srizan/archived-next-auth
1
0
Fork 0
mirror of https://github.com/SrIzan10/next-auth.git synced 2026-05-01 10:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feat/nextjs-auth

Browse Source
This commit is contained in:
Balázs Orbán
2023-05-01 11:32:56 +02:00
parent 4f54840014 5400645221
commit ac0ca51278
91 changed files with 1234 additions and 730 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/concepts/faq.md
View File

@@ -269,7 +269,7 @@ Ultimately if your request is not accepted or is not actively in development, yo
</summary>
<p>
Auth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/guides/adapters/using-a-database-adapter), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/reference/configuration/auth-config#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
Auth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/guides/adapters/using-a-database-adapter), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/reference/configuration/auth-config#session). Since v4 all our JWTs are now encrypted by default with A256GCM.
</p>
</details>

2
docs/docs/guides/adapters/creating-a-database-adapter.md
View File

@@ -6,7 +6,7 @@ Using a custom adapter you can connect to any database back-end or even several
## How to create an adapter
For more information about the data these methods need to manage see [models](/reference/adapters/models).
For more information about the data these methods need to manage see [models](/reference/adapters#models).
_See the code below for practical example._

4
docs/docs/guides/basics/events.md
View File

@@ -29,7 +29,7 @@ Sent when the user signs out.
The message object will contain one of these depending on if you use JWT or database persisted sessions:
- `token`: The JWT token for this session.
- `token`: The JWT for this session.
- `session`: The session object from your adapter that is being ended
### createUser
@@ -60,5 +60,5 @@ Sent at the end of a request for the current session.
The message object will contain one of these depending on if you use JWT or database persisted sessions:
- `token`: The JWT token for this session.
- `token`: The JWT for this session.
- `session`: The session object from your adapter.

