MonoCloud Authentication SDK
    Preparing search index...

    Class MonoCloudNextClient

    MonoCloudNextClient is the core SDK entry point for integrating MonoCloud authentication into a Next.js application.

    It provides:

    • Authentication middleware
    • Route protection helpers
    • Session and token access
    • Redirect utilities
    • Server-side enforcement helpers
    MONOCLOUD_AUTH_TENANT_DOMAIN=<tenant-domain>
    MONOCLOUD_AUTH_CLIENT_ID=<client-id>
    MONOCLOUD_AUTH_CLIENT_SECRET=<client-secret>
    MONOCLOUD_AUTH_SCOPES=openid profile email
    MONOCLOUD_AUTH_APP_URL=http://localhost:3000
    MONOCLOUD_AUTH_COOKIE_SECRET=<cookie-secret>

    import { authMiddleware } from "@monocloud/auth-nextjs";

    export default authMiddleware();

    export const config = {
      matcher: [
        "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
      ],
    };

    By default, the SDK exposes function exports (for example, authMiddleware(), getSession(), getTokens()) that internally use a shared singleton MonoCloudNextClient.

    Create your own MonoCloudNextClient instance when you need multiple configurations, dependency injection, or explicit control over initialization.

    import { MonoCloudNextClient } from "@monocloud/auth-nextjs";

    export const monoCloud = new MonoCloudNextClient();

    Once you create a client instance, call methods directly on it instead of using the default function exports.

    import { monoCloud } from "@/monocloud";

    export default async function Page() {
      const session = await monoCloud.getSession();

      if (!session) {
        return <>Not signed in</>;
      }

      return <>Hello {session.user.name}</>;
    }

    When configuration is provided through both constructor options and environment variables, the values passed to the constructor take precedence. Environment variables are used only for options that are not explicitly supplied.

    import { MonoCloudNextClient } from "@monocloud/auth-nextjs";

    export const monoCloud = new MonoCloudNextClient({
      tenantDomain: "<tenant-domain>",
      clientId: "<client-id>",
      clientSecret: "<client-secret>",
      appUrl: "http://localhost:3000",
      cookieSecret: "<cookie-secret>",
      defaultAuthParams: {
        scopes: "openid profile email",
      },
    });

    If you customize any of the default auth route paths:

    • Also set the corresponding NEXT_PUBLIC_ environment variables so client-side helpers (for example <SignIn />, <SignOut />, and useAuth()) can discover the correct URLs.
    • Update the Application URLs in your MonoCloud Dashboard to match the new paths.

    Example:

    MONOCLOUD_AUTH_CALLBACK_URL=/api/custom_callback
    NEXT_PUBLIC_MONOCLOUD_AUTH_CALLBACK_URL=/api/custom_callback

    When routes are overridden, the Redirect URI configured in the dashboard must reflect the new path. For example, during local development:

    http://localhost:3000/api/custom_callback

    Index

    Constructors

    constructor

    Accessors

    coreClient oidcClient

    Methods

    authMiddleware getSession getTokens isAuthenticated isUserInGroup monoCloudAuth protect protectApi protectPage redirectToSignIn redirectToSignOut

    Constructors

    Accessors

    Methods

    • Returns Promise<MonoCloudSession | undefined>

      Returns the resolved session, or undefined if none exists.

      getSession for full docs and examples.

    • Parameters

      • req: Request | NextRequest

        Incoming request used to read authentication cookies and headers to resolve the current user's session.

      • Optionalres: Response | NextResponse<unknown>

        Optional response to update if session resolution requires refreshed authentication cookies or headers.

      Returns Promise<MonoCloudSession | undefined>

      Returns the resolved session, or undefined if none exists.

      getSession for full docs and examples.

    • Parameters

      • req: NextApiRequest | IncomingMessage

        Incoming Node.js request used to read authentication cookies and resolve the current user's session.

      • res: NextApiResponse | ServerResponse<IncomingMessage>

        Outgoing Node.js response used to apply refreshed authentication cookies when required.

      Returns Promise<MonoCloudSession | undefined>

      Returns the resolved session, or undefined if none exists.

      getSession for full docs and examples.

    • Returns Promise<boolean>

      Returns true if a valid session exists; otherwise false.

      isAuthenticated for full docs and examples.

    • Parameters

      • req: Request | NextRequest

        Incoming request used to resolve authentication from cookies and headers.

      • Optionalres: Response | NextResponse<unknown>

        Optional response to update if refreshed authentication cookies or headers are required.

      Returns Promise<boolean>

      Returns true if a valid session exists; otherwise false.

      isAuthenticated for full docs and examples.

    • Parameters

      • req: NextApiRequest | IncomingMessage

        Incoming Node.js request used to resolve authentication from cookies.

      • res: NextApiResponse | ServerResponse<IncomingMessage>

        Outgoing Node.js response used to apply refreshed authentication cookies when required.

      Returns Promise<boolean>

      Returns true if a valid session exists; otherwise false.

      isAuthenticated for full docs and examples.

    • Parameters

      • groups: string[]

        Group IDs or names to check against the user's group memberships.

      • Optionaloptions: IsUserInGroupOptions

        Optional configuration controlling how group membership is evaluated.

      Returns Promise<boolean>

      Returns true if the user belongs to at least one specified group; otherwise false.

      isUserInGroup for full docs and examples.

    • Parameters

      • req: Request | NextRequest

        Incoming request used to resolve authentication from cookies and headers.

      • groups: string[]

        Group IDs or names to check against the user's group memberships.

      • Optionaloptions: IsUserInGroupOptions

        Optional configuration controlling how group membership is evaluated.

      Returns Promise<boolean>

      Returns true if the user belongs to at least one specified group; otherwise false.

      isUserInGroup for full docs and examples.

    • Parameters

      • req: Request | NextRequest

        Incoming request used to resolve authentication from cookies and headers.

      • res: Response | NextResponse<unknown>

        Existing response to update with refreshed authentication cookies or headers when required.

      • groups: string[]

        Group IDs or names to check against the user's group memberships.

      • Optionaloptions: IsUserInGroupOptions

        Optional configuration controlling how group membership is evaluated.

      Returns Promise<boolean>

      Returns true if the user belongs to at least one specified group; otherwise false.

      isUserInGroup for full docs and examples.

    • Parameters

      • req: NextApiRequest | IncomingMessage

        Incoming Node.js request used to resolve authentication from cookies.

      • res: NextApiResponse | ServerResponse<IncomingMessage>

        Outgoing Node.js response used to apply refreshed authentication cookies when required.

      • groups: string[]

        Group IDs or names to check against the user's group memberships.

      • Optionaloptions: IsUserInGroupOptions

        Optional configuration controlling how group membership is evaluated.

      Returns Promise<boolean>

      Returns true if the user belongs to at least one specified group; otherwise false.

      isUserInGroup for full docs and examples.

    Settings

    On This Page

    1. Add environment variables2. Register middlewareAdvanced usage
    Constructors
    Accessors
    Methods