Skip to content

feat: migrate from NextAuth.js v4 to Auth.js v5 #988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
iammarkps wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: migrate from NextAuth.js v4 to Auth.js v5 #988

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
70ea752
feat: migrate from NextAuth.js v4 to Auth.js v5
claude Jan 6, 2026
3332b35
Write skills and agents with quality focus (#989)
iammarkps Jan 9, 2026
6541948
Merge branch 'pr-988-review' into claude/review-pr-988-sDhky
claude Jan 9, 2026
aae5ad1
fix: Address Auth.js v5 migration critical issues
claude Jan 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
"test:e2e": "playwright test"
},
"dependencies": {
"@auth/prisma-adapter": "^2.11.1",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

@auth/prisma-adapter 2.11.1 compatibility next-auth 5.0.0-beta.30

💡 Result:

Short answer: Yes — @auth/prisma-adapter@2.11.1 is the Auth.js/NextAuth v5 adapter package and is intended to be used with NextAuth/Auth.js v5 (including 5.0.0-beta.*). [1][2]

Notes:

  • The v5 migration docs explicitly instruct moving to the @auth/* adapter scope (e.g. @auth/prisma-adapter) for v5. [1]
  • Make sure your Prisma client version is compatible with the adapter — there have been reported issues when adapter and Prisma client versions mismatch (example: older adapter vs Prisma 6.x). If you see runtime/type errors, check the adapter GitHub/npm docs and any open issues for your exact Prisma + adapter versions. [2][3]

Sources:
[1] Auth.js / NextAuth v5 migration docs (adapters → use @auth/prisma-adapter). (authjs.cn)
[2] @auth/prisma-adapter package / registry (v2.11.1 listed). (classic.yarnpkg.com)
[3] Example issue showing adapter/Prisma client incompatibility reports. (github.com)

Citations:

Verify Prisma client version compatibility with the adapter.

@auth/prisma-adapter@^2.11.1 is confirmed compatible with next-auth@5.0.0-beta.30 for Auth.js v5. However, ensure your Prisma client version is compatible with this adapter version—mismatches between adapter and Prisma client versions (e.g., older adapter with Prisma 6.x) can cause runtime or type errors. Check the adapter's GitHub/npm documentation and any reported issues for your specific Prisma + adapter version combination.

🤖 Prompt for AI Agents 
In @package.json at line 35, The package entry "@auth/prisma-adapter": "^2.11.1"
may be incompatible with your installed Prisma client version; verify the Prisma
client package (prisma and @prisma/client) versions against the adapter's
supported versions in the adapter's README/issues and pin or bump the adapter or
Prisma packages to matching compatible versions (or use a specific resolved
range instead of a caret) in package.json, then reinstall and run type/runtime
tests to confirm the mismatch is resolved.

"@aws-sdk/client-s3": "3.896.0",
"@aws-sdk/s3-request-presigner": "3.896.0",
"@codemirror/lang-cpp": "6.0.3",
Expand All @@ -47,7 +48,6 @@
"@dnd-kit/utilities": "3.2.2",
"@headlessui/react": "2.2.9",
"@heroicons/react": "2.2.0",
"@next-auth/prisma-adapter": "1.0.7",
"@next/bundle-analyzer": "15.5.5",
"@prisma/client": "6.17.1",
"@smithy/node-http-handler": "^4.4.5",
Expand All @@ -66,7 +66,7 @@
"katex": "0.16.25",
"motion": "12.23.24",
"next": "15.5.9",
"next-auth": "4.24.11",
"next-auth": "5.0.0-beta.30",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

next-auth 5.0 current stable release status npm

💡 Result:

As of Jan 6, 2026: next-auth v5 is still published as beta on npm (5.0.0‑beta.x); the latest stable release series on npm remains the 4.24.x line. [1][2][3]

Sources:

  • npm package page for next-auth v5.0.0‑beta.27. [1]
  • Release tracking showing 5.0.0‑beta.* releases and 4.24.x as the stable line. [2]
  • Snyk/npm package summary (shows latest stable as 4.24.x). [3]

🌐 Web query:

next-auth 5.0.0-beta.30 known issues production

💡 Result:

Known/observed production issues for next-auth 5.0.0-beta.30 (summary):

  • "MissingSecret" build error reported when using v5 betas (affects builds since beta.16). [1]
  • Session data inconsistencies on initial login reported in v5 beta. [2]
  • Compatibility problems with Next.js 15’s new async-only APIs (synchronous use of headers()) causing runtime errors/warnings. [3]
  • Problems when running behind a basePath / reverse proxy (redirects, unknown action / callbacks failing) reported for v5 in production setups. [4]
  • Snyk notes v5.0.0-beta.30 as the first non-vulnerable release for a specific email-parsing vulnerability present in earlier betas; still treat betas as unstable for production. [5]

Sources:
[1] GitHub issue "MissingSecret error during Next build" (nextauthjs/next-auth).
[2] GitHub issue "Session Data Inconsistency on Initial Login in NextAuth v5 Beta" (nextauthjs/next-auth).
[3] GitHub issue "Error on Next.js 15 about synchronous usage of headers()" (nextauthjs/next-auth).
[4] Reddit / community threads discussing basePath / proxy production issues with Auth.js (v5).
[5] Snyk package page for next-auth 5.0.0-beta.30.

If you want, I can open those issues and extract exact reports / timestamps or help you troubleshoot a specific production error you’re seeing.

🌐 Web query:

Auth.js next-auth version 5 released stable 2025 2026

💡 Result:

No — Auth.js / NextAuth v5 was still beta as of January 6, 2026 (no stable v5 release). Official docs and repo still reference v5 as a beta/“next-auth@beta” release and migration guidance, and there are open issues asking for clarity on v5’s beta status. [1][2][3]

Sources:

  • Auth.js v5 migration docs (shows install via next-auth@beta). [1]
  • Auth.js / Next.js reference page noting deprecations and v5 replacement. [2]
  • next-auth GitHub issues/discussions about v5/beta status and migration. [3]

Remove next-auth beta version; use stable v4.24.x for production.

Next-auth v5 (5.0.0-beta.30) remains in beta as of January 2026, with the stable release series still being 4.24.x. Production deployments with v5 beta risk multiple documented issues:

  • MissingSecret build errors
  • Session data inconsistencies on initial login
  • Incompatibility with Next.js 15's async-only APIs (e.g., synchronous headers() calls)
  • basePath and reverse proxy failures (redirects, callback handling)

Use the stable 4.24.x line unless explicitly evaluating v5 as a pre-release.

🤖 Prompt for AI Agents 
In @package.json at line 69, Replace the beta v5 dependency entry "next-auth":
"5.0.0-beta.30" in package.json with the stable v4 line (e.g., "next-auth":
"4.24.x" or a specific 4.24.y like "4.24.2"), then update your lockfile and
reinstall (npm/yarn/pnpm) to ensure the stable package is used; also scan for
and revert any v5-specific API usage introduced in the codebase
(handlers/middleware that rely on v5 async-only behavior) so the app remains
compatible with Next-Auth v4.

"next-mdx-remote": "5.0.0",
"next-themes": "0.4.6",
"prism-react-renderer": "1.3.5",
Expand Down
Loading