ISSUE IN DOCS : SSR OAuth in NextJS
Okay so i just setup my OAuth (with google) in my nextjs app , using server side sdks ( cause I just wanted that extra security and didnt wanted to reveal my appwrite stuff over to the client ) and I followed these docs for the reference : https://appwrite.io/docs/tutorials/nextjs-ssr-auth/step-7
but I feel there is a major problem with the way these docs mention to setup oauth if you see the server side oauth files
// src/lib/server/oauth.js
"use server";
import { createAdminClient } from "@/lib/server/appwrite";
import { redirect } from "next/navigation";
import { headers } from "next/headers";
import { OAuthProvider } from "node-appwrite";
export async function signUpWithGithub() {
const { account } = await createAdminClient();
const origin = headers().get("origin");
const redirectUrl = await account.createOAuth2Token(
OAuthProvider.Github,
`${origin}/oauth`,
`${origin}/signup`,
);
return redirect(redirectUrl);
};
here the OAuth2 token is created and then redirects are done but these redirects are not enough for the session to be created n set and then we will have to create a server side api endpoint in the /oauth (as mentioned in the docs )
// src/app/oauth/route.js
import { createAdminClient } from "@/lib/server/appwrite";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export async function GET(request) {
const userId = request.nextUrl.searchParams.get("userId");
const secret = request.nextUrl.searchParams.get("secret");
const { account } = await createAdminClient();
const session = await account.createSession(userId, secret);
cookies().set("my-custom-session", session.secret, {
path: "/",
httpOnly: true,
sameSite: "strict",
secure: true,
});
return NextResponse.redirect(`${request.nextUrl.origin}/account`);
}
and its over here that we create the session client and set the cookies for the users
all the code and the procedure till now is from the docs itself
but I dont feel this is a nice way of setting the oauth up
cause now the session that is created on the user client
if u try to get that session
it states that session as a NON-OAUTH session because that session is created by using the adminAccount.createSession(userId, secret);
(instead of the session being created by the google Oauth)
and the OAuth provider , the providerID , the providerAccessToken everything is empty
and due to that
its absolutely impossible to do stuff like getting user profle photos and to do other interactions with the google api's using the AccessTokens
so is there any better way to set up the server side oauth in nextjs?
this way sure does work for simple auth but for getting access to the oauth provider its impossible in this method
cz comparitively if I were to use the client side sdk then I would have been able to call thing like
// Go to OAuth provider login page
account.createOAuth2Session(
OAuthProvider.Github, // provider
'https://example.com/success', // redirect here on success
'https://example.com/failed', // redirect here on failure
['repo', 'user'] // scopes (optional)
);
which would automatically not just create the token but also would set the session with proper oauth provider
