Authjs Skills

Name: Authjs Skills
Author: gocallum

gocallum/nextjs16-agent-skills

Wire Auth.js v5 into a Next.js app with Google OAuth, credentials login, env secrets, and session APIs using agent-guided steps.

Overview

authjs-skills is an agent skill for the Build phase that guides Auth.js v5 setup in Next.js—including OAuth, credentials, env config, and session APIs.

Install

npx skills add https://github.com/gocallum/nextjs16-agent-skills --skill authjs-skills

What is this skill?

Auth.js v5 (next-auth@beta) install and migration pointers from official Auth.js docs.
Google OAuth and credentials provider setup with required AUTH_* environment variables.
Universal auth() export pattern for App Router, middleware, and Edge Runtime compatibility.
Session management and Core API reference links for typed handlers and callbacks.
CSRF and session-hardening notes aligned with v5 security improvements over v4.

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 556 installs on skills.sh; 22 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are building a Next.js SaaS and need Auth.js v5 configured correctly across providers, secrets, and sessions without missing beta-specific breaking changes.

Who is it for?

Indie Next.js builders adding first-party login (Google + credentials) on Auth.js v5 before broader feature work.

Skip if: Teams on legacy NextAuth v4 who refuse beta dependencies, or apps that need a full enterprise SAML/SCIM program without custom integration work.

When should I use this skill?

Adding or migrating Next.js authentication with Auth.js v5, Google OAuth, credentials login, or session/API wiring.

What do I get? / Deliverables

You leave with aligned env vars, provider configuration, and auth()/session patterns ready to protect routes and APIs in your app.

Auth.js v5 configuration and provider handlers
Documented AUTH_SECRET and provider env variable setup
Session-aware route and middleware patterns using auth()

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Auth Basicsfirebase/agent-skills

firebase-auth-basics is a guided agent skill for solo builders implementing Firebase Authentication in web or mobile-bac…75.7k installs·345 stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Journey fit

Primary fit

BuildBackend, data & payments

Authentication and session handling are core backend build work before you can ship a signed-in SaaS experience. Backend is the right shelf because providers, auth() wiring, and session management live in server routes and middleware—not marketing pages.

How it compares

Use as a Next.js-specific Auth.js integration skill—not a generic OAuth theory primer or an MCP identity server.

Common Questions / FAQ

Who is authjs-skills for?

Solo and indie developers building Next.js SaaS or API-backed apps who want Claude or Cursor to apply Auth.js v5 conventions directly in their repo.

When should I use authjs-skills?

During Build while implementing sign-in, session middleware, and provider callbacks—before Ship-phase security review and Launch distribution.

Is authjs-skills safe to install?

It touches auth secrets and OAuth configuration; review the Security Audits panel on this page and never commit real AUTH_SECRET or provider keys to git.

SKILL.md

READMESKILL.md - Authjs Skills

## Links

- Getting Started: https://authjs.dev/getting-started/installation?framework=Next.js
- Migrating to v5: https://authjs.dev/getting-started/migrating-to-v5
- Google Provider: https://authjs.dev/getting-started/providers/google
- Credentials Provider: https://authjs.dev/getting-started/providers/credentials
- Core API Reference: https://authjs.dev/reference/core
- Session Management: https://authjs.dev/getting-started/session-management
- Concepts: https://authjs.dev/concepts

## Installation

```sh
pnpm add next-auth@beta
```

**Note**: Auth.js v5 is currently in beta. Use `next-auth@beta` to install the latest v5 version.

## What's New in Auth.js v5?

### Key Changes from v4

- **Simplified Configuration**: More streamlined setup with better TypeScript support
- **Universal `auth()` Export**: Single function for authentication across all contexts
- **Enhanced Security**: Improved CSRF protection and session handling
- **Edge Runtime Support**: Full compatibility with Edge Runtime and middleware
- **Better Type Safety**: Improved TypeScript definitions throughout

## Environment Variables

### Required Environment Variables

```env
# Auth.js Configuration
AUTH_SECRET=your_secret_key_here

# Google OAuth (if using Google provider)
AUTH_GOOGLE_ID=your_google_client_id
AUTH_GOOGLE_SECRET=your_google_client_secret

# For production deployments
AUTH_URL=https://yourdomain.com

# For development (optional, defaults to http://localhost:3000)
# AUTH_URL=http://localhost:3000
```

### Generating AUTH_SECRET

```sh
# Generate a random secret (Unix/Linux/macOS)
openssl rand -base64 32

# Alternative using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

# Using pnpm
pnpm dlx auth secret
```

