Always lovely to see official guides on these important topics :)

Nice and concise tutorial on a subject matter that tend to be very tedious and confusing. Great job Lee!

Looking for this tutorial for months. So nice to have a official tutorial to follow. Thanks!

Awesome stuff! And really appreciate how the Next docs are being filled out to cover these things ❤

Please keep uploading these videos how you have been the last bit I've been really enjoying them and finding them useful

Finally, an easy tutorial explaining Next Authentication using Jose. Well done. I;m a new subscriber.

I think authentication is a super important topic for web development and next.js and I think you guys should expand more on this. Security is the most important thing for modern web applications and I think you guys should keep talking about it. Great work.

This was incredibly insightful, thanks Lee

You have no idea how helpfull is this video to me. Thanks a lot for an insightful explanation and for the amazing content

Great video! Can't wait to see the full guide on the updated next-auth lib!

The way this video explains Auth in Next.js reminds me of how Dan explained React Redux. Next.js App Router next-auth changes are also super exciting!

look at this how awesome. giving lightweith version of topic is really good. thanks man

I just finished this feature tonight. after that I watched KZfaq and saw that you had made the tutorial. this is such a coincidence. keep up the spirit, Bro. 😁

awesome to see attention to auth* - its such a crucial topic! Would love to see ways to work with open source solutions like keycloak or Ory + Next. They solve nearly anything a large scale product might need while being completely open source

Awesome! I was looking for this explanation, thanks!!

Thanks ! we need more content about authentification. Very usefull topic.

Thank you !! I've been banging my head against the wall on this for the past 2 hours! More on authentication with auth.js/App/RSC/Google Login please !

Wow finally, thank you for this video. This really helped my understanding of how to implement my auth flow!

Great video, would love to learn more about auth!

This is what I have been waiting for. thanks!

I love to watch videos where the focus is on proper documentation

Спасибо! В документации не нашел примера нужного, а тут стало понятнее.

Exactly what I've been waiting for

this tutorial is my life saver, thanks a lot lee!

The guide is so useful. Thanks a lot!

Great tutorial on Next.js authentication, very clear and straightforward! Quick note, though: using both "expires" and the official "exp" claim for JWT expiration seems redundant, as most libraries handle expiration with "exp" directly. This could simplify things: - Stick to "exp" and drop the custom "expires" claim. - Use `setExpirationTime` for consistency across your session and JWT. This keeps your code clean and in line with standard practices. Keep up the great work! 👍

Awesome video, congrats! Specially due to explanation of the missing sign in part that is not in the Next.js docs. Thank you.

good session. yes we need more detail session on this. As this is related to auth or security we don't need to learn this from anywhere else.

Thanks Lee, always helpful!

Just saw the news about the promotion ( a few months after it happened ) -- congrats!

Next js is getting more and more unclear regarding the authentication/authorization process

Thanks for Lucia shout out, I've integrated the V3 recently and it was a breeze.

Sweet Jesus, where were you the last couple of weeks when I was trying to implement it the correct way? Your solution is so simple yet powerful and God thanks you did it in less thans 12 minutes, thanks man!

This is more informative beyond nextjs and React... well the first example 😊😊

Great video.. a deep dive using supabase auth will be helpful

Love that you did this without libs 🙌

Thanks a lot Lee, This was really helpfull

Thanks for the most needed content ❤

Would love a video about using OAuth to login with a custom backend and how to refresh a session with your own issued JWT!

Thanks for this Lee!

This is very helpful, Great !!!

Bravo Lee and Balázs! I just copied the code, liked it so much!😅

Nice Video. I think authentication and authorization is not really talked about often. It will be nice to see more indepth videos on rolling out custom auth and using libraries like auth js and clerk.

Pretty good video, as usual!

Lee great job. If you could create a video on how Next.JS handles “authentication” -vs- “authorization” that would be awesome. Thanks Lee….😁👍🏿✨

Thank you Lee, very helpfull!

