Always lovely to see official guides on these important topics :)

Looking for this tutorial for months. So nice to have a official tutorial to follow. Thanks!

Nice and concise tutorial on a subject matter that tend to be very tedious and confusing. Great job Lee!

Awesome stuff! And really appreciate how the Next docs are being filled out to cover these things ❤

Please keep uploading these videos how you have been the last bit I've been really enjoying them and finding them useful

Finally, an easy tutorial explaining Next Authentication using Jose. Well done. I;m a new subscriber.

I think authentication is a super important topic for web development and next.js and I think you guys should expand more on this. Security is the most important thing for modern web applications and I think you guys should keep talking about it. Great work.

Great video! Can't wait to see the full guide on the updated next-auth lib!

This was incredibly insightful, thanks Lee

You have no idea how helpfull is this video to me. Thanks a lot for an insightful explanation and for the amazing content

look at this how awesome. giving lightweith version of topic is really good. thanks man

The way this video explains Auth in Next.js reminds me of how Dan explained React Redux. Next.js App Router next-auth changes are also super exciting!

Exactly what I've been waiting for

This is what I have been waiting for. thanks!

Awesome! I was looking for this explanation, thanks!!

I love to watch videos where the focus is on proper documentation

Great tutorial on Next.js authentication, very clear and straightforward! Quick note, though: using both "expires" and the official "exp" claim for JWT expiration seems redundant, as most libraries handle expiration with "exp" directly. This could simplify things: - Stick to "exp" and drop the custom "expires" claim. - Use `setExpirationTime` for consistency across your session and JWT. This keeps your code clean and in line with standard practices. Keep up the great work! 👍

I just finished this feature tonight. after that I watched KZfaq and saw that you had made the tutorial. this is such a coincidence. keep up the spirit, Bro. 😁

Thanks ! we need more content about authentification. Very usefull topic.

Wow finally, thank you for this video. This really helped my understanding of how to implement my auth flow!

Thanks Lee, always helpful!

Great video, would love to learn more about auth!

this tutorial is my life saver, thanks a lot lee!

Thank you !! I've been banging my head against the wall on this for the past 2 hours! More on authentication with auth.js/App/RSC/Google Login please !

The guide is so useful. Thanks a lot!

Спасибо! В документации не нашел примера нужного, а тут стало понятнее.

Thanks for Lucia shout out, I've integrated the V3 recently and it was a breeze.

Thanks for the most needed content ❤

Sweet Jesus, where were you the last couple of weeks when I was trying to implement it the correct way? Your solution is so simple yet powerful and God thanks you did it in less thans 12 minutes, thanks man!

Thanks for this Lee!

awesome to see attention to auth* - its such a crucial topic! Would love to see ways to work with open source solutions like keycloak or Ory + Next. They solve nearly anything a large scale product might need while being completely open source

Just saw the news about the promotion ( a few months after it happened ) -- congrats!

Pretty good video, as usual!

good session. yes we need more detail session on this. As this is related to auth or security we don't need to learn this from anywhere else.

Love that you did this without libs 🙌

Awesome video, congrats! Specially due to explanation of the missing sign in part that is not in the Next.js docs. Thank you.

This is very helpful, Great !!!

This is more informative beyond nextjs and React... well the first example 😊😊

Great video.. a deep dive using supabase auth will be helpful

Bravo Lee and Balázs! I just copied the code, liked it so much!😅

Would love a video about using OAuth to login with a custom backend and how to refresh a session with your own issued JWT!

Nice Video. I think authentication and authorization is not really talked about often. It will be nice to see more indepth videos on rolling out custom auth and using libraries like auth js and clerk.

God bless you. I couldn't figure out just how to do exactly that

Thanks a lot Lee, This was really helpfull

What a awesome tutorial

thank you for the repo, mate

finally an official guide!!!

Lee great job. If you could create a video on how Next.JS handles “authentication” -vs- “authorization” that would be awesome. Thanks Lee….😁👍🏿✨

Thank you Lee, very helpfull!

This is great, but what I hoped to get is information about was how authN and authZ intersects with the caches of server components and other server-side functions, as well as how and when to authorize server actions

Yes we would like to talk more . Authorization

Worth its weight in gold!! Nice one, Lee!!

Nice, server components are great for websites or when you don't have much interactivity in a component in a application. Having the option of using them is really helpful althogh I much prefered if they didn't had put them as default in next.js.

I would like to see a video on the topic of authorization/authentication for cases when a third-party server(node/nest/etc...) is used and also how it should work for "use client" components/pages

I've been able to run the nextauth version just fine in dev mode, but when building in standalone mode, I'm having all sorts of issues. It would be awesome if a version of that in standalone mode were released. thank you, Lee!

Lee, I have two questions about authentication in Next js. Can I use node js apis in middleware? Or do middleware necessarily run on the edge? The next-auth auth function is not memoized on the server, can I use the react cache function to memo the auth function?

Nextjs & discord auth would be awesome, extending the Session, modify the callbacks etc

Great video. Someone asked me why 10 seconds, so figured I'd comment here. Correct me if I have something wrong. Setting it to 10 seconds was just to demo it (although maybe some app has a need for it). Typically you would have a longer (7 days, 30 days, forever) "refresh token" as the cookie that continuously updates a short-lived "access token" that you would put in memory. That token could be 10 seconds, although I think 5 minutes is more common. Depends on the application though. But to anyone reading this, just use NextAuth! Don't play with fire.

