Skip to main content

Introduction

The platform implements authentication using NextAuth.js v5 with OAuth 2.0 providers. The system supports multiple OAuth providers and implements custom session management with JWT tokens.

Authentication Flow

The authentication flow follows the OAuth 2.0 authorization code flow:
  1. User initiates sign-in via OAuth provider (Google or GitHub)
  2. User is redirected to provider’s authentication page
  3. After successful authentication, user is redirected back to the application
  4. NextAuth processes the callback and creates a session
  5. User data is stored in the database and JWT token is generated
  6. Session information is available throughout the application

Supported Providers

The platform currently supports two OAuth providers:

Google OAuth

Full Google OAuth integration with Calendar API access

GitHub OAuth

GitHub authentication provider

Authentication Endpoints

All authentication endpoints are available under /api/auth/:
GET /api/auth/providers
endpoint
Returns available authentication providers
GET /api/auth/signin
endpoint
Displays the sign-in page
GET /api/auth/signout
endpoint
Handles user sign-out
GET /api/auth/callback/:provider
endpoint
OAuth callback endpoint for each provider
GET /api/auth/session
endpoint
Returns current session information

Quick Start

Check Available Providers

curl http://localhost:3000/api/auth/providers

Initiate Sign In

import { signIn } from '@/auth'

// Sign in with Google
await signIn('google')

// Sign in with GitHub
await signIn('github')

Get Current Session

import { auth } from '@/auth'

export default async function Page() {
  const session = await auth()
  
  if (!session?.user) {
    return <div>Not authenticated</div>
  }
  
  return <div>Welcome, {session.user.name}!</div>
}

Sign Out

import { signOut } from '@/auth'

// Sign out user
await signOut()

Session Structure

The session object contains user information and authentication tokens:
user
object
User information from OAuth provider
expires
string
Session expiration timestamp (ISO 8601 format)

Configuration

The NextAuth configuration is defined in src/auth.ts:15: 
export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [Github, Google({
    clientId: process.env.AUTH_GOOGLE_ID,
    clientSecret: process.env.AUTH_GOOGLE_SECRET,
    authorization: {
      params: {
        scope: "openid email profile https://www.googleapis.com/auth/calendar.events",
        access_type: "offline",
      }
    }
  })],
  session: {
    maxAge: 60 * 60 * 24 * 30, // 30 days
    updateAge: 43200 // 12 hours
  },
  jwt: {
    maxAge: 60 * 60 * 24 * 30 // 30 days
  },
  pages: {
    signIn: '/inicio',
    signOut: '',
    error: '/'
  }
})

Environment Variables

Required environment variables for authentication:
AUTH_GOOGLE_ID
string
required
Google OAuth client ID
AUTH_GOOGLE_SECRET
string
required
Google OAuth client secret
ADMIN_EMAIL
string
required
Email address for admin user with special privileges

Security Features

JWT Tokens

Secure JSON Web Tokens with 30-day expiration

OAuth 2.0

Industry-standard OAuth 2.0 protocol

Secure Sessions

Session tokens stored securely with regular updates

Database Integration

User data persisted in PostgreSQL database

Next Steps

Google OAuth Setup

Configure Google OAuth with Calendar API

Session Management

Learn about JWT tokens and session handling

Build docs developers (and LLMs) love

Get started for freeTalk to us