This is great, but what I hoped to get is information about was how authN and authZ intersects with the caches of server components and other server-side functions, as well as how and when to authorize server actions

Lovely & smooth explanation, auth its a excellent topic, could you bring a video about next-auth with user information management updating a profile like profile image using server actions?

Nice, server components are great for websites or when you don't have much interactivity in a component in a application. Having the option of using them is really helpful althogh I much prefered if they didn't had put them as default in next.js.

Great video. Someone asked me why 10 seconds, so figured I'd comment here. Correct me if I have something wrong. Setting it to 10 seconds was just to demo it (although maybe some app has a need for it). Typically you would have a longer (7 days, 30 days, forever) "refresh token" as the cookie that continuously updates a short-lived "access token" that you would put in memory. That token could be 10 seconds, although I think 5 minutes is more common. Depends on the application though. But to anyone reading this, just use NextAuth! Don't play with fire.

I've been able to run the nextauth version just fine in dev mode, but when building in standalone mode, I'm having all sorts of issues. It would be awesome if a version of that in standalone mode were released. thank you, Lee!

thank you for the repo, mate

What a awesome tutorial

I would like to see a video on the topic of authorization/authentication for cases when a third-party server(node/nest/etc...) is used and also how it should work for "use client" components/pages

Yes we would like to talk more . Authorization

Thank you, Lee, this is very helpful! I started working on an app using Auth.js but seeing how easy it it to implement authentication with Next.js, I'm wondering if it is worth using Auth.js. What's the added value compared to just implementing our own auth with Next.js?

Lee, can you do one about GDPR? I was worried when I learned that google fonts was not compliant, and then gladly surprised when I learned that next/font does self-hosting automatically. I would love to know more on how small projects can comply without it being a headache.

Very useful video :D One minor point: shouldn't the encrypt/decrypt really be `encode_and_sign` and `decode_and_verify_signature`? I don't believe you are encrypting unless I am missing something.

Great walkthrough as always. And for those who noticed the null email, I see someone opened a PR on the linked repo to fix it.

Lee, I have two questions about authentication in Next js. Can I use node js apis in middleware? Or do middleware necessarily run on the edge? The next-auth auth function is not memoized on the server, can I use the react cache function to memo the auth function?

I would love to see a deep dive on this. Admittedly I need handholding or a follow along a few time before I get things. I'd like to do something where there is a Username/Email and Password OR Google OR Github. Smurf the actual user lookup initially but then be able to plugin a database or something like AWS cognito, after the fact.

Nextjs & discord auth would be awesome, extending the Session, modify the callbacks etc

Great video! Can you do some on design? I love the Vercel design ethos!

finally an official guide!!!

Very informative, Can you please make a more detail article on how to implement client side and server side validations on the server components during login process?

Perfect. I always look for the custom way as next-auth is very abstract and I don't know what is going behind. Now my question is do we need to check getSession in each page, if yes, then will it work for Server and Client in the same way? and second query is how to handle callback url, I know if I check the session in each page, then I need to redirect and put the callback of each page, but if there is any way where I can define these in central/one place instead of checking in all pages. P.S: I am not using library (auth.js, clerk etc.,)

Thanks for this awesome video! Assuming you have a server that is returning a JWT in an API call, and you’re using the pages router, whhat is the right place for the login, logout functions? Using Next api handlers? Also, in this scenario would you still set the JWT in cookies in the same way?

Can I access the token or session from client side component. because I think httponly cookie don't access from client side.

Great video as always! Are you able to explain why do we need auth.config.ts and auth.ts in nextjs new tutorial? One spreads the other, coulnd't we just have one?

Great Video!

Authentication in next js is the only reason why I don't use next, but if I have implemented authentication and authorization process on backend(Nest Js), what should I do in that case ? Where to save access token after successful authentication ? How to send access token along with header on each request ? In normal react this process is done very easily with axios or state manager(redux).

