NextAuth.js is the authentication library of Next.js, which supports OAuth, email password, JWT, etc.; 2. After installation, configure the provider and key in pages/api/auth/[...nextauth].js; 3. Use SessionProvider to wrap the application and use useSession, signIn, signOut to manage the status; 4. Use getSession or getServerSession to protect pages and API routes; 5. Add Credentials providers to implement mailbox password login and cooperate with JWT policies; 6. You can customize the login page and expand user information through callbacks; NextAuth.js becomes Next.js with its flexibility and support for Serverless The most popular authentication solution in your application, suitable for fast integration of multiple login methods and secure session management.
Implement user authentication in Next.js, NextAuth.js is one of the most popular and flexible solutions at present. It not only supports multiple authentication methods (such as OAuth, email password, JWT, etc.), but is also compatible with Serverless environments, which is very suitable for modern full-stack applications.
The following will guide you to understand and implement the basic authentication process of NextAuth.js step by step.
1. What is NextAuth.js?
NextAuth.js is an open source authentication library tailored for Next.js, which supports:
- OAuth login (Google, GitHub, Facebook, etc.)
- Email/password login (verified by email)
- JWT and Session Management
- Custom database adaptations (such as MongoDB, PostgreSQL)
- No backend server required, naturally supports API Routes
It handles authentication logic through API routing, and the front-end obtains user status through useSession() and other Hooks.
2. Installation and initialization
First install the dependencies:
npm install next-auth
Then create the authentication API route in pages/api/auth/[...nextauth].js :
import NextAuth from 'next-auth';
import GoogleProvider from 'next-auth/providers/google';
export default NextAuth({
Providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
}),
],
secret: process.env.NEXTAUTH_SECRET,
pages: {
signIn: '/auth/signin', // Custom login page (optional)
},
});?? Note: You need to configure environment variables in
.env.local:
GOOGLE_CLIENT_ID=your-google-client-id GOOGLE_CLIENT_SECRET=your-google-client-secret NEXTAUTH_SECRET=y-very-secret-string-here
NEXTAUTH_SECRET is used to encrypt JWT and session, and it is recommended to use openssl rand -base64 32 to generate.
3. Front-end calls login and get users
Use SessionProvider to wrap the application (usually in _app.js ):
// pages/_app.js
import { SessionProvider } from 'next-auth/react';
import '../styles/globals.css';
function MyApp({ Component, pageProps }) {
Return (
<SessionProvider session={pageProps.session}>
<Component {...pageProps} />
</SessionProvider>
);
}
export default MyApp;Then use it in the page:
// pages/index.js
import { useSession, signIn, signOut } from 'next-auth/react';
export default function Home() {
const { data: session } = useSession();
if (session) {
Return (
<>
<p>Welcome, {session.user.email}</p>
<button onClick={() => signOut()}>Sign out</button>
</>
);
}
Return (
<>
<p>You are not signed in.</p>
<button onClick={() => signIn('google')}>Sign in with Google</button>
</>
);
}4. Protect page or API routes
Protect page (server-side rendering)
Use getServerSideProps to check the session:
export async function getServerSideProps(context) {
const session = await getSession(context);
if (!session) {
return {
redirect: {
destination: '/auth/signin',
permanent: false,
},
};
}
return {
props: { session },
};
}Protect API routing
// pages/api/protected.js
import { getServerSession } from 'next-auth';
import { authOptions } from './auth/[...nextauth]';
export default async function handler(req, res) {
const session = await getServerSession(req, res, authOptions);
if (!session) {
return res.status(401).json({ message: 'Unauthorized' });
}
res.json({ message: 'Hello, you are logged in!' });
}5. Add more authentication methods (such as Credentials)
You can add email/password to log in (requires backend verification):
import CredentialsProvider from 'next-auth/providers/credentials';
export default NextAuth({
Providers: [
GoogleProvider({ ... }),
CredentialsProvider({
name: 'Credentials',
credentials: {
email: { label: 'Email', type: 'email' },
password: { label: 'Password', type: 'password' }
},
async authorize(credentials) {
// Here is the simulation verification logic (the database should be checked)
const user = { id: 1, name: 'John', email: credentials.email };
if (user) {
return user; // Return the user object to indicate successful login} else {
return null; //Login failed}
}
})
],
session: {
strategy: 'jwt', // Recommended to use JWT
},
callbacks: {
async jwt({ token, user }) {
if (user) token.id = user.id;
return token;
},
async session({ session, token }) {
if (session.user) session.user.id = token.id;
return session;
}
}
});?? Note: The
Credentialsmethod must useJWTsession policy and will not persist the session to the database.
