Why Lucia Auth?
Our previous authentication system was a custom implementation that had grown complex over time. Lucia Auth v3 offered a clean, type-safe API with excellent Next.js integration.
The Migration Process
Migration wasn't straightforward. Here's what we learned:
1. Session Management Changes
Lucia v3 changed how sessions are validated. We created a centralized validateRequest function:
// src/lib/auth/session.ts
export async function validateRequest() {
const sessionId = cookies().get('session')?.value;
if (!sessionId) return { user: null, session: null };
return lucia.validateSession(sessionId);
}2. OAuth Integration
We integrated Google and GitHub OAuth using the Arctic library, which Lucia recommends. The callback flow required careful handling of state validation and token exchange.
3. Password Hashing
Lucia v3 doesn't include password hashing by default. We use Argon2id via the @node-rs/argon2 package for secure password storage.
Key Takeaways
- Read the migration guide thoroughly before starting
- Test OAuth flows extensively in development
- Keep session cookies secure with proper flags
