There are two parts to security:

  • Authentication
  • Authorization

The NextAuth.js (opens in a new tab) open source solution integrates with Next.js to handle both.

NextAuth.js provides OAuth (opens in a new tab) support to use the Google Identity (opens in a new tab) provider to authenticate end users during sign in.

NextAuth.js handles creating a JSON Web Token (JWT (opens in a new tab)) for the session strategy (opens in a new tab), which is used for authorizing access to Next.js routes for pages and APIs during the user's session.

Additionally, there are two aspects to authorization to cover:

  • Securing pages
  • Securing APIs