Welcome to the Kinde community

Updated 9 months ago

I am considering using Next.js server

I am considering using Next.js server actions and am curious if there is any guidance about them with Kinde?
A
m
4 comments
@minabot

Our docs provides guidance for using Next.js server actions in the context of authentication and authorization. Specifically, you can use the getKindeServerSession function from the @Kinde-oss/kinde-auth-nextjs/server package to access session data, including user information, authentication status, permissions, and organization details. This function can be utilized within Next.js server actions to ensure that your application's server-side logic is aware of the user's authentication state and permissions.

Here's a brief overview of how you might use it:

Create an API route in your Next.js project that returns data from getKindeServerSession.
Within this API route, you can access various pieces of session data such as the user, whether they are authenticated, their permissions, and their organization.
This data can then be used to make decisions in your server actions, such as whether to allow access to a resource or not.

For example, to create an API route that returns session data:

Plain Text
// app/api/kindeSession/route.ts

import {getKindeServerSession} from "@kinde-oss/kinde-auth-nextjs/server";
import {NextResponse} from "next/server";

export async function GET() {
    const {getUser, isAuthenticated, getPermissions, getOrganization} = getKindeServerSession();
    const user = await getUser();
    const authenticated = await isAuthenticated();
    const permissions = await getPermissions();
    const organization = await getOrganization();

    return NextResponse.json({user, authenticated, permissions, organization});
}



Then, in your client components, you can fetch this data from the API endpoint and use it as needed.

This approach allows you to leverage Next.js server actions for authentication and authorization checks, ensuring that your application's server-side logic is secure and user-specific.
I had the chance to test this and it really just works exactly right. Thank you!
In the docs, I assumed that it was too new to be supported and must have missed it.
Awesome to hear @minabot
Add a reply
Sign up and join the conversation on Discord