@minabot
Our docs provides guidance for using Next.js server actions in the context of authentication and authorization. Specifically, you can use the getKindeServerSession function from the @Kinde-oss/kinde-auth-nextjs/server package to access session data, including user information, authentication status, permissions, and organization details. This function can be utilized within Next.js server actions to ensure that your application's server-side logic is aware of the user's authentication state and permissions.
Here's a brief overview of how you might use it:
Create an API route in your Next.js project that returns data from getKindeServerSession.
Within this API route, you can access various pieces of session data such as the user, whether they are authenticated, their permissions, and their organization.
This data can then be used to make decisions in your server actions, such as whether to allow access to a resource or not.
For example, to create an API route that returns session data:
// app/api/kindeSession/route.ts
import {getKindeServerSession} from "@kinde-oss/kinde-auth-nextjs/server";
import {NextResponse} from "next/server";
export async function GET() {
const {getUser, isAuthenticated, getPermissions, getOrganization} = getKindeServerSession();
const user = await getUser();
const authenticated = await isAuthenticated();
const permissions = await getPermissions();
const organization = await getOrganization();
return NextResponse.json({user, authenticated, permissions, organization});
}
Then, in your client components, you can fetch this data from the API endpoint and use it as needed.
This approach allows you to leverage Next.js server actions for authentication and authorization checks, ensuring that your application's server-side logic is secure and user-specific.