The `@authdog/nextjs-app` SDK integrates Authdog with the Next.js App Router: a client provider, `useAuth`/`useUser` hooks, and server helpers for middleware and logout. It reads the [session](/docs/concepts/sessions-tokens) Authdog issues after a hosted sign-in.

## Install

```bash
npm install @authdog/nextjs-app
```

Supports Next.js 15/16 and React 18 or 19. Set two env vars: `NEXT_PUBLIC_PK_AUTHDOG` (the publishable `pk_...` key, client-side) and `PK_AUTHDOG` (server-side).

## Wrap your app

Mount `AuthdogProvider` in the root layout. On load it captures the `?token=` from the sign-in redirect, validates it, persists the session, and strips the token from the URL:

```tsx
// app/layout.tsx
import { AuthdogProvider } from "@authdog/nextjs-app/client"

export default function RootLayout({
  children,
}: {
  children: React.ReactNode
}) {
  return (
    <html>
      <body>
        <AuthdogProvider>{children}</AuthdogProvider>
      </body>
    </html>
  )
}
```

## Read the user

`useUser` returns the current profile; `useAuth` returns just the token and auth state:

```tsx
"use client"
import { useUser } from "@authdog/nextjs-app"

export default function Dashboard() {
  const { user, isLoading } = useUser()
  if (isLoading) return null
  if (!user) return <SignInPrompt />
  return <p>Signed in as {user.email}</p>
}

// useAuth() -> { token, isAuthenticated, isLoading }
```

## Server-side session

For server enforcement, `useAuthMiddleware(publicKey)` exchanges the redirect token for HttpOnly session cookies; `logoutHandler` clears them. Client hooks are presentational — the server session is the enforcement point:

```ts
// middleware.ts
import { useAuthMiddleware } from "@authdog/nextjs-app/server"
export default useAuthMiddleware(process.env.PK_AUTHDOG!)
```

Sign out on the client with `clearAuthdogSession()` followed by a reload, or route to a handler backed by `logoutHandler`. Pair the session with your [authorization](/docs/concepts/authorization) model to decide what a user may do.

## Next steps

- [Component reference](/docs/components) — the `@authdog/react-elements` UI used with the provider.
- [Backend requests](/docs/backend) — validate the same session on your API routes.
- [Quickstarts](/docs/quickstarts) — the five-minute path.
