Follow the following steps to start configure your authentication endpoint and
start building your own security logic in Next.js’ /app
directory.
liveblocks/node
packageUsers can only interact with rooms they have access to. You can
configure permission access in an api/liveblocks-auth
endpoint by
creating the app/api/liveblocks-auth/route.ts
file with the
following code. This is where you will implement your security and
define if the current user has access to a specific room.
Here’s an example using the older API routes format in /pages
.
On the front end, you can now replace the publicApiKey
prop on LiveblocksProvider
with authEndpoint
pointing to the endpoint you just created.
If you need to pass custom headers or data to your endpoint, you can use authEndpoint as a callback instead.
A room can have defaultAccesses
, usersAccesses
, and groupsAccesses
defined.
Permissions are then checked when users try to connect to a room. For security purposes,
room permissions can only be set on the back-end through @liveblocks/node
or our REST API.
For instance, you can use liveblocks.createRoom
to create a new room with read-only public access levels while giving write access to specific groups and users.
For more information, make sure to read the section on room permissions.
Optionally, you can attach static metadata to each user, which will
be accessible in your app. First you need to define the types in
your config file, under UserMeta["info"]
.
When authenticating, you can then pass the user’s metadata to
prepareSession
in the endpoint we’ve just created.
User metadata has now been set! You can access this information in your app through
useSelf
.
Bear in mind that if you’re using the default Comments components,
you must specify a name
and avatar
in userInfo
.
Both userId
and userInfo
can then be used in your React application as such: