nodeops-auth

$27

Steps

-

Detect project setup — read package.json and check for lock files:

• Package manager: if pnpm-lock.yaml exists → pnpm, if yarn.lock exists → yarn, else → npm

• TypeScript: if tsconfig.json exists use .ts/.tsx extensions, else .js/.jsx

• Confirm app/ directory exists (App Router). If only pages/ exists, stop.

• Confirm next is in dependencies. If not, stop.

-

Install the package — run the appropriate install command:

• npm: npm install @nodeops-createos/integration-oauth

• pnpm: pnpm add @nodeops-createos/integration-oauth

• yarn: yarn add @nodeops-createos/integration-oauth

• If install fails: check if the user has network access and the registry is reachable. Suggest running the command manually if it keeps failing.

-

Create the API routes — create two separate route files, creating directories as needed:

app/api/auth/me/route.ts (or .js):

export { GET } from '@nodeops-createos/integration-oauth/server/me';

app/api/auth/token/route.ts (or .js):

export { POST } from '@nodeops-createos/integration-oauth/server/token';

-

Wrap layout with AuthProvider — read the root layout file. It could be app/layout.tsx, app/layout.jsx, app/layout.js, or app/layout.ts. Find whichever exists.

• Add the import at the top of the file:

import { AuthProvider } from '@nodeops-createos/integration-oauth';

• Find {children} inside the <body> tag. Wrap it with <AuthProvider>:

<AuthProvider>{children}</AuthProvider>

• Do NOT add "use client" to the layout. AuthProvider is already marked "use client" internally — it works fine when imported from a Server Component layout.

• If the layout already has other providers (e.g., ThemeProvider, QueryClientProvider), nest <AuthProvider> alongside them. Do NOT remove or replace existing providers.

• **If {children} is not directly inside <body>** (e.g., it's inside a wrapper div or fragment), wrap wherever {children} appears.

• If no layout file exists, stop and tell the user to create a root layout first.

-

Create the callback page — ask the user: "Where should users be redirected after login? (default: /dashboard)". Use their answer as the redirectTo value. Then create app/callback/page.tsx (or .jsx):

"use client";

import { useCallbackHandler } from "@nodeops-createos/integration-oauth";

export default function Callback() {

  const { loading, error } = useCallbackHandler({ redirectTo: "/dashboard" });

  if (loading) return (

    <div style={{ display: "flex", justifyContent: "center", alignItems: "center", height: "100vh" }}>

      <p>Signing in...</p>

    </div>

  );

  if (error) return <p>Login failed: {error}</p>;

  return null;

}

-

**Create .env.example** — create this file at the project root:

# ── Client-side (exposed to browser via NEXT_PUBLIC_ prefix) ──────────────────

NEXT_PUBLIC_NODEOPS_AUTH_URL=https://id.nodeops.network/oauth2/auth

NEXT_PUBLIC_NODEOPS_CLIENT_ID=your_client_id_here

NEXT_PUBLIC_NODEOPS_REDIRECT_URI=http://localhost:3000/callback

NEXT_PUBLIC_NODEOPS_SCOPES=offline_access offline openid

# ── Server-side only (never sent to browser) ──────────────────────────────────

NODEOPS_CLIENT_SECRET=your_client_secret_here

NODEOPS_TOKEN_URL=https://id.nodeops.network/oauth2/token

NODEOPS_USERINFO_URL=https://autogen-v2-api.nodeops.network/v1/users/me

-

**Create .env.local** — if .env.local does not already exist, copy .env.example to .env.local and remind the user to fill in NEXT_PUBLIC_NODEOPS_CLIENT_ID and NODEOPS_CLIENT_SECRET with their credentials from the NodeOps developer portal. If .env.local already exists, append the missing NODEOPS_ vars only — do NOT overwrite existing values.

-

**Check .gitignore** — read .gitignore (if it exists). If .env.local is NOT listed, add it to prevent leaking secrets. Also ensure .env is listed. If no .gitignore exists, create one with at least:

.env

.env.local

-

Docker/container deployment — check if a Dockerfile exists in the project root. If it does, verify it handles NodeOps env vars correctly and warn the user if not. If the user asks about Docker or deployment, create or update the Dockerfile.

Critical: NEXT_PUBLIC_* vars are baked into the JS bundle at build time by Next.js. They must be set as ENV or ARG in the Dockerfile before RUN npm run build. Setting them only at runtime does nothing — the bundle will contain undefined.

The two categories of vars:

Variable

When needed

Why

NEXT_PUBLIC_NODEOPS_AUTH_URL

Build time

Inlined into client JS bundle

NEXT_PUBLIC_NODEOPS_CLIENT_ID

Build time

Inlined into client JS bundle

NEXT_PUBLIC_NODEOPS_REDIRECT_URI

Build time

Inlined into client JS bundle

NEXT_PUBLIC_NODEOPS_SCOPES

Build time

Inlined into client JS bundle

NODEOPS_CLIENT_SECRET

Runtime only

Read by API route on each request

NODEOPS_TOKEN_URL

Runtime only

Read by API route on each request

NODEOPS_USERINFO_URL

Runtime only

Read by API route on each request

CreateOS note: CreateOS uses the Dockerfile when one is present. Use a single-stage Dockerfile only — multi-stage builds with COPY --from=builder fail on this platform. Remove the Dockerfile entirely to fall back to CreateOS's default install/run commands. See the CreateOS section (step 10) for the runtime config workaround for NEXT_PUBLIC_* vars.

