Clerk but you own the code

Authentication should live in your project, not a node_modules folder. Complete auth built with security in mind, that you can actually build on.

Project

import { NextResponse } from "next/server";
import { createClient } from "@/utils/supabase/server";

export async function GET(request: Request) {
  const { searchParams, origin } = new URL(request.url);
  const code = searchParams.get("code");
  const next = searchParams.get("next") ?? "/";
  
  if (code) {
    const supabase = await createClient();
    const { error } = await supabase.auth.exchangeCodeForSession(code);
    
    if (error) {
      return NextResponse.redirect(
        `${origin}/auth/error?error=${encodeURIComponent(error.message)}`
      );
    }
  }
  
  return NextResponse.redirect(
    `/api/auth/complete?provider=google&next=${next}`
  );
}

As secure as it gets

Every possible security hole you can think of is already filled.

Status

Timestamp

Message

2023-05-17

You don't have permissions to access /api/auth/device-sessions

2023-05-17

Security features disabled for unknown device

2023-05-17

Unknown device logged in. Verification needed

2023-05-17

You cannot modify 'is_trusted' with the current key.

2023-05-17

You cannot modify 'needs_verification' with the current key.