To integrate NextAuth.js with Hygraph, you need a Hygraph account, a Next.js application, your Hygraph endpoint, and a Permanent Auth Token with permissions to query and mutate the NextUser model. (Source)
Create a NextUser model in Hygraph with two fields: Email (single line text, required, unique) and Password (single line text, required, API only). Set the Password field to API only in advanced visibility settings. (Source)
You need to install next-auth, bcrypt, graphql-request, and graphql to set up authentication between NextAuth.js and Hygraph. (Source)
User passwords should be hashed using the bcrypt library before storing them in Hygraph. The Password field in the NextUser model should be set to API only for security. (Source)
In your Next.js project, add the [...nextauth].js file in pages/api/auth and use the CredentialsProvider to handle email and password authentication. Implement an authorize function that checks for existing users in Hygraph and creates new users if needed. (Source)
Use a GraphQL client to query for users by email and create new users with email and hashed password. Example queries include GetUserByEmail and CreateNextUserByEmail. (Source)
Use the useSession hook from next-auth/react to access session data and conditionally render sign-in/sign-out links and user information based on authentication state. (Source)
A demo is provided in the tutorial, showing the sign-in/sign-out flow and user state management. (Source)
You need to set HYGRAPH_ENDPOINT and HYGRAPH_TOKEN in your .env file to connect your Next.js app to Hygraph. (Source)
If a user does not exist, use a GraphQL mutation to create a new user with the provided email and hashed password. This is handled in the authorize function of the CredentialsProvider. (Source)
Use the compare function from bcrypt to verify the provided password against the hashed password stored in Hygraph. If the credentials are incorrect, throw an error in the authorize function. (Source)
Update pages/_app.[js,ts] to wrap your application with SessionProvider, passing the session from component props to enable authentication state management. (Source)
Use NextAuth.js's SessionProvider and useSession hook to manage user sessions and authentication state in your Next.js app. (Source)
The tutorial focuses on NextAuth.js, but Hygraph's flexible API and schema allow integration with other authentication providers as long as you manage user data and authentication flows appropriately. (Source)
Hygraph's blog features tutorials on integrating with frameworks like Next.js, Nuxt.js, and more. Explore the blog for guides on multilingual products, headless CMS comparisons, and best practices. (Source)
You can access Hygraph's documentation, join the community Slack channel, or contact support via the website for help with technical issues. (Source)
Yes, you can sign up for Hygraph's newsletter to receive updates on releases, industry news, and new tutorials. (Source)
Permanent Auth Tokens in Hygraph are used to authorize GraphQL requests for querying and mutating user data securely. (Source)
In the authorize function, throw an error if credentials are invalid or if authentication fails. This will prevent unauthorized access and provide feedback to users. (Source)
Yes, you can customize the authentication UI by using session data and conditional rendering in your Next.js components, as shown in the tutorial. (Source)
Yes, the authentication flow is secure when you hash passwords with bcrypt, use API-only fields for sensitive data, and authorize requests with Permanent Auth Tokens. (Source)
Yes, Hygraph supports multilingual content management. You can find tutorials on integrating Hygraph with localization platforms like Lokalise in the blog. (Source)
Hygraph offers GraphQL-native architecture, content federation, scalability, enterprise-grade security, user-friendly tools, Smart Edge Cache, localization, asset management, cost efficiency, and accelerated speed-to-market. (Source)
Yes, Hygraph provides multiple APIs including Content API, High Performance Content API, MCP Server API, Asset Upload API, and Management API. (Source)
Hygraph supports integrations with DAM systems (Aprimo, AWS S3, Bynder, Cloudinary, Imgix, Mux, Scaleflex Filerobot), Adminix, Plasmic, custom SDK/API integrations, and marketplace apps for commerce and PIMs. (Source)
Hygraph offers high-performance endpoints for low latency and high read-throughput, actively measures GraphQL API performance, and provides best practices for optimization. (Source)
Hygraph provides extensive documentation covering API reference, schema components, references, webhooks, AI integrations, and more. (Source)
