A production-ready Next.js authentication starter with modern features, comprehensive security, and excellent developer experience.
- Multiple Auth Methods: Email/password, Google OAuth, magic links
- Two-Factor Authentication (2FA): TOTP with backup codes
- Session Management: Secure sessions with device tracking
- Email Verification: Automatic email verification flow
- Password Security: bcrypt hashing with strength validation
- Rate Limiting: Built-in protection against brute force attacks
- Transactional Emails: Welcome, verification, password reset
- React Email Templates: Beautiful, responsive email designs
- Security Notifications: Login alerts and suspicious activity
- Resend Integration: Reliable email delivery service
- CSRF Protection: Built-in cross-site request forgery protection
- Secure Headers: Comprehensive security headers configuration
- Input Validation: Zod schemas for type-safe validation
- Audit Logging: Complete authentication event tracking
- Profile Management: User profiles with avatar support
- Device Management: View and revoke active sessions
- Account Recovery: Multiple recovery options including backup codes
- Account Deletion: GDPR-compliant data removal
Building authentication from scratch is complex, time-consuming, and security-critical. This starter provides:
- β Production-ready authentication flows
- β Security best practices built-in
- β Modern tech stack with excellent DX
- β Comprehensive documentation and examples
- β Type-safe development experience
- β Scalable architecture for growth
- Next.js 15 - React framework with App Router
- TypeScript - Type-safe JavaScript
- React 19 - Latest React with concurrent features
- NextAuth.js v5 - Complete authentication solution
- Prisma - Type-safe database ORM
- PostgreSQL - Robust relational database
- bcrypt - Password hashing
- otplib - 2FA/TOTP implementation
- shadcn/ui - Beautiful, accessible React components
- Tailwind CSS - Utility-first CSS framework
- Radix UI - Unstyled, accessible UI primitives
- Lucide React - Beautiful & consistent icons
- Resend - Modern email API
- React Email - React components for emails
- Bun - Fast JavaScript runtime & package manager
- ESLint - Code linting and quality
- Zod - TypeScript-first schema validation
- Node.js 18+ or Bun
- PostgreSQL database (we recommend Supabase)
- Google Cloud Console account (for OAuth)
- Resend account (for emails)
git clone https://github.com/akdevv/next-auth-starter.git
cd next-auth-starter
# Install dependencies (recommended: use Bun)
bun install
# or npm install# Copy environment template
cp .env.example .env
# Fill in your environment variables
# See docs for detailed setup: /docs/getting-started/environment-variablesRequired environment variables:
NEXT_PUBLIC_BASE_URL="http://localhost:3000"
AUTH_SECRET="your-secret-key"
DATABASE_URL="your-postgresql-url"
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
NEXT_PUBLIC_RESEND_API_KEY="your-resend-api-key"# Generate Prisma client
bun prisma generate
# Push schema to database
bun prisma db push
# (Optional) Seed database
bun prisma db seedbun devVisit http://localhost:3000 - your auth system is ready! π
Complete documentation is available at /docs when running the project:
- Getting Started - Setup and configuration
- Authentication - Auth flows and security
- Database - Schema and migrations
- Security Features - Security implementations
- Additional Concepts - Educational resources
# Development
bun dev # Start development server with Turbopack
bun build # Build for production
bun start # Start production server
bun lint # Run ESLint
# Database
bun prisma studio # Open database browser
bun prisma migrate # Run migrations
bun prisma generate # Generate Prisma client
bun prisma reset # Reset database
# Email Development
bun email # Preview emails locallynext-auth-starter/
βββ app/ # Next.js App Router
β βββ api/ # API routes
β βββ auth/ # Authentication pages
β βββ profile/ # User profile pages
βββ components/ # React components
β βββ auth/ # Auth-specific components
β βββ ui/ # shadcn/ui components
β βββ shared/ # Shared components
βββ content/ # Documentation (MDX)
βββ emails/ # Email templates
βββ lib/ # Utilities and configurations
βββ prisma/ # Database schema and migrations
βββ server/ # Server actions and utilities
βββ schema/ # Zod validation schemas
- π‘οΈ CSRF Protection - Built-in token validation
- π Session Security - Secure cookie-based sessions
- β‘ Rate Limiting - Prevent brute force attacks
- π§ Email Verification - Verify email ownership
- π 2FA Support - TOTP with QR codes
- π Backup Codes - Emergency account recovery
- π¨ Security Alerts - Login notifications
- π Session Management - Multi-device session control
This starter includes production-ready features:
- Performance Optimized - Server-side rendering, code splitting
- SEO Friendly - Meta tags, structured data
- Accessibility - WCAG compliant components
- Mobile Responsive - Works on all devices
- Error Handling - Graceful error boundaries
- Monitoring Ready - Built-in logging and analytics hooks
Deploy to your favorite platform:
vercel deploydocker build -t next-auth-starter .
docker run -p 3000:3000 next-auth-starter- Netlify - Static export support
- Railway - Database included
- AWS/GCP/Azure - Serverless functions
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- NextAuth.js for authentication
- shadcn/ui for beautiful components
- Vercel for hosting and platform
- Supabase for database infrastructure
- π Documentation: Visit
/docsin your running project - π¬ Issues: GitHub Issues
- π Bug Reports: Use issue templates
- π‘ Feature Requests: Open a discussion
Built with β€οΈ by the community. Star β if this project helped you!