Authentication
Users can sign in, manage their accounts, and connect existing accounts.
Auth.js
Formerly known as next-auth, Auth.js is the most reliable and popular authentication solution for Next.js projects. In Achromatic, we use the latest v5 beta version to ensure maximum compatibility with the app router.
Providers
Users can sign in with the following providers:
- Credentials (username and password)
- Google account
- Microsoft account
Connected Accounts
Users can link multiple login methods to a single account. For example, they can link their Google and Microsoft accounts to their main profile.
Multi-factor Authentication
Achromatic supports multi-factor authentication via authenticator app (TOTP) and one-time usable recovery codes. Multi-factor is often required for B2B apps and can cost a lot of money if you use an external identity provider.
Sessions
User sessions are securely stored in the database. This allows active sessions to be managed in the security settings. Additionally, changes to user roles take effect immediately.
Auth Secret
Auth.js requires a secret to function. It's acceptable to keep the pre-configured secret for local development, but anything publicly accessible should have a different secret.
We recommend using openssl rand -base64 32
to generate a secret. Add the generated secret to the .env file:
AUTH_SECRET=pQld7GsmUiZfNEv8vBJSQPxEJ84YO8NG3lsjpRI40W0=
Credentials Provider
The credentials provider is fully implemented. This includes:
- Login
- Sign up
- Forgot password
- Verification via link
- Verification via OTP
- Password change
- Email change
Passwords are hashed and compared using bcrypt with a salt length of 13. To use the credentials provider, an SMTP provider for email sending must be configured.
Google Provider
Google allows users to authenticate using their Google accounts, offering a quick and familiar sign-in method.
To set up the Google Provider, follow these steps:
- Visit the Google Cloud Console.
- Create an account if you don't have one already.
- Navigate to APIs or click here
- Configure the
OAuth consent screen
and add yourself as test user. - Click on
Credentials
, create new OAuth credentials and save those credentials. - Add the Authorized JavaScript origin to the credential settings.
http://localhost:3000
- Add the Authorized redirect URI to the credential settings.
http://localhost:3000/api/auth/callback/google
- Update
.env
with the created credentials.
AUTH_GOOGLE_CLIENT_ID=
AUTH_GOOGLE_CLIENT_SECRET=
Microsoft Provider
Microsoft allows users to authenticate using their Microsoft work, school, or Xbox accounts.
To set up the Microsoft (Entra ID) Provider, follow these steps:
- Visit the Azure Portal.
- Create an account if you don't have one already.
- Navigate to your Entra ID (Active Directory).
- Register a new application with platform web.
- Click on
Authentication
in the menu and add the redirect URIs
http://localhost:3000
http://localhost:3000/api/auth/callback/microsoft-entra-id
- Under
Certificates & Secrets
, create a new client secret. - Update
.env
with the created secret.
AUTH_MICROSOFT_ENTRA_ID_CLIENT_ID=
AUTH_MICROSOFT_ENTRA_ID_CLIENT_SECRET=
Learn More
For advanced settings or troubleshooting, see the Auth.js documentation.
By using Auth.js in Achromatic, you get a robust authentication system that's both secure and flexible. This allows you to focus on building your app's main features.