Use AI to integrate Auth0
Use AI to integrate Auth0
@auth0/nextjs-auth0, create API routes, and set up environment variables. Full agent skills documentation →Get Started
This quickstart demonstrates how to add Auth0 authentication to a Next.js 16 application. You’ll build a full-stack web application with server-side rendering, secure login functionality, and protected routes using the Auth0 Next.js SDK.Create a new project
Install the Auth0 Next.js SDK
Create project files
Setup your Auth0 App
- Quick Setup (recommended)
- CLI
- Dashboard
.env file with the right configuration values.Create the Auth0 configuration
src/lib/auth0.ts:Add Proxy
src/proxy.ts:src/ directory, the proxy.ts file is created inside src/. If you’re not using a src/ directory, create it in the project root instead./auth/login- Login route/auth/logout- Logout route/auth/callback- Callback route/auth/profile- User profile route/auth/access-token- Access token route/auth/backchannel-logout- Backchannel logout route
Create Login, Logout and Profile Components
Update your main page
src/app/page.tsx with:Update layout with Auth0Provider
src/app/layout.tsx to load the Inter font and wrap your app with Auth0Provider:Configure Tailwind CSS
src/app/globals.css with:Run your app
/auth/* (not /api/auth/* like in v3).If port 3000 is in use, run: npm run dev -- --port 3001 and update your Auth0 app’s callback URLs to http://localhost:3001Troubleshooting
JWEDecryptionFailed Error
JWEDecryptionFailed Error
JWEDecryptionFailed: decryption operation failed error, this is caused by either an invalid AUTH0_SECRET or an old session cookie encrypted with a different secret.Solution:- Generate a new secret using:
- Update your
.env.localfile:
-
Clear your browser cookies for
localhost:3000:- Chrome/Edge: Press
F12→ Application tab → Cookies → Delete all cookies for localhost - Firefox: Press
F12→ Storage tab → Cookies → Delete all cookies for localhost - Safari: Develop menu → Show Web Inspector → Storage tab → Cookies → Delete all
- Chrome/Edge: Press
- Restart your dev server:
404 Error on /auth/login
404 Error on /auth/login
- Proxy location: Ensure
src/proxy.tsexists in the correct location - Proxy code: Verify the proxy matches the code in Step 6
- Restart server: After creating the proxy file, restart the dev server
- Check imports: Make sure
import { auth0 } from "./lib/auth0"path is correct
Module Not Found Errors
Module Not Found Errors
- Verify files exist: Check that all files from Step 3 were created
- Check paths: Ensure components are in
src/components/directory - Restart TypeScript: Press
Cmd+Shift+P(Mac) orCtrl+Shift+P(Windows) and run “TypeScript: Restart TS Server” - Verify imports: Make sure you’re using
@/components/*(not~/components/*)
Advanced Usage
Important v4 Changes
Important v4 Changes
- No dynamic route handlers needed - Authentication routes are auto-mounted by the proxy
- Simplified client setup -
new Auth0Client()reads environment variables automatically - New route paths - Routes are at
/auth/*instead of/api/auth/* - Required proxy - All authentication functionality goes through
proxy.ts - Use
<a>tags - Navigation must use<a href="/auth/login">instead of buttons with onClick
Authentication Routes
The SDK automatically mounts these routes via the proxy:- The
proxy.tsfile is in the correct location (project root, or insidesrc/if using asrc/directory) - The proxy is properly configured with the matcher pattern shown in Step 6
- The development server was restarted after creating the proxy file
Server-Side Authentication
Server-Side Authentication
- App Router - Server Component
- App Router - API Route
- Pages Router - Page
Client-Side Authentication
Client-Side Authentication
useUser hook:Protecting API Routes
Protecting API Routes
withApiAuthRequired method:Using Auth0 Tokens with Third-Party Backends
Using Auth0 Tokens with Third-Party Backends
Getting the Access Token
Server-side (App Router):Configuring Your Backend
Most third-party services need your Auth0 domain and audience to verify tokens. In your backend configuration:AUTH0_AUDIENCE to your .env.local and configure the SDK accordingly.Troubleshooting Token Issues
Ifctx.auth.getUserIdentity() returns null in your backend:- Verify token is being passed: Check browser DevTools Network tab to confirm the token is included in requests
- Check token format: Ensure you’re passing the
accessToken, not theidToken - Verify backend configuration: Confirm your backend has the correct Auth0 domain and client ID
- Check audience: If using an Auth0 API, ensure the
AUTH0_AUDIENCEis set and matches your API identifier - Inspect token claims: Decode your JWT at jwt.io to verify it contains the expected claims