Description
We're excited to share that @sidebase/nuxt-auth is moving towards its 1.0 release! 🎉
Motivation and commitment
Over the past years, we’ve used NuxtAuth ourselves in production and we're thrilled to see the community do the same — proving it's really ready for all the real-world applications out there. Throughout the 0.x releases, we moved fast, we experimented, learned from your feedback, and delivered the features you asked for. Your feedback helped shape a powerful and flexible authentication module tailored to the Nuxt ecosystem than NuxtAuth currently is 🫶.
With 1.0, we’re making a very clear commitment: NuxtAuth is stable, production-ready, and follows semantic versioning. For you this means no breaking changes within one major release and more confidence and predictability as you build and scale your apps. For us this means clearer planning ahead.
We're especially grateful to everyone who has contributed, tested, and also just built with NuxtAuth so far, and we're excited to keep growing with you!
🎯 Our vision of 1.0
With the 1.0 release of @sidebase/nuxt-auth, we're finalizing the work we've built up throughout the 0.x series, bringing all the stability, features, and community-driven improvements into a fully tagged, non-0.x release. We have already published a first release candidate on June 5th, 2025, giving us a couple of weeks to gather feedback and polish things before the full 1.0 launch. But that’s not all! 1.x is just the beginning of a new chapter. Read on to see what's coming next!
1.x Roadmap
Once we publish the stable 1.0, we have the items listed below on our radar for the upcoming 1.x versions. Please note that this list doesn't indicate priority, and we might adjust the exact contents as we go along.
🪝 Hooks for the local provider
A long-awaited feature that brings full customization to the local provider, allows to modify outgoing requests, handle responses, manage errors, and more.
You'll be able to:
- Add custom headers to requests (e.g. your API keys);
- View or modify endpoint requests dynamically;
- Customize response and error handling logic;
- Extend support for non-standard backend setups.
🛠️ Stability improvements for local provider
We're working on several improvements to make the local provider more robust and reliable. The following issues are on our radar:
- Avoid redirects to login while the session is still being fetched (#621);
- Preserve cookies on page reload (#732);
- Ensure access tokens persist correctly after reloads (#1002);
- Prevent unexpected logouts during background session refreshes (#1007).
📦 Out-of-the-box support for disabling or mocking the module
We would be introducing first-class support for disabling or mocking @sidebase/nuxt-auth, a feature especially useful for testing, static builds, or multi-site setups when authentication isn't always needed. This enhancement will allow you to:
- Import module utilities even when the module is disabled, avoiding build-time errors;
- Seamlessly disable the module in specific environments without breaking your app's structure (for instance, in tests).
🍪 Support cookie-less authentication for the local provider
We're exploring support for using the local provider without relying on cookies. This would enable:
-
Improved security by allowing httpOnly cookies set exclusively server-side (Unable to use httpOnly attribute for authCookie #851);
-
More flexibility for apps preferring token-based auth flows.
This is an experimental direction we're considering to better support an even wider range of backend setups.
Automated releases, more E2E testing and NPM provenance
Security plays a big role for NuxtAuth. We want our module to be as transparent to you as possible, and that also includes releases we publish. Currently every stable release we do goes through automated checks, community alpha testing, and also meticulous internal testing.
However, there are things that can be improved. To name a few:
🧪 E2E testing of external backends
We noticed that a lot of you who use the local provider also use an external backend, often other than Nuxt or even Node.js. While we ourselves are strong believers in Nuxt and its ecosystem, we want to fully support the other backends our community works with. That is why we are planning on adding a popular non-Nuxt backend to our test suite and playgrounds.
This would help us identify any potential problems with external domains, API calls and cookies.
🤖 Automating the releases
At the moment we publish every new version manually. This requires some team coordination, access key management, and can be error-prone. We want not only for our release process to be clearer and easier to verify by you, but also to allow us to iterate faster, letting you alpha-test features and fixes with more freedom.
🔒 NPM Provenance
NPM Provenance is a very powerful instrument for Open-Source projects. In combination with GitHub CI/CD, it lets you know that the NuxtAuth package you are adding to your project has been built on GitHub exactly from the source code you see, following the exact same steps you see in the workflow file.
This would give you an extra peace of mind that one of the crucial authentication dependencies you use has not been compromised.
2.0 Roadmap and plans for the future
🔄 AuthJS migration
We're planning to migrate @sidebase/nuxt-auth to use AuthJS v5 under the hood in the 2.0 release. While we initially considered including this in 1.0, we unfortunately had to postpone due to stability concerns with AuthJS at the time. Our goal is to provide a more modern and robust authentication foundation without sacrificing stability, and we're also excited about the improvements this migration will bring. You can follow the progress in #673.
🚀 Looking ahead
The 1.0 release marks a big milestone, but it's far from the finish line with lots more to come. We're committed to making NuxtAuth even more powerful, flexible, and developer-friendly.
As always, your feedback, ideas and contributions are what drive this project forward. Thank you for being part of the journey and see you in 1.0!