Auth.js vs Lucia for Solo Developers

Quick Comparison

Auth.js Overview

Auth.js (formerly NextAuth.js) is the most popular open-source authentication library for Next.js, now expanding to support SvelteKit, Express, and other frameworks. It handles OAuth with 80+ providers, JWT and database sessions, email magic links, and credentials-based login.

The main appeal is that it's free and you own everything. No monthly fees, no MAU limits, no vendor to depend on. Auth.js runs in your application, stores sessions in your database (or as JWTs), and gives you full control over the auth flow.

I've used NextAuth in several Next.js projects. Getting Google and GitHub OAuth working takes about an hour with the documentation. The callback system lets you customize tokens, sessions, and sign-in behavior. But I'll be honest: the configuration can be frustrating. The docs have improved, but edge cases and version migration paths still trip people up.

Lucia Overview

Lucia is a lightweight auth library focused on session management. Unlike Auth.js, which tries to handle everything (OAuth, sessions, database adapters, JWT), Lucia takes a minimal approach. It manages sessions and provides helpers for password hashing, but leaves OAuth and the rest to you.

The philosophy is explicit: Lucia gives you building blocks, not a complete solution. You implement OAuth flows yourself (using libraries like arctic for OAuth providers), hash passwords with Lucia's utilities, and create sessions through Lucia's API. Every piece is visible and under your control.

Lucia works with any JavaScript framework: Next.js, SvelteKit, Astro, Express, Hono, and more. It also provides database adapters for Prisma, Drizzle, PostgreSQL, MySQL, SQLite, and MongoDB. The TypeScript support is excellent, with strong type inference throughout.

Key Differences

Scope and philosophy. Auth.js is a complete auth solution. Configure providers, set up callbacks, and it handles the OAuth flow, session creation, and token management end to end. Lucia is a session management library. You build the auth flows yourself using Lucia for the session layer. Auth.js gives you more out of the box. Lucia gives you more control.

OAuth handling. Auth.js has built-in support for 80+ OAuth providers. Add a provider to your config and the login flow works. Lucia doesn't handle OAuth directly. You use a companion library like arctic to implement OAuth flows, then create Lucia sessions from the result. Auth.js is faster for adding social logins. Lucia requires more code but gives you full visibility into the flow.

Configuration complexity. Auth.js has a reputation for confusing configuration, especially around callbacks, session strategies, and database adapters. The v5 rewrite improved things, but debugging auth issues still involves digging through callback chains. Lucia's configuration is simpler because there's less to configure. Sessions have clear creation and validation APIs.

Framework support. Auth.js started as NextAuth and expanded to other frameworks, but the Next.js integration is still the most polished. SvelteKit and Express support exists but feels secondary. Lucia is framework-agnostic by design. The session API works identically across frameworks, and the documentation covers each one equally.

Documentation quality. Lucia's documentation is notably clean and well-organized. The guides walk through complete implementations with clear code examples. Auth.js documentation has improved significantly with v5 but still has gaps, especially for non-Next.js frameworks. If documentation quality matters to you, Lucia has the edge.

Maintenance and community. Auth.js has a larger community with more Stack Overflow answers, GitHub discussions, and blog posts. Lucia has a smaller but dedicated community. Both projects are actively maintained. Auth.js benefits from more real-world usage, which means edge cases are more likely to be documented.

Migration risk. Auth.js has had breaking changes between major versions (v3 to v4, v4 to v5) that required significant migration work. Lucia's API has been more stable, though as a newer library it's had fewer major versions. If you've been burned by NextAuth migrations, Lucia's stability is appealing.

When to Choose Auth.js

• You're building with Next.js and want the most popular auth library
• You need OAuth with many providers and want pre-built integrations
• You prefer a more complete solution that handles the full auth flow
• Community size and available resources matter for troubleshooting
• You want social logins working quickly with minimal custom code

When to Choose Lucia

• You want full control over every part of the auth flow
• Clean, well-documented API matters more than convenience
• You're using a framework other than Next.js (SvelteKit, Astro, Hono)
• You've been frustrated by Auth.js configuration complexity
• You want a lightweight library that does one thing well (sessions)

The Verdict

Both libraries are free, open-source, and give you full ownership of your auth data. The choice comes down to how much you want handled for you versus how much control you want.

Auth.js is the pragmatic choice for Next.js projects that need OAuth quickly. The 80+ provider integrations save real development time. Accept the configuration complexity as the cost of convenience.

Lucia is the purist choice for developers who want to understand and control every part of authentication. The lightweight API is a joy to work with once you accept that you're building more of the flow yourself.

My recommendation: if you just need "sign in with Google/GitHub" in a Next.js app, Auth.js gets you there faster. If you want clean, understandable auth code that you fully control across any framework, Lucia is the better foundation. And honestly, if auth feels like too much work either way, consider a managed service like Clerk or Supabase Auth instead.