TNS
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
CI/CD / Security

Implement Third-Party Authentication With Google in Next.js

Set up Google authentication using NextAuth.js, configure your application and create custom authentication pages.
Oct 4th, 2024 9:00am by
Featued image for: Implement Third-Party Authentication With Google in Next.js
Image from tete_escape on Shutterstock

In today’s digital world, managing user authentication effectively and securely is more important than ever. Traditional methods, like custom login forms and password management systems, can be tricky and vulnerable to security problems.

That’s where third-party authentication systems like Google’s OAuth 2.0 come in. They provide a smooth and secure way to handle user logins. By integrating Google authentication into your Next.js application, you make it easier for users to log in with their Google accounts, while also simplifying your authentication process. In this guide, we’ll show you how to set up Google authentication in a Next.js app, including configuring your Google API credentials and using NextAuth for seamless authentication flows.

Understanding OAuth 2.0 and Google Authentication

OAuth 2.0 is an authorization framework that lets apps access user resources without exposing credentials. It uses access tokens to grant limited access to user data, keeping passwords safe and separating authentication from authorization.

Google authentication uses OAuth 2.0 for a streamlined login process. Users sign in with Google and, after consent, an authorization code is exchanged for an access token. This token allows apps to access user data from Google’s APIs.

Tokens are temporary and need refreshing; a refresh token helps obtain new access tokens without user interaction. Proper token handling and security practices are crucial for protecting user data and ensuring a smooth experience. Integrating Google authentication involves setting up OAuth 2.0 credentials in the Google Cloud Console and using client libraries to manage the flow.

Prerequisites

Before you start integrating Google authentication into your Next.js app, make sure you have:

  1. Basic knowledge of JavaScript and React
    • Familiarity with JavaScript and React fundamentals will help you follow along with the implementation.
  2. Understanding of Next.js
    • Basic experience with Next.js, including creating pages and managing routing, is needed.
  3. Google account
    • You’ll need a Google account to set up OAuth 2.0 credentials.
  4. Node.js and npm/YARN installed
    • Ensure you have Node.js and npm or YARN installed on your machine.
  5. Basic understanding of OAuth 2.0
    • A general idea of how OAuth 2.0 works will be useful.

These steps will ensure you’re ready to integrate Google authentication smoothly into your Next.js app.

Setting Up Google API Credentials

Before you can integrate Google authentication into your Next.js app, you’ll need to set up OAuth 2.0 credentials in the Google developer console.

1. Create a project in the Google developer console.

  • Go to the Google developer console.
  • Create an account if you don’t have one already.Create a project in the Google developer console
  • Click on “Select a project,” and then click “New Project.”Click on "Select a project" and then "New Project."
  • Enter a project name and then click “Create.”Enter a project name and click "Create."
  • After that, you should see your app selected in the Google developer console.

2. Configure the OAuth consent screen.

  • Navigate to the “OAuth consent screen” tab by searching for it in the search tab.Navigate to the "OAuth consent screen" tab.
  • Choose “External” or “Internal,” depending on your needs. Here, I am selecting “External” as I have to publish it for external users.Choose "External" or "Internal"
  • Fill in the required details, such as application name, support email and authorized domains.
  • Add scopes, if needed (for Google sign-in, default scopes are usually sufficient).
  • Since we opted for an external user type, we need to specify tester email IDs. These are the email addresses of users who should be able to access your authentication service during the testing phase. Typically, these would be your testers or you can include your email address as well.
  • Edit app registrationSave and continue.

3. Create OAuth 2.0 credentials.

  • Go to the “Credentials” tab.
  • Click “Create Credentials” and select “OAuth 2.0 Client ID.”
  • Click "Create Credentials" and select "OAuth 2.0 Client ID."Choose “Web application” as the application type.Choose "Web application" as the application type.
  • Set the “Authorized JavaScript origins” to your Next.js application URL (such as http://localhost:3000 for local development).
  • Set the “Authorized redirect URIs” to your Next.js callback route (for instance, http://localhost:3000/api/auth/callback/google).
  • Click “Create” and note down the “Client ID” and “Client Secret.”
  • Click "Create" and note down the "Client ID" and "Client Secret." Please ensure that you record the client ID and client secret, as you cannot access these details once you leave this screen. If you forget them, you will need to regenerate a new client ID and secret.

