@namoidhq/nextjs
@namoidhq/nextjs is the server-side SDK for Next.js App Router apps. Use it
when you want NamoID hosted login without hand-rolling OAuth transaction cookies,
callback validation, token exchange, and ID-token verification.
- Package:
@namoidhq/nextjs - Peer runtime: Next.js App Router route handlers
- Use with:
@namoidhq/jsfor shared OAuth helpers
Install
npm install @namoidhq/nextjs @namoidhq/js
Environment variables
NAMOID_ISSUER=https://<slug>.id.namoid.in
NAMOID_CLIENT_ID=idpc_live_…
NAMOID_CLIENT_SECRET=idps_live_…
NEXT_PUBLIC_APP_URL=https://app.example.com
Register this redirect URI on the NamoID application:
https://app.example.com/api/auth/callback/namoid
For local development, use your local app URL in both places, for example
http://localhost:3000/api/auth/callback/namoid.
Login route
// app/api/auth/login/route.ts
import { createNamoIDNextClient } from "@namoidhq/nextjs";
const namoid = createNamoIDNextClient({
issuer: process.env.NAMOID_ISSUER!,
clientId: process.env.NAMOID_CLIENT_ID!,
clientSecret: process.env.NAMOID_CLIENT_SECRET!,
appBaseUrl: process.env.NEXT_PUBLIC_APP_URL!,
redirectPath: "/api/auth/callback/namoid",
postLoginRedirectPath: "/dashboard",
});
export const GET = () => namoid.login();
login() generates state, nonce, and a PKCE verifier, stores them in
HttpOnly transaction cookies, and redirects the browser to the issuer's
authorization endpoint.
Callback route
// app/api/auth/callback/namoid/route.ts
import { createNamoIDNextClient } from "@namoidhq/nextjs";
const namoid = createNamoIDNextClient({
issuer: process.env.NAMOID_ISSUER!,
clientId: process.env.NAMOID_CLIENT_ID!,
clientSecret: process.env.NAMOID_CLIENT_SECRET!,
appBaseUrl: process.env.NEXT_PUBLIC_APP_URL!,
redirectPath: "/api/auth/callback/namoid",
postLoginRedirectPath: "/dashboard",
});
export const GET = (request: Request) =>
namoid.callback(request, {
async onSuccess({ tokens, idTokenClaims }) {
// Create your own HttpOnly app session here.
// Do not store OAuth tokens in localStorage or sessionStorage.
return new Response(null, {
status: 302,
headers: { location: "/dashboard" },
});
},
});
callback() validates state, exchanges the authorization code at the
discovered token endpoint, verifies the ID token signature and nonce, clears the
transaction cookies, and hands you the token response and verified claims.
Logout
// app/api/auth/logout/route.ts
export const GET = () =>
namoid.logout({
// Pass the user's last ID token when you have it.
idTokenHint: undefined,
});
Your app should also clear its own session cookie. NamoID logout clears the hosted-login session at the issuer.
When to use this package
Use @namoidhq/nextjs for server-side Next.js integrations. Use
@namoidhq/react for client-side buttons and waitlist/signup UI,
and use a general OIDC library for non-Next.js backends.