explaingit

nextauthjs/next-auth

28,242TypeScriptAudience · developerComplexity · 3/5MaintainedLicenseSetup · easy

TLDR

Open-source authentication library for JavaScript apps that handles sign-in methods like OAuth, email, and passkeys with built-in security defaults.

Mindmap

mindmap
  root((Auth.js))
    Sign-in Methods
      OAuth providers
      Email/passwordless
      Passkeys
    Security Features
      CSRF protection
      Encrypted tokens
      Session sync
    Database Options
      JWT stateless
      MySQL/Postgres
      MongoDB/SQLite
    Runtimes Supported
      Node.js
      Serverless
      Docker
    Frameworks
      Next.js
      Nuxt

Things people build with this

USE CASE 1

Add Google or GitHub sign-in buttons to your web app without building auth from scratch.

USE CASE 2

Set up passwordless email login with magic links for users who don't want passwords.

USE CASE 3

Implement passkey authentication so users can sign in with biometrics or security keys.

USE CASE 4

Sync login sessions across multiple browser tabs automatically with built-in security.

Tech stack

TypeScriptNode.jsJWTOAuthNext.jsNuxt

Getting it running

Difficulty · easy Time to first run · 5min
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

Auth.js (previously called NextAuth.js) is an open-source authentication library for JavaScript web applications. Authentication is the process of verifying who a user is, think "sign in with Google" buttons, email magic links, or username/password forms. Building this securely from scratch is complex and error-prone, which is what Auth.js solves. The library supports a wide range of sign-in methods: OAuth providers like Google, GitHub, and others, email/passwordless login, and passkeys (a newer, password-free standard). You can use it with or without a database, it supports stateless sessions using JWT (JSON Web Tokens, a way to store login state without a database) as well as adapters for databases like MySQL, Postgres, MongoDB, SQLite, and more. Security defaults are baked in: CSRF (cross-site request forgery) protection on login and logout routes, encrypted tokens, restrictive cookie policies, and session sync across browser tabs. Advanced users can customize what accounts are allowed to sign in, how tokens are encoded, and how often sessions need to be re-validated. The library is runtime-agnostic, meaning it runs in Node.js, serverless environments, Docker, and more. It works with frameworks like Next.js and Nuxt. The README notes that Auth.js has joined the Better Auth project, and new projects are recommended to start with Better Auth. It's written in TypeScript and licensed under ISC (a permissive open-source license).

Copy-paste prompts

Prompt 1
Show me how to add Google OAuth sign-in to a Next.js app using Auth.js with a simple example.
Prompt 2
How do I set up Auth.js with a PostgreSQL database instead of JWT tokens?
Prompt 3
Create a login page component for Auth.js that supports email magic links and GitHub OAuth.
Prompt 4
What are the security best practices for configuring Auth.js callbacks and session validation?
Prompt 5
How do I customize which user accounts are allowed to sign in with Auth.js?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.