Creating a Next.js Application

Next.js is a powerful React framework that provides a range of features for building modern web applications, including server-side rendering, static site generation and API routes. To start a new Next.js project, you’ll first need to set up the project environment. If you haven’t created a Next.js application yet, follow these steps:

You can create a new Next.js application using the create-next-app command. This command creates a new Next.js project with all the necessary boilerplate code and configurations. Open your terminal and run the following command to create a new Next.js app named “next-google-auth-demo-app”:

npx create-next-app@latest next-google-auth-demo-app

I used the default options when creating the Next.js app for simplicity. However, you can select different options based on your specific needs.

This will generate a new directory called next-google-auth-demo-app with the initial project structure and default dependencies.

Navigate to the Project Directory:

Change into the newly created project directory using:

cd next-google-auth-demo-app

Installing Required Packages

To integrate Google authentication, you’ll need to install next-auth, simplifying the process of adding authentication to your Next.js application.

Install NextAuth.js:

npm install next-auth

You can open this directory in your preferred IDE. I’m using VS Code, and the folder structure should look something like this:

Folder structure.

Set Up Environment Variables

If you do not already have an environment variables file, you can create a new file called “.env” in the root of the project.

Add your Google credentials to your .env file:

The .env file is where you place environment variables — key-value pairs that define how your application operates. These variables are read at runtime, so they help configure your app without hard coding values directly into your codebase. This approach not only enhances security but also makes it easier to manage different configurations for various environments like development, staging and production.

NEXTAUTH_URL=http://localhost:3000: This variable sets the base URL for your authentication flow. In development, it points to your local server. When deploying, you’ll update it to reflect your production URL.

NEXTAUTH_SECRET=mysecret: This is a secret used to sign and encrypt session tokens and other sensitive data. It ensures that authentication processes remain secure. Always keep this secret private and unique.

GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET: These credentials are used for Google authentication. You can review the steps above where we generated the client ID and client secret.

Configuring NextAuth.js for Google Authentication

NextAuth.js is a powerful library designed to streamline authentication in Next.js applications. It provides a flexible and easy solution for integrating various authentication providers like Google, GitHub and many more. With NextAuth.js, developers can handle complex authentication flows with minimal setup and configuration. It supports a wide range of authentication strategies, including OAuth, email-based sign-in and custom credentials, making it an ideal choice for modern web applications that require secure and scalable authentication solutions.

Now inside the src/app directory, create a new folder structure as api/auth/[…nextauth]. In this folder, add a file named “route.ts.” The […nextauth] segment indicates to NextAuth that all files and contents within this directory are designated for handling authentication-related operations.

This is what it would look like:

route.ts

Here, we’re configuring authentication for a Next.js application using NextAuth.js with Google as the authentication provider.

The main entry point for NextAuth.js is the NextAuth method, which we will import from next-auth. We’ll also import Google Provider from next-auth/providers/google, which will handle the Google sign-in functionality.

We then define an authOptions object to specify our authentication configuration. This object includes a providers array, where we set up the Google provider. We provide clientId and clientSecret, which are fetched from environment variables to ensure that sensitive information like API credentials is kept secure.

Next, we initialize NextAuth by passing authOptions to it and assign the result to the handler. This handler will manage the authentication requests.

Finally, we export the handler for both GET and POST requests. This setup allows NextAuth to handle user authentication and session management for our application, supporting both sign-in and sign-out operations.

Add a SessionProvider Component

In the src/app folder, create a new folder named “components.” Inside this folder, add a file named “SessionProvider.tsx.”

Here, we’re setting up a SessionProvider component in a Next.js application using NextAuth.js.

The file starts withuse client, which indicates that the component should be rendered on the client side. This is crucial for components that rely on client-side features, like managing user sessions.

