NextAuth

Authentication for Next.js

2 min readJan 28, 2018

Update June 2020

The next generation version NextAuth.js was released in June 2020!

It is built for Next.js and Serverless, with simple configuration, out of the box support for a large number of authentication services and supports MySQL, Postgres, MSSQL and MongoDB — or can be used without needing a database!

Find detailed documentation and a working example at next-auth.js.org

Original Article

This week I released NextAuth, a module specifically designed for Next.js and React, that supports email sign in and oAuth.

It comes with example configuration for Facebook, Google+, Twitter and email sign in and uses Mongo DB to store accounts, but it is easy to extend to work with other providers and other databases.

It has a client for React called NextAuthClient which is an isomorphic (client and server side) library that populates session state in pages.

Populating session state in a React with NextAuth

Features

The NextAuth library uses Express and Passport to provide support for signing in with email and with services like Facebook, Google and Twitter.

NextAuth adds Cross Site Request Forgery (CSRF) tokens and HTTP Only cookies, supports univeral rendering and does not require client side JavaScript.

It adds session support without using client side accessible session tokens, providing protection against Cross Site Scripting (XSS) and session hijacking, while leveraging localStorage where available to cache non-critical session state for optimal performance in Single Page Apps.

Example

NextAuth includes its own minimal example project but the NextJS Starter Project provides a more complete example.

The code for NextAuth is based on code originally used in the NextJS Starter Project, which now uses NextAuth and NextAuthClient.

Goals

While the documentation is comprehensive and there are multiple examples of how to use it, it’s still far more cumbersome to add authentication to sites that it needs to be.

In future, I’d like to simplify the interface further so it can be configured just by setting Client ID & Client Secret values for each oAuth provider and a database URI, while still allowing for more advanced custom configuration.

Next.js

If you haven’t seen Next.js yet and you use React you should check it out.

Written by Iain Collins

864 Followers

Recommended from Medium

How to Add Sign In with Apple to Your Next.js Application Using NextAuth

Trived Kumar Jajala

How to Add Sign In with Apple to Your Next.js Application Using NextAuth

App Setup:

6 min readJul 8

Kishan Kumar
in
Stackademic

Building a Custom Authentication Flow in Next.js 13 from Scratch

This article is a follow-up to my previous article, where I discussed the basics of authentication. I try to simplify the login and sign-up…

21 min readSep 14

Lists

Stories to Help You Grow as a Software Developer

19 stories416 saves

General Coding Knowledge

20 stories386 saves

It's never too late or early to start something

15 stories141 saves

Medium Publications Accepting Story Submissions

154 stories740 saves

Rohit Kumar

Next-Auth in App Router of Next.js

Next.js has recently released a stable version of App Router enriched with in-built support for layouts, templates, routing, loading, and…

4 min readJun 27

Nextarjs

Nextar.js

a sweet solution for Next.js developers

2 min readSep 18

WTF is Bearer Token: An In-Depth Explanation

Arun Chaitanya

WTF is Bearer Token: An In-Depth Explanation

In the world of web authentication and authorization, you might have come across the term “Bearer token.” But what exactly does it mean…

4 min readJul 3

Ashish Negi
in
Dev Genius

Securing Next.js API: JWT Auth

Enhance Next.js security with JWT token authentication. Our guide covers middleware implementation for a secure API. Safeguard your Users.

5 min readMay 24

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams