back to home

nextauthjs / next-auth

Authentication for the Web.

28,087 stars
4,044 forks
571 issues
TypeScriptJavaScriptCSS
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing nextauthjs/next-auth in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/nextauthjs/next-auth)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview
<p align="center"> <br/> <a href="https://authjs.dev" target="_blank"><img width="96px" src="https://authjs.dev/img/logo-sm.png" /></a> <h3 align="center">Auth.js</h3> <p align="center">Authentication for the Web.</p> <p align="center">Open Source. Full Stack. Own Your Data.</p> <p align="center" style="align: center;"> <a href="https://x.com/authjs" ><img src="https://shields.io/badge/Follow @authjs-000?logo=x&style=flat-square" alt="X (formerly known Twitter)" /></a> <a href="https://github.com/nextauthjs/next-auth/releases"><img src="https://img.shields.io/npm/v/next-auth/latest?style=flat-square&label=latest%20stable" alt="NPM next-auth@latest release" /></a> <!-- TODO: Should count `@auth/core` when NextAuth.js v5 is released as stable. --> <a href="https://www.npmtrends.com/next-auth"><img src="https://img.shields.io/npm/dm/next-auth?style=flat-square&color=cyan" alt="Downloads" /></a> <a href="https://github.com/nextauthjs/next-auth/stargazers"><img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square&color=orange" alt="GitHub Stars" /></a> <!-- <a href="https://codecov.io/gh/nextauthjs/next-auth" ><img alt="Codecov" src="https://img.shields.io/codecov/c/github/nextauthjs/next-auth?token=o2KN5GrPsY&style=flat-square&logo=codecov"></a> --> <img src="https://shields.io/badge/TypeScript-3178C6?logo=TypeScript&logoColor=fff&style=flat-square" alt="TypeScript" /> </p> <p align="center"> Auth.js is a set of open-source packages that are built on standard Web APIs for authentication in modern applications with any framework on any platform in any JS runtime. </p> </p>

Auth js is now part of Better Auth. We recommend new projects to start with Better Auth unless there are some very specific feature gaps (most notably stateless session management without a database).

Features

Flexible and easy to use

  • Designed to work with any OAuth service, it supports 2.0+, OIDC
  • Built-in support for many popular sign-in services
  • Email/Passwordless authentication
  • Passkeys/WebAuthn support
  • Bring Your Database - or none! - stateless authentication with any backend (Active Directory, LDAP, etc.)
  • Runtime-agnostic, runs anywhere! (Docker, Node.js, Serverless, etc.)

Own your data

Auth.js can be used with or without a database.

Secure by default

  • Promotes the use of passwordless sign-in mechanisms
  • Designed to be secure by default and encourage best practices for safeguarding user data
  • Uses Cross-Site Request Forgery (CSRF) Tokens on POST routes (sign in, sign out)
  • Default cookie policy aims for the most restrictive policy appropriate for each cookie
  • When JSON Web Tokens are used, they are encrypted by default (JWE) with A256CBC-HS512
  • Features tab/window syncing and session polling to support short-lived sessions
  • Attempts to implement the latest guidance published by Open Web Application Security Project

Advanced configuration allows you to define your routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.

TypeScript

Auth.js libraries are written with type safety in mind. Check out the docs for more information.

Security

If you think you have found a vulnerability (or are not sure) in Auth.js or any of the related packages (i.e. Adapters), we ask you to read our Security Policy to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.

Acknowledgments

Auth.js is made possible thanks to all of its contributors.

<a href="https://github.com/nextauthjs/next-auth/graphs/contributors"> <img width="500px" src="https://contrib.rocks/image?repo=nextauthjs/next-auth" /> </a> <div> <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss"></a> </div>

Contributing

We're open to all community contributions! If you'd like to contribute in any way, please first read our Contributing Guide.

License

ISC