NextAuth.js is a complete open source authentication solution for Next.js applications.

It is designed from the ground up to support Next.js and Serverless.

  • Signed, prefixed, server-only cookies
  • Built-in CSRF protection
  • JWT with JWS / JWE / JWK
  • Doesn’t rely on client side JavaScript

I’m always on the look out for JWT / JWS etc usage and how these might get replaced by #UCAN

This used to be called Next Auth and is by the Vercel team.

  • Can also be used without a database (e.g. OAuth + JWT)
  • Promotes the use of passwordless sign-in mechanisms
  • When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM