In order to protect applications with nextAuth, a server-side integration is required. This integration takes care of showing the login page to unauthenticated users, providing the application with the user data after authentication, and handling logouts.

There are many options to integrate nextAuth, depending on your authentication infrastructure and the application(s).

Table of Contents

  1. Using a Third-Party Identity Provider
  2. nextAuth as an Identity Provider
  3. Reverse Proxy Integration
  4. Direct REST Integration

Using a Third-Party Identity Provider

In case your organisation already has a third-party Identity Provider (IdP) that handles authentication for your applications, nextAuth can integrate with this IdP.

Integration with a third-party IdP can be achieved by:

  • Directly integrating nextAuth with the third-party IdP. Many IdPs support the addition of authentication modalities through modules.
  • Setting up brokering in the third-party towards the nextAuth IdP. This can be achieved through SAML or OAuth2 (OIDC). In this case the third-party IdP will delegate (part of) the authentication to the nextAuth IdP. Most IdPs support brokering.

nextAuth as an Identity Provider

nextAuth can directly act as IdP, supporting SAML and OAuth2 (OIDC) integration with applications. A SAML IdP can be configured through the nextAuth Dashboard. For setting up an OAuth2 IdP, please contact support.

Reverse Proxy Integration

A reverse proxy can be installed in front of an application. By tunneling all traffic through a reverse proxy, authentication can be easily set up. The application typically receives the user data through HTTP headers that the proxy injects in every request.

nextAuth provides reverse proxy configurations for NGINX, a popular open-source web/proxy server.

Direct REST Integration

In case you want to integrate nextAuth directly into an application (or create a nextAuth integration with a third-party IdP), you can use the REST API.