Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
Getting Started
Providers
Workos

WorkOS Provider

Resources

Setup

Callback URL

https://example.com/api/auth/callback/workos

Environment Variables

AUTH_WORKOS_ID
AUTH_WORKOS_SECRET

WorkOS also requires you to pass in your connection ID to the provider.

Configuration

/auth.ts
import NextAuth from "next-auth"
import WorkOS from "next-auth/providers/workos"
 
export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [WorkOS({ connection: "conn_abc123" })],
})

Notes

WorkOS is not an identity provider itself, but, rather, a bridge to multiple single sign-on (SSO) providers. As a result, we need to make some additional changes to authenticate users using WorkOS.

In order to sign a user in using WorkOS, we need to specify which WorkOS Connection to use. A common way to do this is to collect the user’s email address and extract the domain. This can be done using a custom login page. To add a custom login page, you can use the pages option:

pages/api/auth/[...nextauth].js
pages: {
  signIn: "/auth/signin",
}

We can then add a custom login page that displays an input where the user can enter their email address. We then extract the domain from the user’s email address and pass it to the authorizationParams parameter on the signIn function:

pages/auth/signin.js
import { useState } from "react"
import { getProviders, signIn } from "next-auth/react"
 
export default function SignIn({ providers }) {
  const [email, setEmail] = useState("")
 
  return (
    <>
      {Object.values(providers).map((provider) => {
        if (provider.id === "workos") {
          return (
            <div key={provider.id}>
              <input
                type="email"
                value={email}
                placeholder="Email"
                onChange={(event) => setEmail(event.target.value)}
              />
              <button
                onClick={() =>
                  signIn(provider.id, undefined, {
                    domain: email.split("@")[1],
                  })
                }
              >
                Sign in with SSO
              </button>
            </div>
          )
        }
 
        return (
          <div key={provider.id}>
            <button onClick={() => signIn(provider.id)}>
              Sign in with {provider.name}
            </button>
          </div>
        )
      })}
    </>
  )
}
 
export async function getServerSideProps(context) {
  const providers = await getProviders()
  return {
    props: { providers },
  }
}
Auth.js © Balázs Orbán and Team - 2024