45
docs/docs/reference/adapters/index.md
View File

@@ -2,7 +2,7 @@
title: Overview
---
Using a Auth.js / NextAuth.js adapter you can connect to any database service or even several different services at the same time. The following listed official adapters are created and maintained by the community:
Using an Auth.js / NextAuth.js adapter you can connect to any database service or even several different services at the same time. The following listed official adapters are created and maintained by the community:
<div class="adapter-card-list">
<a href="/reference/adapter/dgraph" class="adapter-card">
@@ -71,7 +71,7 @@ If you don't find an adapter for the database or service you use, you can always
## Models
Auth.js can be used with any database. Models tell you what structures Auth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this. Each adapter's model/schema will be slightly adapted for its needs, but will look very much like this schema below:
Auth.js can be used with any database. Models tell you what structures Auth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this:
```mermaid
erDiagram
@@ -96,15 +96,8 @@ erDiagram
string type
string provider
string providerAccountId
string refresh_token
string access_token
int expires_at
string token_type
string scope
string id_token
string session_state
string oauth_token_secret
string oauth_token
}
VerificationToken {
string identifier
@@ -113,10 +106,10 @@ erDiagram
}
```
More information about each Model / Table can be found below.
More information about each Model/Table can be found below.
:::note
You can [create your own adapter](/guides/adapters/creating-a-database-adapter) if you want to use Auth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
You can [create your adapter](/guides/adapters/creating-a-database-adapter) if you want to use Auth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
:::
---
@@ -125,30 +118,31 @@ You can [create your own adapter](/guides/adapters/creating-a-database-adapter)
The User model is for information such as the user's name and email address.
Email address is optional, but if one is specified for a User then it must be unique.
Email address is optional, but if one is specified for a User, then it must be unique.
:::note
If a user first signs in with OAuth then their email address is automatically populated using the one from their OAuth profile, if the OAuth provider returns one.
If a user first signs in with an OAuth provider, then their email address is automatically populated using the one from their OAuth profile if the OAuth provider returns one.
This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in future (if the [Email Provider](/getting-started/email-tutorial) is configured).
This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in the future (if the [Email Provider](/reference/core/providers_email) is configured).
:::
User creation in the database is automatic, and happens when the user is logging in for the first time with a provider. The default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider](/guides/providers/custom-provider)'s [`profile()`](/reference/core/providers#profile) callback.
User creation in the database is automatic and happens when the user is logging in for the first time with a provider.
If the first sign-in is via the [OAuth Provider](/reference/core/providers_oauth), the default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider](/guides/providers/custom-provider)'s [`profile()`](/reference/core/providers#profile) callback.
If the first sign-in is via the [Email Provider](/reference/core/providers_email), then the saved user will have `id`, `email`, `emailVerified`, where `emailVerified` is the timestamp of when the user was created.
### Account
The Account model is for information about OAuth accounts associated with a User. It will usually contain `access_token`, `id_token` and other OAuth specific data. [`TokenSet`](https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-tokensetinput) from `openid-client` might give you an idea of all the fields.
:::note
In case of an OAuth 1.0 provider (like Twitter), you will have to look for `oauth_token` and `oauth_token_secret` string fields. GitHub also has an extra `refresh_token_expires_in` integer field. You have to make sure that your database schema includes these fields.
:::
The Account model is for information about OAuth accounts associated with a User
A single User can have multiple Accounts, but each Account can only have one User.
Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information why this is a requirement.
Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `refresh_token`, `id_token` and `expires_at`. You can save other fields by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information on why this is a requirement.
:::tip
You can manually unlink accounts, if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
You can manually unlink accounts if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
:::
:::note
@@ -162,7 +156,7 @@ The Session model is used for database sessions. It is not used if JSON Web Toke
A single User can have multiple Sessions, each Session can only have one User.
:::tip
When a Session is read, we check if it's `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
When a Session is read, we check if its `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
:::
### Verification Token
@@ -171,7 +165,7 @@ The Verification Token model is used to store tokens for passwordless sign in.
A single User can have multiple open Verification Tokens (e.g. to sign in to different devices).
It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / short codes).
It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / magic codes, etc.).
:::note
Auth.js makes sure that every token is usable only once, and by default has a short (1 day, can be configured by [`maxAge`](/guides/providers/email)) lifetime. If your user did not manage to finish the sign-in flow in time, they will have to start the sign-in process again.
@@ -183,8 +177,7 @@ Due to users forgetting or failing at the sign-in flow, you might end up with un
## RDBMS Naming Convention
Auth.js / NextAuth.js uses `camelCase` for its own database rows, while respecting the conventional `snake_case` formatting for OAuth related values. If mixed casing is an issue for you, most adapters have a dedicated section on how to use a single naming convention.
Auth.js / NextAuth.js uses `camelCase` for its database rows while respecting the conventional `snake_case` formatting for OAuth-related values. If the mixed casing is an issue for you, most adapters have a dedicated documentation section on how to force a casing convention.
## TypeScript

2
docs/docusaurus.config.js
View File

@@ -7,7 +7,7 @@ const path = require("path")
const coreSrc = "../packages/core/src"
const providers = fs
.readdirSync(path.join(__dirname, coreSrc, "/providers"))
.filter((file) => file.endsWith(".ts") && !file.startsWith("oauth"))
.filter((file) => file.endsWith(".ts"))
.map((p) => `${coreSrc}/providers/${p}`)
const typedocConfig = require("./typedoc.json")

1
docs/static/img/providers/authentik.svg vendored Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

1
packages/adapter-neo4j/.npmrc Normal file
View File

@@ -0,0 +1 @@
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

8
packages/adapter-neo4j/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@next-auth/neo4j-adapter",
"version": "1.0.5",
"version": "1.0.6",
"description": "neo4j adapter for next-auth.",
"homepage": "https://authjs.dev",
"repository": "https://github.com/nextauthjs/next-auth",
@@ -33,7 +33,7 @@
"dist"
],
"peerDependencies": {
"neo4j-driver": "^4.0.0",
"neo4j-driver": "^4.0.0 || ^5.7.0",
"next-auth": "^4"
},
"devDependencies": {
@@ -41,7 +41,7 @@
"@next-auth/tsconfig": "workspace:*",
"@types/uuid": "^8.3.3",
"jest": "^27.4.3",
"neo4j-driver": "^4.4.0",
"neo4j-driver": "^5.7.0",
"next-auth": "workspace:*"
},
"dependencies": {
@@ -50,4 +50,4 @@
"jest": {
"preset": "@next-auth/adapter-test/jest"
}
}
}

