Guide to migrating from 0.x to 1.x
Note: If you only use environment variables to configure the SDK, you don't need to create an instance of the SDK. You can use the named exports (
handleAuth,getSession) directly from@auth0/nextjs-authand they will lazily create an instance of the SDK for you, and configure it using the following environment variables. See the Basic setup as an example.
If you still want to create the SDK instance yourself, note that the configuration options have changed as follows.
domainis nowissuerBaseURLand should be a fully qualified url.clientIdis nowclientIDredirectUriis nowroutes.callbackand is a relative path, the full url is constructed usingbaseURLpostLogoutRedirectUriis nowroutes.postLogoutRedirectand can be a relative path, the full url is constructed usingbaseURLif no host is provided.scopeandaudienceare optional and should be passed toauthorizationParamssession.cookieSecretis nowsecretsession.cookieNameis nowsession.namesession.cookieSameSiteis nowsession.cookie.sameSitesession.cookieLifetimeis nowsession.rollingDurationand defaults to 24 hrs rolling and 7 days absolutesession.cookiePathis nowsession.cookie.pathand defaults to'/'session.cookieDomainis nowsession.cookie.domainsession.storeIdToken,session.storeAccessToken,session.storeRefreshTokenare no longer options. All tokens are stored by default, to remove anything from the session see the afterCallback option in handleCallback.oidcClient.httpTimeoutis nowhttpTimeoutand defaults to 5000 msoidcClient.clockToleranceis nowclockTolerancedefined in secs and defaults to 60 secs
import { initAuth0 } from '@auth0/nextjs-auth0';
export default initAuth0({
domain: 'my-tenant.auth0.com',
clientId: 'MY_CLIENT_ID',
clientSecret: 'MY_CLIENT_SECRET',
scope: 'openid profile',
audience: 'MY_AUDIENCE',
redirectUri: 'http://localhost:3000/api/callback',
postLogoutRedirectUri: 'http://localhost:3000/',
session: {
cookieSecret: 'some_very_long_secret_string',
cookieLifetime: 60 * 60 * 8,
storeIdToken: false,
storeRefreshToken: false,
storeAccessToken: false
},
oidcClient: {
clockTolerance: 10000,
httpTimeout: 2500
}
});import { initAuth0 } from '@auth0/nextjs-auth0';
export default initAuth0({
baseURL: 'http://localhost:3000',
issuerBaseURL: 'https://my-tenant.auth0.com',
clientID: 'MY_CLIENT_ID',
clientSecret: 'MY_CLIENT_SECRET',
secret: 'some_very_long_secret_string',
clockTolerance: 60,
httpTimeout: 5000,
authorizationParams: {
scope: 'openid profile email',
audience: 'MY_AUDIENCE'
},
routes: {
callback: '/api/callback',
postLogoutRedirect: '/'
},
session: {
rollingDuration: 60 * 60 * 24,
absoluteDuration: 60 * 60 * 24 * 7
}
});See the API docs for a full list of configuration options.
getSession now requires a response as well as a request argument (any updates you make to the session object will now be persisted).
// pages/api/shows.js
import auth0 from '../../lib/auth0';
export default function shows(req, res) {
const session = auth0.getSession(req);
// ...
}// pages/api/shows.js
import auth0 from '../../lib/auth0';
export default function shows(req, res) {
const session = auth0.getSession(req, res); // Note: the extra argument
// ...
}See the getSession docs.
tokenCache has been removed in favor of a single getAccessToken method.
// pages/api/shows.js
import auth0 from '../../lib/auth0';
export default async function shows(req, res) {
const tokenCache = auth0.tokenCache(req, res);
const { accessToken } = await tokenCache.getAccessToken({
scopes: ['read:shows']
});
// ...
}// pages/api/shows.js
import auth0 from '../../lib/auth0';
export default async function shows(req, res) {
const { accessToken } = await auth0.getAccessToken(req, res, {
scopes: ['read:shows']
});
// ...
}See the getAccessToken docs.
The options passed to handleLogin have changed.
authParamsis nowauthorizationParamsredirectTois nowreturnTo
// pages/api/login.js
import auth0 from '../../utils/auth0';
export default async function login(req, res) {
try {
await auth0.handleLogin(req, res, {
authParams: {
login_hint: 'foo@acme.com',
ui_locales: 'nl',
scope: 'some other scope',
foo: 'bar'
},
redirectTo: '/custom-url'
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}// pages/api/login.js
import auth0 from '../../utils/auth0';
export default async function login(req, res) {
try {
await auth0.handleLogin(req, res, {
authorizationParams: {
login_hint: 'foo@acme.com',
ui_locales: 'nl',
scope: 'some other scope',
foo: 'bar'
},
returnTo: '/custom-url'
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}See the handleLogin docs.
The options passed to handleLogout have changed.
redirectTois nowreturnTo
// pages/api/logout.js
import auth0 from '../../utils/auth0';
export default async function logout(req, res) {
try {
await auth0.handleLogout(req, res, {
redirectTo: '/custom-url'
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}// pages/api/logout.js
import auth0 from '../../utils/auth0';
export default async function logout(req, res) {
try {
await auth0.handleLogout(req, res, {
returnTo: '/custom-url'
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}See the handleLogout docs.
The options passed to handleCallback have changed.
onUserLoadedis nowafterCallback
// pages/api/callback.js
import auth0 from '../../utils/auth0';
export default async function callback(req, res) {
try {
await auth0.handleCallback(req, res, {
async onUserLoaded(req, res, session, state) {
return session;
}
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}// pages/api/callback.js
import auth0 from '../../utils/auth0';
export default async function callback(req, res) {
try {
await auth0.handleCallback(req, res, {
async afterCallback(req, res, session, state) {
return session;
}
});
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}See the handleCallback docs.