Security
There are two parts to security:
- Authentication
- Authorization
The NextAuth.js (opens in a new tab) open source solution integrates with Next.js to handle both.
NextAuth.js provides OAuth (opens in a new tab) support to use the Google Identity (opens in a new tab) provider to authenticate end users during sign in.
NextAuth.js handles creating a JSON Web Token (JWT (opens in a new tab)) for the session strategy (opens in a new tab), which is used for authorizing access to Next.js routes for pages and APIs during the user's session.
Additionally, there are two aspects to authorization to cover:
- Securing pages
- Securing APIs