Love the video, Can you make more video on integration for app router with next auth showing server side loading user data on page , and server side check for authenticated pages. it will be really helpfull, couldn't find any resources out there.

Alright, so you set the session on frontend, but what to do if i should do it on backend with refresh and access tokens? Can you make a video about server authentication with these tokens? I can't find any valuable info about this :(

For those getting user { email: null } in the session output, remember to add a name attribute `name='email'` in the email input in the `page.tsx` file

On the input element name="email" was missed, hence the formData read was failing and hence email was getting set as null in the JWT cookie.

Nice one.

This is great.Please can you do a video on how to use nextjs and an external cookie based authentcation api (e.g nodejs express) and how to persist the cookies in deployed nextjs.Once again thank you

Worth its weight in gold!! Nice one, Lee!!

I have concerns, how do you authorize dynamic routes do you use regex how do you impelemtn it in middleware? Just starting out

This is a really well done video, Lee! However, as I've mentioned before, the issues here is not reading the user data off the session, but the inability to use the updated session user to set client-side state immediately (without relying on a useEffect or a hard refresh) due to the router cache. Any update on when this can be fixed?

Small question, suppose I login and wait for more than 10 seconds, and suppose I have a button that console.log the session variable, would it still console.log or do I need to make a hook using useState and useEffect instead?

In the authjs overview toward the end, one of the added security checks shown via the devtools / applications display was a CSRF token. Is the "role your own" auth in this video (using JWT and the session cookie) also in need of a CSRF token, and if so, any examples of how that would be added to the existing code example?

I tryed next-auth, authjs, but this satisfied what I was looking for. thanks

with rsc there is only cookies possible? or would it just be more work to send auth header explicitly and verify in middleware but possible?

Can this be done as easily on the pages router? Does anyone have a video or example of this? Thanks

More of this you ask? Yes, please 🧠👍

which vscode theme is this?

what theme do you use please

Hello Lee, I am trying to implement the Github provider as you have stated, but facing issues with the handlers GET and POST we receive from NextAuth showing the error: Error: Cannot read properties of undefined (reading 'GET'). Can you guide me here please?

Great job. When destroying session after jwt expired or deleted jwt session from browser for test purposes, is it redirected after clicking logout in the server action?

Thanks for the video. Biggest issue I've run into with this flow is that it seems nearly impossible to kick users out when using JWTs. Would love a video on that. ie. A bad actor signs up for my app and I need to kick them out immediately (faster than the JWT expiry date). How do I do that?

Hello. thanks for your good video. I have a question. Do we have Next js 15 in this year or Next js 14 is the end version for for example 2 or 3 years?

Can you create a video on how to build and deploy a production-ready application on AWS, including how to export output data? I've been struggling with this for the past few days. #nextjs #production #build

Best video ever

on point

As i anderstand we does not have barear token anymore, that is we use to keep in localstorage? (Access token)It only session? (Refresh token).

Next auth has the worst documentation in the history of documentations! It took me weeks to get used to it. Everything is scattered here and there. Come on people! Dont just make great software!, Make minimum descent documentation first!

I really enjoyed the video; it explains things very clearly. However, I've always wondered about something. Using tools like NextAuth means you bundle your authentication logic with your entire application. While this isn't necessarily a problem, I've been seeking ways to employ tools like auth.js to create a separate auth server, then using NextJS solely for the frontend (including both client and server rendering). Is it possible to construct this authentication server with NextAuth and NextJS, specifically utilizing the 'app/api' folder? I believe understanding how to achieve this could be beneficial, particularly when working with large applications that incorporate some authentication logic at the API Gateway level. This would also help when using authentication tools like Google Identity Platform.

Thanks for doing this as I think a lot of developers are new. The JWT piece seems unnecessary. You could easily just sign (not encrypt) a user_id or 1 off session value from the server (stored in database)

NextAuth is good when developing fullstack app with Nextjs (ORM to interact with DB) but with external api OAuth providers are not working. Is there a solution for that ?