feat: add next-auth sample (#947)

Author: wangsijie

packages/next-auth-sample/.eslintrc.json

@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}

packages/next-auth-sample/.gitignore

@@ -0,0 +1 @@
+.vercel

packages/next-auth-sample/README.md

@@ -0,0 +1,24 @@
+# Auth.js (next-auth) Sample
+
+This is a sample project for integrating Auth.js (next-auth) with Logto.
+
+## Configuration
+
+You can configure the sample project by setting the following environment variables:
+
+| key               | description                                 | example                              |
+| ----------------- | ------------------------------------------- | ------------------------------------ |
+| AUTH_SECRET       | The secret for cookie encryption            | `my-cookie-secret`                   |
+| AUTH_LOGTO_ISSUER | The issuer of your Logto server             | `https://[tenant-id].logto.app/oidc` |
+| AUTH_LOGTO_ID     | The client ID of your Logto application     | `my-app`                             |
+| AUTH_LOGTO_SECRET | The client secret of your Logto application | `my-secret`                          |
+
+## Run the sample
+
+```bash
+pnpm dev
+```
+
+## Resources
+
+- [Logto Auth.js Documentation](https://docs.logto.io/quick-starts/next-auth)

packages/next-auth-sample/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,3 @@
+import { handlers } from '../../../../auth';
+
+export const { GET, POST } = handlers;

packages/next-auth-sample/app/components/sign-in.tsx

@@ -0,0 +1,14 @@
+import { signIn } from '../../auth';
+
+export default function SignIn() {
+  return (
+    <form
+      action={async () => {
+        'use server';
+        await signIn('logto');
+      }}
+    >
+      <button type="submit">Sign In</button>
+    </form>
+  );
+}

packages/next-auth-sample/app/components/sign-out.tsx

@@ -0,0 +1,32 @@
+import { signOut } from '../../auth';
+import { redirect } from 'next/navigation';
+
+const generateSignOutUri = (postLogoutRedirectUri: string) => {
+  if (!process.env.AUTH_LOGTO_ID) {
+    throw new Error('AUTH_LOGTO_ID is not set');
+  }
+
+  const urlSearchParameters = new URLSearchParams({ 'client_id': process.env.AUTH_LOGTO_ID, 'post_logout_redirect_uri': postLogoutRedirectUri });
+
+  return `${process.env.AUTH_LOGTO_ISSUER}/session/end?${urlSearchParameters.toString()}`;
+};
+
+export default function SignOut() {
+  return (
+    <form
+      action={async () => {
+        'use server';
+        // Visit post-sign-out URL to implement federated sign-out,
+        // @see https://authjs.dev/reference/core/adapters#federated-logout
+        const { redirect: signOutRedirect } = await signOut({ redirect: false });
+        redirect(generateSignOutUri(signOutRedirect));
+        // If you don't need to implement federated sign-out, you can use the following code instead:
+        // await signOut();
+      }}
+    >
+      <button type="submit">
+        Sign Out
+      </button>
+    </form>
+  );
+}

packages/next-auth-sample/app/fetch-user-info/page.tsx

@@ -0,0 +1,15 @@
+import { auth } from '../../auth';
+
+// This is a sample page to fetch user info from Logto
+export default async function FetchUserInfo() {
+  const session = await auth();
+  const response = await fetch(`${process.env.AUTH_LOGTO_ISSUER}/me`, {
+    headers: {
+      // @ts-expect-error
+      Authorization: `Bearer ${session?.accessToken}`,
+    },
+  });
+  const user = await response.json();
+
+  return <div>{JSON.stringify(user)}</div>;
+}

packages/next-auth-sample/app/layout.tsx

@@ -0,0 +1,16 @@
+export const metadata = {
+  title: 'Next.js',
+  description: 'Generated by Next.js',
+}
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode
+}) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  )
+}

packages/next-auth-sample/app/page.tsx

@@ -0,0 +1,34 @@
+import { auth } from '../auth';
+import SignIn from './components/sign-in';
+import SignOut from './components/sign-out';
+
+export default async function Home() {
+  const session = await auth();
+
+  return (
+    <main>
+      {session?.user ? <SignOut /> : <SignIn />}
+      {session?.user && (
+        <div>
+          <h2>Claims:</h2>
+          <table>
+            <thead>
+              <tr>
+                <th>Name</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+              {Object.entries(session.user).map(([key, value]) => (
+                <tr key={key}>
+                  <td>{key}</td>
+                  <td>{String(value)}</td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        </div>
+      )}
+    </main>
+  );
+}

packages/next-auth-sample/auth.ts

@@ -0,0 +1,36 @@
+import NextAuth, { NextAuthResult } from 'next-auth';
+import Logto from 'next-auth/providers/logto';
+
+const result = NextAuth({
+  providers: [
+    Logto({
+      authorization: {
+        params: {
+          // If you don't need to customize the scope, you can use the default scope by leaving the config empty.
+          scope: 'openid offline_access profile email',
+        },
+      },
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, account }) {
+      if (account) {
+        token.accessToken = account.access_token;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      // Inject the access token into the session object
+      // @ts-expect-error
+      session.accessToken = token.accessToken;
+      return session;
+    },
+  },
+});
+
+// A workaround to make the types work
+// @see https://github.com/nextauthjs/next-auth/discussions/9950
+export const handlers: NextAuthResult['handlers'] = result.handlers;
+export const auth: NextAuthResult['auth'] = result.auth;
+export const signIn: NextAuthResult['signIn'] = result.signIn;
+export const signOut: NextAuthResult['signOut'] = result.signOut;