Next.js Authentication - Avoid these 4 mistakes (Don't do auth in layout!)

Hi, my latest course is out now (Professional React & Next.js): bytegrad.com/courses/professional-react-nextjs -- I'm very proud of this course, my best work!
I'm also a brand ambassador for Kinde (paid sponsorship). Check out Kinde for authentication and more bit.ly/3QOe1Bh

This is the first resource that's made next.js authentication clear.

Loving this new content. Making videos on what not to do is REALLY helpful in building good coding practices. Keep it up!

Thank you for making these beginner videos!

Excellent video, going into the details of things as always!

Great video! Thank you for the examples and different use cases

Great tutorial!!! Thank you so much! 🙏

THIS IS EXACTLY THE VIDEO I NEEDED

need more such videos of next concepts ..have completely watched your fullstack next tutorial

Awesome work! 👏👏

the best channel to learn the concepts and avoid mistakes that we really face in the real world codebases ❤❤

This guy is a genius

He is so good that while I'm watching the video, I will automatically remember to click like... because the video is so good.

Thanks for this, great video

Bytegrad brother i am so lucky to find out about your next js course it is #1 resource on nextjs and the coding standard you follow is top notch along with your teaching style . Anyone willing to take his course don't hesitate even a bit its The best next js course you will find in internet ❤️❤️

I actually found layout auth to work better than middleware if your api already has built in auth. Middleware slows down navigation by alot and makes the user experience worst. So if it's a dashboard app just do auth on the layout with force-dynamic. if its an app that needs to authorize itself, middleware can be used.

thanks your video

navigation using next Link with prefetch set to true which is the default setup doesn't run the middleware on every navigation, prefetch is not available in development and you don't see it not work but when you deploy your app to production issues will appear

Do you know if Clerk makes the whole app dynamic by using a wrapper in the main layout even if I don’t explicitly use the utility functions that retrieve the session? Like const {…} = await auth()

we can use middleware for the first fence and how about using auth HOC for reusable components as second fence ?

what about authorization??? doing it in layout is the only way.

I had a problem with checking session in a server action using next-auth. It was because next-auth used cookies. It was the story about static and dynamic stuff you just explained. Everything was fine in development, but the production failed. So I removed it from server actions. Do you know how to solve this?

Hi, do you have a chance to make a video about Authjs v5? I would like to learn from you.

In my middleware im returning a NextResponse.next request with some custom headers that I utilize in my pages, where should I put kinde's return withAuth(request)?

I have a doubt , does middleware .ts file work in a static build , because this logic work on server side and when we make a build everything on the client side ?
I would be very happy if someone would answer on this , because my middleware.ts file is not working on static build and I want to know how it can work .

What if i am using Nodemailer Provider. Middleware does not work there

Middleware is great if you just want to check if there is any auth data at all. But what about roles? How do we check them in middleware?

Good job

I use Layout because in all the pages that we create there is like a 95% chances that we'll use an API that is already verifyng the authentification. But it's a nice idea to use middleware, I'll try it in my next project!

Here, some people suggest layout or template, but currently next.js does not work properly in parallel routes.
And is it correct to determine whether the user is logged in after entering a secure page?
Since the secure page is already using the secure API, 401 and 403 will occur in that API.
I think it is right to block users before they access the page.

U are the best ❤

middleware has caching. how can i validate every new request?

Hey you were telling that we are exposing a API endpoint in case of server actions. Then why can't we hit the api (server action) using something like postman? I think we just need to protect the frontend were the server action is used!!

Hey brand! Considering the complexity of the Next.js middleware issue in production with Docker, I think it would be incredibly valuable if you could create a video tutorial or walkthrough addressing this specific challenge and issues of middleware with docker .

Great🎉

8:00 HOC will save the duplication right?

How does caching work when doing the check on the page level? Every time the component is on the page, will the auth check be run?

Would a third option be to put your session check into a template.ts file? Works similarly to layout.ts but every time you navigate to a new route, a new instance of the component is mounted. Full disclosure, I haven’t tried it so I’m not actually sure if it works. 😅

What theme are you using for VS Code?

So if I want to display simple login / logout buttons across my blog in the upper corner of the screen using layout my entire app will just be dynamically rendered?

your very smart

Middleware does not support NodeJS, only edge. No session auth with db there.

One thing that needs to be mentioned is that the middleware uses the edge runtime. So unless you use a database that is edge compatible, you will not be able to use database sessions for your auth and will need to rely on JWTs.
So if you use database sessions, page is probably a better option in my opinion.

Remember about Next's Template file! It's common to do something like (authenticatedRoutes) routing in Next and instead of checking and remembering about every file/route that needs to be authenticated - you can use Template instead of Layout which will run every time!