NextAuth.js — Complete Guide
NextAuth.js — Complete Guide: free step-by-step lesson with examples, common mistakes, and interview tips — part of Next.js Tutorial on Toolliyo Academy.
On this page
Next.js Tutorial (LearnHub) · Lesson 41 of 100
NextAuth.js
Beginner ✓ → Intermediate ✓ → Advanced → Professional
Advanced · 3 — Production skills · ~18 min read · Module 5: SEO & Deploy
Introduction
This is advanced material: NextAuth.js. It is what teams use on live products. Read the example carefully and try changing one line at a time to see what happens. NextAuth.js (Auth.js) adds sign-in, sessions, and OAuth providers to Next.js with minimal boilerplate. It works with Route Handlers and middleware. LearnHub needs Google and email login without building crypto and session storage from scratch. NextAuth is the common choice in Next.js job postings.
An app on your laptop is not finished until students can open it on the internet.
When will you use this?
Use when you are ready to put LearnHub online for users or employers to try.
- Publishing means pushing LearnHub to Vercel, Docker, or Azure so students can access it online.
- CI/CD runs npm test and npm run build automatically on every git push.
Real-world: LearnHub LMS
The EdTech / LMS team building LearnHub LMS uses NextAuth.js to apply NextAuth.js when building course catalog, lesson player, and progress tracking. students and instructors never see the TypeScript files — they just get a fast, reliable course catalog, lesson player, and progress tracking.
Production-style code
// app/api/auth/[...nextauth]/route.ts
import NextAuth from 'next-auth';
import GoogleProvider from 'next-auth/providers/google';
const handler = NextAuth({
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID!,
clientSecret: process.env.GOOGLE_CLIENT_SECRET!
})
],
callbacks: {
session({ session, token }) {
session.user.id = token.sub;
return session;
}
}
});
export { handler as GET, handler as POST };What happens in production: In LearnHub LMS, getting NextAuth.js right means students and instructors trust the course catalog, lesson player, and progress tracking every day.
Lesson example (start here)
Copy this smaller example first. Once it works, compare it with the real-world code above.
// app/api/auth/[...nextauth]/route.ts
import NextAuth from 'next-auth';
import GoogleProvider from 'next-auth/providers/google';
const handler = NextAuth({
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID!,
clientSecret: process.env.GOOGLE_CLIENT_SECRET!
})
],
callbacks: {
session({ session, token }) {
session.user.id = token.sub;
return session;
}
}
});
export { handler as GET, handler as POST };Line-by-line walkthrough
| Code | What it means |
|---|---|
// app/api/auth/[...nextauth]/route.ts | Comment — notes for humans; the compiler ignores it. |
import NextAuth from 'next-auth'; | Imports a module so you can use its exports in this file. |
import GoogleProvider from 'next-auth/providers/google'; | Imports a module so you can use its exports in this file. |
const handler = NextAuth({ | Part of the NextAuth.js example — read it together with the lines before and after. |
providers: [ | Part of the NextAuth.js example — read it together with the lines before and after. |
GoogleProvider({ | Part of the NextAuth.js example — read it together with the lines before and after. |
clientId: process.env.GOOGLE_CLIENT_ID!, | Part of the NextAuth.js example — read it together with the lines before and after. |
clientSecret: process.env.GOOGLE_CLIENT_SECRET! | Part of the NextAuth.js example — read it together with the lines before and after. |
}) | Closes a block started by { above. |
], | Part of the NextAuth.js example — read it together with the lines before and after. |
callbacks: { | Part of the NextAuth.js example — read it together with the lines before and after. |
session({ session, token }) { | Part of the NextAuth.js example — read it together with the lines before and after. |
session.user.id = token.sub; | Part of the NextAuth.js example — read it together with the lines before and after. |
return session; | Part of the NextAuth.js example — read it together with the lines before and after. |
How it works (big picture)
- Providers define how users sign in.
- The catch-all route handles OAuth callbacks.
- Session callback attaches user id for dashboard pages.
Do this on your computer
- Install next-auth and add Google OAuth credentials in .env.local.
- Create the [...nextauth] route handler.
- Wrap the app with SessionProvider in a Client layout wrapper.
- Protect /dashboard with middleware or getServerSession.
- Read the real-world section and name which part of LearnHub uses this topic.
- Run the example locally with npm run dev and confirm the same behavior.
- Change one value in the example (route, text, or course id) and predict what will happen before you save.
Experiments — try changing this
- Change a string or route in the example and save — watch the browser update.
- Break the code on purpose (remove a bracket), read the error overlay, then fix it.
- Use npm run dev while editing NextAuth.js — the page hot-reloads on save.
Remember
NextAuth handles OAuth and sessions. Store secrets in environment variables. Use middleware or server session checks for protected routes.
Common questions
NextAuth vs Clerk?
NextAuth is open-source and self-hosted; Clerk is a hosted service with pre-built UI components.
How long should I spend on NextAuth.js?
Until you can explain it in your own words and run the example without looking at the answer. Beginners often need 30–60 minutes per new concept; setup lessons may take one afternoon.
What if I get stuck on NextAuth.js?
Re-read the line-by-line walkthrough, check the terminal and browser overlay for errors, and compare your code character-by-character with the example. Search the exact error text — someone else had it too.
Where is NextAuth.js used in real jobs?
See the real-world section above — the same pattern appears in LMS, e-commerce, SaaS, and dashboards. Interviewers ask you to explain it using one concrete example.