Niftory Docs
  • What is Niftory?
  • Get your API Keys
  • 👩‍💻API
    • Niftory Web3 API
    • SDK QuickStart
      • Using the SDK in React
      • Using the SDK from the Server
    • API Quickstart
      • Create your first Wallet
      • API calls with Sample Content
      • Mint your first NFT
    • API Cheat Sheet
    • Niftory Sample App
      • Explore the Sample App
      • Anatomy of a Niftory App
        • Getting Authenticated
        • GraphQL Client Setup
        • API Usage
        • Transfer an NFT
    • 💡Core Concepts
      • Niftory Data Model
      • Authentication
        • Using Your API Key
        • Configuring Your App
        • Privileged Authentication
      • App and AppUser
      • NFTs
        • Creating NFTs
        • Querying NFTs
        • Transferring NFTs
        • Minting NFTs
      • Wallets
        • Create a Niftory Wallet
        • Register External Wallets
        • Query Wallets
      • Contract
      • User Auth (Client-Side)
    • Your Niftory Account
  • 🧑‍💼Admin Portal
    • Niftory Admin Portal
    • 🚀Guides
      • Setting Up Your Org
      • Create Your First NFT
    • 🗺️Explore
      • Org and Apps
      • NFT Collection
        • Sets
        • Collectibles
        • NFTs
    • 💼Use Cases
      • For Engineers
      • For Designers
      • For Business Users
  • 📖Reference
    • GraphQL & Auth Endpoints
    • API Reference
    • SDK API Reference
Powered by GitBook
On this page

Was this helpful?

  1. API
  2. Core Concepts

User Auth (Client-Side)

PreviousContractNextYour Niftory Account

Last updated 1 year ago

Was this helpful?

In any situation where you're calling our API with a Niftory AppUser, this is the type of authentication you should use. If you're using your own User system, you can skip this portion of the guide.

To allow your users to sign in, set up their accounts, and interact with your application data, you'll have them log in via the . This is the way most OAuth providers authenticate end users, and most OAuth libraries will handle the flow for you automatically.

By default, this will authenticate the user as an . This will allow them to see and manage their own data within your application.

We currently support login via Google. In the future, we will support other OIDC providers, and wallet-only login as well.

NextAuth

In the sample app, user authentication is handled via :

const NIFTORY_AUTH_PROVIDER: Provider = {
  id: "niftory",
  name: "Niftory",
  type: "oauth",
  wellKnown: urljoin(
    process.env.NIFTORY_AUTH_SERVICE as string,
    "/.well-known/openid-configuration"
  ),
  authorization: { params: { scope: "openid email profile" } },
  clientId: process.env.NEXT_PUBLIC_CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  checks: ["pkce", "state"],
  idToken: true,
  profile(profile) {
    return {
      id: profile.sub,
      name: profile.name,
      email: profile.email,
      image: profile.picture,
    };
  },
  httpOptions: {
    timeout: 10000,
  }
};

export default NextAuth({
  providers: [NIFTORY_AUTH_PROVIDER],
  callbacks: {
    // Seealso: https://next-auth.js.org/configuration/callbacks
    jwt: async ({ token, user, account }) => {
      // user is only passed in at inital signIn.
      // Add authTime to token on signIn
      if (user) {
        token.authTime = Math.floor(Date.now() / 1000);
      }

      if (account?.id_token) {
        token.id_token = account.id_token;
      }

      return token;
    },
    session: async ({ session, token }) => {
      session.clientId = token.aud;
      session.userId = token.sub;
      session.authToken = token.id_token;

      return session;
    },
  },
});

Pay particular attention to

clientId: process.env.NEXT_PUBLIC_CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,

See for more details on these properties.

This can be replaced by any other authentication system - everything is standard OAuth.

👩‍💻
💡
OAuth authorization code grant
next-auth
Setting up the Niftory auth provider with NextAuth
Application Credentials
AppUser