Auth.js (NextAuth)
npm package (previously NextAuth, and previously auth-next.js)
might not be fully supported for user:pass authentication and implement on Express server. Investigate more on this tho.
works best for Nextjs fullstack project.
- https://authjs.dev/
- https://authjs.dev/guides/basics/role-based-access-control
- https://www.freecodecamp.org/news/secure-next-js-applications-with-role-based-authentication-using-nextauth/
session strategies
you can implement different session strategies with this lib.
JWT
is the default
when user sign in, a HttpOnly(making it impossible for client js to access it) cookie is stored on his browser.
Database Sessions
Authjs can create sessions in a database.
SessionID is saved on a HttpOnly cookie.
When user signs out, session is deleted from the DB.