Extend existing Authentication methods to provide Authorization features
See original GitHub issueIs your feature request related to a problem? Please describe.
Currently the authorization methods withAuthUserTokenSSR
and withAuthUserSSR
allow us to validate if a request for page is Authenticated or not. We require that users are not only Authenticated but that the user also has the Custom Claim admin
.
Describe the solution you’d like and how you’d implement it
The existing withAuthUserTokenSSR
and withAuthUserSSR
methods will be extended to take 2 optional additional parameters; which will be used to verify if the Authenticated users is Authorized to access the page; and if not redirect them to an appropriate access denied page (provided by the developer).
whenAuthed?: AuthAction.RENDER | AuthAction.REDIRECT_TO_APP
whenUnauthed?: AuthAction.RENDER | AuthAction.REDIRECT_TO_LOGIN
appPageURL?: PageURL
authPageURL?: PageURL
validator? (user: AuthUser) => boolean
accessDeniedPageURL?: PageUrl
The existing method will be extended to accept the 2 emboldened new parameters (validator
and accessDeniedPageURL
). The method will then, once we have verified the authUser
with existing code, run the validator
function (if it is provided). If the validator
function returns false we should then redirect the users to the accessDeniedPageURL
.
Is this a breaking change? No, the additional options would be optional and so an opt in approach to upgrading the interface.
Describe alternatives you’ve considered The alternative we are currentyl using is handling this in our own code. While this is okay, it would be (I think) a feature that would be nice to push up to the framework.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
I also would like to have this feature, for instance to only grant access to a page if the emailVerified key on the User object is true.
Auth0’s Next.js API could provide some guidance: https://github.com/auth0/nextjs-auth0#api-reference