6. Custom login page (optional)
Create pages/auth/signin.js :
import { signIn } from 'next-auth/react';
export default function SignIn() {
Return (
<div>
<h1>Sign In</h1>
<button onClick={() => signIn('google')}>Sign in with Google</button>
<button onClick={() => signIn('credentials', { email: 'test@test.com', password: '123' })}>
Sign in with Credentials
</button>
</div>
);
}summary
NextAuth.js makes Next.js authentication simple and efficient:
- Supports OAuth, email, and custom login
- Provide front-end Hook and server-side verification tools
- Easy to integrate databases (via Prisma or Adapter)
- Strong scalability, suitable for small and medium-sized projects to be launched quickly
As long as you configure the environment variables and routes, you can log in to Google in a few minutes. If more complex logic is required (such as role permissions, database user tables), you can combine Prisma and custom callbacks implementations.
Basically all is it, not complicated but it is easy to ignore details.
The above is the detailed content of Authentication in Next.js with NextAuth.js. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What are ARIA attributes
Jul 02, 2025 am 01:03 AM
ARIAattributesenhancewebaccessibilityforuserswithdisabilitiesbyprovidingadditionalsemanticinformationtoassistivetechnologies.TheyareneededbecausemodernJavaScript-heavycomponentsoftenlackthebuilt-inaccessibilityfeaturesofnativeHTMLelements,andARIAfill
How does React handle focus management and accessibility?
Jul 08, 2025 am 02:34 AM
React itself does not directly manage focus or accessibility, but provides tools to effectively deal with these issues. 1. Use Refs to programmatically manage focus, such as setting element focus through useRef; 2. Use ARIA attributes to improve accessibility, such as defining the structure and state of tab components; 3. Pay attention to keyboard navigation to ensure that the focus logic in components such as modal boxes is clear; 4. Try to use native HTML elements to reduce the workload and error risk of custom implementation; 5. React assists accessibility by controlling the DOM and adding ARIA attributes, but the correct use still depends on developers.
How to minimize HTTP requests
Jul 02, 2025 am 01:18 AM
Let’s talk about the key points directly: Merging resources, reducing dependencies, and utilizing caches are the core methods to reduce HTTP requests. 1. Merge CSS and JavaScript files, merge files in the production environment through building tools, and retain the development modular structure; 2. Use picture Sprite or inline Base64 pictures to reduce the number of image requests, which is suitable for static small icons; 3. Set browser caching strategy, and accelerate resource loading with CDN to speed up resource loading, improve access speed and disperse server pressure; 4. Delay loading non-critical resources, such as using loading="lazy" or asynchronous loading scripts, reduce initial requests, and be careful not to affect user experience. These methods can significantly optimize web page loading performance, especially on mobile or poor network
Describe the difference between shallow and full rendering in React testing.
Jul 06, 2025 am 02:32 AM
Shallowrenderingtestsacomponentinisolation,withoutchildren,whilefullrenderingincludesallchildcomponents.Shallowrenderingisgoodfortestingacomponent’sownlogicandmarkup,offeringfasterexecutionandisolationfromchildbehavior,butlacksfulllifecycleandDOMinte
What is the significance of the StrictMode component in React?
Jul 06, 2025 am 02:33 AM
StrictMode does not render any visual content in React, but it is very useful during development. Its main function is to help developers identify potential problems, especially those that may cause bugs or unexpected behavior in complex applications. Specifically, it flags unsafe lifecycle methods, recognizes side effects in render functions, and warns about the use of old string refAPI. In addition, it can expose these side effects by intentionally repeating calls to certain functions, thereby prompting developers to move related operations to appropriate locations, such as the useEffect hook. At the same time, it encourages the use of newer ref methods such as useRef or callback ref instead of string ref. To use Stri effectively
Vue with TypeScript Integration Guide
Jul 05, 2025 am 02:29 AM
Create TypeScript-enabled projects using VueCLI or Vite, which can be quickly initialized through interactive selection features or using templates. Use tags in components to implement type inference with defineComponent, and it is recommended to explicitly declare props and emits types, and use interface or type to define complex structures. It is recommended to explicitly label types when using ref and reactive in setup functions to improve code maintainability and collaboration efficiency.
How to handle forms in Vue
Jul 04, 2025 am 03:10 AM
There are three key points to be mastered when processing Vue forms: 1. Use v-model to achieve two-way binding and synchronize form data; 2. Implement verification logic to ensure input compliance; 3. Control the submission behavior and process requests and status feedback. In Vue, form elements such as input boxes, check boxes, etc. can be bound to data attributes through v-model, such as automatically synchronizing user input; for multiple selection scenarios of check boxes, the binding field should be initialized into an array to correctly store multiple selected values. Form verification can be implemented through custom functions or third-party libraries. Common practices include checking whether the field is empty, using a regular verification format, and displaying prompt information when errors are wrong; for example, writing a validateForm method to return the error message object of each field. You should use it when submitting
Server-Side Rendering with Next.js Explained
Jul 23, 2025 am 01:39 AM
Server-siderendering(SSR)inNext.jsgeneratesHTMLontheserverforeachrequest,improvingperformanceandSEO.1.SSRisidealfordynamiccontentthatchangesfrequently,suchasuserdashboards.2.ItusesgetServerSidePropstofetchdataperrequestandpassittothecomponent.3.UseSS
