Create App AI generated apps use next-auth for authentication. Default setup includes support for CredentialsProvider for username and password based authentication flow. It uses jwt strategy and authenticates user using database with user and password tables.
Authentication Options
Main setup can be found in auth.ts under app directory. In addition, there is a router handler api\auth\[...nextauth]
Middleware
middleware.ts is used to protect entire site and only list routes that can be accessed directly without authentication.
Authorization Checks
Every route component requires login user and checks if user has rights to access route. In addition, each of server actions also perform access rights check to ensure that only authorized users are allowed to take actions.