docs: FAQ framework-agnostic & session sharing (#4962)

Split a FAQ into two parts: Before: - Can I use NextAuth.js with a website that does not use Next.js? After: - Can I use NextAuth.js with a framework different than Next.js? - Can session generated by NextAuth.js be used by another website?
nextauthjs · Jul 19, 2022 · 1a79a1a · 1a79a1a · vercel · Jul 19, 2022
1 parent b7065a6
commit 1a79a1a
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/docs/docs/faq.md b/docs/docs/faq.md
@@ -63,17 +63,32 @@ _If you use a custom credentials provider user accounts will not be persisted in
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with a website that does not use Next.js?</h3>
+  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with a framework different than Next.js?</h3>
 </summary>
 <p>
 
-NextAuth.js is designed for use with Next.js and Serverless.
+NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/example-gatsby" target="_blank">Gatsby</a> and <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-sveltekit" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before open a new issue.
 
-If you are using a different framework for your website, you can create a website that handles sign in with Next.js and then access those sessions on a website that does not use Next.js as long as the websites are on the same domain.
+</p>
+</details>
+
+<details>
+<summary>
+  <h3 style={{display:"inline-block"}}>Can session generated by NextAuth.js be used by another website?</h3>
+</summary>
+<p>
+
+**Same domain**: you can create a website that handles sign-in with NextAuth.js and then access those sessions on a website that does not use NextAuth.js as long as the websites are on the same domain.
+
+**Same root domain, different subdomains**: If you use NextAuth.js on a website with a different subdomain than the rest of your website (e.g. `auth.example.com` vs. `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/configuration/options#cookies)).
+
+:::warning
+Changing the default cookies domain policy is advanced and can lead to security issues if done correctly. Make sure you're aware of the security implication before proceeding.
+:::
 
-If you use NextAuth.js on a website with a different subdomain then the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/configuration/options#cookies))
+A working example can be found at <a href="https://github.com/vercel/examples/tree/main/solutions/subdomain-auth" target="_blank">this example repo</a>.
 
-NextAuth.js does not currently support automatically signing into sites on different top level domains (e.g. `www.example.com` vs `www.example.org`) using a single session.
+**Different root domains**: NextAuth.js does not currently support automatically signing into sites on different top-level domains (e.g. `www.example.com` vs. `www.example.org`) using a single session.
 
 </p>
 </details>