[{"data":1,"prerenderedAt":191},["ShallowReactive",2],{"blog-blueprints/auth0-nextjs":3},{"id":4,"title":5,"body":6,"category":171,"date":172,"dateModified":172,"description":173,"draft":174,"extension":175,"faq":176,"featured":174,"headerVariant":177,"image":176,"keywords":176,"meta":178,"navigation":179,"ogDescription":180,"ogTitle":176,"path":181,"readTime":182,"schemaOrg":183,"schemaType":184,"seo":185,"sitemap":186,"stem":187,"tags":188,"twitterCard":189,"__hash__":190},"blog/blog/blueprints/auth0-nextjs.md","Auth0 + Next.js Integration Security",{"type":7,"value":8,"toc":159},"minimark",[9,20,24,30,35,50,54,63,67,76,80,89,98,102,107,110,113,116,119,122,133,147],[10,11,12],"blueprint-summary",{},[13,14,15,19],"p",{},[16,17,18],"strong",{},"To secure Auth0 + Next.js integration,"," you need to: (1) use @auth0/nextjs-auth0 SDK for secure session management, (2) protect API routes with withApiAuthRequired wrapper, (3) check getSession() in Server Components before rendering protected content, (4) configure proper audience for API access tokens, and (5) use a strong AUTH0_SECRET (32+ characters). This blueprint ensures authentication flows follow security best practices.",[21,22],"blueprint-meta",{"time":23},"1-2 hours",[25,26,27],"tldr",{},[13,28,29],{},"Use @auth0/nextjs-auth0 for secure session management. The SDK handles token refresh and storage automatically. Protect API routes with withApiAuthRequired, Server Components with getSession, and configure proper audience for API access tokens.",[31,32,34],"h2",{"id":33},"auth0-configuration-auth0","Auth0 Configuration Auth0",[36,37,39],"code-block",{"label":38},".env.local",[40,41,46],"pre",{"className":42,"code":44,"language":45},[43],"language-text","# Auth0 Configuration\nAUTH0_SECRET='long-random-string-at-least-32-chars'\nAUTH0_BASE_URL='http://localhost:3000'\nAUTH0_ISSUER_BASE_URL='https://your-tenant.auth0.com'\nAUTH0_CLIENT_ID='your-client-id'\nAUTH0_CLIENT_SECRET='your-client-secret'\n\n# For API access tokens (optional)\nAUTH0_AUDIENCE='https://your-api.example.com'\n","text",[47,48,44],"code",{"__ignoreMap":49},"",[31,51,53],{"id":52},"api-route-handler-setup","API Route Handler Setup",[36,55,57],{"label":56},"app/api/auth/[auth0]/route.ts",[40,58,61],{"className":59,"code":60,"language":45},[43],"import { handleAuth, handleLogin } from '@auth0/nextjs-auth0'\n\nexport const GET = handleAuth({\n login: handleLogin({\n authorizationParams: {\n audience: process.env.AUTH0_AUDIENCE,\n scope: 'openid profile email',\n },\n }),\n})\n",[47,62,60],{"__ignoreMap":49},[31,64,66],{"id":65},"protected-api-route-nextjs","Protected API Route Next.js",[36,68,70],{"label":69},"app/api/posts/route.ts",[40,71,74],{"className":72,"code":73,"language":45},[43],"import { withApiAuthRequired, getSession } from '@auth0/nextjs-auth0'\nimport { NextResponse } from 'next/server'\n\nexport const GET = withApiAuthRequired(async (req) => {\n const session = await getSession()\n\n if (!session?.user) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n // Use session.user.sub as the unique user ID\n const posts = await db.posts.findMany({\n where: { authorId: session.user.sub },\n })\n\n return NextResponse.json(posts)\n})\n",[47,75,73],{"__ignoreMap":49},[31,77,79],{"id":78},"protected-server-component","Protected Server Component",[36,81,83],{"label":82},"app/dashboard/page.tsx",[40,84,87],{"className":85,"code":86,"language":45},[43],"import { getSession } from '@auth0/nextjs-auth0'\nimport { redirect } from 'next/navigation'\n\nexport default async function Dashboard() {\n const session = await getSession()\n\n if (!session?.user) {\n redirect('/api/auth/login')\n }\n\n return (\n \u003Cdiv>\n \u003Ch1>Welcome, {session.user.name}\u003C/h1>\n \u003Cp>User ID: {session.user.sub}\u003C/p>\n \u003C/div>\n )\n}\n",[47,88,86],{"__ignoreMap":49},[90,91,92],"warning-box",{},[13,93,94,97],{},[16,95,96],{},"Always use getSession() server-side."," The session is stored in an encrypted cookie managed by the SDK. Never expose raw tokens to the client unless necessary for API calls.",[31,99,101],{"id":100},"security-checklist","Security Checklist",[103,104,106],"h4",{"id":105},"pre-launch-checklist","Pre-Launch Checklist",[13,108,109],{},"AUTH0_SECRET is strong (32+ chars)",[13,111,112],{},"API routes use withApiAuthRequired",[13,114,115],{},"Server Components check getSession()",[13,117,118],{},"Callback URLs configured in Auth0",[13,120,121],{},"Audience set for API access tokens",[123,124,125,130],"stack-comparison",{},[126,127,129],"h3",{"id":128},"related-integration-stacks","Related Integration Stacks",[13,131,132],{},"Clerk + Next.js Alternative\nNextAuth + Prisma Self-Hosted\nOAuth Security Patterns",[134,135,136,142],"related-articles",{},[137,138],"related-card",{"description":139,"href":140,"title":141},"Alternative auth","/blog/blueprints/clerk-nextjs","Clerk + Next.js",[137,143],{"description":144,"href":145,"title":146},"Deep dive","/blog/guides/auth0","Authentication Guide",[148,149,152,156],"cta-box",{"href":150,"label":151},"/","Start Free Scan",[31,153,155],{"id":154},"check-your-auth0-integration","Check Your Auth0 Integration",[13,157,158],{},"Scan for authentication security issues.",{"title":49,"searchDepth":160,"depth":160,"links":161},2,[162,163,164,165,166,170],{"id":33,"depth":160,"text":34},{"id":52,"depth":160,"text":53},{"id":65,"depth":160,"text":66},{"id":78,"depth":160,"text":79},{"id":100,"depth":160,"text":101,"children":167},[168],{"id":128,"depth":169,"text":129},3,{"id":154,"depth":160,"text":155},"blueprints","2026-01-26","Security guide for integrating Auth0 with Next.js. Configure @auth0/nextjs-auth0, protect API routes, handle tokens securely, and implement proper session management.",false,"md",null,"purple",{"noindex":179},true,"Secure Auth0 authentication with Next.js applications.","/blog/blueprints/auth0-nextjs","10 min read","[object Object]","Article",{"title":5,"description":173},{"loc":181},"blog/blueprints/auth0-nextjs",[],"summary_large_image","tEmYrh0jfIpVVQfwyI-G9BcdZkgNy0qhkwVmtOnXhsM",1775843932947]