Server API Overview

The Auth0 Next.js SDK provides a comprehensive server-side API for handling authentication in both the App Router and Pages Router.

Installation

Import the server API from the dedicated server package:

import { Auth0Client } from '@auth0/nextjs-auth0/server';

Auth0Client Instance

Create a single instance of Auth0Client to use throughout your application:

lib/auth0.ts

import { Auth0Client } from '@auth0/nextjs-auth0/server';

export const auth0 = new Auth0Client({
  domain: process.env.AUTH0_DOMAIN,
  clientId: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
  secret: process.env.AUTH0_SECRET,
  appBaseUrl: process.env.APP_BASE_URL
});

Core Methods

Session Management

getSession

Retrieve the current user’s session data

updateSession

Update session data for authenticated users

Token Management

getAccessToken

Get access tokens with automatic refresh

Session Stores

Configure stateless or stateful session storage

Route Protection

withPageAuthRequired

Protect pages and redirect unauthenticated users

App Router vs Pages Router

The SDK provides different method signatures depending on your Next.js routing strategy:

// Server Components, Route Handlers, Server Actions
import { auth0 } from '@/lib/auth0';

export default async function Page() {
  const session = await auth0.getSession();
  const { token } = await auth0.getAccessToken();
  
  return <div>Welcome {session?.user.name}</div>;
}

Router Compatibility

Method	App Router	Pages Router	Middleware
`getSession()`	✅ No args	✅ `(req)`	✅ `(req)`
`getAccessToken()`	✅ `(options?)`	✅ `(req, res, options?)`	✅ `(req, res, options?)`
`updateSession()`	✅ `(session)`	✅ `(req, res, session)`	✅ `(req, res, session)`
`withPageAuthRequired()`	✅ Supported	✅ Supported	❌ N/A

Environment Variables

The SDK requires the following environment variables:

AUTH0_DOMAIN

string

required

Your Auth0 tenant domain (e.g., example.us.auth0.com)

AUTH0_CLIENT_ID

string

required

Your Auth0 application client ID

AUTH0_CLIENT_SECRET

string

required

Your Auth0 application client secret

AUTH0_SECRET

string

required

A 32-byte hex-encoded secret for encrypting cookies. Generate with:

openssl rand -hex 32

APP_BASE_URL

string

Your application’s base URL (e.g., http://localhost:3000). If omitted, the SDK infers it from the request host at runtime.

Get Started

Core Concepts

Client API

Server API

Guides

Advanced Features

Migration

Resources

Installation

Auth0Client Instance

Core Methods

Session Management

getSession

updateSession

Token Management

getAccessToken

Session Stores

Route Protection

withPageAuthRequired

App Router vs Pages Router

Router Compatibility

Environment Variables

Next Steps

Auth0Client Configuration

Session Data

Build docs developers (and LLMs) love

Get Started

Core Concepts

Client API

Server API

Guides

Advanced Features

Migration

Resources

​Installation

​Auth0Client Instance

​Core Methods

​Session Management

getSession

updateSession

​Token Management

getAccessToken

Session Stores

​Route Protection

withPageAuthRequired

​App Router vs Pages Router

​Router Compatibility

​Environment Variables

​Next Steps

Auth0Client Configuration

Session Data

Build docs developers (and LLMs) love

Installation

Auth0Client Instance

Core Methods

Session Management

Token Management

Route Protection

App Router vs Pages Router

Router Compatibility

Environment Variables

Next Steps