We then import SessionProvider from next-auth/react. This component is essential for providing authentication session context throughout our application. It ensures that session data is available to all components within its scope.

Finally, we export SessionProvider as the default export from this file. By doing this, we make it easy to import and use SessionProvider elsewhere in our application, ensuring that the authentication state is consistently managed and accessible across different parts of the app.

Update the layout.tsx File

Now remove all the boilerplate code from the layout.tsx file and below code into it.

Within the RootLayout component, we use the SessionProvider to wrap our application. By passing the session obtained from getServerSession, we ensure that the authentication state is available throughout the application. This setup allows all child components to access session information, enabling consistent and reliable authentication management across the entire app.

Create a Navigation Menu

Now that we’ve completed the setup, let’s create a navigation menu. Create a file named NavMenu.tsx in the components folder.

Here, we have a navigation menu component that includes authentication controls. The AuthButton component uses the useSession hook from NextAuth.js to check the user’s session status. If a user is signed in, it displays their name and a “Sign Out” button. Clicking “Sign Out” triggers the signOut function to log the user out. If the user is not signed in, it shows a “Not signed in” message and a “Sign In” button that triggers the signIn function.

The NavMenu component incorporates AuthButton into a fixed navigation bar. This setup ensures that users can easily sign in or out from anywhere in the app, with the authentication state reflected immediately in the navigation menu.

Create a Restricted Component

Now, let’s create a restricted component that will only be accessible to logged-in users. In the src/app folder, create a new folder named “protected” and inside it create a file namedpage.tsx.” Add the following code to this file:

The ProtectedRoute component checks if a user is authenticated by using getServerSession from NextAuth.js. If no valid session is found, it redirects the user to the sign-in page using the redirect function from next/navigation. This ensures that only authenticated users can access the content of this route.

If the user is authenticated, the component displays the NavMenu and a message indicating that the page is accessible only to logged-in users. This setup effectively protects sensitive content from unauthorized access.

Create the Home Page

Finally, let’s create the home page. In the src/app folder, create a file named page.tsx. Remove all the boilerplate code and replace it with the following code:

The Home component includes the NavMenu, which houses authentication controls like sign-in and sign-out buttons. This ensures that the navigation bar, with its authentication features, is present on the Home page.

Below the NavMenu, the component displays a welcome message centered on the page. By including the NavMenu, we make sure that users can manage their authentication status directly from the Home page.

Testing the Integration

With the configuration complete, it’s time to test your authentication setup.

Start the Next.js Development Server:

npm run dev

This will provide the URL where the project is running locally, typically “http://localhost:3000”. Visit this URL, and you should see our home page displayed as follows:

The home page displayed

Next, click on the “Sign In” button. This will present the option to sign in using Google.

Sign in with Google.

When you click on this option, a Google sign-in page will appear. Enter the credentials using one of the tester emails that we registered during the configuration of the application on the Google platform. Once the sign-in is successful, you should see the home page displayed as follows:

Successful sign-in

Next, test the “My Account” tab. You should only be able to access this page if you are logged in; otherwise, you will be redirected to the login page.

Test the “My Account” tab.

With this setup, you’re now equipped to integrate additional authentication providers such as GitHub, Azure, Amazon, Okta and others. For more details and options, check out the NextAuth documentation.

Conclusion

Implementing third-party authentication in a Next.js application can greatly enhance the user experience by simplifying the login process and leveraging secure, established authentication providers like Google. By following the steps outlined in this guide, you will have set up Google authentication using NextAuth.js, configured your application and created custom authentication pages.

NextAuth.js offers a robust and flexible solution for managing authentication in Next.js apps. It supports multiple authentication providers, including Google, and provides a range of features to customize and extend authentication functionality.

Feel free to explore the NextAuth.js documentation and Google API documentation to further tailor the authentication experience to your needs.

To discover more about the possibilities of working with Google API’s, check out Oladimeji Sowole’s article “LangChain and Google Gemini API for AI Apps: A Quickstart Guide.”

Group Created with Sketch.
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.