Bird
Raised Fist0
NextJSframework~5 mins

NextAuth.js (Auth.js) setup in NextJS - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is NextAuth.js used for in a Next.js application?
NextAuth.js is a library that helps you add user authentication easily to your Next.js app. It manages sign-in, sign-out, and session handling.
Click to reveal answer
beginner
Which file do you create to configure NextAuth.js in a Next.js app?
You create either /pages/api/auth/[...nextauth].js for the Pages Router or /app/api/auth/[...nextauth]/route.js for the App Router to configure NextAuth.js routes and options.
Click to reveal answer
intermediate
How do you add a Google provider to NextAuth.js?
You import GoogleProvider from 'next-auth/providers/google' and add it to the providers array in the NextAuth configuration with your clientId and clientSecret.
Click to reveal answer
intermediate
What is the purpose of the 'callbacks' option in NextAuth.js configuration?
Callbacks let you control what happens during sign-in, session creation, and JWT token handling. For example, you can add extra user info to the session.
Click to reveal answer
beginner
How do you protect a page in Next.js to allow only signed-in users with NextAuth.js?
You use the useSession hook from 'next-auth/react' to check if a user is signed in. If not, you can redirect them or show a sign-in button.
Click to reveal answer
Where should you place the NextAuth.js API route file in a Next.js app using the App Router?
A/app/api/auth/[...nextauth]/route.js
B/pages/api/auth/[...nextauth].js
C/app/auth/[...nextauth]/route.js
D/api/auth/[...nextauth].js
Which hook do you use to get the current user session in a Next.js component with NextAuth.js?
AuseUser()
BuseAuth()
CuseSession()
DuseCurrentUser()
What do you need to provide when adding an OAuth provider like Google to NextAuth.js?
AOAuth token only
Busername and password
CAPI key only
DclientId and clientSecret
Which NextAuth.js option allows you to customize the session object sent to the client?
Aproviders
Bcallbacks
Cpages
Devents
How do you sign out a user in a Next.js component using NextAuth.js?
Acall signOut() from 'next-auth/react'
Bcall logout() from 'next-auth/client'
Credirect to /logout page
Dclear cookies manually
Explain the steps to set up NextAuth.js in a Next.js app using the App Router.
Think about where the API route goes and how to add providers.
You got /5 concepts.
    Describe how you can protect a page so only signed-in users can access it using NextAuth.js.
    Focus on checking session and conditional rendering.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main purpose of NextAuth.js in a Next.js application?
      easy
      A. To optimize images automatically
      B. To manage database connections
      C. To style components with CSS
      D. To handle user authentication and login flows easily

      Solution

      1. Step 1: Understand NextAuth.js role

        NextAuth.js is a library designed to simplify adding authentication to Next.js apps.

      2. Step 2: Identify main functionality

        It manages login flows, sessions, and providers for user authentication.

      3. Final Answer:

        To handle user authentication and login flows easily -> Option D

      4. Quick Check:

        NextAuth.js = Authentication helper [OK]
      Hint: NextAuth.js is all about login and user sessions [OK]
      Common Mistakes:
      • Confusing NextAuth.js with styling or database tools
      • Thinking it manages images or CSS
      • Assuming it handles API routing unrelated to auth
      2. Which file path is the correct place to create the NextAuth.js API route in a Next.js app?
      easy
      A. /pages/api/auth/[...nextauth].js
      B. /pages/auth/nextauth.js
      C. /api/auth.js
      D. /pages/api/nextauth.js

      Solution

      1. Step 1: Recall NextAuth.js API route convention

        NextAuth.js requires a catch-all API route named [...nextauth].js inside /pages/api/auth/.

      2. Step 2: Match the correct path

        Only /pages/api/auth/[...nextauth].js matches the required path: /pages/api/auth/[...nextauth].js.

