Does Ruby on Rails Work With Auth.js?

Partially CompatibleLast verified: 2026-02-20

Auth.js is JavaScript-first and designed for frontend frameworks; using it with Rails requires building a separate Next.js/React frontend or implementing custom backend bridges.

Quick Facts

Compatibility
partial
Setup Difficulty
Complex
Official Integration
No — community maintained
Confidence
medium
Minimum Versions
Ruby on Rails: 6.0
Auth.js: 5.0

How Ruby on Rails Works With Auth.js

Auth.js (formerly NextAuth.js) is fundamentally a frontend authentication library built for JavaScript frameworks, particularly Next.js. Rails is a backend framework that traditionally handles its own authentication and session management. Direct integration doesn't exist because they solve authentication at different layers. However, you have two viable approaches: (1) Use Rails purely as an API backend with a separate Next.js frontend running Auth.js for authentication, passing JWT tokens to Rails for API requests, or (2) Implement Auth.js callbacks that communicate with Rails endpoints via HTTP. The first approach is cleaner architecturally—Rails handles business logic and data, Auth.js manages user sessions and providers. The second approach requires careful CORS configuration, custom session persistence, and treating Rails as an OAuth provider or credential validator, which defeats many of Auth.js's conveniences. Most developers choosing Rails prefer Devise, OmniAuth, or Rodauth for full-stack authentication; Auth.js shines when you're already committed to a JavaScript frontend ecosystem.

Best Use Cases

Decoupled Next.js frontend with Rails API backend sharing JWT-based authentication
Migrating a Rails monolith to microservices where Next.js handles user-facing auth while Rails becomes an internal API
Multi-tenant SaaS with Rails handling data logic and Auth.js managing provider-based SSO across client applications
Building a headless CMS in Rails with a separate Next.js admin dashboard using Auth.js for staff authentication

Next.js Frontend with Rails API Backend

bash
npm install next-auth axios
typescript
// lib/auth.ts - Auth.js configuration
import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import axios from "axios";

export const { handlers, auth } = NextAuth({
  providers: [
    CredentialsProvider({
      async authorize(credentials) {
        const res = await axios.post(
          "http://localhost:3000/api/auth/login",
          credentials,
          { withCredentials: true }
        );
        if (res.status === 200) {
          return { id: res.data.user.id, email: res.data.user.email };
        }
        return null;
      },
    }),
  ],
  callbacks: {
    async jwt({ token, user }) {
      if (user) token.id = user.id;
      return token;
    },
    async session({ session, token }) {
      session.user.id = token.id as string;
      return session;
    },
  },
});

// pages/api/auth/[...nextauth].ts - Next.js route
export { handlers as GET, handlers as POST };

Known Issues & Gotchas

critical

Auth.js session cookies won't work with Rails API mode by default due to SameSite and domain restrictions

Fix: Use JWT tokens instead of sessions, store in secure httpOnly cookies, and configure CORS properly on Rails to accept credentials from your frontend domain

warning

Rails CSRF protection may block Auth.js callback requests if not configured as API-only

Fix: Either disable CSRF for API routes or configure Rails CSRF middleware to trust your Auth.js callback origin

warning

Auth.js providers (Google, GitHub, etc.) expect a single callback URL; running multiple Rails environments requires different Auth.js instances

Fix: Use environment-specific Auth.js configurations or a proxy that handles multiple environments

info

User data syncing between Auth.js and Rails database requires manual implementation

Fix: Implement a post-signin callback in Auth.js that creates/updates the user in your Rails database via an API endpoint

Alternatives

  • Rails + Devise + OmniAuth: Full Ruby-based auth with provider support, no JavaScript required
  • Rails + Rodauth: Lightweight Ruby authentication library with better security defaults than Devise
  • Express.js + Auth.js: Both JavaScript, native compatibility, easier than Rails integration

Resources

docsAuth.js Official DocumentationdocsAuth.js Callbacks DocumentationdocsRails API Mode GuidetutorialUsing Auth.js with API Backends

Related Compatibility Guides

Ruby on Rails + LuciaRuby on Rails + ClerkRuby on Rails + ContentfulRuby on Rails + PaddleRuby on Rails + TursoFastAPI + Auth.js

Explore more compatibility guides

All Ruby on Rails combosAll Auth.js combos