The Wayback Machine - https://web.archive.org/web/20220410095624/https://github.com/nextauthjs/next-auth/issues/3973
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update suggested ways of securing pages and API routes #3973

Open
balazsorban44 opened this issue Feb 14, 2022 · 3 comments
Open

Update suggested ways of securing pages and API routes #3973

balazsorban44 opened this issue Feb 14, 2022 · 3 comments
Assignees
@lluia
Labels
documentation good first issue

Comments

@balazsorban44
Copy link
Member

@balazsorban44 balazsorban44 commented Feb 14, 2022
edited

In vercel/next.js#34316 (comment) I concluded that getInitialProps really does not play well with our auth model. There are simply much better solutions for this now.

We should discourage the usage of it entirely.

https://next-auth.js.org/tutorials/securing-pages-and-api-routes should be updated to also mention Middleware support and finally decide how and where we should document getServerSession (#1535)
@balazsorban44 balazsorban44 added documentation good first issue labels Feb 14, 2022
@balazsorban44 balazsorban44 changed the title Reduce the mention of getInitialProps Update suggested ways of securing pages and API routes Feb 14, 2022
@balazsorban44 balazsorban44 mentioned this issue Feb 14, 2022
Closed
5 tasks
@ndom91 ndom91 mentioned this issue Feb 15, 2022
Open
3 tasks
@ndom91
Copy link
Member

@ndom91 ndom91 commented Feb 15, 2022

In terms of where we should document getServerSession, I feel like in the client page by where getSession is would make a lot of sense, no?

I'd also link where we say "Client Side: yes, Server Side: yes" under getSession, to getServerSession instead of "Server side: yes" under getSession. Know what I mean?
@balazsorban44
Copy link
Member Author

@balazsorban44 balazsorban44 commented Feb 17, 2022

I'm not really sure actually. I want the Client page to go away mostly, or document how a framework-specific client should be implemented (similar to how we have the REST API docs).

getServerSession is Next.js specific, so I might put it under https://next-auth.js.org/configuration/nextjs probably.
@lluia lluia self-assigned this Feb 28, 2022
@ndom91
Copy link
Member

@ndom91 ndom91 commented Mar 15, 2022

I think we can close this issue. We've got these two PRs out:

What do you think?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation good first issue
3 participants
@lluia @ndom91 @balazsorban44