Skip to main content
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js App Router.
This library is designed specifically for the Next.js App Router. For Pages Router support, refer to the WorkOS Node SDK.

What you’ll build

AuthKit Next.js gives you everything you need to add enterprise-ready authentication to your Next.js application:

Secure authentication

Enterprise SSO, social login, and email/password authentication out of the box

Session management

Automatic token refresh and secure cookie-based sessions with zero configuration

Server & client hooks

Access user data in both server and client components with withAuth() and useAuth()

Advanced features

User impersonation, feature flags, organization switching, and API key validation

Installation

Install the package and configure your environment variables

Quickstart

Get authentication working in under 5 minutes

API reference

Explore all available methods and components

GitHub

View source code and contribute to the project

Key features

Built for Next.js App Router

Designed from the ground up for Next.js 13+ with full support for:
  • Server Components and Server Actions
  • React Server Components (RSC)
  • Next.js 16+ proxy and middleware patterns
  • Streaming and concurrent rendering

Enterprise-ready authentication

Powered by WorkOS AuthKit, you get:
  • Single Sign-On (SSO) with major providers
  • Social authentication (Google, GitHub, Microsoft)
  • Magic link and email/password authentication
  • Multi-factor authentication (MFA)
  • User impersonation for support scenarios

Simple developer experience

import { withAuth } from '@workos-inc/authkit-nextjs';

export default async function DashboardPage() {
  const { user } = await withAuth();
  
  return <div>Welcome, {user?.firstName}!</div>;
}
Access authenticated user data in any server component with a single function call. No prop drilling, no context providers required for server components.

Flexible middleware

Protect routes with a simple matcher configuration: 
import { authkitMiddleware } from '@workos-inc/authkit-nextjs';

export default authkitMiddleware();

export const config = { 
  matcher: ['/dashboard/:path*', '/account'] 
};
Automatic session refresh, token management, and redirect handling with zero boilerplate.

Use cases

AuthKit Next.js is perfect for B2B applications that need enterprise SSO, organization management, and user impersonation for customer support.
Quickly add authentication to internal tools with support for your company’s existing SSO providers.
Built-in support for organization switching and session management across multiple tenants.
Includes validateApiKey() for securing public API endpoints with WorkOS API keys.

Architecture

AuthKit Next.js follows a middleware-first architecture:
  1. Middleware layer - Handles session refresh and authentication checks before requests reach your pages
  2. Callback route - Processes OAuth callbacks from WorkOS AuthKit
  3. Server helpers - Access session data in Server Components with withAuth()
  4. Client hooks - Access session data in Client Components with useAuth()
  5. Secure storage - Encrypted session cookies using iron-session

Browser and Next.js support

AuthKit Next.js supports:
  • Next.js 13.5.9+ (App Router required)
  • Next.js 14, 15, and 16
  • React 18 and 19
  • All modern browsers (Chrome, Firefox, Safari, Edge)

Next steps

1

Install the package

Follow the installation guide to add AuthKit to your Next.js project
2

Complete the quickstart

Get authentication working in under 5 minutes with the quickstart guide
3

Explore advanced features

Learn about user impersonation, feature flags, and organization management

Build docs developers (and LLMs) love

Get started for freeTalk to us