My Recent Experience with NextJS/NextAuth on a New Project
I recently ran into an issue with one of my projects that I had previously fixed so I wanted to look for certain keywords I would have likely put into my commit message within GitHub.
To my surprise though, I found you can’t search GitHub commit messages so this gave me a project idea.
Usually my stack for new projects in ReactJS for the frontend and Laravel for the backend API and MySQL for the database.
For this project, I wanted to try something different, so decided to use NextJS with PrismaJS for the DB management and NextAuth to handle the authentication. I’d dabbled previously as a test project using my own credentials provider for NextAuth (I did a blog tutorial on implementing this as guides weren’t overly clear – this can be found at https://blog.devso.io/implementing-credentials-provider-on-nextjs-and-nextauth/ if you’re interested).
As this project is related to GitHub functionality, I wanted to use GitHub sign-in and thought this would be easier in NextJS/NextAuth than trying to implement GitHub sign-in manually between ReactJS and Laravel.
For those that aren’t aware NextJS is a React framework that allows frontend and backend functionality within the same project using file system based routing, for example, a file in a “pages” directory becomes the URL path for the page, instead of creating a route within a BrowserRouter in app.js that you might do in a standard ReactJS project to link to a component.
Initially, it started well, getting GitHub authentication to work was pretty quick and I thought I was well on my way to making progress. Except I hit an issue around the handling of new users compared to existing users.
When the user signed in via GitHub I wanted to go to one page for a new user to help them set up their account, or go to the dashboard page if it was an existing user, this is unfortunately where the problems started.
No matter what I tried the user would either always be directed to the page as a new user or directed to a page as an existing user. I tried putting keys within the session to flag whether it was a new user or not, and then look at the session from the page, but there seemed to be a timing issue where the frontend didn’t have the key in the session so redirected to the wrong page but by the time that happened the session then created the new key but it was then too late.
Instead of session variables, I tried to use a cookie instead which almost worked but then had another issue. Because I couldn’t redirect to the correct page from the API side, the API would also redirect the user to the dashboard and the dashboard would check the cookie and if was a newly registered user, then the dashboard itself would redirect the user back to the welcome page. This worked, except when the account was set up, I’d end up in a loop where I try and go back to the dashboard but the cookie triggered it to revert back to the welcome again, and changing or clearing the cookie never seemed to work.
I spent a couple of days trying to get this to work but had no luck. Instead, I reverted back to my usual stack of standard ReactJS and Laravel API and implemented the GitHub OAuth between the frontend and Laravel API within a couple of hours – including correctly handling the user going to the correct page based on being a new user or existing user.
Although my main issue was around NextAuth, I also found I wasn’t a huge fan of NextJS — I think I may be the only way as I only ever see people say how good it is, maybe it's just a case of not understanding it properly, or just not used to it enough.
I find the NextJS directory structure to easily get into a mess and hard to find things. Each page is in the directory /pages and API endpoints are in /pages/api.
Dynamic routes I find a little confusing as well, especially for multiple parameters. If you have a single parameter then the file is named [my_parameter].js where my_parameter is the key in the object to access the parameter. If it's dynamic, then the file is stored as […].js, which then gives you an array of parameters, but you have to remember the order that which the parameters can arrive. I found this really confusing – maybe just not used to it but find the route and parameters in Laravel so much easier to follow and debug any issues.
I think NextJS is useful for simple projects, maybe for a quick landing page where you want to get an email list of users to notify for example, but for anything slightly complex I’m going to be sticking with ReactJS and Laravel API for the foreseeable future.
After scrapping my initial weekend project work with NextJS and NextAuth I rewrote it using my usual stack of ReactJS and Laravel a couple of hours each evening after work and released it by the end of the weekend. If you are interested, you can find more info and can sign up for free while it's an early preview at https://gitlog.devso.io.
What's your experience with NextJS and/or if you have any questions about GitLog let me know in the comments
Nice writeup. I use NextJS and also did not have a good experience with NextAuth, and found it very heavy for my needs. I wound up rolling my own cookie and session based auth.
Thought I would throw in a counter opinion here on NextJS. I use NextJS extensively for BudgetSheet, and it has been fantastic. High Lighthouse scores out of the box, edge deployments with Vercel, quick server rendering, fast page transitions with the <Link> component, fully interactive React when I need it, etc.
The whole website plus backend web service is all NextJS - so it can definitely be used for far more than just simple brochure websites! If I were building it all over again today I might also look at Remix, but I have no regrets building it with NextJS and am very happy with the end result and the maintainability of it so far.
What about Auth-as-a-service plugins?
I've not got any experience with them, I'm not sure I'd want to trust authentication for my project to a cloud service completely outside of my control. Especially as I saw something in some tech article about one (can't remember the name) but they got hacked but didn't report anything for months
Thanks Vance. This is the kind of response I've seen for NextJS most of the time before I did this post, I'm kind of surprised how many people here had a similar experience to me as I'd never really seen anyone complain about NextJS elsewhere.
