Adding Next-Auth Authentication to Django, FastAPI, and Next.js Stack
Integrate Next-Auth authentication with Django backend, FastAPI API, and Next.js frontend for secure user authentication.
This tutorial builds upon the Creating a Full Stack Application with Django, FastAPI, and Next.js guide. We’ll add authentication by integrating Next-Auth (Auth.js) into our existing full-stack application.
1. Initial Setup
If you haven't completed the first tutorial, start by cloning the repository and setting up the initial project.
1.1 Clone the Repository
1.2 Start the Docker Stack
1.3 Run Database Migrations
1.4 Create a Superuser
Follow the prompts to create your superuser account.
2. Install and Configure Next-Auth
Now, let's set up Next-Auth in our Next.js frontend.
2.1 Install Next-Auth
2.2 Create Next-Auth Configuration
Create a new file src/auth.ts
in your frontend directory:
2.3 Set Up Next-Auth API Routes
Create a new file src/app/api/auth/[...nextauth]/route.ts
:
2.4 Add Next-Auth Middleware
Edit src/middleware.ts
:
3. Create Sign In and Sign Out Components
Let's create components for signing in and out, and update our home page.
3.1 Create Sign In Button Component
Create a new file src/app/components/sign-in.tsx
:
3.2 Create Sign Out Button Component
Create a new file src/app/components/sign-out.tsx
:
3.3 Update Home Page
Edit src/app/page.tsx
:
4. Configure Next-Auth for Django Credentials
Now, we'll set up Next-Auth to use Django credentials for authentication.
4.1 Set Environment Variables
Create a frontend/.env.local
file:
4.2 Create Next-Auth Type Declarations
Create a new file frontend/src/types/next-auth.d.ts
:
4.3 Update Next-Auth Configuration
Update frontend/src/auth.ts
:
4.4 Update Docker Compose Configuration
Edit docker-compose.yml
:
4.5 Restart Frontend Container
5. Create FastAPI Routes for Django Authentication
Now, we'll create the necessary API routes in our Django backend.
5.1 Update Backend Requirements
Edit backend/requirements.txt
:
5.2 Create User Schemas
Create a new file backend/users/schemas.py
:
5.3 Create Authentication Utilities
Create a new file backend/users/utils.py
:
5.4 Create Authentication Routers
Create a new file backend/users/routers.py
:
5.5 Update ASGI Configuration
Update backend/mysaas/asgi.py
:
6. Verify the Setup
To verify that everything is set up correctly:
- Visit http://localhost/ - You should see a sign-in button.
- Visit http://localhost/docs - You should see the /users/login/ endpoint in the FastAPI documentation.
- Visit http://localhost/admin - You should be able to log in to the Django admin site using the superuser credentials you created earlier.
7. Protecting API Routes
To protect API routes, use the get_current_active_user
function in your FastAPI route definitions:
When making requests to protected routes from the frontend, include the access token in the Authorization header:
This setup ensures that the access token from the Next-Auth session is passed to the API route, allowing the backend to authenticate the user. The get_current_active_user
function will verify the token and retrieve the corresponding user, making it available in your route handler.
By using this approach, you can easily secure any API route that requires authentication, ensuring that only authenticated users can access these endpoints.
Conclusion
You have now successfully integrated Next-Auth authentication into your Django, FastAPI, and Next.js stack. This setup allows users to authenticate using Django credentials through a Next.js frontend, with FastAPI handling the API requests. Remember to implement additional security measures and features like password reset or email verification as needed for your specific application.
Damian Hodgkiss
Senior Staff Engineer at Sumo Group, leading development of AppSumo marketplace. Technical solopreneur with 25+ years of experience building SaaS products.