redirect("/dashboard");
}

to the real login landing page (/dashboard in this case).

This solves the problem.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

After login, what callback scenarios should I use to create a new user in the backend using the ID token? #12036

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

After login, what callback scenarios should I use to create a new user in the backend using the ID token? #12036

ozooxo Oct 13, 2024

Replies: 1 comment

ozooxo Oct 14, 2024 Author

ozooxo
Oct 13, 2024

ozooxo
Oct 14, 2024
Author