Shield with key icon

NextAuth.js

Authentication for Next.js

Open Source. Full Stack. Own Your Data.

Easy

Easy

  • Built in support for popular services
    (Google, Facebook, Auth0, Apple…)
  • Built in email / passwordless / magic link
  • Use with any username / password store
  • Use with OAuth 1.0 & 2.0 services

Flexible

Flexible

  • Built for Serverless, runs anywhere
  • Bring Your Own Database - or none!
    (MySQL, Postgres, MSSQL, MongoDB…)
  • Choose database sessions or JWT
  • Secure web pages and API routes

Secure

Secure

  • Signed, prefixed, server-only cookies
  • HTTP POST + CSRF Token validation
  • JWT with JWS / JWE / JWK / JWK
  • Tab syncing, auto-revalidation, keepalives
  • Doesn't rely on client side JavaScript

Add authentication in minutes!

Server /pages/api/auth/[...nextauth].js

import NextAuth from 'next-auth'
import Providers from 'next-auth/providers'
export default NextAuth({
providers: [
// OAuth authentication providers...
Providers.Apple({
clientId: process.env.APPLE_ID,
clientSecret: process.env.APPLE_SECRET
}),
Providers.Facebook({
clientId: process.env.FACEBOOK_ID,
clientSecret: process.env.FACEBOOK_SECRET
}),
Providers.Google({
clientId: process.env.GOOGLE_ID,
clientSecret: process.env.GOOGLE_SECRET
}),
// Passwordless / email sign in
Providers.Email({
server: process.env.MAIL_SERVER,
from: 'NextAuth.js <no-reply@example.com>'
}),
],
// Optional SQL or MongoDB database to persist users
database: process.env.DATABASE_URL
})

Client /pages/index.js

import {
useSession, signIn, signOut
} from 'next-auth/client'
export default function Component() {
const [ session, loading ] = useSession()
if(session) {
return <>
Signed in as {session.user.email} <br/>
<button onClick={() => signOut()}>Sign out</button>
</>
}
return <>
Not signed in <br/>
<button onClick={() => signIn()}>Sign in</button>
</>
}

NextAuth.js is an open source community project.