nextjs-authentication

Installation
SKILL.md

Authentication & Token Management

Priority: P0 (CRITICAL)

Use HttpOnly Cookies for token storage. Never use LocalStorage or sessionStorage.

Implementation Guidelines

  • Token Storage: Strictly use HttpOnly, Secure cookies with SameSite: 'Lax' or 'Strict'. Set reasonable maxAge (e.g., 86400). Never store access tokens in localStorage or sessionStorage (XSS-vulnerable). LocalStorage causes hydration issues in Server Components.
  • Access Management: Read and verify tokens in Next.js Middleware (middleware.ts) for edge-side redirection and route protection.
  • Next.js 15+ Async: cookies() Promise from next/headers and must awaited.
  • Library Selection: Prefer next-auth (Auth.js) or Clerk for social logins and session management.
  • Data Access: Always use DAL (Data Access Layer) to validate credentials and verify cookie presence before rendering.
  • CSRF Protection: Guard all Server Actions and Route Handlers by verifying Origin/Referer headers.
  • User Verification: Use await auth() (Auth.js) or custom getSession() helper in Server Components.

Example: Auth Middleware

See implementation examples

Installs
GitHub Stars
521
First Seen
nextjs-authentication — hoangnguyen0403/agent-skills-standard