Esta página se muestra en inglés. Una traducción al español está en curso.
ScriptsApr 11, 2026·2 min de lectura

Auth.js (NextAuth) — Authentication for the Web

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.

Script Depot
Script Depot · Community
Introducción

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for modern web apps. Originally built for Next.js, now framework-agnostic with official integrations for SvelteKit, Remix, Express, Solid Start, and Qwik. The most popular auth library in the JS ecosystem.

What Auth.js Does

  • 80+ OAuth providers — GitHub, Google, Apple, Auth0, Azure AD, Okta, Discord
  • Credentials — email/password via custom callback
  • Magic links — passwordless email login
  • Sessions — JWT (stateless) or database (persistent)
  • Database adapters — Prisma, Drizzle, Mongoose, Supabase, Firebase, TypeORM
  • Callbacks — customize every step (signIn, jwt, session, redirect)
  • CSRF protection — built-in
  • Edge runtime — Cloudflare Workers, Vercel Edge

Architecture

Auth.js exposes handlers + helpers. Next.js route handler handles OAuth redirects and callback URLs. Session is either JWT cookie (stateless) or DB lookup via adapter. auth() helper works in RSC, middleware, Route Handlers.

Self-Hosting

Library — runs inside your app. No external service. You bring your own provider credentials and database.

AUTH_SECRET=...
GITHUB_ID=...
GITHUB_SECRET=...

Key Features

  • 80+ OAuth providers built in
  • JWT or DB sessions
  • Database adapters (Prisma, Drizzle, Supabase, etc.)
  • Multi-framework (Next, Svelte, Remix, Express, Solid, Qwik)
  • Edge runtime compatible
  • Magic link email sign-in
  • TypeScript-first
  • Zero vendor lock-in

Comparison

Library Self-Host Providers Sessions Frameworks
Auth.js Yes 80+ JWT/DB Multi
Clerk No (SaaS) 20+ Managed Multi
Lucia Yes DIY DB Framework-agnostic
Better-Auth Yes 20+ DB Multi
Supabase Auth Yes (via Supabase) OAuth + email Managed Multi

FAQ

Q: What's the difference between v4 and v5? A: v5 (Auth.js) supports App Router and edge runtime with simplified configuration. It's no longer pages/api/auth/[...nextauth] — it's auth.ts.

Q: JWT vs DB session? A: JWT is stateless (easy to scale) but you can't kick a user off immediately. Database sessions are stateful (revocable) but add one query per request.

Q: How does it compare to Lucia? A: Auth.js is plug-and-play (80+ providers); Lucia is lower-level and more flexible, but you need to write provider adapters yourself.

Sources & Credits

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Unkey — Open-Source API Key Management Platform

Unkey is an open-source API key management platform that lets developers create, validate, and rate-limit API keys with sub-millisecond verification and usage-based billing support.

Script Depot

Flagsmith — Open-Source Feature Flags and Remote Config

Flagsmith is a self-hosted feature flag and remote configuration service with a web dashboard and SDKs for 18+ languages, enabling teams to manage feature rollouts and A/B tests without redeploying.

Script Depot

OpenStatus — Open-Source Monitoring and Status Page Platform

OpenStatus is an open-source uptime monitoring and status page platform that checks endpoints from multiple regions, tracks latency and availability, and serves beautiful public status pages for your services.

Script Depot
Inicio🔍Buscar👤Yo