In this lesson, we are going to walk you through the process of creating a user authentication system using Next.js and Auth.js, which is formerly know as NextAuth.js. In a lot of tutorials, you'll see both names used interchangeably, even in the official documentation, please know that they are referring to the same thing. For this course, we'll stick to Auth.js for consistency.
Auth.js is a user authentication library that simplifies secure integration with databases, email services, OAuth providers, and everything that is required to create a seamless and robust authentication experience for their applications.
Installing Auth.js
To get started, navigate to the root directory of our project and run the following command to install the Auth.js package.
1npm install next-auth@betaAuth.js requires you to generate a secret key, which will be used to encrypt tokens and email verification hashes. It is very important to keep this secret key secret. Exposing this key will lead to serious security risks.
The key can be generated with the following command:
1npx auth secret --copy1Need to install the following packages:
2auth@1.2.3
3Ok to proceed? (y)
4š Secret generated. It has been copied to your clipboard, paste it to your .env/.env.local file to continue.
5
6AUTH_SECRET="<secret_key>"This command will generate a key and copy it to your clipboard. You can paste it into the .env file under the project root directory. Manually create the .env file if it doesn't exist.
1.
2āāā .env <===== This is the file that contains all environmental variables
3āāā .gitignore
4āāā README.md
5āāā eslint.config.mjs
6āāā jsconfig.json
7āāā next.config.mjs
8āāā package-lock.json
9āāā package.json
10āāā postcss.config.mjs
11āāā public
12āāā src
13āāā tailwind.config.mjs.env
1AUTH_SECRET="<secret_key>"Auth.js configurations
Next, we need a place to store all the configurations for Auth.js. There's no fixed way to do this, but we recommend creating an auth.js file in your project:
1src
2āāā app
3ā āāā favicon.ico
4ā āāā globals.css
5ā āāā layout.jsx
6ā āāā page.jsx
7āāā components
8ā āāā footer.jsx
9ā āāā navbar.jsx
10āāā libs
11 āāā auth.js <===== Configuration file for Auth.jsYou can put this auth.js anywhere you wish. For demonstration purposes, we'll put all miscellaneous documents, including this auth.js, under src/libs directory.
Copy and paste the following code into your auth.js.
libs/auth.js
1import NextAuth from "next-auth";
2
3export const { handlers, signIn, signOut, auth } = NextAuth({
4 providers: [],
5});Take a closer look at this example, and notice that we are using the NextAuth() function from the next-auth package.
This NextAuth() accepts an object as its input argument, and the object contains all the configurations for Auth.js. We'll talk more about it later.
NextAuth() also returns several utilities that are essential for creating authentication workflows.
handlers
This is a route handler for Auth.js, which provides an API endpoint for OAuth and email providers.
For example, imagine you have a magic link authentication system where the user provides their email address and clicks the Sign In button. An email gets sent to their inbox with a magic link. The user clicks on the link, it triggers the handler endpoint provided by Auth.js.
Behind the scenes, Auth.js validates the link, authenticates the user, and manages the session, ensuring a secure and seamless signin process.
signInandsignOut
They are two helper functions that allows you sign users in, or sign them out. We'll discuss how to use these helper functions later.
auth
auth is a universal method used to interact with Auth.js in your app. It is most commonly used to verify if a user is authenticated, refresh the user session, and so on.
Setting up a route handler for Auth.js
Lastly, before we start implementing the authentication system, there is one last thing we must do to finish setting up Auth.js, and that is to take the handler we discussed above, and place it inside the Next.js routing system so that it is accessible.
Create a route.js file under src/app/api/auth/[...nextauth]/:
1src
2āāā app
3ā āāā api
4ā ā āāā auth
5ā ā āāā [...nextauth]
6ā ā āāā route.js <=====
7ā āāā favicon.ico
8ā āāā globals.css
9ā āāā layout.jsx
10ā āāā page.jsx
11āāā components
12ā āāā footer.jsx
13ā āāā navbar.jsx
14āāā libs
15 āāā auth.jsAnd set up the route handler like this:
app/api/auth/[...nextauth]/route.js
1import { handlers } from "@/libs/auth"; // Referring to the auth.ts we just created
2export const { GET, POST } = handlers;And that's it, there's not much we need to do here. As long as the handler is accessible, Auth.js will automatically take care of everything else.