nextauth

NextAuth.js authentication for Next.js. Use for Next.js auth.

7 stars

byG1Joshi

View on GitHub Installation ↓

Best use case

nextauth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

NextAuth.js authentication for Next.js. Use for Next.js auth.

Teams using nextauth should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/nextauth/SKILL.md --create-dirs "https://raw.githubusercontent.com/G1Joshi/Agent-Skills/main/skills/security/nextauth/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/nextauth/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How nextauth Compares

Feature / Agent	nextauth	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

NextAuth.js authentication for Next.js. Use for Next.js auth.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# NextAuth.js (Auth.js)

NextAuth (evolving into **Auth.js**) is a complete open-source authentication solution. It is designed to work with any OAuth service, supports email/passwordless, and owns your data (Database Adapters).

## When to Use

- **Data Ownership**: You want to own the User/Session data in your own Database (Postgres, Prisma) rather than an external provider.
- **Cost**: It's free/open-source. No MAU limits.
- **Flexibility**: You need custom providers or complex session strategies.

## Quick Start (Next.js App Router - v5 Beta)

```typescript
// auth.ts
import NextAuth from "next-auth";
import GitHub from "next-auth/providers/github";

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [GitHub],
});

// app/api/auth/[...nextauth]/route.ts
import { handlers } from "@/auth";
export const { GET, POST } = handlers;
```

## Core Concepts

### Database Adapters

NextAuth can persist users and sessions to your DB using adapters (Prisma, Drizzle, MongoDB).

### Strategies

- **JWT (Stateless)**: Default. Session data stored in an encrypted cookie. Good for scale.
- **Database (Stateful)**: Session stored in DB. Good if you need to revoke sessions server-side immediately.

## Best Practices (2025)

**Do**:

- Use the **Prisma Adapter** (or Drizzle) if you have a database.
- Set a strong `AUTH_SECRET` (auto-generated in Vercel, manual elsewhere).
- Use **Middleware** to protect routes at the edge.

**Don't**:

- Don't store large objects in the Session (The JWT cookie has a 4kb limit).
- Don't commit provider secrets (Client ID/Secret) to Git.

## Troubleshooting

| Error                 | Cause                     | Solution                                                 |
| :-------------------- | :------------------------ | :------------------------------------------------------- |
| `JWEDecryptionFailed` | Wrong `AUTH_SECRET`.      | Ensure `AUTH_SECRET` is set and consistent.              |
| `OAuthCallbackError`  | Provider config mismatch. | Check Authorised Redirect URIs in GitHub/Google console. |

## References

- [Auth.js Documentation](https://authjs.dev/)
- [NextAuth v4 vs v5](https://authjs.dev/guides/upgrade-to-v5)