Skip to main content
shrtnr uses NextAuth.js with credentials-based authentication to secure your account. Once authenticated, you can create custom short links, track clicks, and manage all your links from your dashboard.

Registration

1

Navigate to the registration page

Click Sign up from the home page navigation, or visit /register directly.
2

Fill out the registration form

Provide the following information:
  • Email (required): A valid email address that will be used to sign in
  • Name (optional): Your display name
  • Password (required): Must be at least 8 characters long
The form validates your email format and enforces the minimum password length client-side.
3

Submit the form

Click Sign up to create your account. The registration process:
  1. Normalizes your email (trimmed and lowercased)
  2. Hashes your password using bcrypt with 10 salt rounds
  3. Generates a unique 24-character user ID using nanoid
  4. Inserts your user record into the database
4

Sign in after successful registration

Upon successful registration, you’ll be redirected to /login. Use your email and password to sign in.
Emails are automatically converted to lowercase and trimmed of whitespace. If you register with User@Example.com, you’ll sign in with user@example.com.

Registration errors

You may encounter the following errors during registration:
ErrorCauseSolution
Valid email is requiredInvalid or missing emailProvide a valid email address
Password must be at least 8 charactersPassword too shortUse a password with 8+ characters
Email already registeredEmail already exists in databaseSign in instead, or use a different email
Database not set upUsers table missingContact support or run npm run db:init if self-hosting

Signing In

1

Navigate to the login page

Click Sign in from the home page navigation, or visit /login.
2

Enter your credentials

Provide:
  • Email: The email you registered with
  • Password: Your account password
Your email will be automatically trimmed and lowercased for consistency.
3

Submit the form

Click Sign in. The authentication flow:
  1. Submits credentials to NextAuth.js
  2. NextAuth queries the database for your user record
  3. Compares your password with the stored bcrypt hash
  4. On success, creates a JWT session token
  5. Redirects you to /dashboard (or the callback URL if specified)
The authentication system uses JWT sessions with a 30-day maximum age. Your session will remain active for 30 days unless you sign out.

Authentication errors

Common sign-in errors:
This error appears when:
  • The email doesn’t exist in the database
  • The password doesn’t match the stored hash
  • Either field is empty
Double-check your credentials or reset your password if needed.
A generic error indicating a network or server issue. Try again, and if the problem persists, check your network connection.

Callback URLs

When you’re redirected to the login page (e.g., when trying to access a protected page), a callbackUrl parameter is added to the URL. After successful authentication, you’ll be redirected back to that page. Example: /login?callbackUrl=/dashboard will redirect you to /dashboard after signing in.

Session Management

shrtnr uses NextAuth.js JWT-based sessions:
  • Strategy: JSON Web Token (JWT)
  • Max age: 30 days (2,592,000 seconds)
  • Token contents: User ID and email
  • Session storage: HTTP-only cookies

Session information

Your session contains: 
{
  user: {
    id: string,        // Your unique user ID
    email: string,     // Your email address
    name?: string      // Your display name (if provided)
  }
}
This information is available throughout the application when you’re signed in.

Signing Out

To sign out of your account:
  1. Click your profile icon or name in the navigation bar
  2. Select Sign out
  3. Your session will be cleared and you’ll be redirected to the home page
After signing out, you’ll lose access to your dashboard and link management features until you sign in again.

Authentication Implementation Details

For developers interested in the technical implementation:

NextAuth Configuration

The authentication configuration is defined in auth.ts:6: 
{
  trustHost: true,
  secret: process.env.AUTH_SECRET,
  providers: [Credentials],
  pages: { signIn: '/login' },
  session: { strategy: 'jwt', maxAge: 30 * 24 * 60 * 60 },
  callbacks: { jwt, session }
}

Password Security

  • Passwords are hashed using bcrypt with 10 salt rounds
  • Original passwords are never stored in the database
  • Password comparison uses constant-time comparison via bcrypt.compare()

Registration API

The registration endpoint is at /api/auth/register and accepts: 
{
  "email": "user@example.com",
  "password": "yourpassword",
  "name": "Your Name" // optional
}
The name field is optional. If not provided or empty, it will be stored as null in the database.

Build docs developers (and LLMs) love

Get started for freeTalk to us