      3. Final Answer:

        /pages/api/auth/[...nextauth].js -> Option A

      4. Quick Check:

        API route = /api/auth/[...nextauth] [OK]
      Hint: NextAuth.js uses catch-all API route [...nextauth].js [OK]
      Common Mistakes:
      • Placing the file outside /api/auth/
      • Using a non-catch-all filename
      • Missing the brackets in filename
      3. Given this NextAuth.js configuration snippet, what will be the value of session.user.name after a successful login?
      import NextAuth from "next-auth";
import GithubProvider from "next-auth/providers/github";

export default NextAuth({
  providers: [
    GithubProvider({
      clientId: process.env.GITHUB_ID,
      clientSecret: process.env.GITHUB_SECRET
    })
  ],
  callbacks: {
    async session({ session, user }) {
      session.user.name = "CustomName";
      return session;
    }
  }
});
      medium
      A. The GitHub username
      B. "CustomName"
      C. Undefined
      D. The user's email

      Solution

      1. Step 1: Understand the session callback

        The session callback modifies the session object before it is returned to the client.

      2. Step 2: Check the modification

        It sets session.user.name explicitly to "CustomName" regardless of original data.

      3. Final Answer:

        "CustomName" -> Option B

      4. Quick Check:

        Session callback overrides user.name = "CustomName" [OK]
      Hint: Session callback can override user data before sending [OK]
      Common Mistakes:
      • Assuming user.name stays as GitHub username
      • Thinking session.user.name is undefined by default
      • Confusing email with name property
      4. You wrote this NextAuth.js provider config but get an error: TypeError: GithubProvider is not a function. What is the likely cause?
      import { GithubProvider } from "next-auth/providers/github";

export default NextAuth({
  providers: [
    GithubProvider({
      clientId: process.env.GITHUB_ID,
      clientSecret: process.env.GITHUB_SECRET
    })
  ]
});
      medium
      A. Provider config must be inside callbacks
      B. Missing environment variables
      C. Incorrect import syntax; should use default import without braces
      D. NextAuth must be imported from 'next-auth/client'

      Solution

      1. Step 1: Check import style for GithubProvider

        GithubProvider is the default export, so it should be imported without braces.

      2. Step 2: Identify correct import syntax

        Use import GithubProvider from "next-auth/providers/github"; instead of curly braces.

      3. Final Answer:

        Incorrect import syntax; should use default import without braces -> Option C

      4. Quick Check:

        Default export = no braces in import [OK]
      Hint: Default exports import without braces {} [OK]
      Common Mistakes:
      • Using named import syntax for default export
      • Assuming environment variables cause this error
      • Placing provider config inside callbacks
      5. You want to add Google and GitHub login providers in NextAuth.js with environment variables. Which is the correct way to configure both providers in /pages/api/auth/[...nextauth].js?
      hard
      A. import GoogleProvider from "next-auth/providers/google"; import GithubProvider from "next-auth/providers/github"; export default NextAuth({ providers: [ GoogleProvider({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }), GithubProvider({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }) ] });
      B. import { GoogleProvider, GithubProvider } from "next-auth/providers"; export default NextAuth({ providers: [ GoogleProvider(process.env.GOOGLE_ID, process.env.GOOGLE_SECRET), GithubProvider(process.env.GITHUB_ID, process.env.GITHUB_SECRET) ] });
      C. import GoogleProvider from "next-auth/providers/google"; import GithubProvider from "next-auth/providers/github"; export default NextAuth({ providers: { google: GoogleProvider, github: GithubProvider } });
      D. import GoogleProvider from "next-auth/providers/google"; import GithubProvider from "next-auth/providers/github"; export default NextAuth({ providers: [ GoogleProvider, GithubProvider ] });

      Solution

      1. Step 1: Import providers correctly

        Each provider is a default export from its own module and must be imported separately.

      2. Step 2: Configure providers as array with clientId and clientSecret

        Providers must be called as functions with an object containing clientId and clientSecret from environment variables.

      3. Step 3: Validate options

        import GoogleProvider from "next-auth/providers/google"; import GithubProvider from "next-auth/providers/github"; export default NextAuth({ providers: [ GoogleProvider({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }), GithubProvider({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }) ] }); correctly imports and configures both providers in an array with proper keys.

      4. Final Answer:

        Correct import and provider function calls with env variables -> Option A

      5. Quick Check:

        Providers array with clientId/clientSecret = import GoogleProvider from "next-auth/providers/google"; import GithubProvider from "next-auth/providers/github"; export default NextAuth({ providers: [ GoogleProvider({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }), GithubProvider({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }) ] }); [OK]
      Hint: Providers need clientId and clientSecret in array [OK]
      Common Mistakes:
      • Importing providers as named imports from a single module
      • Passing env vars directly without object keys
      • Using object instead of array for providers