Descope SDK for NextJS
The Descope SDK for NextJS provides convenient access to the Descope for an application written on top of NextJS. You can read more on the Descope Website.
This SDK uses under the hood the Descope React SDK and Descope Node SDK
Refer to the Descope React SDK and Descope Node SDK for more details.
Requirements
Installing the SDK
Install the package with:
npm i --save @descope/nextjs-sdk
Usage
This section contains guides for App router and Pages router.
For Pages router, see the Pages Router section.
App Router
Wrap your app layout with Auth Provider
import { AuthProvider } from '@descope/nextjs-sdk';
export default function RootLayout({
children
}: {
children: React.ReactNode
}) {
return (
<AuthProvider projectId="your-descope-project-id">
<html lang="en">
<body>{children}</body>
</html>
</AuthProvider>
);
}
Note: AuthProvider
uses sessionTokenViaCookie
by default, in order that the AuthMiddleware will work out of the box.
Use Descope to render Flow
You can use default flows or provide flow id directly to the Descope component
import { Descope } from '@descope/nextjs-sdk';
const Page = () => {
return (
<Descope
flowId="sign-up-or-in"
onSuccess={(e) => console.log('Logged in!')}
onError={(e) => console.log('Could not logged in!')}
redirectAfterSuccess="/"
// redirectAfterError="/error-page"
/>
);
};
Refer to the Descope React SDK Section for a list of available props.
Note: Descope is a client component. if the component that renders it is a server component, you cannot pass onSuccess
/onError
/errorTransformer
/logger
props because they are not serializable. To redirect the user after the flow is completed, use the redirectAfterSuccess
and redirectAfterError
props.
Client Side Usage
Use the useDescope
, useSession
and useUser
hooks in your components in order to get authentication state, user details and utilities
This can be helpful to implement application-specific logic. Examples:
- Render different components if current session is authenticated
- Render user's content
- Logout button
Note: these hooks should be used in a client component only (For example, component with use client
notation).
'use client';
import { useDescope, useSession, useUser } from '@descope/nextjs-sdk/client';
import { useCallback } from 'react';
const App = () => {
const { isAuthenticated, isSessionLoading, sessionToken } = useSession();
const { user } = useUser();
const sdk = useDescope();
if (isSessionLoading || isUserLoading) {
return <p>Loading...</p>;
}
const handleLogout = useCallback(() => {
sdk.logout();
}, [sdk]);
if (isAuthenticated) {
return (
<>
<p>Hello {user.name}</p>
<button onClick={handleLogout}>Logout</button>
</>
);
}
return <p>You are not logged in</p>;
};
Server Side Usage
Require authentication for application (Middleware)
You can use NextJS Middleware to require authentication for a page/route or a group of pages/routes.
Descope SDK provides a middleware function that can be used to require authentication for a page/route or a group of pages/routes.
import { authMiddleware } from '@descope/nextjs-sdk/server'
export default authMiddleware({
projectId: 'your-descope-project-id',
redirectUrl?: string,
publicRoutes?: string[],
privateRoutes?: string[]
})
export const config = {
matcher: ['/((?!.+\\.[\\w]+$|_next).*)', '/', '/(api|trpc)(.*)']
}
Public and Private Route Definitions
- All routes are private by default.
publicRoutes
: Use this to specify which routes do not require authentication. If specified, only these routes and the default public routes will be public.privateRoutes
: Use this to specify which routes require authentication. If specified, only these routes will be private, and all other routes will be public.- Conflict Handling: If both
publicRoutes
and privateRoutes
are provided, privateRoutes
will be ignored, and a warning will be logged.
This setup ensures that you can clearly define which routes in your application require authentication and which do not, while providing a mechanism to handle potential misconfigurations gracefully.
Public Routes
Private Routes
Read session information in server side
use the session()
helper to read session information in Server Components and Route handlers.
Note: session()
requires the authMiddleware
to be used for the Server Component or Route handler that uses it.