Example Dockerfile (single-stage, compatible with CreateOS):

FROM node:20-alpine

WORKDIR /app

COPY package*.json ./

RUN npm ci

COPY . .

# NEXT_PUBLIC_* must be present at build time — they get baked into the JS bundle

ARG NEXT_PUBLIC_NODEOPS_AUTH_URL=https://id.nodeops.network/oauth2/auth

ARG NEXT_PUBLIC_NODEOPS_CLIENT_ID

ARG NEXT_PUBLIC_NODEOPS_REDIRECT_URI

ARG NEXT_PUBLIC_NODEOPS_SCOPES=offline_access offline openid

ENV NEXT_PUBLIC_NODEOPS_AUTH_URL=$NEXT_PUBLIC_NODEOPS_AUTH_URL

ENV NEXT_PUBLIC_NODEOPS_CLIENT_ID=$NEXT_PUBLIC_NODEOPS_CLIENT_ID

ENV NEXT_PUBLIC_NODEOPS_REDIRECT_URI=$NEXT_PUBLIC_NODEOPS_REDIRECT_URI

ENV NEXT_PUBLIC_NODEOPS_SCOPES=$NEXT_PUBLIC_NODEOPS_SCOPES

# Server-side vars — only needed at runtime, read per-request by API routes

ENV NODEOPS_CLIENT_SECRET=""

ENV NODEOPS_TOKEN_URL=https://id.nodeops.network/oauth2/token

ENV NODEOPS_USERINFO_URL=https://autogen-v2-api.nodeops.network/v1/users/me

RUN npm run build

EXPOSE 3000

CMD ["npm", "start"]

Also ensure .dockerignore excludes .env.local:

.env

.env.local

node_modules

.next

If the project deploys to Vercel or similar: no Dockerfile is needed — those platforms inject env vars before building automatically. Just remind the user to add the vars in their platform's dashboard.

-

CreateOS / build-then-inject platforms — CreateOS uses the Dockerfile when one is present, but injects env vars after the build step. This means NEXT_PUBLIC_* vars are undefined at build time even with ARG/ENV in the Dockerfile. Use the runtime config workaround below, or remove the Dockerfile entirely to fall back to CreateOS's default install/run commands.

What the package handles automatically (v1.x+)

AuthProvider from @nodeops-createos/integration-oauth v1.x+ auto-fetches /api/config at runtime if NEXT_PUBLIC_* vars are missing from the bundle. No extra setup is needed — just make sure the API route exists (step 10a below).

If using an older package version, add manually:

10a. Create app/api/config/route.ts (or .js):

import { NextResponse } from 'next/server';

export const dynamic = 'force-dynamic';

export async function GET() {

  return NextResponse.json({

    NEXT_PUBLIC_NODEOPS_AUTH_URL:     process.env.NEXT_PUBLIC_NODEOPS_AUTH_URL     || 'https://id.nodeops.network/oauth2/auth',

    NEXT_PUBLIC_NODEOPS_CLIENT_ID:    process.env.NEXT_PUBLIC_NODEOPS_CLIENT_ID    || '',

    NEXT_PUBLIC_NODEOPS_REDIRECT_URI: process.env.NEXT_PUBLIC_NODEOPS_REDIRECT_URI || '',

    NEXT_PUBLIC_NODEOPS_SCOPES:       process.env.NEXT_PUBLIC_NODEOPS_SCOPES       || 'offline_access offline openid',

  });

}

This route reads NEXT_PUBLIC_* vars from the server environment at runtime (where they ARE available) and exposes them to the client via a JSON endpoint.

10b. Create components/EnvBootstrap.tsx (or .jsx):

"use client";

import { useEffect, useState } from "react";

export default function EnvBootstrap({ children }: { children: React.ReactNode }) {

  const [ready, setReady] = useState(

    // If vars are already baked in (e.g. local dev), skip the fetch

    typeof window !== "undefined" && !!process.env.NEXT_PUBLIC_NODEOPS_CLIENT_ID

  );

  useEffect(() => {

    if (ready) return;

    fetch("/api/config")

      .then((r) => r.json())

      .then((env) => {

        // Patch process.env so AuthProvider picks them up

        Object.assign(process.env, env);

        setReady(true);

      })

      .catch((err) => {

        console.error("Failed to load runtime config:", err);

        setReady(true); // render anyway so error states show

      });

  }, [ready]);

  if (!ready) return null;

  return <>{children}</>;

}

10c. Update the root layout to wrap AuthProvider with EnvBootstrap:

import { AuthProvider } from '@nodeops-createos/integration-oauth';

import EnvBootstrap from '@/components/EnvBootstrap';

// inside <body>:

<EnvBootstrap>

  <AuthProvider>{children}</AuthProvider>

</EnvBootstrap>

This ensures env vars are fetched from the server and patched into process.env before AuthProvider initializes on the client.

-

Show a summary — print a clear summary:

• Files created/modified (list each one)

• Files skipped (if any were already present)

• Remind user to fill in the 2 required env vars: NEXT_PUBLIC_NODEOPS_CLIENT_ID and NODEOPS_CLIENT_SECRET

• If a Dockerfile exists, remind that NEXT_PUBLIC_* vars must be set before npm run build in the Dockerfile

• Show how to use the hooks in any page:

import { useAuth, useUser } from '@nodeops-createos/integration-oauth';

const { isAuthenticated, login, logout, loading, authError } = useAuth();

const { user } = useUser();