Appearance
Google OAuth
Users can sign in or sign up with Google using the google provider from next-auth / Auth.js, configured in src/lib/auth/auth.ts.
Client UI
- Component:
src/components/auth/GoogleAuth.tsx - Behavior:
signIn("google", { callbackUrl: appConfig.auth.afterLogin, redirect: false }); on success, navigates usingresult.urlor falls back toappConfig.auth.newUser. - Usage: Embedded on login (
src/app/(auth)/login/login-form.tsx) and register (src/app/(auth)/register/register-form.tsx) flows.
TIP
Ensure callbackUrl / OAuth redirect URIs match your deployment URL in the Google Cloud Console.
Server configuration
- Provider:
Google({ clientId, clientSecret, allowDangerousEmailAccountLinking: true })insrc/lib/auth/auth.ts. - Adapter:
PrismaAdapter(prisma)stores OAuth accounts and links them to users. - Session: JWT strategy; user profile fields flow through callbacks in
auth.ts.
allowDangerousEmailAccountLinking relaxes linking when an email already exists in your database — understand the security trade-offs before shipping to production.
Environment variables
| Variable | Purpose |
|---|---|
GOOGLE_CLIENT_ID | OAuth 2.0 client ID |
GOOGLE_CLIENT_SECRET | OAuth 2.0 client secret |
Shared with credentials auth:
| Variable | Purpose |
|---|---|
AUTH_SECRET | Session signing (appConfig.auth.secret) |
AUTH_URL / NEXT_PUBLIC_APP_URL / VERCEL_URL | Canonical URLs for redirects (see src/config.ts) |
Post-link behavior
An events.linkAccount handler in src/lib/auth/auth.ts updates emailVerified for existing users when Google links, if applicable.
File map (Google)
| Role | Path |
|---|---|
Google button & signIn("google") | src/components/auth/GoogleAuth.tsx |
| Google provider + callbacks + events | src/lib/auth/auth.ts |
| Auth API | src/app/api/auth/[...nextauth]/route.ts |
| Login / register shells | src/app/(auth)/login/login-form.tsx, src/app/(auth)/register/register-form.tsx |
| App URLs | src/config.ts → appConfig.auth |
WARNING
Credential and Google flows share the same user table; email collisions and linking behavior depend on allowDangerousEmailAccountLinking and your registration rules in register-actions.ts.