[{"data":1,"prerenderedAt":177},["ShallowReactive",2],{"blog-blueprints/nextauth-prisma":3},{"id":4,"title":5,"body":6,"category":157,"date":158,"dateModified":158,"description":159,"draft":160,"extension":161,"faq":162,"featured":160,"headerVariant":163,"image":162,"keywords":162,"meta":164,"navigation":165,"ogDescription":166,"ogTitle":162,"path":167,"readTime":168,"schemaOrg":169,"schemaType":170,"seo":171,"sitemap":172,"stem":173,"tags":174,"twitterCard":175,"__hash__":176},"blog/blog/blueprints/nextauth-prisma.md","NextAuth + Prisma Integration Security",{"type":7,"value":8,"toc":146},"minimark",[9,20,24,30,35,50,54,63,67,76,85,89,94,97,100,103,106,109,120,134],[10,11,12],"blueprint-summary",{},[13,14,15,19],"p",{},[16,17,18],"strong",{},"To secure NextAuth + Prisma integration,"," you need to: (1) use the PrismaAdapter for database session storage, (2) include user.id in the session callback for database queries, (3) check auth() in all API routes and Server Components, (4) set a strong NEXTAUTH_SECRET (32+ characters), and (5) properly configure OAuth callback URLs. This blueprint ensures sessions are securely stored and user identity is verified server-side.",[21,22],"blueprint-meta",{"time":23},"2-3 hours",[25,26,27],"tldr",{},[13,28,29],{},"NextAuth with Prisma adapter stores sessions in your database. Use the session callback to include user ID in the session, protect API routes with getServerSession, and configure NEXTAUTH_SECRET properly. Database sessions are more secure than JWTs for sensitive apps.",[31,32,34],"h2",{"id":33},"auth-configuration-nextauth-prisma","Auth Configuration NextAuth Prisma",[36,37,39],"code-block",{"label":38},"lib/auth.ts",[40,41,46],"pre",{"className":42,"code":44,"language":45},[43],"language-text","import NextAuth from 'next-auth'\nimport { PrismaAdapter } from '@auth/prisma-adapter'\nimport { prisma } from '@/lib/prisma'\nimport GitHub from 'next-auth/providers/github'\n\nexport const { handlers, auth, signIn, signOut } = NextAuth({\n  adapter: PrismaAdapter(prisma),\n  providers: [\n    GitHub({\n      clientId: process.env.GITHUB_ID!,\n      clientSecret: process.env.GITHUB_SECRET!,\n    }),\n  ],\n  callbacks: {\n    session: ({ session, user }) => ({\n      ...session,\n      user: {\n        ...session.user,\n        id: user.id,  // Include user ID in session\n      },\n    }),\n  },\n})\n","text",[47,48,44],"code",{"__ignoreMap":49},"",[31,51,53],{"id":52},"protected-api-route","Protected API Route",[36,55,57],{"label":56},"app/api/posts/route.ts",[40,58,61],{"className":59,"code":60,"language":45},[43],"import { auth } from '@/lib/auth'\nimport { NextResponse } from 'next/server'\nimport { prisma } from '@/lib/prisma'\n\nexport async function POST(req: Request) {\n  const session = await auth()\n\n  if (!session?.user?.id) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const body = await req.json()\n\n  const post = await prisma.post.create({\n    data: {\n      title: body.title,\n      authorId: session.user.id,  // Verified user ID from session\n    },\n  })\n\n  return NextResponse.json(post)\n}\n\nexport async function GET() {\n  const session = await auth()\n\n  if (!session?.user?.id) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const posts = await prisma.post.findMany({\n    where: { authorId: session.user.id },\n  })\n\n  return NextResponse.json(posts)\n}\n",[47,62,60],{"__ignoreMap":49},[31,64,66],{"id":65},"protected-server-component","Protected Server Component",[36,68,70],{"label":69},"app/dashboard/page.tsx",[40,71,74],{"className":72,"code":73,"language":45},[43],"import { auth } from '@/lib/auth'\nimport { redirect } from 'next/navigation'\nimport { prisma } from '@/lib/prisma'\n\nexport default async function Dashboard() {\n  const session = await auth()\n\n  if (!session?.user?.id) {\n    redirect('/api/auth/signin')\n  }\n\n  const posts = await prisma.post.findMany({\n    where: { authorId: session.user.id },\n  })\n\n  return (\n    \u003Cdiv>\n      \u003Ch1>Welcome, {session.user.name}\u003C/h1>\n      {posts.map(post => \u003Cdiv key={post.id}>{post.title}\u003C/div>)}\n    \u003C/div>\n  )\n}\n",[47,75,73],{"__ignoreMap":49},[77,78,79],"warning-box",{},[13,80,81,84],{},[16,82,83],{},"Always include user ID in session callback."," By default, NextAuth sessions don't include the database user ID. Add it in the callback to use for database queries.",[31,86,88],{"id":87},"security-checklist","Security Checklist",[90,91,93],"h4",{"id":92},"pre-launch-checklist","Pre-Launch Checklist",[13,95,96],{},"NEXTAUTH_SECRET set (32+ chars)",[13,98,99],{},"Session callback includes user ID",[13,101,102],{},"API routes check auth()",[13,104,105],{},"OAuth callback URLs configured",[13,107,108],{},"Database connection secured",[110,111,112,117],"stack-comparison",{},[113,114,116],"h3",{"id":115},"related-integration-stacks","Related Integration Stacks",[13,118,119],{},"Clerk + Next.js Managed Auth\nAuth0 + Next.js Alternative\nRedis Session Management",[121,122,123,129],"related-articles",{},[124,125],"related-card",{"description":126,"href":127,"title":128},"Full stack with tRPC","/blog/blueprints/t3-stack","T3 Stack",[124,130],{"description":131,"href":132,"title":133},"Managed auth alternative","/blog/blueprints/clerk-nextjs","Clerk + Next.js",[135,136,139,143],"cta-box",{"href":137,"label":138},"/","Start Free Scan",[31,140,142],{"id":141},"check-your-nextauth-integration","Check Your NextAuth Integration",[13,144,145],{},"Scan for authentication security issues.",{"title":49,"searchDepth":147,"depth":147,"links":148},2,[149,150,151,152,156],{"id":33,"depth":147,"text":34},{"id":52,"depth":147,"text":53},{"id":65,"depth":147,"text":66},{"id":87,"depth":147,"text":88,"children":153},[154],{"id":115,"depth":155,"text":116},3,{"id":141,"depth":147,"text":142},"blueprints","2026-02-06","Security guide for integrating NextAuth.js with Prisma. Configure database sessions, protect API routes, implement callbacks securely, and manage user data safely.",false,"md",null,"purple",{},true,"Secure NextAuth.js authentication with Prisma database.","/blog/blueprints/nextauth-prisma","11 min read","[object Object]","Article",{"title":5,"description":159},{"loc":167},"blog/blueprints/nextauth-prisma",[],"summary_large_image","CQFcH3a_b4QDZXstbsRWFPPm28sEo2yjp1A-cd1nnBI",1775843932220]