SaaS
Features

Authentication

The template uses MailKite for authentication — JWT-based sessions, email/password login, magic links, and OAuth with Google and GitHub.

How it works

Authentication is handled by MailKite's API at https://api.mailkite.dev. When a user signs in, the API returns a JWT which is set as an httpOnly cookie named mk_session. The middleware reads this cookie on every request to determine if the user is authenticated.

Auth Methods

  • Email / Password — standard sign-in and sign-up forms
  • Magic Link — passwordless login via email (set MAILKITE_MAGIC_LINK=true)
  • Google OAuth — requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET
  • GitHub OAuth — requires GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET

Protected Routes

Routes under /dashboard are protected by default. Unauthenticated users are redirected to /sign-in.

Configure this in middleware.ts:

import { createAuthMiddleware } from '@/lib/mailkite-auth';

export default createAuthMiddleware({
  protectedRoutes: ['/dashboard'],
  loginUrl: '/sign-in',
});

Session Management

Sessions last 7 days and auto-refresh when within 24 hours of expiry. The session cookie is httpOnly for security — JavaScript cannot read it, protecting against XSS attacks.

Getting API Keys

  1. Sign up at mailkite.dev
  2. By default, the MAILKITE_API_URL points to the hosted API
  3. Set AUTH_SECRET to any secure random string — this signs your JWTs
Next.js SaaS Starter — Launch your SaaS