# Auth.js (NextAuth) — Authentication for the Web

> Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.

## Install

Save as a script file and run:

## Quick Use

```bash
npm i next-auth@beta  # Auth.js v5 for Next.js App Router
```

```ts
// auth.ts
import NextAuth from "next-auth";
import GitHub from "next-auth/providers/github";
import Google from "next-auth/providers/google";

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [GitHub, Google],
});
```

```ts
// app/api/auth/[...nextauth]/route.ts
export { GET, POST } from "@/auth";
```

```tsx
// app/page.tsx
import { auth, signIn, signOut } from "@/auth";

export default async function Page() {
  const session = await auth();
  if (!session) return <button onClick={() => signIn()}>Sign in</button>;
  return <p>Hello {session.user?.name}</p>;
}
```

## Intro

Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for modern web apps. Originally built for Next.js, now framework-agnostic with official integrations for SvelteKit, Remix, Express, Solid Start, and Qwik. The most popular auth library in the JS ecosystem.

- **Repo**: https://github.com/nextauthjs/next-auth
- **Stars**: 28K+
- **Language**: TypeScript
- **License**: ISC

## What Auth.js Does

- **80+ OAuth providers** — GitHub, Google, Apple, Auth0, Azure AD, Okta, Discord
- **Credentials** — email/password via custom callback
- **Magic links** — passwordless email login
- **Sessions** — JWT (stateless) or database (persistent)
- **Database adapters** — Prisma, Drizzle, Mongoose, Supabase, Firebase, TypeORM
- **Callbacks** — customize every step (signIn, jwt, session, redirect)
- **CSRF protection** — built-in
- **Edge runtime** — Cloudflare Workers, Vercel Edge

## Architecture

Auth.js exposes handlers + helpers. Next.js route handler handles OAuth redirects and callback URLs. Session is either JWT cookie (stateless) or DB lookup via adapter. `auth()` helper works in RSC, middleware, Route Handlers.

## Self-Hosting

Library — runs inside your app. No external service. You bring your own provider credentials and database.

```env
AUTH_SECRET=...
GITHUB_ID=...
GITHUB_SECRET=...
```

## Key Features

- 80+ OAuth providers built in
- JWT or DB sessions
- Database adapters (Prisma, Drizzle, Supabase, etc.)
- Multi-framework (Next, Svelte, Remix, Express, Solid, Qwik)
- Edge runtime compatible
- Magic link email sign-in
- TypeScript-first
- Zero vendor lock-in

## Comparison

| Library | Self-Host | Providers | Sessions | Frameworks |
|---|---|---|---|---|
| Auth.js | Yes | 80+ | JWT/DB | Multi |
| Clerk | No (SaaS) | 20+ | Managed | Multi |
| Lucia | Yes | DIY | DB | Framework-agnostic |
| Better-Auth | Yes | 20+ | DB | Multi |
| Supabase Auth | Yes (via Supabase) | OAuth + email | Managed | Multi |

## 常见问题 FAQ

**Q: v4 vs v5 区别？**
A: v5 (Auth.js) 支持 App Router、edge runtime、简化配置，不再是 `pages/api/auth/[...nextauth]` 而是 `auth.ts`。

**Q: JWT vs DB session？**
A: JWT 无状态（扩展简单），但无法立即踢用户下线。DB session 有状态（可撤销）但每请求多一次查询。

**Q: 和 Lucia 比？**
A: Auth.js 开箱即用（80+ providers）；Lucia 更底层、灵活度高，需要自己写 provider 适配。

## 来源与致谢 Sources

- Docs: https://authjs.dev
- GitHub: https://github.com/nextauthjs/next-auth
- License: ISC

---
Source: https://tokrepo.com/en/workflows/4fa5cb9a-3580-11f1-9bc6-00163e2b0d79
Author: Script Depot