Plug-and-play authentication scaffolding for Next.js App Router.
Add production-ready auth to any Next.js project in under a minute.
npx nextauthforge initNo global install needed. Just run and follow the prompts.
◆ AUTHFORGE — Next.js Auth Scaffolder
? What is your project name? my-app
? Which database are you using? MongoDB
? Include login & signup pages? Yes
? Include example dashboard & profile pages? Yes
✓ Auth files scaffolded
✓ Dependencies installed
✓ AuthForge setup complete!
your-project/
├─ src/
│ ├─ app/
│ │ ├─ (auth)/
│ │ │ ├─ login/page.tsx ← Login UI
│ │ │ └─ signup/page.tsx ← Signup UI
│ │ ├─ api/auth/
│ │ │ ├─ login/route.ts ← POST /api/auth/login
│ │ │ ├─ signup/route.ts ← POST /api/auth/signup
│ │ │ ├─ logout/route.ts ← POST /api/auth/logout
│ │ │ └─ me/route.ts ← GET /api/auth/me
│ │ ├─ dashboard/page.tsx ← Protected dashboard
│ │ └─ page.tsx ← Landing page
│ ├─ components/ToasterProvider.tsx
│ ├─ hooks/useAuth.tsx
│ ├─ lib/
│ │ ├─ dbConfig.ts
│ │ ├─ hash.ts
│ │ ├─ jwt.ts
│ │ └─ session.ts
│ └─ models/user.models.js
└─ proxy.ts ← Route protection middleware
Browser
│
│ POST /api/auth/login
▼
Route Handler
│ validate → hash → JWT → httpOnly cookie
▼
MongoDB
│
▼
Cookie in browser → proxy.ts verifies on every protected route
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/auth/signup |
Register + auto login |
POST |
/api/auth/login |
Login + set cookie |
POST |
/api/auth/logout |
Clear session |
GET |
/api/auth/me |
Get current user |
Create .env.local in your project root:
MONGODB_URI=mongodb+srv://<user>:<pass>@cluster.mongodb.net/dbname
TOKEN_SECRET=your-secret-key-minimum-32-charactersAdd <ToasterProvider /> to your src/app/layout.tsx:
import ToasterProvider from "@/src/components/ToasterProvider"
export default function RootLayout({ children }) {
return (
<html>
<body>
<ToasterProvider />
{children}
</body>
</html>
)
}- ✅ JWT in
httpOnlycookie — immune to XSS - ✅
secureflag on in production - ✅
sameSite: laxCSRF protection - ✅ bcrypt password hashing (12 rounds)
- ✅ Password never in JWT payload
- ✅ Generic error messages — no email enumeration
- ✅
joselibrary — Edge Runtime compatible
Middleware protects these routes out of the box:
/dashboard → JWT required
/profile → JWT required
/settings → JWT required
/login → redirects to /dashboard if already logged in
/signup → redirects to /dashboard if already logged in
| Package | Purpose |
|---|---|
jose |
JWT (Edge Runtime safe) |
bcryptjs |
Password hashing |
mongoose |
MongoDB ODM |
axios |
HTTP requests |
react-hot-toast |
Notifications |
- MongoDB + Mongoose
- JWT httpOnly cookie auth
- Middleware route protection
- Login, Signup, Dashboard, Profile UI
- Refresh tokens
- Google OAuth
- GitHub OAuth
- Email verification
-
nextauthforge add googlecommand
- Next.js 14+ (App Router)
- Node.js 18+
- MongoDB database (local or Atlas)
MIT © Gaurav Kumar
Built for the Next.js community 🚀