Shield with key icon

NextAuth.js

Authentication for Next.js

Open Source. Full Stack. Own Your Data.

Flexible

Flexible

  • Built for Serverless, runs anywhere
  • Bring Your Own Database - or none!
    (MySQL, Postgres, MSSQL, MongoDB…)
  • Choose Database Sessions or JWT
  • Secure web pages and API routes

Easy

Easy

  • Built in support for popular services
    (Google, Facebook, Auth0, Apple…)
  • API for OAuth service integration
  • Email / Passwordless / Magic Link
  • Use any username/password store

Secure

Secure

  • Signed, prefixed, server-only cookies
  • CSRF Tokens on HTTP POST
  • JWT with JWS / JWE / JWK / JWK
  • Tab Sync, Auto Revalidation, Keepalive
  • Doesn't rely on client side JavaScript

Add authentication in minutes with ready made example code.

Server

import NextAuth from 'next-auth'
import Providers from 'next-auth/providers'
const options = {
providers: [
// OAuth authentication providers
Providers.Apple({
clientId: process.env.APPLE_ID,
clientSecret: process.env.APPLE_SECRET
}),
Providers.Facebook({
clientId: process.env.FACEBOOK_ID,
clientSecret: process.env.FACEBOOK_SECRET
}),
Providers.Google({
clientId: process.env.GOOGLE_ID,
clientSecret: process.env.GOOGLE_SECRET
}),
// Sign in with email
Providers.Email({
server: process.env.MAIL_SERVER,
from: 'NextAuth.js <no-reply@example.com>'
}),
],
// SQL or MongoDB database (or leave empty)
database: process.env.DATABASE_URL
}
export default (req, res) => NextAuth(req, res, options)

Client

import React from 'react'
import {
signIn,
signOut,
useSession
} from 'next-auth/client'
export default function myComponent() {
const [ session, loading ] = useSession()
return <>
{!session && <>
Not signed in <br/>
<button onClick={signIn}>Sign in</button>
</>}
{session && <>
Signed in as {session.user.email} <br/>
<button onClick={signOut}>Sign out</button>
</>}
</>
}
NextAuth.js is not affiliated with Vercel or Next.js