2
packages/adapter-xata/src/index.ts
View File

@@ -195,7 +195,7 @@ import type { XataClient } from "./xata"
* xata init --schema=./path/to/your/schema.json
* ```
*
* The CLI will walk you through a setup process where you choose a [workspace](https://docs.xata.io/concepts/workspaces) (kind of like a GitHub org or a Vercel team) and an appropriate database. We recommend using a fresh database for this, as we'll augment it with tables that Auth.js needs.
* The CLI will walk you through a setup process where you choose a [workspace](https://xata.io/docs/api-reference/workspaces) (kind of like a GitHub org or a Vercel team) and an appropriate database. We recommend using a fresh database for this, as we'll augment it with tables that Auth.js needs.
*
* Once you're done, you can continue using Auth.js in your project as expected, like creating a `./pages/api/auth/[...nextauth]` route.
*

4
packages/core/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@auth/core",
"version": "0.7.0",
"version": "0.7.1",
"description": "Authentication for the Web.",
"keywords": [
"authentication",
@@ -93,4 +93,4 @@
"postcss": "8.4.19",
"postcss-nested": "6.0.0"
}
}
}

4
packages/core/src/adapters.ts
View File

@@ -228,6 +228,10 @@ export interface Adapter {
deleteUser?(
userId: string
): Promise<void> | Awaitable<AdapterUser | null | undefined>
/**
* This method is invoked internally (but optionally can be used for manual linking).
* It creates an [Account](https://authjs.dev/reference/adapters#models) in the database.
*/
linkAccount?(
account: AdapterAccount
): Promise<void> | Awaitable<AdapterAccount | null | undefined>

80
packages/core/src/errors.ts
View File

@@ -20,13 +20,6 @@ export class AuthError extends Error {
}
}
/**
* @todo
* Thrown when an Email address is already associated with an account
* but the user is trying an OAuth account that is not linked to it.
*/
export class AccountNotLinked extends AuthError {}
/**
* @todo
* One of the database `Adapter` methods failed.
@@ -37,8 +30,8 @@ export class AdapterError extends AuthError {}
export class AuthorizedCallbackError extends AuthError {}
/**
* There was an error while trying to finish up authenticating the user.
* Depending on the type of provider, this could be for multiple reasons.
* This error occurs when the user cannot finish the sign-in process.
* Depending on the provider type, this could have happened for multiple reasons.
*
* :::tip
* Check out `[auth][details]` in the error message to know which provider failed.
@@ -48,7 +41,7 @@ export class AuthorizedCallbackError extends AuthError {}
* ```
* :::
*
* For an **OAuth provider**, possible causes are:
* For an [OAuth provider](https://authjs.dev/reference/core/providers_oauth), possible causes are:
* - The user denied access to the application
* - There was an error parsing the OAuth Profile:
* Check out the provider's `profile` or `userinfo.request` method to make sure
@@ -56,7 +49,7 @@ export class AuthorizedCallbackError extends AuthError {}
* - The `signIn` or `jwt` callback methods threw an uncaught error:
* Check the callback method implementations.
*
* For an **Email provider**, possible causes are:
* For an [Email provider](https://authjs.dev/reference/core/providers_email), possible causes are:
* - The provided email/token combination was invalid/missing:
* Check if the provider's `sendVerificationRequest` method correctly sends the email.
* - The provided email/token combination has expired:
@@ -64,7 +57,7 @@ export class AuthorizedCallbackError extends AuthError {}
