shubhra.dev

Next.js 16 Auth Scaffold

Session auth wired from scratch. Server actions, signed JWT cookies, bcrypt, direct Postgres. No auth library, no magic.

josebcryptjspgserver actionsproxy.ts
lib/auth/session.ts
// lib/auth/session.ts
import { SignJWT, jwtVerify } from "jose";
import { cookies } from "next/headers";

export async function createSession(
  userId: string,
  email: string
): Promise<void> {
  const token = await new SignJWT({ userId, email })
    .setProtectedHeader({ alg: "HS256" })
    .setExpirationTime("7d")
    .sign(getSecretKey());

  const cookieStore = await cookies();
  cookieStore.set("session", token, {
    httpOnly: true,
    secure: process.env.NODE_ENV === "production",
    sameSite: "lax",
  });
}

Need OAuth, email verification, roles, and an admin panel? See the full Auth Kit