Sign-in, sign-up, sessions and social login — done right. Auth providers handle passwords, OAuth and security so you don't have to roll your own.
Real OAuth needs a backend (secret keys, redirect callbacks, a session store) — none of which runs in a static page. So this is a faithful simulation of what Clerk / Auth0 / NextAuth give you: enter any email + password, or click "Continue with Google", and watch a fake session get created.
Sign in to your account
// With a real provider (NextAuth example) it's roughly: import { signIn, signOut, useSession } from "next-auth/react"; const { data: session } = useSession(); session ? <button onClick={() => signOut()}>Sign out</button> : <button onClick={() => signIn("google")}>Continue with Google</button>
When you click "Continue with Google", the provider runs a redirect dance. Your app never sees the password — Google does, then hands back a verified token.
The secret token exchange happens server-side — that's exactly the part a static HTML page can't do, and exactly the part these providers handle for you.
All three solve auth, but with different trade-offs.
Drop-in pre-built UI components (<SignIn/>, <UserButton/>), user management dashboard, organisations. The fastest to add a polished flow.
The enterprise veteran. Hosted login, every social + enterprise SSO provider (SAML, LDAP), fine-grained rules. Powerful, framework-agnostic.
Open-source, self-hosted auth for Next.js (and beyond). Free, you control the database and session — but you wire more yourself.
Hashing passwords, secure session cookies, CSRF protection, password resets, rate limiting, OAuth callbacks, MFA, account linking — every one is a place to leak user data. Providers ship all of it, audited, for free or cheap. That's why almost nobody writes auth from scratch anymore.