**Important**: Never commit `AUTH_SECRET` to version control. Use `.env.local` for development.

## Basic Setup (Next.js App Router)

### 1. Create `auth.ts` Configuration File

Create `auth.ts` at the project root (next to `package.json`):

```typescript
import NextAuth from "next-auth"
import Google from "next-auth/providers/google"
import Credentials from "next-auth/providers/credentials"

export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [
    Google({
      clientId: process.env.AUTH_GOOGLE_ID,
      clientSecret: process.env.AUTH_GOOGLE_SECRET,
    }),
    Credentials({
      credentials: {
        email: { label: "Email", type: "email" },
        password: { label: "Password", type: "password" },
      },
      authorize: async (credentials) => {
        // TODO: Implement your authentication logic here
        // This is a basic example - see Credentials Provider section below for complete implementation
        if (!credentials?.email || !credentials?.password) {
          return null
        }

        // Example: validate against database (placeholder)
        // See "Credentials Provider" section for full implementation with bcrypt
        const user = { id: "1", email: credentials.email, name: "User" } // Replace with actual DB lookup
        
        if (!user) {
          return null
        }

        return {
          id: user.id,
          email: user.email,
          name: user.name,
        }
      },
    }),
  ],
  pages: {
    signIn: '/auth/signin',
  },
  callbacks: {
    authorized: async ({ auth }) => {
      // Return true if user is authenticated
      return !!auth
    },
  },
})
```

**Note**: This is a basic setup example. For production-ready credentials authentication, see the "Credentials Provider" section below which includes proper password hashing with bcrypt and database integration.

### 2. Create API Route Handler

Create `app/api/auth/[...nextauth]/route.ts`:

```typescript
import { handlers } from "@/auth"

export const { GET, POST } = handlers
```

### 3. A

What is this skill?

Auth.js v5 (next-auth@beta) install and migration pointers from official Auth.js docs.

Google OAuth and credentials provider setup with required AUTH_* environment variables.

Universal auth() export pattern for App Router, middleware, and Edge Runtime compatibility.

Session management and Core API reference links for typed handlers and callbacks.

CSRF and session-hardening notes aligned with v5 security improvements over v4.

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 556 installs on skills.sh; 22 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildBackend, data & payments

SKILL.md

READMESKILL.md - Authjs Skills

## Links

- Getting Started: https://authjs.dev/getting-started/installation?framework=Next.js
- Migrating to v5: https://authjs.dev/getting-started/migrating-to-v5
- Google Provider: https://authjs.dev/getting-started/providers/google
- Credentials Provider: https://authjs.dev/getting-started/providers/credentials
- Core API Reference: https://authjs.dev/reference/core
- Session Management: https://authjs.dev/getting-started/session-management
- Concepts: https://authjs.dev/concepts

## Installation

```sh
pnpm add next-auth@beta
```

**Note**: Auth.js v5 is currently in beta. Use `next-auth@beta` to install the latest v5 version.

## What's New in Auth.js v5?

### Key Changes from v4

- **Simplified Configuration**: More streamlined setup with better TypeScript support
- **Universal `auth()` Export**: Single function for authentication across all contexts
- **Enhanced Security**: Improved CSRF protection and session handling
- **Edge Runtime Support**: Full compatibility with Edge Runtime and middleware
- **Better Type Safety**: Improved TypeScript definitions throughout

## Environment Variables

### Required Environment Variables

```env
# Auth.js Configuration
AUTH_SECRET=your_secret_key_here

# Google OAuth (if using Google provider)
AUTH_GOOGLE_ID=your_google_client_id
AUTH_GOOGLE_SECRET=your_google_client_secret

# For production deployments
AUTH_URL=https://yourdomain.com

# For development (optional, defaults to http://localhost:3000)
# AUTH_URL=http://localhost:3000
```

### Generating AUTH_SECRET

```sh
# Generate a random secret (Unix/Linux/macOS)
openssl rand -base64 32

# Alternative using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

# Using pnpm
pnpm dlx auth secret
```

**Important**: Never commit `AUTH_SECRET` to version control. Use `.env.local` for development.

## Basic Setup (Next.js App Router)

### 1. Create `auth.ts` Configuration File

Create `auth.ts` at the project root (next to `package.json`):

```typescript
import NextAuth from "next-auth"
import Google from "next-auth/providers/google"
import Credentials from "next-auth/providers/credentials"

export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [
    Google({
      clientId: process.env.AUTH_GOOGLE_ID,
      clientSecret: process.env.AUTH_GOOGLE_SECRET,
    }),
    Credentials({
      credentials: {
        email: { label: "Email", type: "email" },
        password: { label: "Password", type: "password" },
      },
      authorize: async (credentials) => {
        // TODO: Implement your authentication logic here
        // This is a basic example - see Credentials Provider section below for complete implementation
        if (!credentials?.email || !credentials?.password) {
          return null
        }

        // Example: validate against database (placeholder)
        // See "Credentials Provider" section for full implementation with bcrypt
        const user = { id: "1", email: credentials.email, name: "User" } // Replace with actual DB lookup
        
        if (!user) {
          return null
        }

        return {
          id: user.id,
          email: user.email,
          name: user.name,
        }
      },
    }),
  ],
  pages: {
    signIn: '/auth/signin',
  },
  callbacks: {
    authorized: async ({ auth }) => {
      // Return true if user is authenticated
      return !!auth
    },
  },
})
```

**Note**: This is a basic setup example. For production-ready credentials authentication, see the "Credentials Provider" section below which includes proper password hashing with bcrypt and database integration.

### 2. Create API Route Handler

Create `app/api/auth/[...nextauth]/route.ts`:

```typescript
import { handlers } from "@/auth"

export const { GET, POST } = handlers
```

### 3. A

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is authjs-skills for?

When should I use authjs-skills?

Is authjs-skills safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is authjs-skills for?

When should I use authjs-skills?

Is authjs-skills safe to install?

SKILL.md