* - There was an error with the database:
* Check the database logs.
*
* For a **Credentials provider**, possible causes are:
* For a [Credentials provider](https://authjs.dev/reference/core/providers_credentials), possible causes are:
* - The `authorize` method threw an uncaught error:
* Check the provider's `authorize` method.
* - The `signIn` or `jwt` callback methods threw an uncaught error:
@@ -107,11 +100,30 @@ export class MissingAPIRoute extends AuthError {}
/** @todo */
export class MissingAuthorize extends AuthError {}
/** @todo */
/**
* Auth.js requires a secret to be set, but none was not found. This is used to encrypt cookies, JWTs and other sensitive data.
*
* :::note
* If you are using a framework like Next.js, we try to automatically infer the secret from the `AUTH_SECRET` environment variable.
* Alternatively, you can also explicitly set the [`AuthConfig.secret`](https://authjs.dev/reference/core#secret).
* :::
*
*
* :::tip
* You can generate a good secret value:
* - On Unix systems: type `openssl rand -hex 32` in the terminal
* - Or generate one [online](https://generate-secret.vercel.app/32)
*
* :::
*/
export class MissingSecret extends AuthError {}
/** @todo */
export class OAuthSignInError extends AuthError {}
/**
* @todo
* Thrown when an Email address is already associated with an account
* but the user is trying an OAuth account that is not linked to it.
*/
export class OAuthAccountNotLinked extends AuthError {}
/** @todo */
export class OAuthCallbackError extends AuthError {}
@@ -119,19 +131,51 @@ export class OAuthCallbackError extends AuthError {}
/** @todo */
export class OAuthCreateUserError extends AuthError {}
/** @todo */
/**
* This error occurs during an OAuth sign in attempt when the provdier's
* response could not be parsed. This could for example happen if the provider's API
* changed, or the [`OAuth2Config.profile`](https://authjs.dev/reference/core/providers_oauth#profile) method is not implemented correctly.
*/
export class OAuthProfileParseError extends AuthError {}
/** @todo */
export class SessionTokenError extends AuthError {}
/** @todo */
/**
* This error occurs when the user cannot initiate the sign-in process.
* Depending on the provider type, this could have happened for multiple reasons.
*
* :::tip
* Check out `[auth][details]` in the error message to know which provider failed.
* @example
* ```sh
* [auth][details]: { "provider": "github" }
* ```
* :::
*
* For an [OAuth provider](https://authjs.dev/reference/core/providers_oauth), possible causes are:
* - The Authorization Server is not compliant with the [OAuth 2.0 specifcation](https://www.ietf.org/rfc/rfc6749.html)
* Check the details in the error message.
* - A runtime error occurred in Auth.js. This should be reported as a bug.
*
* For an [Email provider](https://authjs.dev/reference/core/providers_email), possible causes are:
* - The email sent from the client is invalid, could not be normalized by [`EmailConfig.normalizeIdentifier`](https://authjs.dev/reference/core/providers_email#normalizeidentifier)
* - The provided email/token combination has expired:
* Ask the user to log in again.
* - There was an error with the database:
* Check the database logs.
*
*/
export class SignInError extends AuthError {}
/** @todo */
export class SignOutError extends AuthError {}
/** @todo */
/**
* Auth.js was requested to handle an operation that it does not support.
*
* See [`AuthAction`](https://authjs.dev/reference/core/types#authaction) for the supported actions.
*/
export class UnknownAction extends AuthError {}
/** @todo */

