How to Manage User Roles in NextJS / NodeJS

You might be interested in isomorphic authorization with something like CASL where you build abilities instead of relying on roles for example. Would be cool if you could give it a take

daheck

The main purpose of JWT is that the system can generate a token that lasts for a certain amount of time. The JWT callback is called whenever session needs to use a token, that means that in your code, because you start out with making a database call in the jwt callback, you will have a lot of redundant calls to the database. You should refactor this to only refetch data as needed, eg. whenever an update trigger is called, or when time since last fetch is over a certain threshold. The jwt will still return the user role, but the amount of db calls will be several order of magnitudes lower.

freakinmonkey

Hello Josh, can you do a simple course consisting of a full stack using Next jS and Prisma, Next Auth, and explain most of the basic concepts such as accessing data by role

murtadanazar

big fan from Brazil, I learn a lot from your videos, keep it up my man, gj!

casual_xyz

I love they way you teach.
Watched your 5 hour video on fullstack with nextjs. I request you to create a video on boilerplate repo for nextJS13 app. Where
1. Dashboards for different users are developed.
2. Authentication and route protected and pucblic are maintained.
3. Authetication on client-side and Serverside sessions
4. File handling /storage

abdullah_mufti

You made this concept very easy to understand. Thank you Josh 😃

shreyasvaidya

thank you for sharing this one. your explanation is really great..
db -> next-auth jwt() -> next-auth session()..

akadaygame

how did you implement showing the error template component that comes after throwing an error?

mikoo

Simple and clean ❤. You became a strong tutor!

waykingas

I have also done, User Roles, I was working on the backend, so I used middleware for that, this was very new concept for me, so I did a little research on this and I found out about middleware, as I was new in this I was able to deliver this within a week, and the result was great

harsh_vish

Very helpful videos! Thank you for your time!

yo

I would say this is a very clean approach.

StephanHaloftis

Nice one Josh. Appreciate your content. You make it make sense.

freddy_

Hi Josh, a tutorial about NextAuthJS and Next-Intl would be perfect <3

logistics_guy

Hey Josh, I might need to watch this video again more closely, but how is the getServerSession method getting that extra role information? That method getServerSession gets the session stored in the DB doesn't it. Using the strategy: 'jwt' makes everything stored in the cookie rather than DB session I thought?

timmoran

is checking the value of role against 'admin' string happens on the client? if so is it not possible to open dev tools and change this statement such that it evaluates to true and the component renders data even if the role is not admin?

jimshtepa

Thank you for your video. I don't understand. If I have the user with getServerSession, Why can't I do a search directly in the database to find the user's role without putting it in jwt and session? I would be sure that the user is enabled without waiting for the token to expire.

giannifed

The issue I'm having is that whenever I change the user's role in real time from my DB they still hold on to their old role inside the JWT session. How do I do real time checking? Do I need to query my database and compare?

nasko

Hey josh, could you make a tutorial on mssql connected with nextjs? I have already connected but I think you can improve the code quality and some complex understandings...

ZiaCodes

How do you implement the sign up for an admin? This video shows how to access the role of the account. But how can i assign the role during the sign up process using next auth?

amur_