
Okay so i just setup my OAuth (with google) in my nextjs app , using server side sdks ( cause I just wanted that extra security and didnt wanted to reveal my appwrite stuff over to the client ) and I followed these docs for the reference : https://appwrite.io/docs/tutorials/nextjs-ssr-auth/step-7
but I feel there is a major problem with the way these docs mention to setup oauth if you see the server side oauth files
// src/lib/server/oauth.js
"use server";
import { createAdminClient } from "@/lib/server/appwrite";
import { redirect } from "next/navigation";
import { headers } from "next/headers";
import { OAuthProvider } from "node-appwrite";
export async function signUpWithGithub() {
const { account } = await createAdminClient();
const origin = headers().get("origin");
const redirectUrl = await account.createOAuth2Token(
OAuthProvider.Github,
`${origin}/oauth`,
`${origin}/signup`,
);
return redirect(redirectUrl);
};
here the OAuth2 token is created and then redirects are done but these redirects are not enough for the session to be created n set and then we will have to create a server side api endpoint in the /oauth (as mentioned in the docs )
// src/app/oauth/route.js
import { createAdminClient } from "@/lib/server/appwrite";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export async function GET(request) {
const userId = request.nextUrl.searchParams.get("userId");
const secret = request.nextUrl.searchParams.get("secret");
const { account } = await createAdminClient();
const session = await account.createSession(userId, secret);
cookies().set("my-custom-session", session.secret, {
path: "/",
httpOnly: true,
sameSite: "strict",
secure: true,
});
return NextResponse.redirect(`${request.nextUrl.origin}/account`);
}
and its over here that we create the session client and set the cookies for the users

all the code and the procedure till now is from the docs itself

but I dont feel this is a nice way of setting the oauth up

cause now the session that is created on the user client

if u try to get that session

it states that session as a NON-OAUTH session because that session is created by using the adminAccount.createSession(userId, secret);
(instead of the session being created by the google Oauth)
and the OAuth provider , the providerID , the providerAccessToken everything is empty

and due to that

its absolutely impossible to do stuff like getting user profle photos and to do other interactions with the google api's using the AccessTokens

so is there any better way to set up the server side oauth in nextjs?

this way sure does work for simple auth but for getting access to the oauth provider its impossible in this method

cz comparitively if I were to use the client side sdk then I would have been able to call thing like
// Go to OAuth provider login page
account.createOAuth2Session(
OAuthProvider.Github, // provider
'https://example.com/success', // redirect here on success
'https://example.com/failed', // redirect here on failure
['repo', 'user'] // scopes (optional)
);
which would automatically not just create the token but also would set the session with proper oauth provider
Recommended threads
- Bypass Error When Creating Account With ...
Suppose user first uses email/pass for log in using xyz@gmail.com, few month later on decides to use google oauth2 with same xyz@gmail.com (or in reverse orde...
- No mails from Appwrite
Hello, Since severals days, i have a problem : i d'ont received any mails from Appwrite. I'm using the auth by mail and i don't any code so any mails from App...
- dart function very slow
sometimes waiting too long, about 3mins to 5mins, sometimes very fast, not build time, just execute, anyway to speed up?
