Getting started in Next.js Pages router
Installation
Install Lucia using your package manager of your choice.
npm install lucia
Initialize Lucia
Import Lucia
and initialize it with your adapter. Refer to the Database page to learn how to set up your database and initialize the adapter. Make sure you configure the sessionCookie
option and register your Lucia
instance type.
// src/auth.ts
import { Lucia } from "lucia";
const adapter = new BetterSQLite3Adapter(db); // your adapter
export const lucia = new Lucia(adapter, {
sessionCookie: {
attributes: {
// set to `true` when using HTTPS
secure: process.env.NODE_ENV === "production"
}
}
});
// IMPORTANT!
declare module "lucia" {
interface Register {
Lucia: typeof lucia;
}
}
Polyfill
If you're using Node.js 18 or below, you'll need to polyfill the Web Crypto API. This is not required in Node.js 20, CloudFlare Workers, Deno, Bun, and Vercel Edge Functions. This can be done either by importing webcrypto
, or by enabling an experimental flag.
import { webcrypto } from "node:crypto";
globalThis.crypto = webcrypto as Crypto;
node --experimental-web-crypto index.js
Set up middleware
If you're planning to use cookies, you must implement CSRF protection.
// middleware.ts
import { verifyRequestOrigin } from "lucia";
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
export async function middleware(request: NextRequest): Promise<NextResponse> {
if (request.method === "GET") {
return NextResponse.next();
}
const originHeader = request.headers.get("Origin");
const hostHeader = request.headers.get("Host");
if (!originHeader || !hostHeader || !verifyRequestOrigin(originHeader, [hostHeader])) {
return new NextResponse(null, {
status: 403
});
}
return NextResponse.next();
}
Next steps
You can learn all the concepts and APIs by reading the Basics section in the docs. If you prefer writing code immediately, check out the Tutorials page or the examples repository.
This documentation often references the Copenhagen Book. This is an open-source guide on implementing auth and should come in handy when implementing anything auth, including passkeys, multi-factor authentication, and a bit of cryptography. We recommend reading it to learn more about auth in web applications.
If you have any questions, join our Discord server!