4
packages/core/src/jwt.ts
View File

@@ -190,7 +190,7 @@ export interface JWTEncodeParams<Payload = JWT> {
/**
* The maximum age of the Auth.js issued JWT in seconds.
*
* @default 30 * 24 * 30 * 60 // 30 days
* @default 30 * 24 * 60 * 60 // 30 days
*/
maxAge?: number
}
@@ -213,7 +213,7 @@ export interface JWTOptions {
/**
* The maximum age of the Auth.js issued JWT in seconds.
*
* @default 30 * 24 * 30 * 60 // 30 days
* @default 30 * 24 * 60 * 60 // 30 days
*/
maxAge: number
/** Override this method to control the Auth.js issued JWT encoding. */

205
packages/core/src/lib/callback-handler.ts
View File

@@ -1,4 +1,4 @@
import { AccountNotLinked } from "../errors.js"
import { OAuthAccountNotLinked } from "../errors.js"
import { fromDate } from "./utils/date.js"
import type {
@@ -49,7 +49,7 @@ export async function handleLogin(
}
const profile = _profile as AdapterUser
const account = _account as AdapterAccount
let account = _account as AdapterAccount
const {
createUser,
@@ -122,113 +122,116 @@ export async function handleLogin(
})
return { session, user, isNewUser }
} else if (account.type === "oauth" || account.type === "oidc") {
// If signing in with OAuth account, check to see if the account exists already
const userByAccount = await getUserByAccount({
providerAccountId: account.providerAccountId,
provider: account.provider,
})
if (userByAccount) {
if (user) {
// If the user is already signed in with this account, we don't need to do anything
if (userByAccount.id === user.id) {
return { session, user, isNewUser }
}
// If the user is currently signed in, but the new account they are signing in
// with is already associated with another user, then we cannot link them
// and need to return an error.
throw new AccountNotLinked(
"The account is already associated with another user",
{ provider: account.provider }
)
}
// If there is no active session, but the account being signed in with is already
// associated with a valid user then create session to sign the user in.
session = useJwtSession
? {}
: await createSession({
sessionToken: generateSessionToken(),
userId: userByAccount.id,
expires: fromDate(options.session.maxAge),
})
}
return { session, user: userByAccount, isNewUser }
} else {
if (user) {
// If the user is already signed in and the OAuth account isn't already associated
// with another user account then we can go ahead and link the accounts safely.
await linkAccount({ ...account, userId: user.id })
await events.linkAccount?.({ user, account, profile })
// As they are already signed in, we don't need to do anything after linking them
// If signing in with OAuth account, check to see if the account exists already
const userByAccount = await getUserByAccount({
providerAccountId: account.providerAccountId,
provider: account.provider,
})
if (userByAccount) {
if (user) {
// If the user is already signed in with this account, we don't need to do anything
if (userByAccount.id === user.id) {
return { session, user, isNewUser }
}
// If the user is currently signed in, but the new account they are signing in
// with is already associated with another user, then we cannot link them
// and need to return an error.
throw new OAuthAccountNotLinked(
"The account is already associated with another user",
{ provider: account.provider }
)
}
// If there is no active session, but the account being signed in with is already
// associated with a valid user then create session to sign the user in.
session = useJwtSession
? {}
: await createSession({
sessionToken: generateSessionToken(),
userId: userByAccount.id,
expires: fromDate(options.session.maxAge),
})
// If the user is not signed in and it looks like a new OAuth account then we
// check there also isn't an user account already associated with the same
// email address as the one in the OAuth profile.
//
// This step is often overlooked in OAuth implementations, but covers the following cases:
//
// 1. It makes it harder for someone to accidentally create two accounts.
// e.g. by signin in with email, then again with an oauth account connected to the same email.
// 2. It makes it harder to hijack a user account using a 3rd party OAuth account.
// e.g. by creating an oauth account then changing the email address associated with it.
//
// It's quite common for services to automatically link accounts in this case, but it's
// better practice to require the user to sign in *then* link accounts to be sure
// someone is not exploiting a problem with a third party OAuth service.
//
// OAuth providers should require email address verification to prevent this, but in
// practice that is not always the case; this helps protect against that.
const userByEmail = profile.email
? await getUserByEmail(profile.email)
: null
if (userByEmail) {
const provider = options.provider as OAuthConfig<any>
if (provider?.allowDangerousEmailAccountLinking) {
// If you trust the oauth provider to correctly verify email addresses, you can opt-in to