Perfect. I always look for the custom way as next-auth is very abstract and I don't know what is going behind. Now my question is do we need to check getSession in each page, if yes, then will it work for Server and Client in the same way? and second query is how to handle callback url, I know if I check the session in each page, then I need to redirect and put the callback of each page, but if there is any way where I can define these in central/one place instead of checking in all pages. P.S: I am not using library (auth.js, clerk etc.,)

Thank you, Lee, this is very helpful! I started working on an app using Auth.js but seeing how easy it it to implement authentication with Next.js, I'm wondering if it is worth using Auth.js. What's the added value compared to just implementing our own auth with Next.js?

a month ago i was entirely new to node.js react.js tailwind next.js and typescript and i have been enjoying it so much until i got to authentication. it has been a horrible experience. this video outlines a more direct approach to authentication and session management and I'm hoping it can help me implement properly because I'm pretty close to quitting next.js.

Great Video!

Lovely & smooth explanation, auth its a excellent topic, could you bring a video about next-auth with user information management updating a profile like profile image using server actions?

Would really love a minimal example on authorization with all the next components in mind!

Lee, can you do one about GDPR? I was worried when I learned that google fonts was not compliant, and then gladly surprised when I learned that next/font does self-hosting automatically. I would love to know more on how small projects can comply without it being a headache.

Very useful video :D One minor point: shouldn't the encrypt/decrypt really be `encode_and_sign` and `decode_and_verify_signature`? I don't believe you are encrypting unless I am missing something.

Great walkthrough as always. And for those who noticed the null email, I see someone opened a PR on the linked repo to fix it.

Thanks for this awesome video! Assuming you have a server that is returning a JWT in an API call, and you’re using the pages router, whhat is the right place for the login, logout functions? Using Next api handlers? Also, in this scenario would you still set the JWT in cookies in the same way?

On the input element name="email" was missed, hence the formData read was failing and hence email was getting set as null in the JWT cookie.

Thanks man!

Authentication in next js is the only reason why I don't use next, but if I have implemented authentication and authorization process on backend(Nest Js), what should I do in that case ? Where to save access token after successful authentication ? How to send access token along with header on each request ? In normal react this process is done very easily with axios or state manager(redux).

Great video! Can you do some on design? I love the Vercel design ethos!

Can I access the token or session from client side component. because I think httponly cookie don't access from client side.

Very informative, Can you please make a more detail article on how to implement client side and server side validations on the server components during login process?

can someone help why do we get null value in the email area

I would love to see a deep dive on this. Admittedly I need handholding or a follow along a few time before I get things. I'd like to do something where there is a Username/Email and Password OR Google OR Github. Smurf the actual user lookup initially but then be able to plugin a database or something like AWS cognito, after the fact.

on point

For those getting user { email: null } in the session output, remember to add a name attribute `name='email'` in the email input in the `page.tsx` file

More of this you ask? Yes, please 🧠👍

In the authjs overview toward the end, one of the added security checks shown via the devtools / applications display was a CSRF token. Is the "role your own" auth in this video (using JWT and the session cookie) also in need of a CSRF token, and if so, any examples of how that would be added to the existing code example?

I tryed next-auth, authjs, but this satisfied what I was looking for. thanks

Best video ever

Can this be done as easily on the pages router? Does anyone have a video or example of this? Thanks

Great video as always! Are you able to explain why do we need auth.config.ts and auth.ts in nextjs new tutorial? One spreads the other, coulnd't we just have one?

This is a really well done video, Lee! However, as I've mentioned before, the issues here is not reading the user data off the session, but the inability to use the updated session user to set client-side state immediately (without relying on a useEffect or a hard refresh) due to the router cache. Any update on when this can be fixed?

Vercel Auth would be great to complete with clerk, auth0. Something built-in and easy to use / deploy.

Nice one.

This is great.Please can you do a video on how to use nextjs and an external cookie based authentcation api (e.g nodejs express) and how to persist the cookies in deployed nextjs.Once again thank you

Love the video, Can you make more video on integration for app router with next auth showing server side loading user data on page , and server side check for authenticated pages. it will be really helpfull, couldn't find any resources out there.

Alright, so you set the session on frontend, but what to do if i should do it on backend with refresh and access tokens? Can you make a video about server authentication with these tokens? I can't find any valuable info about this :(

Small question, suppose I login and wait for more than 10 seconds, and suppose I have a button that console.log the session variable, would it still console.log or do I need to make a hook using useState and useEffect instead?

Can you create a video on how to build and deploy a production-ready application on AWS, including how to export output data? I've been struggling with this for the past few days. #nextjs #production #build

00:01 Basic session authentication in Next.js without additional libraries. 01:15 Authentication process involves login and session creation 02:49 Asynchronous function for encrypting JWT based on payload and algorithm. 04:16 Updating session expiration and cookies for user authentication. 05:51 Implementing minimal session-based authentication in Next.js app. 07:20 Using middleware for refreshing page data 08:51 Authentication and session handling with Next.js App Router 10:15 The Next.js app router authentication is deeply complex.

Pls make a video on session update when we update user details in database

Thanks for the video. Biggest issue I've run into with this flow is that it seems nearly impossible to kick users out when using JWTs. Would love a video on that. ie. A bad actor signs up for my app and I need to kick them out immediately (faster than the JWT expiry date). How do I do that?

In video, under session in , "email" returns null. This is an error/oversight on your part. Please see corrected code below: name property missing from input element. 😋. You're welcome.

I have concerns, how do you authorize dynamic routes do you use regex how do you impelemtn it in middleware? Just starting out

Can you please make a page transition video using next.js v14 with app dir and framer motion? Including exit animation?

Love u dude

with rsc there is only cookies possible? or would it just be more work to send auth header explicitly and verify in middleware but possible?