I've not had any experience with Vercel as alway self hosted, I've heard some horror stories about sudden unexpected bills in the thousands if not tens of thousands. I think if I remember correctly was example was something to do with their image component and they charge something for each time an image is served, so if its a very image heavy site you can end up with a very large bill without realising.
Hello, are you able to share how you authenticate with Laravel and Nextjs?
Just to clarify, they are two very separate things, you can't (well probably can but defeats the purpose) use Laravel as an API and do authentication with NextJS, they are two different frameworks.
For NextJS I used NextAuth as the authentication library. I did a blog post tutorial at https://blog.devso.io/implementing-credentials-provider-on-nextjs-and-nextauth.
NextJS just launched NextJS 13 so not sure how much of this might have changed though - don't use NextJS that often.
For Laravel doing the authentication I used Sanctum and they have a pretty good tutorial at https://laravel.com/docs/9.x/sanctum
Thats sad you didn't enjoy Next.js, its been such a wonderful framework for our company. But no tech stack is one size fits all, use what is easiest for you!
It is a shame, it looks like it had good potential for me, but didn't go smoothly enough to want to use it for a project.
Damn, I thought NextAuth was supposed to be super easy. Was actually about to learn it....
I'd still give it a go if you are comfortable with NextJS, your experience may diff a lot to me.
Using your own backend is a bit of a nightmare as they don't really explain it, that's why I put the blog post detailing how to do that.
Using one of the built in providers is probably much quicker as I got the inital GitHub sign in working pretty quickly, much quicker than implementing myself wih Laravel. The problem began when I wanted to do something different based on new user vs existing user, that was where I wasted alot of time and that was easier to manage in Laravel once I got the initial signin in working.
Don't let this stop you from trying it. If you're not trying to do anything specific or custom, it will probably work just fine. Worst case you waste 2 hours. Best case you save hundreds of hours.
I've used Next, but for smaller projects recently I've been using Remix. It's 99% of what I care about from NextJS with some conventional patterns for loading data etc. Auth was pretty easy to implement. Went from zero to published site in about a month.
Does auth come pre-packaged?
The starter project I linked above comes with basic session auth. For more methods, theres: https://github.com/sergiodxa/remix-auth
That's pretty good, heard of Remix but not used it. I think its fairly new still and saw something about it not being quite production ready - although could be wrong that was a few months ago.
I would say it's production ready, but the community is definitely smaller than Next since it's so new. There are guides for most common issues I ran into. Starting here helped me get up to speed quickly: https://github.com/remix-run/blues-stack
Cheers, I'll have to check it out at some point, I have heard good things about it. If it based on Next though do you get the same issues with certain ReactJS packages not working as they get confused by the server side rendering and don't have to the DOM or does Remix get round that somehow?
That is something that is a challenge in SSR frameworks in Node in general. Their docs go into a bit of depth here: https://remix.run/docs/en/v1/pages/gotchas#server-code-in-client-bundles
It doesn't solve the problem you're having, but splitting things into separate
*.server.tsfiles becomes secondhand nature for me. Also using React.useEffect calls to make sure that code is being executed on the client. I haven't had many issues with Remix specifically, but I have a lot of experience avoiding the foot-guns of NodeJS, so YMMVAh yea that makes sense. Thanks I'll check it out at some point hopefully in the not too distant future
I've had similar headaches with NextJS when trying to build apps i'd normally build with Laravel. Everything seems extra complex and needs to much setup. I finally came to the conclusion I should just double down on Laravel.
I have found NextJS and NuxtJS shine when building marketing pages. I can quickly build a statically generated site that is between a 98 and 100 on Google speed scores.
Yea exactly my thoughts. I think NextJS is great for a quick landing page for user sign ups but anything else I'll still with what I know for the time being.
Thanks for sharing Chris!
I'm not a fan of NextJS either. It has a pretty meh plug-in ecosystem, is a bit more confusing, and can be pretty expensive.
Although, I might be in the same situation as you. I'm not terribly familiar with it and perhaps I'm missing something. Sometimes I lack patience when I know of other solutions :)
Thanks Paul, I was thinking I was the only one :).
I've never used their own hosting, I've heard some horrendous stories about receiving huge bills unexpectedly (in the thousands potentially) so I've always self hosted - which adds extra complication as you have to set up a systemd script on Linux to auto boot the service. I definitely find it confusing and some packages don't work either which complicates things as they can get confused by NextJS being server rendered, so you can get weird things like undefined window although there are workarounds but they seem messy to me.
I usually find that if I find a framework slow to understand or get a grasp of how it works its not usually the right one for me. Laravel for example I started using fairly recently (around 6 months or so) but found it pretty quick to understand and see the benefits of it - although that was coming from vanilla PHP so anything is probably better than vanilla PHP :)