Auth.js v5 (the evolution of NextAuth.js) went stable in early 2025 after a long beta. For NextAuth v4 projects, migration is the moment to align with the App Router.
Three most relevant changes
1. Unified API
No more split between NextAuth() and scattered auth(). Auth.js v5 exposes a single config that generates all helpers:
// auth.ts
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [...],
callbacks: {...},
});2. Native edge runtime
Auth.js v5 finally runs on edge runtime. For Vercel Edge and Cloudflare Workers, big shift: no more "node only".
3. App Router first-class
Next.js middleware, Server Actions, Route Handlers: all natively supported without workarounds.
Migration in 5 steps
- Update package:
npm i next-auth@beta(still "next-auth" on npm). - Move config to a root
auth.ts. - Update
getServerSession(authOptions)→auth(). - Update middleware:
// middleware.ts
export { auth as middleware } from "@/auth";- Check OAuth providers: some endpoints changed (e.g. Google has different scopes in places).
What to check
- Custom adapter: API changed. Custom Prisma adapter? Refactor needed.
sessionandjwtcallbacks: tighter types.- OAuth providers with custom flows (Apple Sign In): check updated docs.
Is it worth it?
For NextAuth v4 in production: yes, but planned. For new projects: Auth.js v5 by default. Consider alternatives that emerged (Lucia, Better Auth, Clerk) — not bad, but for projects staying in Next.js land, Auth.js remains the standard pick.