Getting Started/Next.js

Reading Session and User Data

The Descope Next.js SDK provides utilities for retrieving user session data in both the App Router (app/) and Pages Router (pages/).

This guide covers:

  • Accessing session data on the client
  • Retrieving session data on the server
  • Differences between App Router and Pages Router
  • When to use session() vs. getSession(req)
  • Using createSdk() for backend authentication

Client Side

The Descope SDK provides hooks to access session/user data in client components. For more details, visit our Auth Helpers page.

Displaying Logged-in User Information

'use client';
import { useDescope, useSession, useUser } from '@descope/nextjs-sdk/client';
 
export default function Dashboard() {
  const { isAuthenticated, isSessionLoading } = useSession();
  const { user } = useUser();
  const sdk = useDescope();
 
  if (isSessionLoading) {
    return <p>Loading...</p>;
  }
 
  if (!isAuthenticated) {
    return <p>You are not logged in</p>;
  }
 
  return (
    <div>
      <p>Welcome, {user?.name}</p>
      <button onClick={() => sdk.logout()}>Logout</button>
    </div>
  );
}

Server Side

Session data can be retrieved inside API routes, Middleware, and Server Components using session() or getSession(req).

Comparison of Methods

FunctionUse CaseWorks in Middleware?Works in API Routes?Works in Server Components?
session()App Router, Middleware, Server ComponentsYesYesYes
getSession(req)Pages Router API routesNoYesNo

Using session() in Middleware and App Router

The session() function reads session data from cookies and headers.

Protecting a Server Component

import { session } from '@descope/nextjs-sdk/server';
 
async function Dashboard() {
  const currentSession = await session();
  
  if (!currentSession) {
    return <p>Access Denied</p>;
  }
 
  return <p>Welcome, {currentSession.token.sub}</p>;
}
  • Works in Server Components
  • Works in Middleware
  • Not dependent on authMiddleware(), but middleware is recommended

Using getSession(req) in Pages Router API Routes

getSession(req) retrieves session data in Next.js API routes (pages/api/).

Protecting an API Route (Pages Router)

import { getSession } from '@descope/nextjs-sdk/server';
import type { NextApiRequest, NextApiResponse } from 'next';
 
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const currentSession = getSession(req);
 
  if (!currentSession) {
    return res.status(401).json({ message: 'Unauthorized' });
  }
 
  return res.status(200).json({ user: currentSession.token.sub });
}
  • Works only in Pages Router (pages/api/)
  • Do not use in Middleware (use session() instead)

Using SDK in Server Components/API Routes

For backend API interactions, use createSdk() to access the Descope Management API.

Fetching User Data from the Descope Management SDK

import { createSdk } from '@descope/nextjs-sdk/server';
 
const sdk = createSdk({
  projectId: process.env.NEXT_PUBLIC_DESCOPE_PROJECT_ID,
  managementKey: process.env.DESCOPE_MANAGEMENT_KEY
});
 
export async function GET() {
  const { ok, data: user } = await sdk.management.user.load('user123');
 
  if (!ok) {
    return new Response('User not found', { status: 404 });
  }
 
  return Response.json(user);
}

When to Use Each Method

Use CaseApp RouterPages RouterMiddlewareAPI Routes
Client Hooks (useSession, useUser)YesYesNoNo
Middleware (authMiddleware())YesYesYesNo
Session Function (session())YesNoYesYes
API Routes (getSession(req))NoYesNoYes
Management API (createSdk())YesYesYesYes

Additional Considerations

For more details on handling session and authentication events, refer to the Client SDK Auth Helpers documentation.

This includes:

  • Session and user event listeners (onSessionTokenChange, onIsAuthenticatedChange, onUserChange)
  • Handling session expiration and refresh
  • Redirecting users after logout
  • Managing authentication state across multiple tabs

By leveraging these utilities, you can ensure a seamless and secure authentication experience for users across your Next.js application.

Was this helpful?

Next

Protecting Routes with Middleware

Next

SSR Considerations

On this page