Authentication

Shipped supports and Supabase to handle user authentication.

With NexAuth you can create two types of authentications, Magic Links and Social Authentication which includes using Google, Twitter, Facebook, LinkedIn, Slack, and 60+ more services to sign up your users.

With Supabase Auth you get Magic Link Auth, Email and Password Auth, and Social Authentication.

If you intend to use Supabase, follow , for NextAuth continue reading.

NextAuth

The authentication logic resides in src/config/auth.ts. In that file, you define the authentication providers to use.

Sign-up and login pages

Shipped provides Sign-Up (/signup) and Login (/login) pages out of the box. Feel free to customize them according to your needs.

NextAuth Setup

Add this to your .env file:

NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="4348yhu34h3ui4ofjndfsdfeirh4b637u5sfd3"

NextAuth Authentication methods

NextAuth Magic Links

Magic Link Auth is a mechanism that sends an email to the user whenever they want to sign up or log into your product. You define for how long the link will be valid (24 hours or more).

To use this authentication method, you need an email SMTP server.

Add this provider to the NextAuth configuration (src/config/auth.ts).

EmailProvider({
    server: process.env.MAILPACE_EMAIL_SERVER || "",
    from: process.env.EMAIL_FROM || "",
    // maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
}),

Remember to configure the environment variables MAILPACE_EMAIL_SERVER and EMAIL_FROM into the .env and Environment settings of your hosting service.

NextAuth Google Auth

Google Sign-Up is one of the most popular authentication methods.

To enable it you need to:

2. Go to APIS & Services then Credentials

3. Click on Configure Consent Screen

4. Fill in all the info.

5. Add userinfo.email and userinfo.profile to scope

6. Submit

7. Go to Credentials and click "Create Credentials", then "OAuth Client ID"

8. Select "Web Application"

9. Add http://localhost:3000 and https://yoursitename.com into the Authorized JavaScript Origins.

10. Add http://localhost:3000/api/auth/callback/google and https://yoursitename.com/api/auth/callback/google to Authorized redirect URLs.

11. Click Submit

12. Copy and paste the Client ID and Client Secret into the .env file:

# for Google Sign up
GOOGLE_CLIENT_ID=""
GOOGLE_CLIENT_SECRET=""

1. Go to "OAuth Consent Screen" and click "Publish App".

1. Open src/config/auth.ts and add this provider

GoogleProvider({
    clientId: process.env.GOOGLE_CLIENT_ID || "",
    clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
}),

More authentication providers

NextAuth supports 60+ authentication providers.

Some examples:

• Atlassian

• Twitter / X

• Facebook

• Instagram

• Apple

• Amazon Cognito

• Discord

• GitHub

• GitLab

• Medium

• Salesforce

• Spotify

• Twitch

• Zoom