Sign in

Read Authentication State

This guide shows how to read authentication and authorization state in a Next.js application using the MonoCloud SDK.

These helpers are useful when you want to conditionally render UI, check permissions, or call APIs.

When to use these helpers

Use these methods when you need information about the current session.

Typical use cases include:

  • Showing different UI for signed-in vs signed-out users
  • Reading the current user profile
  • Conditionally enabling features
  • Checking group membership
  • Retrieving tokens to call your own APIs

Before you begin

This guide assumes you’ve completed the relevant Next.js quickstart:

You should already have:

  • A Next.js project
  • Environment variables configured in .env.local
  • Authentication middleware registered

Check if a user is authenticated

Use isAuthenticated() to check whether the current request has a valid user session.

tsx
const isSignedIn = await isAuthenticated();

Behavior

  • Returns true if the user is signed in
  • Returns false if no valid session exists
  • Does not redirect or throw

Example: Conditional UI (Server Component)

src/app/page.tsx
import { isAuthenticated } from "@monocloud/auth-nextjs";

export default async function Header() {
  const isSignedIn = await isAuthenticated();

  return (
    <header>
      {isSignedIn ? "Welcome back" : "Please sign in"}
    </header>
  );
}

Use this when you only need to check whether the user is authenticated.

Read the current session

Use getSession() to retrieve the full session, including the authenticated user.

tsx
const session = await getSession();

Behavior

  • Returns undefined if the user is not authenticated
  • Returns a session object if authenticated
  • Includes the user profile, claims & tokens

Example

tsx
const session = await getSession();

if (!session) {
  return null;
}

console.log(session.user.email);

When to use getSession()

  • You need access to user details
  • You want to read claims or metadata
  • You need tokens for API calls

Retrieve tokens

Use getTokens() to access the current user’s tokens.

tsx
const tokens = await getTokens();

Behavior

  • Throws MonoCloudValidationError if the session does not exist or tokens cannot be found/refreshed.
  • Returns access and ID tokens when authenticated

Common use case: calling your API

tsx
const tokens = await getTokens();

await fetch("https://api.example.com/data", {
  headers: {
    Authorization: `Bearer ${tokens.accessToken}`,
  },
});

Notes

  • Tokens are server-only
  • Do not expose tokens to the browser

Check group membership

Use isUserInGroup() to check whether the current user belongs to a specific group.

tsx
const isAdmin = await isUserInGroup(["admin"]);

Behavior

  • Returns false if the user is unauthenticated
  • Returns true if the user belongs to the group
  • Returns false otherwise

Example

tsx
if (await isUserInGroup(["admin"])) {
  // enable admin feature
}

Enable group claims

To use group-based checks:

  1. In the MonoCloud Dashboard, add groups to the application scopes
  2. Update your .env.local:
.env.local
MONOCLOUD_AUTH_SCOPES=openid profile email groups
After updating scopes, users must sign out and sign back in for the new claims to be included in their session.

Next steps

Continue securing your application:

© 2024 MonoCloud. All rights reserved.