Improve auth docs

[delbaoliveira]

Clarify best practices for implementing authentication in Next.js, including what Next.js and React features to use and when. With the minimum number of tools, we'll try to teach authentication from first principles (simple password + email), then recommend Next.js-compatible libraries, and further resources.

Authentication:

• Forms and Server Actions
• Server-side form validation and early returns
• Form errors with useFormStatus()
• Pending states with useFormState()

Session Management:

• Stateless Sessions
• Database Sessions
• Setting cookies on the server
  • cookies()
• sever-only

Authorization:

• Optimistic vs. secure checks
• Middleware for optimistic checks
  • Performance caveats - what not to do
• DAL - centralizing data requests, verifying auth state close to the data source
  • redirect()
• DTO - returning the minimum data, preventing exposure on the client
• Recommendations for:
  • Server Components
    • Partial rendering and layout caveats
  • Server Actions
  • Route Handlers

DX Content: "What is the right way to do authentication?".
Test Example: vercel-labs/app-router-auth#1

This is how I currently visualize it, this diagram is not meant for users, but to help clarify our current understanding. What am I missing?

[github-actions]

Hi there 👋

It looks like this PR introduces broken links to the docs, please take a moment to fix them before merging:

Broken link	Type	File
#updating-or-extending-the-session	hash	/docs/02-app/01-building-your-application/09-authentication/index.mdx

Thank you 🙏

[cpeaustriajc]

Can I suggest adding The Copenhagen Book in the Further Reading section?

https://thecopenhagenbook.com/

[delbaoliveira]

Thank you for the suggestion @fujiwaracj 🙏🏼 Been using it as a reference for an example, it's helpful.

[leerob]

Good to merge and iterate if we want 😄

[OrhanTozan]

@delbaoliveira Hi, why was the "Protecting Routes with Middleware" section removed?

[delbaoliveira]

Hey, it's now called Optimistic checks with Middleware.