Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,140 --> 00:00:04,870 At the moment we only have the API route 2 00:00:04,870 --> 00:00:06,420 for logging users in. 3 00:00:06,420 --> 00:00:10,920 We also need the front-end logic in the auth-form component. 4 00:00:10,920 --> 00:00:15,260 There, we have to check whether we are logging in, 5 00:00:15,260 --> 00:00:17,800 but we're not doing anything If we are. 6 00:00:17,800 --> 00:00:20,460 Well, here we need to sign the user in. 7 00:00:20,460 --> 00:00:25,460 And here we now don't need to send our own http request. 8 00:00:25,460 --> 00:00:27,730 We don't need to configure it ourselves. 9 00:00:27,730 --> 00:00:29,420 And we shouldn't. 10 00:00:29,420 --> 00:00:34,420 Instead here we'll again import from next dash auth, 11 00:00:35,220 --> 00:00:38,483 but now from next dash auth slash client. 12 00:00:39,350 --> 00:00:44,350 And from there, we can import to signIn function. 13 00:00:44,810 --> 00:00:46,513 This signIn function. 14 00:00:47,390 --> 00:00:50,680 That's a function which we can call in our component 15 00:00:50,680 --> 00:00:53,430 to send a signIn request. 16 00:00:53,430 --> 00:00:55,993 And the request will be sent automatically. 17 00:00:57,150 --> 00:00:59,220 So we just called signIn here 18 00:00:59,220 --> 00:01:02,100 and now we can pass in some data here. 19 00:01:02,100 --> 00:01:03,450 The first argument, 20 00:01:03,450 --> 00:01:05,019 describes the provider 21 00:01:05,019 --> 00:01:07,000 with which we wanna signIn. 22 00:01:07,000 --> 00:01:09,360 Because we could have multiple providers, 23 00:01:09,360 --> 00:01:11,510 in the same application. 24 00:01:11,510 --> 00:01:15,860 Here, It's the credentials provider, 25 00:01:15,860 --> 00:01:18,410 and hence we should write it like this. 26 00:01:18,410 --> 00:01:21,970 Then we can also pass a second argument here. 27 00:01:21,970 --> 00:01:23,990 That is a configuration object. 28 00:01:23,990 --> 00:01:26,190 Now, where we can configure 29 00:01:26,190 --> 00:01:28,830 how the signIn process should work. 30 00:01:28,830 --> 00:01:32,470 And specifically here, we can add a redirect field 31 00:01:32,470 --> 00:01:34,410 and set it to false. 32 00:01:34,410 --> 00:01:36,090 You might remember that I said 33 00:01:36,090 --> 00:01:39,750 that when nextauth is used here on the back-end, 34 00:01:39,750 --> 00:01:41,240 in this API route, 35 00:01:41,240 --> 00:01:43,170 that when we throw an Error here, 36 00:01:43,170 --> 00:01:47,000 because authentication failed that by default, 37 00:01:47,000 --> 00:01:49,910 next JS would redirect us to another page, 38 00:01:49,910 --> 00:01:51,640 to an error page. 39 00:01:51,640 --> 00:01:53,360 And to this something we could utilize, 40 00:01:53,360 --> 00:01:55,750 we can then set up such an error page, 41 00:01:55,750 --> 00:01:57,980 and we can configure that error page. 42 00:01:57,980 --> 00:02:00,060 You can check out the next options 43 00:02:00,060 --> 00:02:02,900 for the credentials provider to learn more about that. 44 00:02:02,900 --> 00:02:06,550 But more often you typically wanna leave the user 45 00:02:06,550 --> 00:02:08,750 on the page where he or she is 46 00:02:08,750 --> 00:02:11,630 and just shows some error message there. 47 00:02:11,630 --> 00:02:13,390 So, if we are logging in here, 48 00:02:13,390 --> 00:02:16,000 I don't want to be redirected If it fails. 49 00:02:16,000 --> 00:02:18,670 I maybe just want to show an overlay 50 00:02:18,670 --> 00:02:22,120 or a little text here below the inputs. 51 00:02:22,120 --> 00:02:25,140 And to avoid that we are redirected, 52 00:02:25,140 --> 00:02:29,970 we can set redirect to false in that second argument 53 00:02:29,970 --> 00:02:31,300 of the signIn method. 54 00:02:31,300 --> 00:02:33,860 So, in this configuration object. 55 00:02:33,860 --> 00:02:37,150 Now when setting redirect to false, 56 00:02:37,150 --> 00:02:39,130 signIn we'll actually return up promise 57 00:02:39,130 --> 00:02:42,170 which eventually yields us our result. 58 00:02:42,170 --> 00:02:44,400 The promise will always resolve. 59 00:02:44,400 --> 00:02:45,930 It will not be rejected. 60 00:02:45,930 --> 00:02:47,820 Even if we have an error 61 00:02:47,820 --> 00:02:50,220 in our back-end authentication code. 62 00:02:50,220 --> 00:02:51,870 But if we had an error there, 63 00:02:51,870 --> 00:02:53,440 result would be an object 64 00:02:53,440 --> 00:02:56,140 that contains information about the error. 65 00:02:56,140 --> 00:02:59,050 If we have no error during authentication, 66 00:02:59,050 --> 00:03:01,060 result is still an object, 67 00:03:01,060 --> 00:03:03,630 but without the error information. 68 00:03:03,630 --> 00:03:05,740 So, this will never throw an Error. 69 00:03:05,740 --> 00:03:07,430 It will never be rejected. 70 00:03:07,430 --> 00:03:10,250 It's just a content of this result object, 71 00:03:10,250 --> 00:03:11,363 which will differ. 