Nextjs v4 Migration

Dear Auth0 Team,

I wanted to take a moment to express my deep frustration with the Next.js SDK v4 migration. In my 15 years as a developer, this has been one of the most frustrating and poorly handled SDK upgrades I have encountered.

We spent days configuring Auth0 to fit our use case, working through undocumented edge cases to get everything running correctly. Now, with v4, those configurations have been rendered obsolete, and our application is breaking in multiple critical areas.

The migration guide is superficial at best, addressing only a fraction of the challenges this update introduces. Instead of improving the developer experience, this release has created unnecessary complexity and disruption. Given this experience, I can no longer justify using or recommending Auth0 as an authentication provider.

I sincerely hope your team takes this feedback seriously and prioritizes a more thoughtful approach to future migrations.

The migration has rendered your existing configurations obsolete, leading to application breakage. This is a significant concern, especially for production environments.

100% with you on this. What are they thinking?

Did you resolve your issues? I’m not far enough in with these guys that I’m considering just dropping Auth0 entirely.

Hi @bernd.strehl,

Thank you for your feedback. We understand your frustration with the Auth0 Next.js SDK v4 migration guide.

For clarity, could you share what specific challenges you had to overcome during this migration?

This way, we can understand them and make these improvements in our migration guide.

Kind regards,
Rueben

Hi @rueben.tiow – the answers are there is you look into the Github issues and community discusions, but that’s bit more work than using a template reply in the community forum.

Let’s start with the most obvious one, v3 to v4 is almost a complete API rewrite on how Auth0 integrates with Next.js while having ~240 lines migration guide on GH.
You are basically deprecating both the API routes (in favor of middleware) and removing most of the utility methods for checking active sessions. Any customization around the Auth0 flow has to be completely re-writen.

On top of that, this update is a blocker for Next.js v14 to v15 migration – with no migration path or utilities in sight. So, a few suggestions:

  • Update the library be Next.js v14 compatible, so gradual migration is possible
  • Provide more details around getSession changes, and how to migrate over in both app router and pages router
  • Provide the withPageAuthRequired and withApiAuthRequired utilities back with a deprecated flag
  • Provide clarity around API route customisation when using middleware instead of a catch-all route

To support @bernd.strehl point – this has to be one of the most under-engineered package update I’ve encountered in a while.