Nextjs user-authentication best practice

I have built a small react application with an express backend.
I would like to transfer the react client into a nextjs application.

Unfortunately, I just do not know what’s the best practices getting access to the authenticated user in getServerSideProps.

I am authenticating the user in the express backend.
If the user is authenticated, he is able to perform user specific tasks, just with a valid jwt_token. Basic stuff …

Nextjs recommends, to use a package called next-iron-session which allows you to create a session and get access to the session data in getServerSideProps as well.

Basically my main idea is to create i a session route in the api folder of nextjs, which is creating a session, including the user data and the access token.
Inside getServerSideProps I am able to access that data if it’s there and prerender my pages with user data as well.
I just have the feeling that my Idea is not the best practice approach. I am making a lot of steps and there should be an easier solution without even using the api routes of nextjs.

That’s my steps.

  1. sending the user data to my express backend
  2. login the user, create an access token and send that data to my nextjs client
  3. Send that data to the session-route which I have created in nextjs to create the session

Maybe I am just overreacting and my idea is the best possible. Please let me know how you dealt with similar problems.


I am using firebase in my express backend. Nextjs is also showing an example with a package called next-firebase-auth. That package is able to achieve the same goal, like next-iron-session if you use firebase in the frontend. I just think it’s a bad idea to use the firebase package again just for the login functionality in the client, because it is a huge package. If you think different about that, let me know.