// account linking even when the user is not signed-in.
user = userByEmail
} else {
// We end up here when we don't have an account with the same [provider].id *BUT*
// we do already have an account with the same email address as the one in the
// OAuth profile the user has just tried to sign in with.
//
// We don't want to have two accounts with the same email address, and we don't
// want to link them in case it's not safe to do so, so instead we prompt the user
// to sign in via email to verify their identity and then link the accounts.
throw new AccountNotLinked(
"Another account already exists with the same e-mail address",
{ provider: account.provider }
)
}
} else {
// If the current user is not logged in and the profile isn't linked to any user
// accounts (by email or provider account id)...
//
// If no account matching the same [provider].id or .email exists, we can
// create a new account for the user, link it to the OAuth account and
// create a new session for them so they are signed in with it.
const { id: _, ...newUser } = { ...profile, emailVerified: null }
user = await createUser(newUser)
}
await events.createUser?.({ user })
return { session, user: userByAccount, isNewUser }
} else {
const { provider: p } = options as InternalOptions<"oauth" | "oidc">
const { type, provider, providerAccountId, userId, ...tokenSet } = account
const defaults = { providerAccountId, provider, type, userId }
account = Object.assign(p.account(tokenSet), defaults)
if (user) {
// If the user is already signed in and the OAuth account isn't already associated
// with another user account then we can go ahead and link the accounts safely.
await linkAccount({ ...account, userId: user.id })
await events.linkAccount?.({ user, account, profile })
session = useJwtSession
? {}
: await createSession({
sessionToken: generateSessionToken(),
userId: user.id,
expires: fromDate(options.session.maxAge),
})
return { session, user, isNewUser: true }
// As they are already signed in, we don't need to do anything after linking them
return { session, user, isNewUser }
}
}
throw new Error("Unsupported account type")
// If the user is not signed in and it looks like a new OAuth account then we
// check there also isn't an user account already associated with the same
// email address as the one in the OAuth profile.
//
// This step is often overlooked in OAuth implementations, but covers the following cases:
//
// 1. It makes it harder for someone to accidentally create two accounts.
// e.g. by signin in with email, then again with an oauth account connected to the same email.
// 2. It makes it harder to hijack a user account using a 3rd party OAuth account.
// e.g. by creating an oauth account then changing the email address associated with it.
//
// It's quite common for services to automatically link accounts in this case, but it's
// better practice to require the user to sign in *then* link accounts to be sure
// someone is not exploiting a problem with a third party OAuth service.
//
// OAuth providers should require email address verification to prevent this, but in
// practice that is not always the case; this helps protect against that.
const userByEmail = profile.email
? await getUserByEmail(profile.email)
: null
if (userByEmail) {
const provider = options.provider as OAuthConfig<any>
if (provider?.allowDangerousEmailAccountLinking) {
// If you trust the oauth provider to correctly verify email addresses, you can opt-in to
// account linking even when the user is not signed-in.
user = userByEmail
} else {
// We end up here when we don't have an account with the same [provider].id *BUT*
// we do already have an account with the same email address as the one in the
// OAuth profile the user has just tried to sign in with.
//
// We don't want to have two accounts with the same email address, and we don't
// want to link them in case it's not safe to do so, so instead we prompt the user
// to sign in via email to verify their identity and then link the accounts.
throw new OAuthAccountNotLinked(
"Another account already exists with the same e-mail address",
{ provider: account.provider }
)
}
} else {
// If the current user is not logged in and the profile isn't linked to any user
// accounts (by email or provider account id)...
//
// If no account matching the same [provider].id or .email exists, we can
// create a new account for the user, link it to the OAuth account and
// create a new session for them so they are signed in with it.
const { id: _, ...newUser } = { ...profile, emailVerified: null }
user = await createUser(newUser)
}
await events.createUser?.({ user })
await linkAccount({ ...account, userId: user.id })
await events.linkAccount?.({ user, account, profile })
session = useJwtSession
? {}
: await createSession({
sessionToken: generateSessionToken(),
userId: user.id,
expires: fromDate(options.session.maxAge),
})
return { session, user, isNewUser: true }
}
}

