NamoID Docs

@namoidhq/nextjs

@namoidhq/nextjs is the server-side SDK for Next.js App Router apps. Use it when you want NamoID hosted login without hand-rolling OAuth transaction cookies, callback validation, token exchange, and ID-token verification.

  • Package: @namoidhq/nextjs
  • Peer runtime: Next.js App Router route handlers
  • Use with: @namoidhq/js for shared OAuth helpers

Install

npm install @namoidhq/nextjs @namoidhq/js

Environment variables

NAMOID_ISSUER=https://<slug>.id.namoid.in
NAMOID_CLIENT_ID=idpc_live_…
NAMOID_CLIENT_SECRET=idps_live_…
NEXT_PUBLIC_APP_URL=https://app.example.com

Register this redirect URI on the NamoID application:

https://app.example.com/api/auth/callback/namoid

For local development, use your local app URL in both places, for example http://localhost:3000/api/auth/callback/namoid.

Login route

// app/api/auth/login/route.ts
import { createNamoIDNextClient } from "@namoidhq/nextjs";

const namoid = createNamoIDNextClient({
  issuer: process.env.NAMOID_ISSUER!,
  clientId: process.env.NAMOID_CLIENT_ID!,
  clientSecret: process.env.NAMOID_CLIENT_SECRET!,
  appBaseUrl: process.env.NEXT_PUBLIC_APP_URL!,
  redirectPath: "/api/auth/callback/namoid",
  postLoginRedirectPath: "/dashboard",
});

export const GET = () => namoid.login();

login() generates state, nonce, and a PKCE verifier, stores them in HttpOnly transaction cookies, and redirects the browser to the issuer's authorization endpoint.

Callback route

// app/api/auth/callback/namoid/route.ts
import { createNamoIDNextClient } from "@namoidhq/nextjs";

const namoid = createNamoIDNextClient({
  issuer: process.env.NAMOID_ISSUER!,
  clientId: process.env.NAMOID_CLIENT_ID!,
  clientSecret: process.env.NAMOID_CLIENT_SECRET!,
  appBaseUrl: process.env.NEXT_PUBLIC_APP_URL!,
  redirectPath: "/api/auth/callback/namoid",
  postLoginRedirectPath: "/dashboard",
});

export const GET = (request: Request) =>
  namoid.callback(request, {
    async onSuccess({ tokens, idTokenClaims }) {
      // Create your own HttpOnly app session here.
      // Do not store OAuth tokens in localStorage or sessionStorage.
      return new Response(null, {
        status: 302,
        headers: { location: "/dashboard" },
      });
    },
  });

callback() validates state, exchanges the authorization code at the discovered token endpoint, verifies the ID token signature and nonce, clears the transaction cookies, and hands you the token response and verified claims.

Logout

// app/api/auth/logout/route.ts
export const GET = () =>
  namoid.logout({
    // Pass the user's last ID token when you have it.
    idTokenHint: undefined,
  });

Your app should also clear its own session cookie. NamoID logout clears the hosted-login session at the issuer.

When to use this package

Use @namoidhq/nextjs for server-side Next.js integrations. Use @namoidhq/react for client-side buttons and waitlist/signup UI, and use a general OIDC library for non-Next.js backends.