Passport VS next-auth

Next, use something like https://www.npmjs.com/package/passport, this is authentication middleware, and it works similarly for different authentication providers. Carefully read the documentation. OAuth is complicated, but that's because it solves a complicated problem

Passport is outdated and the project has been more or less on a stand-still for years now. As of currently, there are more than 320 open issues and very few have been resolved within the last months. I'd highly advice you not to use Passport for your applications in 2023. You've received some great alternatives by others in the comments here.

lib: The lib folder, short for "library", is mostly used to store the actual source code of the package, but it can also be used to store third-party code, utilities and helpers. Example from passport.

Research - there's github and stackoverflow documentation saying this is part of passport.js 0.6.0 that can be resolved by turning logout into a callback function (I was not the first person to encounter this error).

passport for authentication

I went down the rabbithole of using next-auth (now authjs) for a recent project. Having used Passport.js [1] for Oauth2 the last time I was doing node.js ~3 years ago, I found this library to have many footguns as comments/answers on SO and Github.

Seems like many people are trying to shoehorn their codebase [2] (!!) to make it work with the way the library manages sign-in flow, redirects, cookies, logout, etc. [3]

These were solved problems in the MEAN stack era with middlewares, but now that Next.js/react is the trend, people are doing everything they can to make it work - from relaxing security configs, to stashing things in the JWT just so some callback can get an additional piece of data.

[1] https://github.com/jaredhanson/passport

Passport to act as auth middleware to authenticate requests Passport

Checkout using NestJS that uses Passport or just checkout Passport

NextAuth.js is not perfect. One of the shortcomings is that it currently does not implement federated logout. This means that even if a user signs out of the Next.js app, he does NOT get signed out of the Cognito user pool client. As a consequence, the user is not really being logged out (i.e he is able to login again without providing the credentials). You can read more about this problem in this Github thread.

NextAuth for adding auth

Let's learn a bit about Descope and how to use it with Auth.js (next-auth) to protect our Next.js app with role-based access control (RBAC).

https://github.com/nextauthjs/next-auth/issues/5647#issuecom...

Next Auth CognitoProvider Internal Library: https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/cognito.ts

I mentioned this in an age-old discussion on NextAuth GitHub repo.

Authentication is a fundamental part of most web applications. Integrating authentication into your Next.js app can be simplified with NextAuth, a powerful authentication library that supports various authentication methods. However, the documentation around setting up NextAuth with the "Credentials" auth provider might not be as clear as you'd hope. My implementation is greatly enriched and partially based on Next-Auth docs and the following github thread.

For Auth: https://authjs.dev/ - works like a charm with Svelte https://authjs.dev/reference/sveltekit

NextAuth.js

I'm surprised nobody mentioned https://authjs.dev/