3
packages/core/src/lib/index.ts
View File

@@ -110,14 +110,11 @@ export async function AuthInternal<
if (
[
"Signin",
"OAuthSignin",
"OAuthCallback",
"OAuthCreateAccount",
"EmailCreateAccount",
"Callback",
"OAuthAccountNotLinked",
"EmailSignin",
"CredentialsSignin",
"SessionRequired",
].includes(error as string)
) {

37
packages/core/src/lib/oauth/callback.ts
View File

@@ -3,6 +3,7 @@ import * as o from "oauth4webapi"
import { OAuthCallbackError, OAuthProfileParseError } from "../../errors.js"
import type {
Account,
InternalOptions,
LoggerInstance,
Profile,
@@ -123,8 +124,8 @@ export async function handleOAuth(
throw new Error("TODO: Handle www-authenticate challenges as needed")
}
let profile: Profile = {}
let tokens: TokenSet
let profile: Profile
let tokens: TokenSet & Pick<Account, "expires_at">
if (provider.type === "oidc") {
const nonce = await checks.nonce.use(cookies, resCookies, options)
@@ -162,37 +163,49 @@ export async function handleOAuth(
(tokens as any).access_token
)
profile = await userinfoResponse.json()
} else {
throw new TypeError("No userinfo endpoint configured")
}
}
const profileResult = await getProfile(profile, provider, tokens, logger)
if (tokens.expires_in) {
tokens.expires_at =
Math.floor(Date.now() / 1000) + Number(tokens.expires_in)
}
const profileResult = await getUserAndProfile(
profile,
provider,
tokens,
logger
)
return { ...profileResult, cookies: resCookies }
}
/** Returns profile, raw profile and auth provider details */
async function getProfile(
async function getUserAndProfile(
OAuthProfile: Profile,
provider: OAuthConfigInternal<any>,
tokens: TokenSet,
logger: LoggerInstance
) {
try {
const profile = await provider.profile(OAuthProfile, tokens)
profile.email = profile.email?.toLowerCase()
const user = await provider.profile(OAuthProfile, tokens)
user.email = user.email?.toLowerCase()
if (!profile.id) {
if (!user.id) {
throw new TypeError(
`Profile id is missing in ${provider.name} OAuth profile response`
`User id is missing in ${provider.name} OAuth profile response`
)
}
return {
profile,
user,
account: {
provider: provider.id,
type: provider.type,
providerAccountId: profile.id.toString(),
providerAccountId: user.id.toString(),
...tokens,
},
OAuthProfile,
@@ -206,6 +219,8 @@ async function getProfile(
// redirected back to the sign up page. We log the error to help developers
// who might be trying to debug this when configuring a new provider.
logger.debug("getProfile error details", OAuthProfile)
logger.error(new OAuthProfileParseError(e as Error))
logger.error(
new OAuthProfileParseError(e as Error, { provider: provider.id })
)
}
}

47
packages/core/src/lib/providers.ts
View File

@@ -1,13 +1,15 @@
import { merge } from "./utils/merge.js"
import type {
AccountCallback,
OAuthConfig,
OAuthConfigInternal,
OAuthEndpointType,
OAuthUserConfig,
ProfileCallback,
Provider,
} from "../providers/index.js"
import type { AuthConfig, InternalProvider } from "../types.js"
import type { AuthConfig, InternalProvider, Profile } from "../types.js"
/**
* Adds `signinUrl` and `callbackUrl` to each provider
@@ -77,18 +79,47 @@ function normalizeOAuth(
checks,
userinfo,
profile: c.profile ?? defaultProfile,
account: c.account ?? defaultAccount,
}
}
function defaultProfile(profile: any) {
return {
/**
* Returns basic user profile from the userinfo response/`id_token` claims.
* @see https://authjs.dev/reference/adapters#user
* @see https://openid.net/specs/openid-connect-core-1_0.html#IDToken
* @see https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
*/
const defaultProfile: ProfileCallback<Profile> = (profile) => {
return stripUndefined({
id: profile.sub ?? profile.id,
name:
profile.name ?? profile.nickname ?? profile.preferred_username ?? null,
email: profile.email ?? null,
image: profile.picture ?? null,
}
name: profile.name ?? profile.nickname ?? profile.preferred_username,
email: profile.email,
image: profile.picture,
})
}
/**
* Returns basic OAuth/OIDC values from the token response.
* @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
* @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
* @see https://authjs.dev/reference/adapters#account
*
* @todo Return `refresh_token` and `expires_at` as well when built-in
* refresh token support is added. (Can make it opt-in first with a flag).
*/
const defaultAccount: AccountCallback = (account) => {
return stripUndefined({
access_token: account.access_token,
id_token: account.id_token,
})
}
function stripUndefined<T extends object>(o: T): T {
const result = {} as any
for (let [k, v] of Object.entries(o)) v !== undefined && (result[k] = v)
return result as T
}
function normalizeEndpoint(
e?: OAuthConfig<any>[OAuthEndpointType],
issuer?: string

