Auth.js (NextAuth) — Authentication for the Web
Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.
Staging seguro para este activo
Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.
npx -y tokrepo@latest install 4fa5cb9a-3580-11f1-9bc6-00163e2b0d79 --target codexPrimero deja archivos en staging; la activación requiere revisar el README y el plan staged.
What it is
Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for web applications. It supports Next.js, SvelteKit, Remix, Express, and other frameworks. Auth.js provides 80+ OAuth providers (Google, GitHub, Facebook, etc.), passwordless magic links, credential-based login, and flexible session management via database or JWT.
Auth.js targets web developers who need authentication without building it from scratch or paying for Auth0/Clerk. It handles the OAuth flow, session tokens, CSRF protection, and provider integration automatically.
How it saves time or tokens
Implementing OAuth from scratch means handling redirects, token exchange, CSRF, session cookies, and provider-specific quirks. Auth.js handles all of this with a few lines of configuration. Adding a new OAuth provider is a single import. Session management works automatically with either JWT (stateless) or database (stateful) strategies. The built-in sign-in and sign-out pages are customizable but functional out of the box.
How to use
- Install Auth.js for Next.js:
npm i next-auth@beta
- Configure auth providers:
// auth.ts
import NextAuth from 'next-auth';
import GitHub from 'next-auth/providers/github';
import Google from 'next-auth/providers/google';
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [
GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
],
});
- Add the API route and middleware:
// app/api/auth/[...nextauth]/route.ts
import { handlers } from '@/auth';
export const { GET, POST } = handlers;
Example
// Using auth in a server component
import { auth } from '@/auth';
export default async function Dashboard() {
const session = await auth();
if (!session) return <p>Please sign in</p>;
return <p>Welcome, {session.user?.name}</p>;
}
// Client-side session access
'use client';
import { useSession, signIn, signOut } from 'next-auth/react';
export function LoginButton() {
const { data: session } = useSession();
if (session) return <button onClick={() => signOut()}>Sign Out</button>;
return <button onClick={() => signIn('github')}>Sign In</button>;
}
Related on TokRepo
- Security Tools — Authentication and security solutions
- AI Tools for Coding — Developer tools and frameworks
This tool integrates with standard development workflows and requires minimal configuration to get started. It is available as open-source software with documentation and community support through the official repository. The project follows semantic versioning for stable releases.
For teams evaluating this tool, the key advantage is reducing manual work in repetitive tasks. The automation provided by the built-in features means less custom code to maintain and fewer integration points to manage. This translates directly to lower maintenance costs and faster iteration cycles.
Common pitfalls
- Auth.js v5 (beta) has API changes from v4 (NextAuth.js); check the migration guide when upgrading from v4.
- Environment variables for OAuth providers (client ID and secret) must be set correctly; missing or incorrect values cause silent authentication failures.
- JWT sessions are stateless and cannot be individually revoked; use database sessions if you need server-side session invalidation.
Preguntas frecuentes
Auth.js is the new name for NextAuth.js starting with v5. The rename reflects expanded framework support beyond Next.js. Auth.js v5 works with Next.js, SvelteKit, Remix, Express, and more.
Yes. Auth.js supports magic link (email) authentication and WebAuthn. Users receive a sign-in link via email without needing a password. This requires an email provider configuration.
Yes. Auth.js supports both JWT (stateless) and database (stateful) session strategies. Database sessions store session data in PostgreSQL, MySQL, MongoDB, or other databases via adapters.
Auth.js supports 80+ OAuth providers including Google, GitHub, Facebook, Twitter, Apple, Discord, Slack, and many more. Custom OAuth providers can be configured with the generic OAuth provider.
Yes. Auth.js is open-source under the ISC license. There are no usage fees, no per-user charges, and no feature restrictions. You can use it in commercial projects without cost.
Referencias (3)
- Auth.js Official Site— Auth.js provides 80+ OAuth providers for web authentication
- Auth.js GitHub— Auth.js supports Next.js, SvelteKit, Remix, and Express
- Auth.js Documentation— Auth.js v5 migration from NextAuth.js v4
Relacionados en TokRepo
Discusión
Activos relacionados
Better Auth — Framework-Agnostic Authentication for TypeScript
Better Auth is a comprehensive TypeScript authentication library that provides email/password, OAuth, multi-factor, and session management out of the box. It works with any framework and any database, offering a plugin system for extending authentication flows without vendor lock-in.
Payload CMS — Open Source Fullstack Next.js Headless CMS
Payload is the open-source headless CMS and app framework built on Next.js. TypeScript-first, code-configured, with instant admin panel, auth, and file uploads.
Express — Fast Unopinionated Minimalist Web Framework for Node.js
Express is the original, most popular web framework for Node.js. Minimal, flexible, and the foundation of countless APIs. The go-to starting point for Node.js backends that inspired Koa, Hono, Fastify, and many others.
Passport.js — Simple Authentication Middleware for Node.js
Passport.js is an unobtrusive authentication middleware for Node.js that supports 500+ strategies including OAuth, OpenID Connect, and local username/password.