⚡ You're viewing a live demo of ChimerAI. Data resets daily at midnight UTC.Get the CLI →
← Back to Demo

Authentication

ChimerAI ships with a production-ready authentication system built on NextAuth.js v4 with support for OAuth providers, email/password, and magic links — all pre-wired to your Prisma database.

What you get

  • OAuth 2.0 — Google, GitHub (and more via NextAuth providers)
  • Email + password with bcrypt hashing
  • Magic link / passwordless email sign-in
  • Session management — JWT + database sessions
  • Protected routes via middleware
  • Auth API routes/api/auth/[...nextauth]

Quick setup

npx chimerai add auth

This scaffolds:

app/api/auth/[...nextauth]/route.ts   ← NextAuth handler
lib/auth.ts                           ← authOptions config
lib/session.ts                        ← getServerSession helper
middleware.ts                         ← route protection

Configuration

Edit lib/auth.ts to add or remove providers:

import NextAuth from 'next-auth';
import GoogleProvider from 'next-auth/providers/google';
import GitHubProvider from 'next-auth/providers/github';
import CredentialsProvider from 'next-auth/providers/credentials';
import { PrismaAdapter } from '@auth/prisma-adapter';
import { db } from '@/lib/db';

export const authOptions = {
  adapter: PrismaAdapter(db),
  providers: [
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID!,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
    }),
    GitHubProvider({
      clientId: process.env.GITHUB_ID!,
      clientSecret: process.env.GITHUB_SECRET!,
    }),
  ],
  pages: { signIn: '/login' },
  session: { strategy: 'jwt' },
};

Environment variables

NEXTAUTH_URL=https://yourapp.com
NEXTAUTH_SECRET=your-secret-here
GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...
GITHUB_ID=...
GITHUB_SECRET=...

Protecting pages

// app/dashboard/page.tsx (Server Component)
import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth';
import { redirect } from 'next/navigation';

export default async function DashboardPage() {
  const session = await getServerSession(authOptions);
  if (!session) redirect('/login');
  return <div>Hello {session.user?.name}</div>;
}

Protecting API routes

// app/api/data/route.ts
import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth';

export async function GET() {
  const session = await getServerSession(authOptions);
  if (!session) return new Response('Unauthorized', { status: 401 });
  // ...
}

Further reading

ChimerAI Docs · Back to Demo