Get accessToken in auth0

Question

I am using auth0 and nextJS .

I want to do next: When the user will add his credentials and will log in he is redirected to the callback API.

And here

    import auth0 from '../../utils/auth0';

    export default async function callback(req, res) {
      try {
        await auth0.handleCallback(req, res, {
          redirectTo: '/'
        });
      } catch (error) {
        console.error(error);
        res.status(error.status || 400).end(error.message);
      }
    }

I want to redirect the user depending on the token.
Decoding the token I will get data if the application is a simple user or admin.

If he is an admin he should be redirected to the admin page if not to the user page.

So I did something like this:

    import auth0 from '../../utils/auth0';

    export default async function callback(req, res) {
       const tokenCache = auth0.tokenCache(req, res);
       const { accessToken } = await tokenCache.getAccessToken();
       console.log(accessToken) 
      try {
        await auth0.handleCallback(req, res, { redirectTo: '/' });
      } catch (error) {
        console.error(error);
        res.status(error.status || 400).end(error.message);
      }
    }

So I want to get the token inside this function to be able to redirect users on different pages, but if I want to get the token here I get the issue:

The user does not have a valid session.

If I delete the code related to the token the user is redirected, but I need to get the token here to be able to do the checking of users.

How could I get the token inside this callback function and achieve what I described above?

Answer 1

Using v1.2.0 of the nextjs-auth0 library, you can access the identity token during the callback handler .

import { handleAuth, handleLogin, handleCallback } from '@auth0/nextjs-auth0';

const afterCallback = (req, res, session, state) => {
    console.log(session.idToken);
    if (!session.user.isAdmin) {
        throw new UnauthorizedError('User is not admin');
    }
    return session;
}

export default handleAuth({
    async callback(req, res) {
        try {
            await handleCallback(req, res, { afterCallback });
        } catch (error) {
            res.status(error.status || 500).end(error.message);
        }
    }
});

However, keep in mind, you should generally avoid looking inside the access token by the client application. If you need to relay user information to the client, you should place it in an id_token. The access token is for use by the API, and your client application should not take any dependency on its content format or semantics since access tokens by design have no defined format.

Answer 2

export default async function callback(
  req: NextApiRequest,
  res: NextApiResponse
) {
  try {
    await auth0.handleCallback(req, res, {
      async afterCallback(req, res, session, state) {
        return session;
      },
    });
  } catch (error) {
    res.status(error.status || 500).end(error.message);
  }
}