Table of Contents
- Overview
- Server-Side Adapters
- Client-Side Adapters
- Common Patterns
- Testing Adapters
- Complete Examples
Overview
For the framework-agnostic linkage model (ensureCustomer(externalRef) from your backend after your own IdP login), see Customer linkage (bring your own client and IdP).
SolvaPay SDK uses authentication adapters to extract user IDs from requests. There are two types of adapters:
- Server-Side Adapters (
@solvapay/auth) - Extract user IDs from HTTP requests in API routes - Client-Side Adapters (
@solvapay/react) - Extract user IDs and tokens from client-side auth state
Server-Side Adapters
Server-side adapters are used with@solvapay/server to extract user IDs from HTTP requests in API routes, Express endpoints, and other server-side contexts.
Interface
Basic Example: JWT Token Adapter
Example: Session-Based Adapter
Example: Custom Header Adapter
Using with SolvaPay Server SDK
Client-Side Adapters
Client-side adapters are used with@solvapay/react to extract user IDs and tokens from client-side authentication state.
Interface
Basic Example: LocalStorage Adapter
Example: Context-Based Adapter
Example: Async Storage Adapter (React Native)
Common Patterns
Pattern 1: JWT Token with User ID Extraction
Pattern 2: Cookie-Based Authentication
Pattern 3: API Key with User Mapping
Testing Adapters
Mock Adapter for Testing
Testing with Adapters
Complete Examples
Example 1: Firebase Auth Adapter (Client-Side)
Example 2: Auth0 (Next.js App Router, v4)
Use@solvapay/next/middleware on the server and @solvapay/react/auth0 on the client. The canonical runnable reference is examples/nextjs-auth0.
Auth0 setup: create a Regular Web Application in the Auth0 Dashboard (httpOnly session cookie — not SPA/Native). If your IdP uses a short access-token TTL at the integrator edge, that stays on your side; SolvaPay keys customers on the stable Auth0 sub, so token expiry does not invalidate the customer mapping.
Server middleware (proxy.ts at project root):
x-user-id— Auth0sub, used asexternalRef/ customer referenceAuthorization: Bearer <id_token>— optional Auth0 ID token for email/name on first customer create
sk_* secret server-side.
Client provider:
proxy.ts bridges the session into x-user-id for API routes.
Example 3: Custom OAuth Adapter
Best Practices
-
Never Throw: Adapters should never throw exceptions. Return
nullif authentication fails. -
Handle Errors Gracefully: Catch all errors and return
nullinstead of throwing. - Cache When Possible: Cache expensive operations (like token verification) when appropriate.
- Type Safety: Use TypeScript for better type safety and developer experience.
- Test Thoroughly: Write tests for your adapters, including edge cases.
- Documentation: Document your adapter’s behavior and requirements.
Next Steps
- Express.js Integration Guide - Use adapters with Express
- Next.js Integration Guide - Use adapters with Next.js
- React Integration Guide - Use adapters with React
- Webhooks - Handle auth-related purchase events
- API Reference - Full API documentation