NextJSframework~10 mins

NextAuth.js (Auth.js) setup in NextJS - Step-by-Step Execution

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Concept Flow - NextAuth.js (Auth.js) setup

Import NextAuth and Providers

↓

Create authOptions object

↓

Configure providers (e.g., GitHub)

↓

Export NextAuth with authOptions

↓

NextAuth API route handles requests

↓

User signs in/out, session managed

↓

Protected pages check session

↓

Access granted or denied

This flow shows how NextAuth.js is set up by importing, configuring providers, exporting the handler, and managing user sessions.

Execution Sample

NextJS

import NextAuth from "next-auth";
import GitHubProvider from "next-auth/providers/github";

export const authOptions = {
  providers: [GitHubProvider({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET })],
};

export default NextAuth(authOptions);

This code sets up NextAuth with GitHub as an authentication provider.

Execution Table

Step	Action	Evaluation	Result
1	Import NextAuth and GitHubProvider	Modules imported	Ready to configure auth
2	Create authOptions object	Add GitHub provider with env vars	Providers configured
3	Export NextAuth handler with authOptions	NextAuth function called with config	API route ready to handle auth
4	User visits sign-in page	NextAuth shows GitHub sign-in button	User can click to sign in
5	User clicks sign-in	Redirect to GitHub OAuth	User authenticates on GitHub
6	GitHub redirects back with token	NextAuth verifies token	Session created
7	User accesses protected page	Session checked	Access granted if signed in
8	User signs out	Session cleared	User logged out
9	End of flow	No more actions	Authentication cycle complete

💡 Authentication flow ends when user signs out or session expires.

Variable Tracker

Variable	Start	After Step 2	After Step 3	After Step 6	Final
authOptions	undefined	{"providers":["GitHubProvider config"]}	{"providers":["GitHubProvider config"]}	{"providers":["GitHubProvider config"]}	{"providers":["GitHubProvider config"]}
session	null	null	null	{"user":{...}, "expires":"..."}	null or session depending on sign out

Key Moments - 3 Insights

Why do we use environment variables for clientId and clientSecret?

What happens if the user is not signed in and tries to access a protected page?

How does NextAuth handle the OAuth redirect from GitHub?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the state of authOptions after Step 3?

ANull

BAn object with GitHub provider configured

CUndefined

DA string with client secrets

Concept Snapshot

NextAuth.js setup:
1. Import NextAuth and providers.
2. Create authOptions with providers using env vars.
3. Export NextAuth handler with authOptions.
4. NextAuth manages sign-in, session, and sign-out.
5. Protect pages by checking session.
Use environment variables for secrets.

Full Transcript

NextAuth.js setup in Next.js starts by importing NextAuth and authentication providers like GitHubProvider. Then, you create an authOptions object that configures providers using environment variables for clientId and clientSecret to keep secrets safe. Next, you export the NextAuth handler with this configuration. When a user visits the sign-in page, NextAuth shows sign-in options. Clicking sign-in redirects the user to GitHub for authentication. After successful login, GitHub redirects back with a token, which NextAuth verifies to create a session. Protected pages check this session to allow or deny access. Signing out clears the session. This flow ensures secure and easy authentication in Next.js apps.