Documentation guide for login systems, session handling, protected routes, and team-ready SaaS accounts.
Authentication setup for Nexora.
Use this guide to configure the login system, understand JWT session handling, protect app routes, manage user roles, and extend Nexora toward team-based SaaS workspaces.
Login setup
Configure authentication before protecting product data.
Work through secrets, signup, credentials login, JWT sessions, route protection, and team modeling in that order.
Step 1
Configure auth secrets
Set the app URL and NextAuth secret before testing login, callbacks, protected pages, and session handling.
Configuration example
NEXTAUTH_SECRET=your-secure-secret
NEXTAUTH_URL=http://localhost:3000
NEXT_PUBLIC_APP_URL=http://localhost:3000Step 2
Test signup
Create a user through the signup flow and confirm the user record stores email, name, role, verification, and billing-ready fields.
Configuration example
name
email
password
role: userStep 3
Test login system
Use credentials auth to sign in, validate password comparison, and confirm invalid credentials fail without creating a session.
Configuration example
CredentialsProvider
bcrypt.compare(password, user.password)
session.strategy = "jwt"Step 4
Verify session handling
Confirm the JWT callback stores user ID and role, then verify the session callback exposes those fields to the client.
Configuration example
session.user.id = token.id
session.user.role = token.roleStep 5
Protect app routes
Use server session helpers and session-aware UI to keep dashboards, profiles, billing, and admin workflows behind auth.
Configuration example
const session = await getSession(req, res)
if (!session) return res.status(401).json({ error: "Unauthorized" })Step 6
Plan team membership
Extend the user model with teams or organizations when your SaaS needs shared workspaces, seats, invites, or role-based access.
Configuration example
Team: name, ownerId
Membership: teamId, userId, role
Roles: owner, admin, memberSession handling
Keep sessions small, stable, and server-verified.
Session handling is where auth becomes product access. Store stable identity fields and verify access server-side before returning sensitive data.
Set NEXTAUTH_SECRET in every environment.
Use production NEXTAUTH_URL on the live domain.
Store user ID and role in the JWT callback.
Expose only necessary user fields in the session callback.
Protect API routes with a server-side session check.
Render dashboard, profile, and billing navigation based on session state.
Teams
Extend users into team workspaces when the product needs it.
Start with user roles for simple products. Add teams when users need shared projects, seats, invites, or organization-level billing.
Start with user roles
Nexora already includes a user/admin role field. Use that for basic access control before introducing team complexity.
Add a Team collection
Create a team or organization record with a name, owner ID, billing owner, and timestamps when accounts need shared workspaces.
Add memberships
Use a membership record to connect users to teams with roles such as owner, admin, and member.
Scope product data by team
Attach customer records, projects, dashboards, and billing seats to a team ID instead of only a user ID.
Account flows
Add the trust flows around login.
Verification
Use verification tokens to confirm account ownership before granting full account trust or sensitive access.
Profile management
Let users update account details from the profile screen and keep session fields aligned with the stored user record.
Admin access
Use the role field and admin email checks for admin-only workflows, internal screens, or support tools.
Troubleshooting
Common authentication setup issues.
Login succeeds but session data is missing
Check the JWT and session callbacks. Make sure token.id and token.role are assigned and copied into session.user.
Protected routes allow anonymous access
Add a server-side session check before returning API data or rendering sensitive dashboard content.
Auth redirects to the wrong page
Verify NEXTAUTH_URL, NEXT_PUBLIC_APP_URL, and custom auth pages in the NextAuth configuration.
Team roles become hard to manage
Move from a single user role field to explicit team memberships with team-scoped roles and permissions.
Auth questions
Answers before users sign in.
How does the Nexora login system work?
Nexora uses NextAuth credentials auth with MongoDB user records, bcrypt password comparison, JWT sessions, and custom signin pages.
How should I handle sessions in a Next.js SaaS app?
Store stable user fields such as ID and role in the JWT callback, expose only needed fields in the session callback, and check sessions server-side for protected routes.
Does Nexora include teams?
Nexora includes the auth and role foundation that teams build on. For full teams, add team records and memberships that connect users to shared workspaces with owner, admin, and member roles.
Start with auth that belongs inside a SaaS product.
Nexora gives you login, sessions, protected routes, user roles, profile flows, billing-ready user records, and a clean path toward team workspaces.