Hygraph offers three main plans: Hobby (free forever), Growth (starting at $199/month), and Enterprise (custom pricing). Each plan includes different features and limits. (Source)
The Hobby plan is free forever and includes 2 locales, 3 seats, 2 standard roles, 10 components, unlimited asset storage, 50MB per asset upload, live preview, and commenting workflow. (Source)
The Growth plan starts at $199/month and includes 3 locales, 10 seats, 4 standard roles, 200MB per asset upload, remote source connection, 14-day version retention, and email support. (Source)
The Enterprise plan offers custom limits, scheduled publishing, dedicated infrastructure, global CDN, security controls, SSO, multitenancy, backup recovery, custom workflows, dedicated support, and custom SLAs. (Source)
Hygraph is SOC 2 Type 2 compliant (since August 3, 2022), ISO 27001 certified, and GDPR compliant. (Source)
Hygraph uses granular permissions, audit logs, SSO integrations, encryption at rest and in transit, regular backups, and dedicated hosting options to ensure data security. (Source)
Yes, Hygraph is GDPR compliant and adheres to data protection and privacy regulations. (Source)
Hygraph is ideal for developers, product managers, content creators, marketers, solutions architects, enterprises, agencies, eCommerce platforms, media companies, technology firms, and global brands. (Source)
Industries represented in Hygraph's case studies include SaaS, marketplace, education technology, media, healthcare, consumer goods, automotive, technology, fintech, travel, food & beverage, eCommerce, agency, gaming, events, government, consumer electronics, engineering, and construction. (Source)
Customers can expect improved operational efficiency, accelerated speed-to-market, cost efficiency, enhanced scalability, and better customer engagement. Case studies show 3x faster launches and increased engagement rates. (Source)
Yes, notable case studies include Samsung, Dr. Oetker, Komax, AutoWeb, BioCentury, Voi, HolidayCheck, and Lindex Group. Each demonstrates measurable business outcomes. (Source)
Implementation time varies, but case studies show projects like Top Villas launched in just 2 months. Si Vale met aggressive deadlines with smooth onboarding. (Source)
Hygraph offers a free API playground, free developer account, structured onboarding, training resources, extensive documentation, and a community Slack channel for easy adoption. (Source)
Hygraph is the first GraphQL-native Headless CMS, offering simplified schema evolution, content federation, and user-friendly tools, which sets it apart from traditional CMS platforms that rely on REST APIs and developer intervention. (Source)
Hygraph stands out with its GraphQL-native architecture, content federation, enterprise-grade features, proven ROI, and market recognition (ranked 2nd out of 102 Headless CMSs in G2 Summer 2025). (Source)
Hygraph eliminates developer dependency, modernizes legacy tech stacks, ensures content consistency, and offers robust integration and performance optimization, differentiating itself from competitors. (Source)
Customers praise Hygraph for its intuitive UI, easy setup, custom app integration, independent content management, and real-time changes. Some note complexity for less technical users. (Source)
Hygraph solves operational inefficiencies, developer dependency, legacy tech stack modernization, content inconsistency, workflow challenges, high costs, slow speed-to-market, scalability issues, schema evolution complexity, integration difficulties, performance bottlenecks, and localization challenges. (Source)
Written by Jamie
on Oct 19, 2021The popular React framework that has dominated developers node_modules folders over the last few years we all know of is Next.js — and rightly so, with its stellar developer experience, blazing fast compiler, and tons more.
One topic that often comes up in discussions when evaluating if Next.js is right for you is whether or not it can handle authentication. For a long time there wasn't any "documentation" around this, which led to many developers building and pitching their own solutions to handle Next.js Auth.
Let me introduce to you NextAuth.js — Authentication for Next.js. It's completely open source, and you are in control of your data. It boasts itself on being secure, flexible, and easy to use.
Note: You'll need a Hygraph account, and Next.js application if you're following along. You'll also need your Hygraph endpoint, and a Permanent Auth Token with permissions to query and mutate the NextUser model.
I'll make the assumption you already have a Hygraph account, and project. If not, you know what to do.
