fix(ts): correct credentials types in authorize callback

2026-05-01 10:55:20 +00:00 · 2023-02-08 16:09:58 +01:00
parent cee1bddbd5
commit a39b8cfdf4
2 changed files with 11 additions and 3 deletions
--- a/packages/core/src/lib/routes/callback.ts
+++ b/packages/core/src/lib/routes/callback.ts
@@ -264,7 +264,7 @@ export async function callback(params: {
      // Callback URL is already verified at this point, so safe to use if specified
      return { redirect: callbackUrl, cookies }
    } else if (provider.type === "credentials" && method === "POST") {
-      const credentials = body
+      const credentials = body ?? {}

      // TODO: Forward the original request as is, instead of reconstructing it
      Object.entries(query ?? {}).forEach(([k, v]) =>
--- a/packages/core/src/providers/credentials.ts
+++ b/packages/core/src/providers/credentials.ts
@@ -40,8 +40,16 @@ export interface CredentialsConfig<
   * //...
   */
  authorize: (
-    /** See {@link CredentialInput} */
-    credentials: Record<keyof CredentialsInputs, string> | undefined,
+    /**
+     * The available keys are determined by {@link CredentialInput}.
+     *
+     * @note The existence/correctness of a field cannot be guaranteed at runtime,
+     * so you should always validate the input before using it.
+     *
+     * You can add basic validation depending on your use case,
+     * or you can use a popular library like [Zod](https://zod.dev) for example.
+     */
+    credentials: Partial<Record<keyof CredentialsInputs, unknown>>,
    /** The original request is forward for convenience */
    request: Request
  ) => Awaitable<User | null>