Server Component:
import { session } from '@descope/nextjs-sdk/server';
async function Page() {
const sessionRes = session();
if (!sessionRes) {
}
const { jwt, token } = sessionRes;
}
Route handler:
export async function GET() {
const currSession = session();
if (!currSession.isAuthenticated) {
}
const { jwt, token } = currSession;
}
Access Descope SDK in server side
Use createSdk
function to create Descope SDK in server side.
Refer to the Descope Node SDK for a list of available functions.
Usage example in Route handler:
import { createSdk } from '@descope/nextjs-sdk/server';
const sdk = createSdk({
projectId: 'your-descope-project-id',
managementKey: 'your-descope-management-key'
});
export async function GET(req) {
const { searchParams } = new URL(req.url);
const loginId = searchParams.get('loginId');
const { ok, data: user } = await sdk.management.user.load(loginId);
if (!ok) {
}
}
Pages Router
This section is Working in progress :-)
In the meantime, you can see the example in the Pages Router folder.
Widgets
Widgets are components that allow you to expose management features for tenant-based implementation. In certain scenarios, your customers may require the capability to perform managerial actions independently, alleviating the necessity to contact you. Widgets serve as a feature enabling you to delegate these capabilities to your customers in a modular manner.
Important Note:
- For the user to be able to use the widget, they need to be assigned the
Tenant Admin
Role.
User Management
The UserManagement
widget will let you embed a user table in your site to view and take action.
The widget lets you:
- Create a new user
- Edit an existing user
- Activate / disable an existing user
- Reset an existing user's password
- Remove an existing user's passkey
- Delete an existing user
Note:
- Custom fields also appear in the table.
Usage
import { UserManagement } from '@descope/nextjs-sdk';
...
<UserManagement
widgetId="user-management-widget"
tenant="tenant-id"
/>
Example:
Manage Users
Role Management
The RoleManagement
widget will let you embed a role table in your site to view and take action.
The widget lets you:
- Create a new role
- Change an existing role's fields
- Delete an existing role
Note:
- The
Editable
field is determined by the user's access to the role - meaning that project-level roles are not editable by tenant level users. - You need to pre-define the permissions that the user can use, which are not editable in the widget.
Usage
import { RoleManagement } from '@descope/nextjs-sdk';
...
<RoleManagement
widgetId="role-management-widget"
tenant="tenant-id"
/>
Example:
Manage Roles
Access Key Management
The AccessKeyManagement
widget will let you embed an access key table in your site to view and take action.
The widget lets you:
- Create a new access key
- Activate / deactivate an existing access key
- Delete an exising access key
Usage
import { AccessKeyManagement } from '@descope/nextjs-sdk';
{
}
<AccessKeyManagement
widgetId="access-key-management-widget"
tenant="tenant-id"
/>;
{
}
<AccessKeyManagement
widgetId="user-access-key-management-widget"
tenant="tenant-id"
/>;
Example:
Manage Access Keys
Audit Management
The AuditManagement
widget will let you embed an audit table in your site.
Usage
import { AuditManagement } from '@descope/nextjs-sdk';
...
<AuditManagement
widgetId="audit-management-widget"
tenant="tenant-id"
/>
Example:
Manage Audit
User Profile
The UserProfile
widget lets you embed a user profile component in your app and let the logged in user update his profile.
The widget lets you:
- Update user profile picture
- Update user personal information
- Update authentication methods
- Logout
Usage
import { UserProfile } from '@descope/nextjs-sdk';
...
<UserProfile
widgetId="user-profile-widget"
onLogout={() => {
window.location.href = '/login';
}}
/>
Example:
User Profile
Applications Portal
The ApplicationsPortal
lets you embed an applications portal component in your app and allows the logged-in user to open applications they are assigned to.
Usage
import { ApplicationsPortal } from '@descope/nextjs-sdk';
...
<ApplicationsPortal
widgetId="applications-portal-widget"
/>
Example:
User Profile
Code Example
You can find an example react app in the examples folder. - App Router - Pages Router
Learn More
To learn more please see the Descope Documentation and API reference page.
Contact Us
If you need help you can email Descope Support
License
The Descope SDK for React is licensed for use under the terms and conditions of the MIT license Agreement.