Auth.js (NextAuth v4)

Use Auth.js (NextAuth v4 stable) when your team already ships next-auth with the App Router and you want a credentials or OAuth provider with minimal migration risk. Auth.js v5 remains beta as of the example pin date.

Setup

1. Copy examples/with-authjs/.env.example:

   • DATABASE_URL
   • NEXTAUTH_SECRET, NEXTAUTH_URL
   • Model keys (optional)

2. Install:

   pnpm add next-auth@^4.24.14

3. Configure lib/auth-options.ts (credentials stub for CI) per the example.

Route handler

app/api/arivie/route.ts

/* SPDX-License-Identifier: Apache-2.0 */
import { getArivieRuntimeForOwner } from "../../../arivie.config";
import { resolveOwnerId } from "../../../lib/resolve-owner";
import { assertAuthBypassAllowed } from "../../../lib/auth-bypass";

assertAuthBypassAllowed();

export async function POST(req: Request): Promise<Response> {
  const ownerId = await resolveOwnerId(req);
  const { arivie } = await getArivieRuntimeForOwner(ownerId);
  return arivie.next.POST(req);
}

ownerId derivation

lib/resolve-owner.ts

/* SPDX-License-Identifier: Apache-2.0 */
import { getServerSession } from "next-auth";
import { authOptions } from "./auth-options";
import { BYPASS_OWNER_ID, isAuthBypassRequest } from "./auth-bypass";

export async function resolveOwnerId(req: Request): Promise<string> {
  if (isAuthBypassRequest(req)) {
    return BYPASS_OWNER_ID;
  }
  const session = await getServerSession(authOptions);
  const email = session?.user?.email;
  if (email != null && email.length > 0) {
    return email;
  }
  return process.env.ARIVIE_OWNER_ID ?? "with-authjs-owner";
}

getServerSession(authOptions) → session.user.email becomes ownerId when set.

Runnable example

pnpm --filter with-authjs dev

Canonical tree: arivie/examples/with-authjs/.

Tested with next-auth ^4.24.14.