Documentation guide for login systems, session handling, protected routes, and team-ready SaaS accounts.

Authentication setup for Nexora.

Use this guide to configure the login system, understand JWT session handling, protect app routes, manage user roles, and extend Nexora toward team-based SaaS workspaces.

Login setup

Configure authentication before protecting product data.

Work through secrets, signup, credentials login, JWT sessions, route protection, and team modeling in that order.

Step 1

Configure auth secrets

Set the app URL and NextAuth secret before testing login, callbacks, protected pages, and session handling.

Configuration example

NEXTAUTH_SECRET=your-secure-secret
NEXTAUTH_URL=http://localhost:3000
NEXT_PUBLIC_APP_URL=http://localhost:3000

Step 2

Test signup

Create a user through the signup flow and confirm the user record stores email, name, role, verification, and billing-ready fields.

Configuration example

name
email
password
role: user

Step 3

Test login system

Use credentials auth to sign in, validate password comparison, and confirm invalid credentials fail without creating a session.

Configuration example

CredentialsProvider
bcrypt.compare(password, user.password)
session.strategy = "jwt"

Step 4

Verify session handling

Confirm the JWT callback stores user ID and role, then verify the session callback exposes those fields to the client.

Configuration example

session.user.id = token.id
session.user.role = token.role

Step 5

Protect app routes

Use server session helpers and session-aware UI to keep dashboards, profiles, billing, and admin workflows behind auth.

Configuration example

const session = await getSession(req, res)
if (!session) return res.status(401).json({ error: "Unauthorized" })

Step 6

Plan team membership

Extend the user model with teams or organizations when your SaaS needs shared workspaces, seats, invites, or role-based access.

Configuration example

Team: name, ownerId
Membership: teamId, userId, role
Roles: owner, admin, member

Session handling

Keep sessions small, stable, and server-verified.

Session handling is where auth becomes product access. Store stable identity fields and verify access server-side before returning sensitive data.

Set NEXTAUTH_SECRET in every environment.

Use production NEXTAUTH_URL on the live domain.

Store user ID and role in the JWT callback.

Expose only necessary user fields in the session callback.

Protect API routes with a server-side session check.

Render dashboard, profile, and billing navigation based on session state.

Teams

Extend users into team workspaces when the product needs it.

Start with user roles for simple products. Add teams when users need shared projects, seats, invites, or organization-level billing.

Start with user roles

Nexora already includes a user/admin role field. Use that for basic access control before introducing team complexity.

Add a Team collection

Create a team or organization record with a name, owner ID, billing owner, and timestamps when accounts need shared workspaces.

Add memberships

Use a membership record to connect users to teams with roles such as owner, admin, and member.

Scope product data by team

Attach customer records, projects, dashboards, and billing seats to a team ID instead of only a user ID.

Account flows

Add the trust flows around login.

Verification

Use verification tokens to confirm account ownership before granting full account trust or sensitive access.

Profile management

Let users update account details from the profile screen and keep session fields aligned with the stored user record.

Admin access

Use the role field and admin email checks for admin-only workflows, internal screens, or support tools.

Troubleshooting

Common authentication setup issues.

Login succeeds but session data is missing

Check the JWT and session callbacks. Make sure token.id and token.role are assigned and copied into session.user.

Protected routes allow anonymous access

Add a server-side session check before returning API data or rendering sensitive dashboard content.

Auth redirects to the wrong page

Verify NEXTAUTH_URL, NEXT_PUBLIC_APP_URL, and custom auth pages in the NextAuth configuration.

Team roles become hard to manage

Move from a single user role field to explicit team memberships with team-scoped roles and permissions.

Auth questions

Answers before users sign in.

How does the Nexora login system work?

Nexora uses NextAuth credentials auth with MongoDB user records, bcrypt password comparison, JWT sessions, and custom signin pages.

How should I handle sessions in a Next.js SaaS app?

Store stable user fields such as ID and role in the JWT callback, expose only needed fields in the session callback, and check sessions server-side for protected routes.

Does Nexora include teams?

Nexora includes the auth and role foundation that teams build on. For full teams, add team records and memberships that connect users to shared workspaces with owner, admin, and member roles.

Start with auth that belongs inside a SaaS product.

Nexora gives you login, sessions, protected routes, user roles, profile flows, billing-ready user records, and a clean path toward team workspaces.