# authjs

Auth.js / NextAuth v5 conventions: central `auth.ts`, universal `auth()`, App Router handlers, adapters, edge-safe middleware.

```bash
npx rulepack add authjs
```

## What it covers

- v5 central config: `auth.ts` at the root exporting `{ handlers, auth, signIn, signOut }` from `NextAuth(...)`
- App Router route handler `app/api/auth/[...nextauth]/route.ts` → `export const { GET, POST } = handlers`
- The universal `auth()` for all server-side session reads (replacing `getServerSession` / `getToken` / `withAuth`); `useSession()` client-only
- Secrets from env (`AUTH_SECRET`, auto-inferred provider creds) — never hardcoded
- Database sessions via `@auth/*-adapter`, or JWT strategy; minimal `jwt` / `session` callbacks
- Route protection by wrapping `middleware.ts` with `auth`, with `auth.config.ts` split for edge-safety

## Source

Rules align with the official Auth.js documentation: https://authjs.dev

## License

MIT