Improve auth docs (#63140)
Clarify best practices for implementing authentication in Next.js,
including what Next.js and React features to use and when. With the
minimum number of tools, we'll try to teach authentication from first
principles (simple password + email), then recommend Next.js-compatible
libraries, and further resources.
**Authentication:**
- [x] Forms and Server Actions
- [x] Server-side form validation and early returns
- [x] Form errors with `useFormStatus()`
- [x] Pending states with `useFormState()`
**Session Management:**
- [x] Stateless Sessions
- [x] Database Sessions
- [x] Setting cookies on the server
- [x] `cookies()`
- [x] `sever-only`
**Authorization:**
- [x] Optimistic vs. secure checks
- [x] Middleware for optimistic checks
- [x] Performance caveats - what not to do
- [x] DAL - centralizing data requests, verifying auth state close to
the data source
- [x] `redirect()`
- [x] DTO - returning the minimum data, preventing exposure on the
client
- [x] Recommendations for:
- [x] Server Components
- [x] Partial rendering and `layout` caveats
- [x] Server Actions
- [x] Route Handlers
DX Content: ["What is the right way to do
authentication?"](https://www.notion.so/vercel/00b2a5121a264939a5d4d10f76b36954?v=cac009672f9d411f900f41a0c3971702&p=2a80e8d450f54ea58da5cf8b42c15ac1&pm=s).
Test Example: https://github.com/vercel-labs/app-router-auth/pull/1
This is how I currently visualize it, this diagram is not meant for
users, but to help clarify our current understanding. What am I missing?
---------
Co-authored-by: Michael Novotny <manovotny@gmail.com>
Co-authored-by: Anthony Shew <anthonyshew@gmail.com>
Co-authored-by: Lee Robinson <me@leerob.io>