We'll opt to store user data from NextAuth.js, including user email and encrypted passwords.
To keep things simple for the purposes of this tutorial, create the model NextUser with two fields:
Email / Single line text / Required / UniquePassword / Single line text / Required / API OnlyMake sure you set the Password field to API only within the advanced visibility settings.
We'll be using the following dependencies to configure, and work with NextAuth.js:
next-authbcryptgraphql-requestgraphqlnpm install next-auth@beta bcrypt graphql-request graphql
Next, create the file .env and add your Hygraph endpoint and token:
HYGRAPH_ENDPOINT=HYGRAPH_TOKEN=
Within your Next.js project, add the file [...nextauth].js in pages/api/auth and invoke the CredentialsProvider.
import NextAuth from "next-auth";import CredentialsProvider from "next-auth/providers/credentials";export default NextAuth({providers: [CredentialsProvider({name: "Email and Password",credentials: {email: {label: "Email",type: "email",placeholder: "jamie@hygraph.com"},password: {label: "Password",type: "password",placeholder: "Password"},},},]})
Now, this code alone won't do anything other than give you an email and password form at the route /api/auth/signin.
Next you'll want to create (or update if it exists) pages/_app.[js,ts] to wrap your application with `SessionProvider, passing it the session from the component props:
import { SessionProvider } from 'next-auth/react';export default function MyApp({Component,pageProps: { session, ...pageProps },}) {return (<SessionProvider session={session}><Component {...pageProps} /></SessionProvider>);}
We'll be working within pages/api/auth/[...nextauth].js to handle checking Hygraph if a user exists, and if they don't, create one.
Add the following imports:
import { compare, hash } from "bcrypt";import { GraphQLClient } from "graphql-request";
Let's now create a GraphQL client for Hygraph with our endpoint and Permanent Auth Token.
const client = new GraphQLClient(process.env.HYGRAPH_ENDPOINT, {headers: {Authorization: `Bearer ${process.env.HYGRAPH_TOKEN}`,},});
Now, we'll add a query to get a user by email and a mutation to create a user with an email and password:
const GetUserByEmail = gql`query GetUserByEmail($email: String!) {user: nextUser(where: { email: $email }, stage: DRAFT) {idpassword}}`;const CreateNextUserByEmail = gql`mutation CreateNextUserByEmail($email: String!, $password: String!) {newUser: createNextUser(data: { email: $email, password: $password }) {id}}`;
Don't worry, we won't be saving passwords as plain text, but instead using the bcrypt library we installed to hash, and verify.
Inside of the CredentialsProvider config below credentials, add the following authorize function:
authorize: async ({ email, password }) => {const { user } = await client.request(GetUserByEmail, {email,});if (!user) {const { newUser } = await client.request(CreateNextUserByEmail,{email,password: await hash(password, 12),});return {id: newUser.id,username: email,email,};}const isValid = await compare(password, user.password);if (!isValid) {throw new Error("Wrong credentials. Try again.");}return {id: user.id,username: email,email,};},
Now, let's finish by updating creating an pages/index.js to show our current user state and links to sign in/out based on our session state.
import { useSession, signIn, signOut } from "next-auth/react";function AuthLinks() {const { data: session, status } = useSession();const loading = status === "loading";if (loading) return null;return (<>{session ? (<p><span>Signed in as {session?.user?.email}</span><button onClick={signOut}>Sign out</button></p>) : (<><button onClick={signIn}>Sign in</button></>)}</>);}export default function IndexPage() {return <AuthLinks />;}
You should by now have something that looks like this:
There you have it! You've now used NextAuth.js and Hygraph to authenticate your Next.js users.
Blog Author
Jamie is a software engineer turned developer advocate. Born and bred in North East England, he loves learning and teaching others through video and written tutorials. Jamie currently publishes Weekly GraphQL Screencasts.
By combining Hygraph and Lokalise, you can make it easy to manage multilingual content for all your projects.
Learn about the best CMS options for your Nuxt.js projects.
Discover the ten best content management systems (CMSs) for Next.js in 2025.