Authentication

Making authenticated requests with NextDrupal.

The NextDrupal client works with several auth types. You can use Bearer tokens, Basic tokens or bring your own authorization headers.

Authentication can be set globally on the client or custom per method.

Client Authentication

This is the default authentication configured on the client.

This is used most of the time for fetching and building static pages.

lib/drupal.ts

import { NextDrupal } from "next-drupal"


export const drupal = new NextDrupal(
  process.env.NEXT_PUBLIC_DRUPAL_BASE_URL,
  {
    auth: // Configure the global auth here.
  }
)

Method Authentication

You can also set a custom auth per method call.

This is generally used for making session-based/user-based authentication calls.

import { drupal } from "lib/drupal"


const userArticles = await drupal.getResourceCollection("node--article", {
  params: {
    "filter[uid]": user.id,
  },
  withAuth: // Set the custom auth here.
})

Bearer

To configure authentication, provide a client_id and client_secret as options.

⚠️

You need to enable the simple_oauth module on Drupal.

lib/drupal.ts

// Client
export const drupal = new NextDrupal(process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, {
  auth: {
    clientId: process.env.DRUPAL_CLIENT_ID,
    clientSecret: process.env.DRUPAL_CLIENT_SECRET,
  },
})


// Method
const article = drupal.getResource(
  "node--article",
  "293202c9-f603-444e-a426-a5637e2ade2e",
  {
    withAuth: {
      clientId: process.env.DRUPAL_CLIENT_ID,
      clientSecret: process.env.DRUPAL_CLIENT_SECRET,
    },
  }
)

NextDrupal client will fetch Bearer token and handle expiration for you.

If you need to customize the OAuth URL you can use the url option.

lib/drupal.ts

export const drupal = new NextDrupal(process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, {
  auth: {
    clientId: process.env.DRUPAL_CLIENT_ID,
    clientSecret: process.env.DRUPAL_CLIENT_SECRET,
    url: `/oauth2/token`,
  },
})

By default, NextDrupal uses /oauth/token as the default URL.

Basic

You can also use the basic authorization using a username and password:

⚠️

You need to enable the basic_auth module on Drupal.

// Client.
export const drupal = new NextDrupal(process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, {
  auth: {
    username: process.env.DRUPAL_USERNAME,
    password: process.env.DRUPAL_PASSWORD,
  },
})


// Method
const articles = await drupal.getResourceCollection("node--article", {
  withAuth: {
    username: process.env.DRUPAL_USERNAME,
    password: process.env.DRUPAL_PASSWORD,
  },
})

Callback

You can also provide a custom callback for authentication. The callback must return an Authorization compatible header.

// Client
export const drupal = new NextDrupal(process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, {
  auth: () => {
    // Do something and return an Authorization header.
  },
})


// Method
const users = await drupal.getResourceCollection("user--user", {
  withAuth: () => {
    // Do something and return an Authorization header.
  },
})

Access Token

You can also pass in an access token.

// Client
export const drupal = new NextDrupal(process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, {
  auth: {
    access_token: "ECYM594IlARGc3S8KgBHvTpki0rDtWx6...",
    token_type: "Bearer",
    expires_in: 3600,
  },
})


// Method
const articles = await drupal.getResourceCollection("node--article", {
  withAuth: {
    access_token: "ECYM594IlARGc3S8KgBHvTpki0rDtWx6...",
    token_type: "Bearer",
    expires_in: 3600,
  },
})

NextAuth

If you're using NextAuth you can use the results from getSession:

import { getSession } from "next-auth/react"


const session = getSession(...)


// Client
export const drupal = new NextDrupal(
  process.env.NEXT_PUBLIC_DRUPAL_BASE_URL,
  {
    auth: session.accessToken,
  }
)


// Method
const articles = await drupal.getResourceCollection("node--article", {
  withAuth: session.accessToken,
})
Advanced ExampleFetcher