Auth.js (NextAuth) — Authentication for the Web
Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for Next.js, SvelteKit, Remix, Express, and more. 80+ OAuth providers, passwordless, magic links, database or JWT sessions, and first-class TypeScript.
这个资产会安全暂存
这个资产会先安全暂存。复制的指令会要求 Agent 读取暂存文件,并在激活脚本、MCP 配置或全局配置前先确认。
npx -y tokrepo@latest install 4fa5cb9a-3580-11f1-9bc6-00163e2b0d79 --target codex先暂存文件;激活前需要读取暂存 README 和安装计划。
What it is
Auth.js (formerly NextAuth.js) is a complete open-source authentication solution for web applications. It supports Next.js, SvelteKit, Remix, Express, and other frameworks. Auth.js provides 80+ OAuth providers (Google, GitHub, Facebook, etc.), passwordless magic links, credential-based login, and flexible session management via database or JWT.
Auth.js targets web developers who need authentication without building it from scratch or paying for Auth0/Clerk. It handles the OAuth flow, session tokens, CSRF protection, and provider integration automatically.
How it saves time or tokens
Implementing OAuth from scratch means handling redirects, token exchange, CSRF, session cookies, and provider-specific quirks. Auth.js handles all of this with a few lines of configuration. Adding a new OAuth provider is a single import. Session management works automatically with either JWT (stateless) or database (stateful) strategies. The built-in sign-in and sign-out pages are customizable but functional out of the box.
How to use
- Install Auth.js for Next.js:
npm i next-auth@beta
- Configure auth providers:
// auth.ts
import NextAuth from 'next-auth';
import GitHub from 'next-auth/providers/github';
import Google from 'next-auth/providers/google';
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [
GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
],
});
- Add the API route and middleware:
// app/api/auth/[...nextauth]/route.ts
import { handlers } from '@/auth';
export const { GET, POST } = handlers;
Example
// Using auth in a server component
import { auth } from '@/auth';
export default async function Dashboard() {
const session = await auth();
if (!session) return <p>Please sign in</p>;
return <p>Welcome, {session.user?.name}</p>;
}
// Client-side session access
'use client';
import { useSession, signIn, signOut } from 'next-auth/react';
export function LoginButton() {
const { data: session } = useSession();
if (session) return <button onClick={() => signOut()}>Sign Out</button>;
return <button onClick={() => signIn('github')}>Sign In</button>;
}
Related on TokRepo
- Security Tools — Authentication and security solutions
- AI Tools for Coding — Developer tools and frameworks
This tool integrates with standard development workflows and requires minimal configuration to get started. It is available as open-source software with documentation and community support through the official repository. The project follows semantic versioning for stable releases.
For teams evaluating this tool, the key advantage is reducing manual work in repetitive tasks. The automation provided by the built-in features means less custom code to maintain and fewer integration points to manage. This translates directly to lower maintenance costs and faster iteration cycles.
Common pitfalls
- Auth.js v5 (beta) has API changes from v4 (NextAuth.js); check the migration guide when upgrading from v4.
- Environment variables for OAuth providers (client ID and secret) must be set correctly; missing or incorrect values cause silent authentication failures.
- JWT sessions are stateless and cannot be individually revoked; use database sessions if you need server-side session invalidation.
常见问题
Auth.js is the new name for NextAuth.js starting with v5. The rename reflects expanded framework support beyond Next.js. Auth.js v5 works with Next.js, SvelteKit, Remix, Express, and more.
Yes. Auth.js supports magic link (email) authentication and WebAuthn. Users receive a sign-in link via email without needing a password. This requires an email provider configuration.
Yes. Auth.js supports both JWT (stateless) and database (stateful) session strategies. Database sessions store session data in PostgreSQL, MySQL, MongoDB, or other databases via adapters.
Auth.js supports 80+ OAuth providers including Google, GitHub, Facebook, Twitter, Apple, Discord, Slack, and many more. Custom OAuth providers can be configured with the generic OAuth provider.
Yes. Auth.js is open-source under the ISC license. There are no usage fees, no per-user charges, and no feature restrictions. You can use it in commercial projects without cost.
引用来源 (3)
- Auth.js Official Site— Auth.js provides 80+ OAuth providers for web authentication
- Auth.js GitHub— Auth.js supports Next.js, SvelteKit, Remix, and Express
- Auth.js Documentation— Auth.js v5 migration from NextAuth.js v4