Overview
This is a note about using Drupal OAuth with NextAuth.js.
Behavior
Access the app created with Next.js and press the “Sign in” button.

If you are not logged into Drupal, you will be redirected to the login screen.

If you are already logged in, an authorization button is displayed. Click to authorize.

The login information is displayed.

Drupal-Side Setup
Module Installation
Install the following module.
https://www.drupal.org/project/simple_oauth
I installed the latest version available at the time of writing.
Generating Keys for Token Encryption
Generate a key pair and save them outside the document root for security.
Setting Key Paths
Set the key paths in the admin panel:
/admin/config/people/simple_oauth
If running Drupal on Amazon Lightsail, you may need to change the file owner as follows.
Clients
Access /admin/config/services/consumer.
The default_consumer is already created, so edit it.
- Enter a value in
New Secret. - Select
Authorization CodeforGrant types. - Enter the following in
Redirect URIs:- http://localhost:3000/api/auth/callback/drupal
- https://oauth.pstmn.io/v1/callback (for testing with Postman)
- Enter a value for
Access token expiration time.


Verifying with Postman
Enter the following settings. Assume Drupal is set up at https://drupal.example.org.
- Authorization URL: https://drupal.example.org/oauth/authorize
- Access Token URL: https://drupal.example.org/oauth/token
- Client ID: The value configured in Drupal
- Client Secret: The value configured in Drupal

When you click “Get New Access Token”, as shown in the behavior section at the beginning, you are redirected to the Drupal screen. After authorization, you are redirected to:
https://oauth.pstmn.io/v1/callback?code=...

Using from Next.js
You can check the source code here:
https://github.com/nakamura196/drupal_oauth_app
There may be room for improvement, but I was able to verify functionality with the following configuration.
Summary
I hope this serves as a helpful reference for using Drupal OAuth.