[GH-ISSUE #727] Authentication on Vinext: pain points and a community solution (VinextAuth) #157

New issue

Closed

opened 2026-05-06 12:37:44 +02:00 by BreizhHardware · 1 comment

BreizhHardware commented

2026-05-06 12:37:44 +02:00

Owner

Originally created by @diogopaesdev on GitHub (Mar 31, 2026).
Original GitHub issue: https://github.com/cloudflare/vinext/issues/727

The problem

One of the first questions developers hit when adopting Vinext is:
how do I add authentication?

The natural answer — NextAuth v4 — doesn't work. NextAuth depends
on
Node.js APIs (crypto, fs, cookies via next/headers) that
aren't
available in the Cloudflare Workers runtime. The result is a
runtime
crash the moment you try to use it.

There's currently no documentation, guide, or example in this repo
addressing auth.

What we built

We built VinextAuth — a drop-in replacement for NextAuth v4
designed
specifically for Vinext + Cloudflare Workers.

Key design decisions:

Zero Node.js dependencies — uses the Web Crypto API
exclusively
NextAuth v4 API-compatible — same config shape, same provider
interface, same useSession / signIn / signOut hooks
JWT-first — HMAC-SHA256 sessions via cookie, with optional
Cloudflare KV adapter for server-side sessions
Built-in providers: Google, GitHub, Discord, Microsoft,
Apple,
Twitter/X, Facebook, LinkedIn, Spotify, Twitch, Email (magic
link),
Credentials
CSRF protection and rate limiting on the credentials
provider
out of the box

```ts
import VinextAuth from 'vinextauth';
import { Google } from 'vinextauth/providers/google';

export const { handlers, auth, signIn, signOut } = VinextAuth({
providers: [
Google({
clientId: env.GOOGLE_CLIENT_ID,
clientSecret: env.GOOGLE_CLIENT_SECRET,
}),
],
});
```

npm: vinextauth
Docs: https://vinextauth.com/docs
Source: https://github.com/rocketapps-tech/vinextauth

Why this matters for Vinext

Auth is a prerequisite for almost every real-world app. Without a
working solution, the "try Vinext on your Next.js app" pitch breaks
at the first protected route.

Open questions / possible next steps

Would the Vinext team be open to linking to community auth
solutions
in the README or docs?
Is there interest in an official auth story for Vinext
(first-party
or recommended third-party)?
Are there Vinext internals (e.g. cookies(), headers()) that
could
be improved to make auth adapters easier to build?

Happy to answer questions or contribute further.

Originally created by @diogopaesdev on GitHub (Mar 31, 2026). Original GitHub issue: https://github.com/cloudflare/vinext/issues/727 ## The problem One of the first questions developers hit when adopting Vinext is: **how do I add authentication?** The natural answer — NextAuth v4 — doesn't work. NextAuth depends on Node.js APIs (`crypto`, `fs`, cookies via `next/headers`) that aren't available in the Cloudflare Workers runtime. The result is a runtime crash the moment you try to use it. There's currently no documentation, guide, or example in this repo addressing auth. ## What we built We built **VinextAuth** — a drop-in replacement for NextAuth v4 designed specifically for Vinext + Cloudflare Workers. Key design decisions: - **Zero Node.js dependencies** — uses the Web Crypto API exclusively - **NextAuth v4 API-compatible** — same config shape, same provider interface, same `useSession` / `signIn` / `signOut` hooks - **JWT-first** — HMAC-SHA256 sessions via cookie, with optional Cloudflare KV adapter for server-side sessions - **Built-in providers**: Google, GitHub, Discord, Microsoft, Apple, Twitter/X, Facebook, LinkedIn, Spotify, Twitch, Email (magic link), Credentials - **CSRF protection** and **rate limiting** on the credentials provider out of the box \`\`\`ts import VinextAuth from 'vinextauth'; import { Google } from 'vinextauth/providers/google'; export const { handlers, auth, signIn, signOut } = VinextAuth({ providers: [ Google({ clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET, }), ], }); \`\`\` - npm: [`vinextauth`](https://www.npmjs.com/package/vinextauth) - Docs: https://vinextauth.com/docs - Source: https://github.com/rocketapps-tech/vinextauth ## Why this matters for Vinext Auth is a prerequisite for almost every real-world app. Without a working solution, the "try Vinext on your Next.js app" pitch breaks at the first protected route. ## Open questions / possible next steps - Would the Vinext team be open to linking to community auth solutions in the README or docs? - Is there interest in an official auth story for Vinext (first-party or recommended third-party)? - Are there Vinext internals (e.g. `cookies()`, `headers()`) that could be improved to make auth adapters easier to build? Happy to answer questions or contribute further.

BreizhHardware closed this issue

2026-05-06 12:37:44 +02:00

BreizhHardware commented

2026-05-06 12:37:45 +02:00

Author

Owner

@james-elicx commented on GitHub (Mar 31, 2026):

I would recommend using Better Auth - it generally works across every framework and runtime, and we run tests with their library.

Next Auth / Auth.js joined Better Auth last year and recommend using Better Auth for projects instead of Next Auth.

@james-elicx commented on GitHub (Mar 31, 2026): I would recommend using Better Auth - it generally works across every framework and runtime, and we run tests with their library. Next Auth / Auth.js joined Better Auth last year and recommend using Better Auth for projects instead of Next Auth.

BreizhHardware referenced this issue

2026-05-06 12:39:24 +02:00

[PR #157] fix: resolve directory imports for next/font shims #358