Comment on page
Configuring Your App
The Niftory Platform gives you the ability to create and manage users without using a separate authentication system (Auth0, Firebase, etc). This is fully optional - you're always free to bring your own auth system and interact with the API directly.
The best way to set up user authentication is to look at the Niftory Sample App, and how it configures the Niftory auth provider.
Each application receives two credentials which can be exchanged for auth tokens:
The client ID is your application's username. It identifies your application and doesn't change.
The client secret is your application's password. It's the secret that proves that your application is really making calls, and allows your application to authenticate itself and its users.
Never share your client secret with anyone, or use it directly in code. Never commit a
.env
containing this secret.It should be kept hidden from your front-end and from your users.
Configure your GraphQL client to pass this token in the
Authorization
header of every request. If you are using next-auth
, you can retrieve the session token using the useSession
hook./**
* Creates a graphQL client for use in the browser, using the user's auth token for authentication
* @param url The URL of the GraphQL API
* @param apiKey The API key
* @param session The user session
* @returns The graphQL client
*/
export function getFrontendGraphQLClient(
url: string,
apiKey: string,
session: Session | null
) {
return new GraphQLClient(url, {
headers: {
"X-Niftory-API-Key": apiKey,
Authorization: session?.authToken ? `Bearer ${session.authToken}` : "",
},
});
}
In the backend you can use Backend Authentication to get a token, and then include it in your requests in the same way:
let client: GraphQLClient;
export async function getBackendGraphQLClient() {
client =
client ||
new GraphQLClient(process.env.NEXT_PUBLIC_API_PATH, {
headers: {
"X-Niftory-API-Key": process.env.NEXT_PUBLIC_API_KEY,
"X-Niftory-Client-Secret": process.env.CLIENT_SECRET,
},
});
const token = await getClientCredentialsToken();
client.setHeader("Authorization", `Bearer ${token}`);
return client;
}
let client: GraphQLClient;
export async function getBackendGraphQLClient() {
client =
client ||
new GraphQLClient(process.env.NEXT_PUBLIC_API_PATH, {
headers: {
"X-Niftory-API-Key": process.env.NEXT_PUBLIC_API_KEY,
},
});
const token = await getClientCredentialsToken();
client.setHeader("Authorization", `Bearer ${token}`);
return client;
}
Any authentication library that supports OAuth 2.0 can integrate the Niftory authentication provider.
The information you need to set this up varies depending on the authentication library you use. If your library supports OIDC Discovery, so you can simply point it to our well-known endpoints:
Environment | URL |
---|---|
Staging | |
Production |
Otherwise, you may need to check the above URLs to find our authorization endpoint and token endpoints.
Last modified 3mo ago