Cette page est affichée en anglais. Une traduction française est en cours.
SkillsApr 11, 2026·2 min de lecture

Auth.js (NextAuth) — Authentication for the Web

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.

Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 29/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
step-1.md
Commande de staging sûr
npx -y tokrepo@latest install 4fa5cb9a-3580-11f1-9bc6-00163e2b0d79 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

TL;DR
Auth.js provides drop-in authentication with 80+ OAuth providers, magic links, and session management.
§01

What it is

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for web applications. It supports Next.js, SvelteKit, Remix, Express, and other frameworks. Auth.js provides 80+ OAuth providers (Google, GitHub, Facebook, etc.), passwordless magic links, credential-based login, and flexible session management via database or JWT.

Auth.js targets web developers who need authentication without building it from scratch or paying for Auth0/Clerk. It handles the OAuth flow, session tokens, CSRF protection, and provider integration automatically.

§02

How it saves time or tokens

Implementing OAuth from scratch means handling redirects, token exchange, CSRF, session cookies, and provider-specific quirks. Auth.js handles all of this with a few lines of configuration. Adding a new OAuth provider is a single import. Session management works automatically with either JWT (stateless) or database (stateful) strategies. The built-in sign-in and sign-out pages are customizable but functional out of the box.

§03

How to use

  1. Install Auth.js for Next.js:
npm i next-auth@beta
  1. Configure auth providers:
// auth.ts
import NextAuth from 'next-auth';
import GitHub from 'next-auth/providers/github';
import Google from 'next-auth/providers/google';

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [
    GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
    Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
  ],
});
  1. Add the API route and middleware:
// app/api/auth/[...nextauth]/route.ts
import { handlers } from '@/auth';
export const { GET, POST } = handlers;
§04

Example

// Using auth in a server component
import { auth } from '@/auth';

export default async function Dashboard() {
  const session = await auth();
  if (!session) return <p>Please sign in</p>;
  return <p>Welcome, {session.user?.name}</p>;
}

// Client-side session access
'use client';
import { useSession, signIn, signOut } from 'next-auth/react';

export function LoginButton() {
  const { data: session } = useSession();
  if (session) return <button onClick={() => signOut()}>Sign Out</button>;
  return <button onClick={() => signIn('github')}>Sign In</button>;
}
§05

Related on TokRepo

This tool integrates with standard development workflows and requires minimal configuration to get started. It is available as open-source software with documentation and community support through the official repository. The project follows semantic versioning for stable releases.

For teams evaluating this tool, the key advantage is reducing manual work in repetitive tasks. The automation provided by the built-in features means less custom code to maintain and fewer integration points to manage. This translates directly to lower maintenance costs and faster iteration cycles.

§06

Common pitfalls

  • Auth.js v5 (beta) has API changes from v4 (NextAuth.js); check the migration guide when upgrading from v4.
  • Environment variables for OAuth providers (client ID and secret) must be set correctly; missing or incorrect values cause silent authentication failures.
  • JWT sessions are stateless and cannot be individually revoked; use database sessions if you need server-side session invalidation.

Questions fréquentes

What is the difference between Auth.js and NextAuth.js?+

Auth.js is the new name for NextAuth.js starting with v5. The rename reflects expanded framework support beyond Next.js. Auth.js v5 works with Next.js, SvelteKit, Remix, Express, and more.

Does Auth.js support passwordless authentication?+

Yes. Auth.js supports magic link (email) authentication and WebAuthn. Users receive a sign-in link via email without needing a password. This requires an email provider configuration.

Can I use a database for sessions?+

Yes. Auth.js supports both JWT (stateless) and database (stateful) session strategies. Database sessions store session data in PostgreSQL, MySQL, MongoDB, or other databases via adapters.

How many OAuth providers does Auth.js support?+

Auth.js supports 80+ OAuth providers including Google, GitHub, Facebook, Twitter, Apple, Discord, Slack, and many more. Custom OAuth providers can be configured with the generic OAuth provider.

Is Auth.js free?+

Yes. Auth.js is open-source under the ISC license. There are no usage fees, no per-user charges, and no feature restrictions. You can use it in commercial projects without cost.

Sources citées (3)

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires