Auth.js
Free, open-source authentication library supporting multiple frameworks like Next.js, SvelteKit, Express, and Qwik with 50+ OAuth providers.
Auth.js is a comprehensive, free and open-source authentication solution designed for modern web applications. This powerful library provides seamless integration across multiple frameworks including Next.js, SvelteKit, Express, and Qwik.
⚠️ Note: As of September 2025, the Auth.js project is now officially part of Better Auth. New projects are advised not to start with Auth.js. Instead, use Better Auth, which is the actively maintained successor and future direction of the project. Existing Auth.js users will continue to see support in the short term, but the roadmap and new features are focused on Better Auth. Read the official announcement.
Key Features:
- 50+ OAuth providers including GitHub, Google, Facebook, and more
- Framework-agnostic design with dedicated packages for popular frameworks
- Type-safe implementation with full TypeScript support
- Zero-config setup for quick implementation
- Secure by default with built-in CSRF protection and secure cookies
The library offers simple integration with just a few lines of code. Whether you're building a Next.js app, SvelteKit project, Express server, or Qwik application, Auth.js provides consistent APIs and excellent developer experience.
Benefits:
- Reduce development time with pre-built authentication flows
- Maintain security best practices without complexity
- Scale easily with enterprise-grade authentication
- Access comprehensive documentation and active community support
Perfect for developers who need reliable authentication without the overhead of building custom solutions from scratch.
Auth.js comes with over 80 preconfigured OAuth providers (Google, GitHub, Twitter, Facebook, etc.) so users can sign in with existing accounts
Session settings allow adjusting `session.maxAge` and `updateAge` to control how long sessions last; default expiry is 30 days but can be configured for longer durations
Auth.js only implements user‑centric authentication flows. It does not provide client credentials grant for machine‑to‑machine communication
Auth.js runs within your application. There is no hosted authentication domain, so there is no concept of custom domains
Official integrations exist for multiple frameworks (Next.js, Express, Qwik, SvelteKit, etc.)
Auth.js does not offer tools to import users. User records are in your own database
As you manage the users in your own database, you have full control over the user attributes
As you manage the users in your own database, you can export them easily
As you manage the hashed user passwords in your own database, you can export them easily