72 00:03:12,570 --> 00:03:15,730 And now besides passing redirect false, 73 00:03:15,730 --> 00:03:19,460 we also wanna pass our credential data to the back-end. 74 00:03:19,460 --> 00:03:22,550 We do descend this second argument as well 75 00:03:22,550 --> 00:03:26,090 because it is actually the second argument as a whole, 76 00:03:26,090 --> 00:03:29,790 which is received in our authorized function, 77 00:03:29,790 --> 00:03:32,083 as this credentials argument here. 78 00:03:33,080 --> 00:03:34,950 So this credentials parameter, 79 00:03:34,950 --> 00:03:38,660 is that second argument which be passed to signIn. 80 00:03:38,660 --> 00:03:41,400 And here I'm trying to access an email 81 00:03:41,400 --> 00:03:43,370 and a password field. 82 00:03:43,370 --> 00:03:46,100 And therefore to make sure that this works, 83 00:03:46,100 --> 00:03:50,440 in auth-form besides setting redirect to false. 84 00:03:50,440 --> 00:03:52,350 We should also add in the email 85 00:03:52,350 --> 00:03:54,387 and set this to enteredEmail. 86 00:03:55,480 --> 00:03:59,107 And add a password key and set this to enteredPassword. 87 00:04:00,340 --> 00:04:03,250 And with that, we're sending this signIn request 88 00:04:03,250 --> 00:04:06,983 and I'll now just log that result here. 89 00:04:08,100 --> 00:04:10,420 And that's all we have to do when it comes 90 00:04:10,420 --> 00:04:12,500 to signing users in. 91 00:04:12,500 --> 00:04:14,780 If we now save everything, 92 00:04:14,780 --> 00:04:18,399 we go back to that login page and reload it. 93 00:04:18,399 --> 00:04:20,720 If I enter a valid email here, 94 00:04:20,720 --> 00:04:23,880 but invalid password and I click login. 95 00:04:23,880 --> 00:04:26,240 I get could not log you in. 96 00:04:26,240 --> 00:04:27,500 Which makes sense 97 00:04:27,500 --> 00:04:32,500 because that proves that we made it past this first check, 98 00:04:32,760 --> 00:04:36,430 where we check for the general existence of a user. 99 00:04:36,430 --> 00:04:40,020 But we then failed when we tried to get the password. 100 00:04:40,020 --> 00:04:41,540 And you'll see what I meant. 101 00:04:41,540 --> 00:04:43,170 We didn't get an error here. 102 00:04:43,170 --> 00:04:45,710 Instead, we just have to get result object, 103 00:04:45,710 --> 00:04:47,833 which has an error value. 104 00:04:49,260 --> 00:04:52,410 Now If I do enter an invalid email address 105 00:04:52,410 --> 00:04:54,990 which is not part of the database, 106 00:04:54,990 --> 00:04:56,823 I get no user found. 107 00:04:58,050 --> 00:05:01,670 Now, if I do enter valid credentials though, 108 00:05:01,670 --> 00:05:05,360 then we see that error now is null. 109 00:05:05,360 --> 00:05:06,830 So, now we got no error. 110 00:05:06,830 --> 00:05:08,580 Instead we succeeded. 111 00:05:08,580 --> 00:05:11,373 And that is how we can sign a user in. 112 00:05:12,310 --> 00:05:15,330 Now we can create users and log them in. 113 00:05:15,330 --> 00:05:18,440 And we get this yes, no response. 114 00:05:18,440 --> 00:05:22,670 What we're not doing yet though, is working with that token 115 00:05:22,670 --> 00:05:25,530 because of course in the front-end, 116 00:05:25,530 --> 00:05:29,820 in our front-end components, when we get the result here, 117 00:05:29,820 --> 00:05:34,820 we could now check if result error is falsey. 118 00:05:34,850 --> 00:05:38,430 Which means we have no error, which means we've succeeded. 119 00:05:38,430 --> 00:05:42,310 And we could then set some auth state, 120 00:05:42,310 --> 00:05:47,310 maybe also with help auth react context or a Redux 121 00:05:47,560 --> 00:05:50,840 and use that state to change what we see, 122 00:05:50,840 --> 00:05:54,330 for example to change the options in our header. 123 00:05:54,330 --> 00:05:56,030 We could now do that, 124 00:05:56,030 --> 00:05:59,600 but whenever we reload that state would be lost, 125 00:05:59,600 --> 00:06:02,970 because we start a brand new single page application 126 00:06:02,970 --> 00:06:04,140 when we reload. 127 00:06:04,140 --> 00:06:06,390 All the state, which was only stored 128 00:06:06,390 --> 00:06:09,890 in memory from the last visit would be lost. 129 00:06:09,890 --> 00:06:12,320 And that's not what we want. 130 00:06:12,320 --> 00:06:14,440 That's also not what we have to accept 131 00:06:14,440 --> 00:06:18,570 because that's exactly why we have this token concept. 132 00:06:18,570 --> 00:06:20,180 We can store that token 133 00:06:20,180 --> 00:06:24,860 in some more permanent storage than just our memory. 134 00:06:24,860 --> 00:06:29,070 And we can then also use that token to send requests 135 00:06:29,070 --> 00:06:31,890 to potentially protected APIs, 136 00:06:31,890 --> 00:06:33,670 like the change password API 137 00:06:33,670 --> 00:06:35,760 which we haven't implemented yet. 138 00:06:35,760 --> 00:06:37,690 And therefore in the next lecture 139 00:06:37,690 --> 00:06:41,880 let's now see how next JS helps us find 140 00:06:41,880 --> 00:06:45,790 out whether a user is authenticated or not. 141 00:06:45,790 --> 00:06:47,390 Starting on the client, 142 00:06:47,390 --> 00:06:50,110 later also for the API routes 10805