{"id":49453677,"url":"https://github.com/juanbzz/next-authentication","last_synced_at":"2026-06-02T05:00:46.649Z","repository":{"id":33964623,"uuid":"164066551","full_name":"juanbzz/next-authentication","owner":"juanbzz","description":"Authentication \u0026 Authorization library for the Next.js framework","archived":false,"fork":false,"pushed_at":"2022-04-09T23:27:43.000Z","size":1461,"stargazers_count":57,"open_issues_count":11,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-02-20T07:44:12.472Z","etag":null,"topics":["auth","authentication","authorization","es6","javascript","nextjs","react","reactjs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/juanbzz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-01-04T06:18:09.000Z","updated_at":"2024-01-01T23:15:33.000Z","dependencies_parsed_at":"2022-08-07T23:31:03.873Z","dependency_job_id":null,"html_url":"https://github.com/juanbzz/next-authentication","commit_stats":null,"previous_names":["juanbzpy/next-authentication","j0lv3r4/next-authentication","j0lvera/next-authentication"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/juanbzz/next-authentication","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juanbzz%2Fnext-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juanbzz%2Fnext-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juanbzz%2Fnext-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juanbzz%2Fnext-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/juanbzz","download_url":"https://codeload.github.com/juanbzz/next-authentication/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juanbzz%2Fnext-authentication/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33806987,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","authorization","es6","javascript","nextjs","react","reactjs"],"created_at":"2026-04-30T04:01:03.703Z","updated_at":"2026-06-02T05:00:46.626Z","avatar_url":"https://github.com/juanbzz.png","language":"TypeScript","funding_links":[],"categories":["📦 Legacy \u0026 Inactive Projects"],"sub_categories":[],"readme":"# Next Authentication\n\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fj0lv3r4%2Fnext-authentication.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fj0lv3r4%2Fnext-authentication?ref=badge_shield)\n\n\u003e Authentication \u0026amp; Authorization for Next.js\n\n`next-authentication` provides a set of functions and middlewares to implement Authentication, Authorization and session management in Next.js applications.\n\n## Usage\n\nSetup:\n\n```js\n// Setup\n// file: lib/auth.js\n\nimport bcrypt from 'bcrypt';\nimport { nextAuth, AuthError } from 'next-authentication';\nimport { User } from '../user/model';\n\nconst nextAuthOptions = {   \n  cookieName: 'auth-token',\n  // Pseudo code that verifies a user in a fictitious database\n  verify: async (username, password) =\u003e {\n      try {\n        const user = await User.query().findOne({ username });\n\n        if (!user) {\n          throw new AuthError('User does not exist', 404);\n        }\n\n        const valid = bcrypt.compareSync(password, user.password);\n\n        if (!valid) {\n          throw new AuthError('Invalid credentials', 403);\n        }\n\n        return { user: user.username }\n      } catch (error) {\n        throw new AuthError(`Error trying to verifying the user: ${error.message}`, 500);\n      }\n  },\n  secret: process.env.SECRET || 'alongsecretvaluethatsatleast16chars'\n}\n\nexport const { authenticate, authorize } = nextAuth(nextAuthOptions);\n```\n\nLogin:\n\n```js\n// Authenticate\n// file: pages/api/login.js\n\nimport { authenticate } from '../lib/auth.js'\n\nconst handler = (req, res) =\u003e {\n  res.status(200).json({ message: 'User logged in', user: req.user });\n}\n\nexport default authenticate(handler);\n```\n\nRestricted content:\n\n```js\n// Authorize\n// file: pages/api/restricted-content.js\n\nimport { authorize } from '../lib/auth.js';\n\nconst handler = (req, res) =\u003e {\n  console.log('is authorized', res.isAuthorized);\n  res.status(200).json({ user: res.user })\n}\n\nexport default authorize(handler);\n```\n\n## API\n\n### `handler(req, res)`\n\nA `requestListener` function that is executed each time an API route gets a request.\n\nThis is not a `next-authentication` method, but rather a definition about a parameter we use through the documentation. It’s handy to have the definition for reference.