Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
nextjs-postgres-auth-starter
Next.js + Tailwind + Typescript + Drizzle + NextAuth + PostgreSQL starter template.
-
next-connect
The TypeScript-ready, minimal router and middleware layer for Next.js, Micro, Vercel, or Node.js http/http2
-
next-optimized-images
🌅 next-optimized-images automatically optimizes images used in next.js projects (jpeg, png, svg, webp and gif).
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
It is definitely fairly easy to get started with and supports a wide range of authenticators (at least next-auth does, authjs not so many at the moment). The work on next-auth has been stopped in favour of this (also after some issues and rollback [1]).
One thing I was pleasantly surprised by was how easy it is too rollout email authentication via magic links and how relatively good it looks/behaves out of the box [2]. All you need is to add SMTP url and add the config.
It is also worth noting that it doesn't work for nextjs yet.
[1]: https://github.com/nextauthjs/next-auth/pull/6132
I went down the rabbithole of using next-auth (now authjs) for a recent project. Having used Passport.js [1] for Oauth2 the last time I was doing node.js ~3 years ago, I found this library to have many footguns as comments/answers on SO and Github.
Seems like many people are trying to shoehorn their codebase [2] (!!) to make it work with the way the library manages sign-in flow, redirects, cookies, logout, etc. [3]
These were solved problems in the MEAN stack era with middlewares, but now that Next.js/react is the trend, people are doing everything they can to make it work - from relaxing security configs, to stashing things in the JWT just so some callback can get an additional piece of data.
[1] https://github.com/jaredhanson/passport
It depends on what context you're operating in. The reality is that most people don't fully understand authentication / authorization properly so they often mess up. When you have a small team of engineers that are spread very thin, it might be better to delegate this responsibility. If you have the time and resources to study the topic in depth and implement it properly then it's fine. It's just not that interesting of an area since the space for innovation and creativity is limited, and since the major problems have already been reliably solved by others at best you end up with an equivalent outcome and at worst you end up with security issues.
If you're operating within an enterprise context, Keycloak [0] is pretty massive but provides comprehensive coverage for all authN and authZ needs, and it's open source.
Back when I first started studying this topic I found that reading through a lot of NIST guidelines was helpful. I'd recommend at least browsing through SP 800-63-3 [1], SP 800-63A, SP 800-63B, SP 800-63C to get a good idea of the domain. Admittedly, this might be a lot of overkill for your application and needs.
[0] https://www.keycloak.org/
Here's an example with the credentials provider: https://github.com/vercel/nextjs-mysql-auth-starter/blob/mai...
Same. I found this example [1] particularly helpful, although I don't know how good this [2] library it uses is. Overall, I've seen multiple OSS projects [3] that try to support a missing functionality in Next.js seem to just give up trying to keep up with their breaking changes.
[1] https://stackblitz.com/edit/github-mwzv1t?file=README.md
[2] https://github.com/hoangvvo/next-connect
[3] https://github.com/cyrilwanner/next-optimized-images
Same. I found this example [1] particularly helpful, although I don't know how good this [2] library it uses is. Overall, I've seen multiple OSS projects [3] that try to support a missing functionality in Next.js seem to just give up trying to keep up with their breaking changes.
[1] https://stackblitz.com/edit/github-mwzv1t?file=README.md
[2] https://github.com/hoangvvo/next-connect
[3] https://github.com/cyrilwanner/next-optimized-images
I've been using https://github.com/OrJDev/create-jd-app which is based on solid and it's pretty great.
Super fast out of the box, but I also upgraded vite to 4 with a few overrides to get swc.
Solid Auth is still a bit immature (I ended up writing my own Auth stack around prisma, trpc and jwt), haven't tried Next Auth
I like fastify more than express due to the great opinions (json schema, hooks etc). I use fastify + the fastify-nextjs plugin. It works great and lets you expose custom request decorations from node.js to next.js.
Maybe this can help you too: https://github.com/fastify/fastify-nextjs
The only drawback is the slow startup time of next.js, which becomes really annoying with huge next.js projects. But for smaller projects, fastify-nextjs is fine.
Related posts
- Example typescript project repos?
- Deploy Full-Stack Next.js T3App with Cognito and Prisma using AWS Lambda
- Qilin: A Starter Project Template For Every Open Source Project
- Democratising Enterprise Readiness - #MarchWebSecurity
- Streamlining Role-Based Access Control in Next.js with Descope and Auth.js: A Step-by-Step Guide