Integrate Crossmint Auth on the server-side for user authentication and management
Crossmint Auth provides a flexible and simple authentication solution for your crypto server-side applications. This guide covers how to integrate and use Crossmint Auth across various server-side frameworks.
Fetches the current JWT and refresh token from the cookies with keys crossmint-jwt and crossmint-refresh-token.
Checks if the current JWT is valid
Refreshes the session if needed
Stores the new JWT and refresh token in cookies
Returns new auth materials and the user ID
For other frameworks that do not expose standard request and response objects, such as Next.js using the App Router, you can pass in an object with jwt and refreshToken properties instead:
import{ NextResponse }from"next/server";importtype{ NextRequest }from"next/server";import{ createCrossmint, CrossmintAuth }from"@crossmint/server-sdk";exportasyncfunctionmiddleware(request: NextRequest){// Skip middleware for API routes and static filesif(request.nextUrl.pathname.startsWith("/api")|| request.nextUrl.pathname.startsWith("/_next")){return NextResponse.next();}const response = NextResponse.next();const jwt = request.cookies.get("crossmint-jwt")?.value;const refreshToken = request.cookies.get("crossmint-refresh-token")?.value;if(refreshToken ==null){return response;}try{const crossmint =createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY||"",});const crossmintAuth = CrossmintAuth.from(crossmint);const{ jwt: newJwt, refreshToken: newRefreshToken }=await crossmintAuth.getSession({ jwt, refreshToken,});// Only update response cookies if tokens have changedif(newJwt !== jwt || newRefreshToken.secret !== refreshToken){ response.cookies.set("crossmint-jwt", newJwt); response.cookies.set("crossmint-refresh-token", newRefreshToken.secret);}}catch(_){// If auth fails, clear cookies and redirect to home response.cookies.delete("crossmint-jwt"); response.cookies.delete("crossmint-refresh-token");}return response;}
For other frameworks that do not expose standard request and response objects, such as Next.js using the App Router, you can pass in an object with jwt and refreshToken properties instead:
import{ NextResponse }from"next/server";importtype{ NextRequest }from"next/server";import{ createCrossmint, CrossmintAuth }from"@crossmint/server-sdk";exportasyncfunctionmiddleware(request: NextRequest){// Skip middleware for API routes and static filesif(request.nextUrl.pathname.startsWith("/api")|| request.nextUrl.pathname.startsWith("/_next")){return NextResponse.next();}const response = NextResponse.next();const jwt = request.cookies.get("crossmint-jwt")?.value;const refreshToken = request.cookies.get("crossmint-refresh-token")?.value;if(refreshToken ==null){return response;}try{const crossmint =createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY||"",});const crossmintAuth = CrossmintAuth.from(crossmint);const{ jwt: newJwt, refreshToken: newRefreshToken }=await crossmintAuth.getSession({ jwt, refreshToken,});// Only update response cookies if tokens have changedif(newJwt !== jwt || newRefreshToken.secret !== refreshToken){ response.cookies.set("crossmint-jwt", newJwt); response.cookies.set("crossmint-refresh-token", newRefreshToken.secret);}}catch(_){// If auth fails, clear cookies and redirect to home response.cookies.delete("crossmint-jwt"); response.cookies.delete("crossmint-refresh-token");}return response;}
For Express.js applications, you can create middleware to handle authentication: