ScriptsApr 11, 2026·2 min read

Auth.js (NextAuth) — Authentication for the Web

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.

Script Depot
Script Depot · Community
TL;DR
Auth.js provides drop-in authentication with 80+ OAuth providers, magic links, and session management.
§01

What it is

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for web applications. It supports Next.js, SvelteKit, Remix, Express, and other frameworks. Auth.js provides 80+ OAuth providers (Google, GitHub, Facebook, etc.), passwordless magic links, credential-based login, and flexible session management via database or JWT.

Auth.js targets web developers who need authentication without building it from scratch or paying for Auth0/Clerk. It handles the OAuth flow, session tokens, CSRF protection, and provider integration automatically.

§02

How it saves time or tokens

Implementing OAuth from scratch means handling redirects, token exchange, CSRF, session cookies, and provider-specific quirks. Auth.js handles all of this with a few lines of configuration. Adding a new OAuth provider is a single import. Session management works automatically with either JWT (stateless) or database (stateful) strategies. The built-in sign-in and sign-out pages are customizable but functional out of the box.

§03

How to use

  1. Install Auth.js for Next.js:
npm i next-auth@beta
  1. Configure auth providers:
// auth.ts
import NextAuth from 'next-auth';
import GitHub from 'next-auth/providers/github';
import Google from 'next-auth/providers/google';

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [
    GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
    Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
  ],
});
  1. Add the API route and middleware:
// app/api/auth/[...nextauth]/route.ts
import { handlers } from '@/auth';
export const { GET, POST } = handlers;
§04

Example

// Using auth in a server component
import { auth } from '@/auth';

export default async function Dashboard() {
  const session = await auth();
  if (!session) return <p>Please sign in</p>;
  return <p>Welcome, {session.user?.name}</p>;
}

// Client-side session access
'use client';
import { useSession, signIn, signOut } from 'next-auth/react';

export function LoginButton() {
  const { data: session } = useSession();
  if (session) return <button onClick={() => signOut()}>Sign Out</button>;
  return <button onClick={() => signIn('github')}>Sign In</button>;
}
§05

Related on TokRepo

This tool integrates with standard development workflows and requires minimal configuration to get started. It is available as open-source software with documentation and community support through the official repository. The project follows semantic versioning for stable releases.

For teams evaluating this tool, the key advantage is reducing manual work in repetitive tasks. The automation provided by the built-in features means less custom code to maintain and fewer integration points to manage. This translates directly to lower maintenance costs and faster iteration cycles.

§06

Common pitfalls

  • Auth.js v5 (beta) has API changes from v4 (NextAuth.js); check the migration guide when upgrading from v4.
  • Environment variables for OAuth providers (client ID and secret) must be set correctly; missing or incorrect values cause silent authentication failures.
  • JWT sessions are stateless and cannot be individually revoked; use database sessions if you need server-side session invalidation.

Frequently Asked Questions

What is the difference between Auth.js and NextAuth.js?+

Auth.js is the new name for NextAuth.js starting with v5. The rename reflects expanded framework support beyond Next.js. Auth.js v5 works with Next.js, SvelteKit, Remix, Express, and more.

Does Auth.js support passwordless authentication?+

Yes. Auth.js supports magic link (email) authentication and WebAuthn. Users receive a sign-in link via email without needing a password. This requires an email provider configuration.

Can I use a database for sessions?+

Yes. Auth.js supports both JWT (stateless) and database (stateful) session strategies. Database sessions store session data in PostgreSQL, MySQL, MongoDB, or other databases via adapters.

How many OAuth providers does Auth.js support?+

Auth.js supports 80+ OAuth providers including Google, GitHub, Facebook, Twitter, Apple, Discord, Slack, and many more. Custom OAuth providers can be configured with the generic OAuth provider.

Is Auth.js free?+

Yes. Auth.js is open-source under the ISC license. There are no usage fees, no per-user charges, and no feature restrictions. You can use it in commercial projects without cost.

Citations (3)
Related on TokRepo
Security ToolsCoding ToolsFeatured Workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

AlphaFold — AI-Powered 3D Protein Structure Prediction

AlphaFold by Google DeepMind predicts three-dimensional protein structures from amino acid sequences with atomic-level accuracy, enabling breakthroughs in drug discovery, enzyme engineering, and structural biology research.

Script Depot

Flash Attention — Fast Memory-Efficient Exact Attention for Transformers

Flash Attention is a CUDA kernel library that computes exact scaled dot-product attention 2-4x faster and with up to 20x less memory than standard implementations by using IO-aware tiling to minimize GPU memory reads and writes.

Script Depot

ChatGLM — Open Bilingual Chat Model by Tsinghua KEG

ChatGLM is a family of open bilingual language models from Tsinghua University that support English and Chinese conversation, code generation, and tool use, with variants optimized for consumer GPU deployment.

Script Depot
Home🔍Search👤Me