authjs-knowledge-patch
Auth.js Knowledge Patch
Claude Opus 4.6 knows Auth.js (NextAuth.js) through v4 and early v5 betas. This skill covers v5 changes that postdate training.
Index
| Topic | Reference | Key features |
|---|---|---|
| v5 migration | references/v5-migration.md | Next.js 16 proxy.ts, idToken: false behavioral change |
| WebAuthn / Passkeys | references/webauthn-passkeys.md | Passkey provider, SimpleWebAuthn setup, Authenticator table, custom signin |
Quick Reference
Next.js 16: proxy.ts replaces middleware.ts
Next.js 16 renames middleware.ts to proxy.ts. Auth.js setup changes accordingly:
// Simple
export { auth as proxy } from "@/auth"
// Advanced: wrap with custom logic
import { auth } from "@/auth"
export const proxy = auth((req) => {
// req.auth contains the session
})
export const config = {
matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
}
For Next.js < 16, keep using middleware.ts with export { auth as middleware }.
idToken: false behavioral change
In v5, idToken: false on a provider no longer disables ID token processing entirely. It now signals Auth.js to also visit the userinfo_endpoint for final user data. Previously it opted out of id_token validity checking altogether.
WebAuthn / Passkeys (experimental)
Requires next-auth@5.0.0-beta.8+, @auth/prisma-adapter@1.3.0+, Node 20+.
Peer dependencies:
npm install @simplewebauthn/server@9.0.3 @simplewebauthn/browser@9.0.1
@simplewebauthn/browser is only needed for custom signin pages.
Auth config:
import Passkey from "next-auth/providers/passkey"
import { PrismaAdapter } from "@auth/prisma-adapter"
export default {
adapter: PrismaAdapter(prisma),
providers: [Passkey],
experimental: { enableWebAuthn: true },
}
Custom signin page — signIn("passkey") to login, signIn("passkey", { action: "register" }) to register:
"use client"
import { signIn } from "next-auth/webauthn"
import { useSession } from "next-auth/react"
export default function Login() {
const { status } = useSession()
return (
<div>
{status === "authenticated" ? (
<button onClick={() => signIn("passkey", { action: "register" })}>
Register new Passkey
</button>
) : status === "unauthenticated" ? (
<button onClick={() => signIn("passkey")}>Sign in with Passkey</button>
) : null}
</div>
)
}
See references/webauthn-passkeys.md for the required Authenticator table schema.
Reference Files
| File | Contents |
|---|---|
| v5-migration.md | Next.js 16 proxy.ts setup, idToken: false behavioral change |
| webauthn-passkeys.md | Passkey provider setup, SimpleWebAuthn deps, Authenticator table DDL, custom signin page |
More from nevaberry/nevaberry-plugins
dioxus-knowledge-patch
Dioxus changes since training cutoff (latest: 0.7.4) — Signals replacing use_state, RSX macro overhaul, server functions, asset!() system, dx CLI, Element-as-Result. Load before working with Dioxus.
46rust-knowledge-patch
Rust changes since training cutoff (latest: 1.94.0) \u2014 Rust 2024 Edition, async closures, trait upcasting, new std APIs, cargo resolver v3. Load before working with Rust.
20postgresql-knowledge-patch
PostgreSQL changes since training cutoff (latest: 18.1) — JSON_TABLE, SQL/JSON functions, MERGE RETURNING, virtual generated columns, UUIDv7, temporal PRIMARY KEY. Load before working with PostgreSQL.
16bun-knowledge-patch
Bun changes since training cutoff (latest: 1.3.10) \u2014 S3 client, built-in SQL/Redis, route-based HTTP server, CSS bundler, V8 compatibility. Load before working with Bun.
14nextjs-knowledge-patch
Next.js changes since training cutoff (latest: 16.1) — proxy.ts, \"use cache\", Cache Components, navigation hooks, typed routes, auto PageProps, React 19.2. Load before working with Next.js.
14postgis-knowledge-patch
PostGIS changes since training cutoff (latest: 3.6.1) — SFCGAL CG_* rename, ST_CoverageClean, ST_AsRasterAgg, topology bigint IDs, viewport simplification, 3D SFCGAL ops. Load before working with PostGIS.
13