Authentication (Bearer)
Using Simple OAuth for Authentication
Before we can create an OAuth consumer, we need to create a new role and a user for OAuth scopes.
1. Create Role
- Visit
`/admin/people/roles`
. - Click on + Add role.
- Fill in the Role name. Example: Next.js Site.
2. Assign Permissions
Next, assign the following permissions to the newly created role.
- Bypass content access control
- Issue subrequests
- View user information
We are assigning the Bypass content access control permission to allow Next.js to access unpublished content and revisions.
You can safely skip this permission if you do not need to preview unpublished content.
3. Create User
Add a new user at `/admin/people/create`
and assign it the role we created above.
4. Generate keys
Generate a pair of keys to encrypt the tokens. Store them outside of your document root (`web`
directory) for security.
- Visit
`/admin/config/people/simple_oauth`
- Click Generate keys to generate encryption keys for tokens
- Fill in Directory for the keys.
- Click Generate.
You can also use `openssl`
to generate keys:
openssl genrsa -out private.key 2048openssl rsa -in private.key -pubout > public.key
5. Create Consumer
- Visit /admin/config/services/consumer/add
- Fill in the following values:
- Label:
`Next.js site`
- User:
`Select the user we created`
- Secret:
`Your secret`
- Scopes:
`Select the role we created`
- Click Save
Important: note the client id (uuid) and the secret. These are going to be used as environment variables for the Next.js site.
6. Connect Drupal
To connect the Next.js project to Drupal, we use environment variables.
Fill in the following variables in your `.env.local`
file.
.env.local
DRUPAL_CLIENT_ID=DRUPAL_CLIENT_SECRET=
6. Update DrupalClient
Update the `DrupalClient`
to use the Bearer authentication header.
lib/drupal.ts
import { Experiment_DrupalClient as DrupalClient } from "next-drupal"
export const drupal = new Experiment_DrupalClient( process.env.NEXT_PUBLIC_DRUPAL_BASE_URL, { auth: { clientId: process.env.DRUPAL_CLIENT_ID, clientSecret: process.env.DRUPAL_CLIENT_SECRET, }, })