unauthorized
Source URL: https://nextjs.org/docs/app/api-reference/functions/unauthorized
unauthorized
Section titled “unauthorized”This feature is currently experimental and subject to change, it is not recommended for production.
The unauthorized function throws an error that renders a Next.js 401 error page. It’s useful for handling authorization errors in your application. You can customize the UI using the unauthorized.js file.
To start using unauthorized, enable the experimental authInterrupts configuration option in your next.config.js file:
import type { NextConfig } from 'next'
const nextConfig: NextConfig = { experimental: { authInterrupts: true, },}
export default nextConfigmodule.exports = { experimental: { authInterrupts: true, },}unauthorized can be invoked in Server Components, Server Functions, and Route Handlers.
import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export default async function DashboardPage() { const session = await verifySession()
if (!session) { unauthorized() }
// Render the dashboard for authenticated users return ( <main> <h1>Welcome to the Dashboard</h1> <p>Hi, {session.user.name}.</p> </main> )}import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export default async function DashboardPage() { const session = await verifySession()
if (!session) { unauthorized() }
// Render the dashboard for authenticated users return ( <main> <h1>Welcome to the Dashboard</h1> <p>Hi, {session.user.name}.</p> </main> )}Good to know
Section titled “Good to know”- The
unauthorizedfunction cannot be called in the root layout.
Examples
Section titled “Examples”Displaying login UI to unauthenticated users
Section titled “Displaying login UI to unauthenticated users”You can use unauthorized function to display the unauthorized.js file with a login UI.
import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export default async function DashboardPage() { const session = await verifySession()
if (!session) { unauthorized() }
return <div>Dashboard</div>}import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export default async function DashboardPage() { const session = await verifySession()
if (!session) { unauthorized() }
return <div>Dashboard</div>}import Login from '@/app/components/Login'
export default function UnauthorizedPage() { return ( <main> <h1>401 - Unauthorized</h1> <p>Please log in to access this page.</p> <Login /> </main> )}import Login from '@/app/components/Login'
export default function UnauthorizedPage() { return ( <main> <h1>401 - Unauthorized</h1> <p>Please log in to access this page.</p> <Login /> </main> )}Mutations with Server Actions
Section titled “Mutations with Server Actions”You can invoke unauthorized in Server Actions to ensure only authenticated users can perform specific mutations.
'use server'
import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'import db from '@/app/lib/db'
export async function updateProfile(data: FormData) { const session = await verifySession()
// If the user is not authenticated, return a 401 if (!session) { unauthorized() }
// Proceed with mutation // ...}'use server'
import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'import db from '@/app/lib/db'
export async function updateProfile(data) { const session = await verifySession()
// If the user is not authenticated, return a 401 if (!session) { unauthorized() }
// Proceed with mutation // ...}Fetching data with Route Handlers
Section titled “Fetching data with Route Handlers”You can use unauthorized in Route Handlers to ensure only authenticated users can access the endpoint.
import { NextRequest, NextResponse } from 'next/server'import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export async function GET(req: NextRequest): Promise<NextResponse> { // Verify the user's session const session = await verifySession()
// If no session exists, return a 401 and render unauthorized.tsx if (!session) { unauthorized() }
// Fetch data // ...}import { verifySession } from '@/app/lib/dal'import { unauthorized } from 'next/navigation'
export async function GET() { const session = await verifySession()
// If the user is not authenticated, return a 401 and render unauthorized.tsx if (!session) { unauthorized() }
// Fetch data // ...}Version History
Section titled “Version History”| Version | Changes |
|---|---|
v15.1.0 | unauthorized introduced. |
- unauthorized.js
- API reference for the unauthorized.js special file.