Home/Auth & Security/NextAuth.js
Auth & Users
nextauth

NextAuth.js

TypeScriptNext.jsOpen SourceSelf-hosted

Open-source auth for Next.js supporting 50+ OAuth providers, JWT sessions, and database adapters. Flexible but configuration-heavy. ⚠️ Commit frequency has dropped — worth monitoring.

License

ISC

Language

TypeScript

72
Trust
Good

Why NextAuth.js?

You want fully open-source, self-hosted auth

You need custom OAuth providers or SAML

You're cost-sensitive and don't want per-MAU pricing

Signal Breakdown

What drives the Trust Score

npm downloads
3.9M / wk
Commits (90d)
12 commits
GitHub stars
24.8k ★
Stack Overflow
8.2k q's
Community
Medium
Weighted Trust Score72 / 100

Download Trend

Last 12 months

Tradeoffs & Caveats

Know before you commit

You want pre-built UI — NextAuth has none

You need organizations/teams — that's all DIY

The low recent commit count concerns your team

Pricing

Free tier & paid plans

Free tier

100% free, open-source

Paid

Free & open-source

Self-hosted, no SaaS fees ever

Alternative Tools

Other options worth considering

clerk
Clerk80Strong

Drop-in auth for React and Next.js. Pre-built UI components handle sign-up, sign-in, MFA, organizations, and user profiles. The fastest path to production auth — ship in under an hour.

View Compare

Often Used Together

Complementary tools that pair well with NextAuth.js

supabase

Supabase

Database & Cache

95Excellent
View
nextjs

Next.js

Frontend & UI

98Excellent
View
vercel

Vercel

Hosting & Deploy

89Strong
View
prisma

Prisma

Database & Cache

88Strong
View

Learning Resources

Docs, videos, tutorials, and courses

NextAuth.js Docs

docs

Next.js + NextAuth tutorial

tutorial

Get Started

Repository and installation options

View on GitHub

github.com/nextauthjs/next-auth

npmnpm install next-auth

Quick Start

Copy and adapt to get going fast

import NextAuth from 'next-auth';
import GitHub from 'next-auth/providers/github';

const handler = NextAuth({
  providers: [
    GitHub({
      clientId: process.env.GITHUB_ID,
      clientSecret: process.env.GITHUB_SECRET,
    }),
  ],
});

export { handler as GET, handler as POST };

Code Examples

Common usage patterns

Get session in a Server Component

Read the current session server-side

import { getServerSession } from 'next-auth';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';

export default async function Dashboard() {
  const session = await getServerSession(authOptions);
  if (!session) redirect('/api/auth/signin');

  return <h1>Hello, {session.user?.name}</h1>;
}

Protect an API route

Return 401 when the user is not authenticated

import { getServerSession } from 'next-auth';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
import { NextResponse } from 'next/server';

export async function GET() {
  const session = await getServerSession(authOptions);
  if (!session) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  }
  return NextResponse.json({ user: session.user });
}

Database adapter (Prisma)

Persist sessions to a database with the Prisma adapter

import NextAuth from 'next-auth';
import { PrismaAdapter } from '@auth/prisma-adapter';
import { prisma } from '@/lib/prisma';
import GitHub from 'next-auth/providers/github';

export const authOptions = {
  adapter: PrismaAdapter(prisma),
  providers: [GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET })],
  session: { strategy: 'database' },
};

const handler = NextAuth(authOptions);
export { handler as GET, handler as POST };

Community Notes

Real experiences from developers who've used this tool