Secure Your Sitecore XM Cloud App with NextAuth.js: Authentication & Authorization
Modern digital experiences demand secure, personalized, and seamless user access. In projects built with Sitecore XM Cloud and Next.js , combining NextAuth.js with Azure AD B2C offers a robust solution for authentication, while custom middleware provides fine-grained authorization. In this blog post, I’ll walk you through how we implemented both in a Sitecore XM Cloud project. Authentication with Azure AD B2C and NextAuth.js We’re using NextAuth.js for handling authentication via Azure AD B2C . This provider allows us to manage sign-in, profile editing, and password reset flows while integrating additional user metadata from Salesforce. Key Features Azure AD B2C handles user identity and federation. NextAuth.js supports multiple user flows as separate providers. JWT-based sessions allow for stateless authentication across SSR and API routes. Here’s the core setup in /pages/api/auth/[...nextauth].ts : interface AzureADB2CProfile { sub: string; given_na...