\n\n* `req` [\\\u003cIncomingMessage\\\u003e](https://nodejs.org/docs/latest-v14.x/api/http.html#http_class_http_incomingmessage)\n* `res` [\\\u003cServerResponse\\\u003e](https://nodejs.org/docs/latest-v14.x/api/http.html#http_class_http_serverresponse)\n\nUsage:\n\n```js\n// file: pages/api/ok.js\nconst handler = (req, res) =\u003e {\n  res.end(JSON.stringify({ message: 'ok' }));\n}\n\nexport default handler;\n```\n\n### `nextAuth({ verify, secret, cookieUserOptions, [redirectOnError, redirectUrl] })`\n\nThe main function of the library that takes an option object and returns an object with the functions you to use for authentication, authorization, and logout users.\n\n##### `verify(username, password)` (required)\n\n* `username` \\\u003cstring\\\u003e (required)\n* `password` \\\u003cstring\\\u003e (required)\n* Returns an object with at least a `username` element. e.g., `{ username: 'jolvera' }`\n\nA function that takes a username and a password and must return an object containing at least the key `username`. The function should run the logic to verify the authenticity of a user's identity.\n\n##### `externalServer` \\\u003cboolean\\\u003e (optional)\n\n* Default: `false`\n\n##### `cookieName` \\\u003cstring\\\u003e (optional)\n\n* Default: \"next-authentication-token\"\n\n##### `secret` \\\u003cstring\\\u003e (required)\n\nA secret string that’s at least 16 characters long.\n\n##### `cookieUserOptions` \\\u003cObject\\\u003e (optional)\n\n* Default: `{ httpOnly: true, maxAge: 60 * 60 * 24, path: \"/\" }`\n\nSame options as [`cookie.serialize`](https://github.com/jshttp/cookie#options-1).\n\n##### `redirectOnError` \\\u003cboolean\\\u003e (optional)\n\n* Default: `true`\n\nIf `true`, `next-authentication` redirects the user to [`redirectUrl`](#redirecturl-string-optional) when:\n\n* The user provides invalid credentials\n* The user logs out\n* There is an unknown error\n\n##### `redirectUrl` \\\u003cstring\\\u003e (optional)\n\n* Default: `/login`\n\nURL to redirect the user to if `redirectOnError` is `true`.\n\n### `authenticate(handler, authenticateOptions)`\n\nA function middleware that verifies the user and creates a cookie session.\n\nYou can use the function directly, but the recommended way is through `nextAuth` since the options are setup once there and can be use everywhere. If you use the function directly you will have to call the function with all parameters every time you use it.\n\n#### [`handler(req, res)`](#handlerreq-res)\n\n#### `authenticateOptions` \\\u003cObject\\\u003e\n\n* [`verify`](#verifyusername-password-required)\n* [`secret`](#secret-string-required)\n* [`cookieUserOptions`](#cookieuseroptions-object-optional)\n\n### `authorize(handler, authorizeOptions)`\n\nValidates a session.\n\n#### [`handler(req, res)`](#handlerreq-res)\n\n#### `authorizeOptions` \\\u003cObject\\\u003e\n\n* [`secret`](#secret-string-required)\n* [`redirectOnError`](#redirectonerror-boolean-optional)\n* [`redirectUrl`](#redirecturl-string-optional)\n\n### `logout(handler, logoutOptions)`\n\nDestroys the user session and redirects the user based on `redirectOnError` and `redirectUrl`.\n\n#### [`handler(req, res)`](#handlerreq-res)\n\n#### `logoutOptions` \\\u003cObject\\\u003e\n\n* [`redirectOnError`](#redirectonerror-boolean-optional)\n* [`redirectUrl`](#redirecturl-string-optional)\n\n### `AuthError(message, status)`\n\n[Custom error class](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error#Custom_Error_Types) for Authorization errors.\n\n#### `message` \\\u003cstring\\\u003e\n\nError message to use in a response [\\\u003cServerResponse\\\u003e](https://nodejs.org/docs/latest-v14.x/api/http.html#http_class_http_serverresponse) object.\n\n#### `status` \\\u003cinteger\\\u003e\n\n* Default: `401`\n\nServer status code to use in a response [\\\u003cServerResponse\\\u003e](https://nodejs.org/docs/latest-v14.x/api/http.html#http_class_http_serverresponse) object.\n\n## Installation\n\nWith [npm](https://npmjs.com):\n\n```\n$ npm i next-authentication --save\n```\n\n## License\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fj0lv3r4%2Fnext-authentication.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fj0lv3r4%2Fnext-authentication?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuanbzz%2Fnext-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjuanbzz%2Fnext-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuanbzz%2Fnext-authentication/lists"}