srizan/archived-next-auth
1
0
Fork 0
mirror of https://github.com/SrIzan10/next-auth.git synced 2026-05-01 10:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
patch-2
archived-next-auth/docs/versioned_docs/version-v3/tutorials/ldap-auth.md
Balázs Orbán cbf9622e6f chore: move docs to top-level (#3887) 
* chore: move docs to top-level

* chore: add docs back to workspaces
2022-02-09 00:42:11 +01:00

83 lines
2.6 KiB
Markdown
Raw Permalink Blame History

---
id: ldap-auth-example
title: LDAP Authentication
---
NextAuth.js provides the ability to setup a [custom Credential provider](/configuration/providers/credentials) which we can take advantage of to authenticate users against an existing LDAP server.
You will need an additional dependency, `ldapjs`, which you can install by running `npm install ldapjs`.
Then you must setup the `Providers.Credentials()` provider key like so:
```js title="[...nextauth].js"
const ldap = require("ldapjs")
import NextAuth from "next-auth"
import Providers from "next-auth/providers"
export default NextAuth({
providers: [
Providers.Credentials({
name: "LDAP",
credentials: {
username: { label: "DN", type: "text", placeholder: "" },
password: { label: "Password", type: "password" },
},
async authorize(credentials, req) {
// You might want to pull this call out so we're not making a new LDAP client on every login attemp
const client = ldap.createClient({
url: process.env.LDAP_URI,
})
// Essentially promisify the LDAPJS client.bind function
return new Promise((resolve, reject) => {
client.bind(credentials.username, credentials.password, (error) => {
if (error) {
console.error("Failed")
reject()
} else {
console.log("Logged in")
resolve({
username: credentials.username,
password: credentials.password,
})
}
})
})
},
}),
],
callbacks: {
async jwt(token, user, account, profile, isNewUser) {
const isSignIn = user ? true : false
if (isSignIn) {
token.username = user.username
token.password = user.password
}
return token
},
async session(session, user) {
return { ...session, user: { username: user.username } }
},
},
secret: process.env.NEXTAUTH_SECRET,
jwt: {
secret: process.env.NEXTAUTH_SECRET,
encryption: true, // Very important to encrypt the JWT, otherwise you're leaking username+password into the browser
},
})
```
The idea is that once one is authenticated with the LDAP server, one can pass through both the username/DN and password to the JWT stored in the browser.
This is then passed back to any API routes and retrieved as such:
```js title="/pages/api/doLDAPWork.js"
token = await jwt.getToken({
req,
secret: process.env.NEXTAUTH_SECRET,
})
const { username, password } = token
```
> Thanks to [Winwardo](https://github.com/Winwardo) for the code example
Reference in New Issue View Git Blame Copy Permalink