Using SSX with NextAuth

Getting started authenticating using SSX and NextAuth


This guide provides an example of how to set up your dapp to authenticate your users using SSX and NextAuth. NextAuth allows you to authenticate with multiple identity providers, and SSX enables you to add Sign-in with Ethereum authentication to your Next.js dapp easily.


This example follows along the ssx-test-nextauth example implementation, built with npm init @rainbow-me/[email protected] .

Install Dependencies

Install ssx and next-auth with your package manager of choice:
npm install @spruceid/ssx-react @spruceid/ssx-server next-auth
If you are using wagmi, SSX currently works with wagmi v0.7.15 and below. We are currently working on supporting all versions of wagmi!

Add NextAuth API Routes

In your dapp, we will add an API route (pages/api/auth/[...nextauth].ts) for NextAuth and configure it with SSX. SSX provides configured credentials and authorize functions to create a NextAuth provider. SSX also provides a session function, but it is likely you will want to modify the contents of the function to provide specific session data from the server to the frontend client.
import { NextApiRequest, NextApiResponse } from "next";
import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import { SSXNextAuth } from "@spruceid/ssx-react/next-auth/backend";
import { SSXServer } from "@spruceid/ssx-server";
export default async function auth(req: NextApiRequest, res: NextApiResponse) {
const ssxConfig = {};
const ssx = new SSXServer(ssxConfig);
const { credentials, authorize } = SSXNextAuth(req, res, ssx);
const providers = [
name: "Ethereum",
return await NextAuth(req, res, {
session: {
strategy: "jwt",
secret: process.env.NEXT_AUTH_SECRET,
callbacks: {
session: (sessionData) => {
const { session, user, token } = sessionData;
if (session.user) { = token.sub;
return session;

Add Providers to the Frontend

Next, you'll add the SSX provider and NextAuth Session provider to the frontend. This is done in the pages/_app.tsx file. Adding the providers here makes them available for any child component to access the session data.
import '../styles/globals.css';
import '@rainbow-me/rainbowkit/styles.css';
import { RainbowKitProvider, getDefaultWallets } from '@rainbow-me/rainbowkit';
import { chain, configureChains, createClient, WagmiConfig } from 'wagmi';
import { alchemyProvider } from 'wagmi/providers/alchemy';
import { publicProvider } from 'wagmi/providers/public';
import { SSXProvider } from '@spruceid/ssx-react';
import { SSXNextAuthRouteConfig } from '@spruceid/ssx-react/next-auth/frontend';
import { SessionProvider } from "next-auth/react";
const { chains, provider, webSocketProvider } = configureChains(
...(process.env.NEXT_PUBLIC_ENABLE_TESTNETS === 'true'
? [chain.goerli, chain.kovan, chain.rinkeby, chain.ropsten]
: []),
// This is Alchemy's default API key.
// You can get your own at
apiKey: process.env.NEXT_PUBLIC_ALCHEMY_API_KEY,
const { connectors } = getDefaultWallets({
appName: 'RainbowKit App',
const wagmiClient = createClient({
autoConnect: true,
const { server } = SSXNextAuthRouteConfig({ signInOptions: { callbackUrl:'/protected' }});
const ssxConfig: any = {
siweConfig: {
domain: "localhost:3000",
providers: {
function MyApp({ Component, pageProps }: any) {
return (
<WagmiConfig client={wagmiClient}>
<RainbowKitProvider chains={chains}>
<SSXProvider ssxConfig={ssxConfig}>
<SessionProvider session={pageProps.session} refetchInterval={0}>
<Component {...pageProps} />
export default MyApp;

Using SSX + NextAuth Sessions in your dapp

Now that you've set up the SSX and NextAuth Providers, you can use their corresponding hooks to access user information to protect pages from unauthorized access! The following is an example page:
import React from "react";
import styles from '../styles/Protected.module.css'
import { useSession } from 'next-auth/react';
import { useRouter } from 'next/router';
import { useSSX } from "@spruceid/ssx-react";
export default function Protected() {
const router = useRouter();
const { data: session, status } = useSession();
const { ssx, ssxLoaded } = useSSX();
const signOut = async () => {
await ssx?.signOut();
if (status === "loading") {
<div className={styles.container}>
<h2 className={styles.title}>Protected Page</h2>
<p className={styles.description}>Loading</p>
if (status === "unauthenticated") {
return (<div className={styles.container}>
<h2 className={styles.title}>Protected Page</h2>
<p className={styles.description}>
This page is only accessible to authenticated users.
return (
<div className={styles.container}>
<h2 className={styles.title}>Protected Page</h2>
<p className={styles.description}>
You are Authenticated as <br/>
<button onClick={signOut} disabled={!ssxLoaded}>Log Out</button>

Wrap up

Now that you have authentication in your dapp, take a deeper dive into some of the capabilities SSX gives you like signing in on behalf of a multisig, resolving ENS/Lens names, or customizing the SIWE message.
Have any questions? Hop into the Spruce discord and ask!