Challenges

Add Social Authentication

Securing the JWT token

In the last step, we talked about JWT, and it stores some data inside the cookie. Since users can modify cookies in the browser, they can impersonate any other user in our app.

JWT prevents this by signing the original token. Then when someone modifies the token, we can detect that from the server-side. To make it secure, we should provide a secret, which NextAuth will use in the JWT signing process.

So, save your secret inside the .env.local as:

JWT_SECRET=<this-should-be-a-secret>

Then replace options variable in pages/api/auth/[...nextauth].js with the following:

const options = {
  providers,
  session: {
    jwt: true
  },
  jwt: {
    secret: process.env.JWT_SECRET
  },
  callbacks
}

Now you can restart the app to apply these changes.

šŸ˜œ There is no question or experiment in this step. Enjoy!

šŸ™ We need your help

We need your help to keep maintain & add new content to this course. Here's how you can support us: