Skip to main content
Typed clients for all Immutable APIs and services.
Who is this for? Web developers and TypeScript developers looking to build web3 applications and integrate blockchain features seamlessly.

Packages

Install only what you need:
Install individual packages instead of @imtbl/sdk for smaller bundles and better tree-shaking.

Installation

Or install individual packages for smaller bundles:

Framework Setup

Use @imtbl/auth-next-server and @imtbl/auth-next-client for full Next.js integration with server-side session management, automatic token refresh, and route protection.
These packages require Next.js 14+ with the App Router. For Pages Router or other React frameworks, use @imtbl/auth directly.

Prerequisites

  • Client ID from your Passport client in Hub
  • Next.js 14 or 15 with App Router
  • An AUTH_SECRET environment variable (any random string, minimum 32 characters)

Installation

Setup

1

Create auth configuration

Create your auth configuration:
Create the API route handler:
Wrap your app with SessionProvider:
Set environment variables:
2

Create a callback page

Handle the OAuth redirect after login.
3

Set environment variables

For login, logout, session management, and wallet operations using the client hooks, see the Next.js tabs on the Authentication and Wallet pages.

Next.js Configuration

createAuthConfig

Creates an Auth.js v5 configuration object for Immutable authentication. When called with no arguments, createAuthConfig() uses sandbox defaults for quick prototyping.
Zero-config mode uses a shared public sandbox client ID. For production, always use your own client ID from Immutable Hub.

Extending the configuration

You can spread the base config and add any Auth.js options. This is the pattern used in the Passport sample app to support multiple environments:

Next.js Server Utilities

Use these in Server Components and Server Actions to handle authentication on the server.

getAuthProps

Pass authentication state to a Client Component when data fetching happens client-side.

getAuthenticatedData

Fetch data server-side for faster initial loads, with automatic client-side fallback when the token is expired.

createProtectedFetchers

Define auth error handling once and reuse it across all protected pages.

getValidSession

Get fine-grained control over different authentication states.

Next.js Route Protection

Middleware

Protect entire sections of your app at the routing level before pages render. Use middleware when you have groups of pages that all require authentication (such as /dashboard/* or /settings/*) and you want to redirect unauthenticated users before any page code runs.
Do not use middleware for pages that show different content for authenticated vs unauthenticated users, or for public pages with optional authenticated features. Use page-level checks with getAuthProps or getValidSession instead.

Protected API Routes

Use withAuth to protect individual Route Handlers or Server Actions.
Inside withAuth handlers, the session object includes accessToken directly since these run server-side. This is different from the client-side useImmutableSession hook where you must use getAccessToken().

Next.js Session Type Reference

The server-side session (available in withAuth handlers and getAuthenticatedData fetchers) includes the following fields:
The client-side session from useImmutableSession intentionally omits accessToken to prevent use of stale tokens. Use getAccessToken() for API calls or getUser() for wallet integration.
The idToken is not stored in the session cookie to stay within CDN header size limits. On the client, @imtbl/auth-next-client persists it in localStorage so wallet operations can access it via getUser().

Next.js Exported Utilities

The server package exports low-level utilities for manual token handling:

Environment Configuration

Next Steps

Getting Started

Configure Your Project

Set up credentials and OAuth client in Immutable Hub

Authentication

Initialize Passport and implement login

Wallet Operations

Access wallet addresses and balances

Minting API

Server-side minting for NFTs at scale

Additional Resources

Architecture

Understand the security model and smart contract wallets

FAQ

Common questions and troubleshooting

GitHub

SDK source code

npm

Package registry