authjs-skills_skill

This skill helps you configure Auth.js v5 in Next.js with Google OAuth and credentials provider, including env setup and core API integration.
  • JavaScript

15

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill gocallum/nextjs16-agent-skills --skill authjs-skills

  • SKILL.md27.3 KB

Overview

This skill provides a ready-made Auth.js v5 integration for Next.js with Google OAuth and a credentials (email/password) provider. It includes environment configuration, recommended middleware, and core API hooks for server and client components. The setup targets Next.js App Router and modern patterns like Edge runtime and JWT session strategy.

How this skill works

It exports NextAuth handlers, signIn, signOut, and auth utilities configured with Google and Credentials providers. The credentials provider uses validation, bcrypt password checks, and Prisma ORM lookups while Google uses OAuth client ID/secret and redirect URIs. Middleware and API route handlers wire auth into Next.js App Router; server components and server actions call auth() to read sessions or require authentication.

When to use it

  • Add third-party login with Google OAuth for fast user onboarding.
  • Implement username/password sign-in and secure registration flow.
  • Protect server-rendered pages and server actions in the App Router.
  • Use JWT sessions for stateless apps or database sessions for long-lived sessions.
  • Migrate an existing Next.js authentication layer to Auth.js v5 (beta).

Best practices

  • Store AUTH_SECRET and provider secrets in environment variables and never commit them.
  • Use bcrypt to hash passwords and validate credentials on the server only.
  • Set session.strategy to 'jwt' for stateless APIs or 'database' when you need server-side session revocation.
  • Add middleware matcher to protect private routes and redirect unauthenticated users to the sign-in page.
  • Request minimal OAuth scopes and enforce email domain checks if you must restrict signups.

Example use cases

  • Sign in with Google to create accounts without password handling.
  • Email/password registration and sign-in with password hashing and Prisma user records.
  • Server component profile page that calls auth() to show user data or block access.
  • Server action to update user profile that requires an authenticated session.
  • Programmatic signIn/signOut flows from server actions or client components.

FAQ

You must set AUTH_SECRET and, for Google, AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET. Set AUTH_URL for production deployments.

Should I use JWT or database sessions?

Use JWT for stateless apps and simpler scaling. Use database sessions if you need server-side session invalidation or auditability.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational