Server Components
Import from @authgear/nextjs/server. These functions are server-only — they read cookies and must not be called from Client Components.
currentUser
Returns the authenticated user, or null if not logged in. Automatically refreshes an expired access token.
UserInfo fields
| Field | Type | Description |
|---|---|---|
sub | string | Subject identifier (unique user ID) |
email | string? | Email address |
emailVerified | boolean? | Whether the email is verified |
phoneNumber | string? | Phone number |
name | string? | Full name |
givenName | string? | Given name |
familyName | string? | Family name |
picture | string? | Avatar URL |
preferredUsername | string? | Username |
roles | string[]? | Authgear roles |
isAnonymous | boolean? | Whether this is an anonymous user |
isVerified | boolean? | Whether the user is verified |
customAttributes | Record<string, unknown>? | Custom attributes from Authgear |
raw | Record<string, unknown> | The raw userinfo response |
auth
Returns the raw session (tokens + state) without making a userinfo request. The access token is automatically refreshed if expired, so session.accessToken is always valid when state is Authenticated.
Use auth() in Server Actions that need to call a downstream API on behalf of the user — it gives you a fresh access token without fetching the full user profile.
Session fields
| Field | Type | Description |
|---|---|---|
state | SessionState | Unknown | NoSession | Authenticated |
accessToken | string | null | Current access token |
refreshToken | string | null | Refresh token |
idToken | string | null | ID token (JWT) |
expiresAt | number | null | Access token expiry (Unix timestamp) |
getOpenURL
Returns a URL that opens an Authgear-hosted page (e.g. the Settings UI) with the current user already authenticated — no re-login required. Use it in a Server Action, then open the URL in a new tab from the client.
getOpenURL exchanges the user’s refresh token for a short-lived app_session_token and builds an authorization URL that uses it as a login_hint. The function throws if the user is not authenticated or has no refresh token.
Page values
| Value | Authgear page |
|---|---|
Page.Settings | User settings (/settings) |
You can also pass an arbitrary path string (e.g. "/custom-page") if the target page is not in the Page enum.