Project creatortrack auth approach


name: CreatorTrack auth: Auth.js, both providers, self-hosted description: Email+password + Google OAuth linked by email; Auth.js (NextAuth) self-hosted on core Postgres; no SaaS auth type: project


Auth approach for CreatorTrack locked in 2026-06-18 session:

  • Providers: both email+password AND Google OAuth, linked by the same email (sign up with Google, add password later, or vice versa; one account)
  • Library: Auth.js (NextAuth), open-source, self-hosted inside the Next.js app
  • Storage: sessions + users land in the existing core Postgres (CT 109), which already has a users table
  • SaaS auth (Clerk, Auth0) explicitly rejected per the "own it" principle; Auth.js is the middle ground (not hand-rolled crypto, not a SaaS dependency)

Why: Justin's standing rule is to own the stack; Auth.js satisfies that while not requiring custom password hashing or OAuth flow authoring.

How to apply: When the auth build starts, check the existing auth.ts in the repo to assess if it's a wire-up or a swap. Never suggest Clerk/Auth0/Supabase auth for this project.

[auto-memory session 57205162-c1eb-485a-ba96-f5b45b27ab9b, confidence 0.88, mode direct]