23
packages/core/src/lib/routes/callback.ts
View File

@@ -68,14 +68,18 @@ export async function callback(params: {
logger.debug("authorization result", authorizationResult)
const { profile, account, OAuthProfile } = authorizationResult
const {
user: userFromProvider,
account,
OAuthProfile,
} = authorizationResult
// If we don't have a profile object then either something went wrong
// or the user cancelled signing in. We don't know which, so we just
// direct the user to the signin page for now. We could do something
// else in future.
// TODO: Handle user cancelling signin
if (!profile || !account || !OAuthProfile) {
if (!userFromProvider || !account || !OAuthProfile) {
return { redirect: `${url}/signin`, cookies }
}
@@ -83,7 +87,7 @@ export async function callback(params: {
// Attempt to get Profile from OAuth provider details before invoking
// signIn callback - but if no user object is returned, that is fine
// (that just means it's a new user signing in for the first time).
let userOrProfile = profile
let userByAccountOrFromProvider
if (adapter) {
const { getUserByAccount } = adapter
const userByAccount = await getUserByAccount({
@@ -91,11 +95,15 @@ export async function callback(params: {
provider: provider.id,
})
if (userByAccount) userOrProfile = userByAccount
if (userByAccount) userByAccountOrFromProvider = userByAccount
}
const unauthorizedOrError = await handleAuthorized(
{ user: userOrProfile, account, profile: OAuthProfile },
{
user: userByAccountOrFromProvider,
account,
profile: OAuthProfile,
},
options
)
@@ -104,7 +112,7 @@ export async function callback(params: {
// Sign user in
const { user, session, isNewUser } = await handleLogin(
sessionStore.value,
profile,
userFromProvider,
account,
options
)
@@ -152,7 +160,7 @@ export async function callback(params: {
})
}
await events.signIn?.({ user, account, profile, isNewUser })
await events.signIn?.({ user, account, profile: OAuthProfile, isNewUser })
// Handle first logins on new accounts
// e.g. option to send users to a new account landing page on initial login
@@ -362,6 +370,7 @@ export async function callback(params: {
} catch (e) {
const error = new CallbackRouteError(e as Error, { provider: provider.id })
logger.debug("callback route error details", { method, query, body })
logger.error(error)
url.searchParams.set("error", CallbackRouteError.name)
url.pathname += "/error"

5
packages/core/src/lib/routes/signin.ts
View File

@@ -55,8 +55,9 @@ export async function signin(
} catch (e) {
const error = new SignInError(e as Error, { provider: provider.id })
logger.error(error)
url.searchParams.set("error", error.name)
url.pathname += "/error"
const code = provider.type === "email" ? "EmailSignin" : "OAuthSignin"
url.searchParams.set("error", code)
url.pathname += "/signin"
return { redirect: url.toString() }
}
}

2
packages/core/src/lib/web.ts
View File

@@ -33,6 +33,8 @@ export async function toInternalRequest(
// TODO: url.toString() should not include action and providerId
// see init.ts
const url = new URL(req.url.replace(/\/$/, ""))
// FIXME: Upstream issue in Next.js, pathname segments get included as part of the query string
url.searchParams.delete("nextauth")
const { pathname } = url
const action = actions.find((a) => pathname.includes(a))

20
packages/core/src/providers/42-school.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <div style={{backgroundColor: "#fff", display: "flex", justifyContent: "space-between", color: "#000", padding: 16}}>
* <span>Built-in <b>42School</b> integration.</span>
* TODO: SVG logo
* <a href="https://api.intra.42.fr//">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/42-school.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/42-school
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -167,9 +165,15 @@ export interface FortyTwoProfile extends UserData, Record<string, any> {
/**
* Add 42School login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/42-school
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import 42School from "@auth/core/providers/42-school"
*
@@ -179,13 +183,13 @@ export interface FortyTwoProfile extends UserData, Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [42School OAuth documentation](https://api.intra.42.fr/apidoc/guides/web_application_flow)
*
* ## Notes
* ### Notes
*
*
*
* :::note
* 42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
* :::

13
packages/core/src/providers/apple.ts
View File

@@ -97,7 +97,14 @@ export interface AppleProfile extends Record<string, any> {
}
/**
* ## Setup
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/apple
* ```
*
* #### Configuration
*
* Import the provider and configure it in your **Auth.js** initialization file:
*
@@ -115,14 +122,14 @@ export interface AppleProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - Sign in with Apple [Overview](https://developer.apple.com/sign-in-with-apple/get-started/)
* - Sign in with Apple [REST API](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api)
* - [How to retrieve](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773) the user's information from Apple ID servers
* - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
* ## Notes
* ### Notes
*
* The Apple provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/apple.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
*

13
packages/core/src/providers/asgardeo.ts
View File

@@ -35,7 +35,14 @@ export interface AsgardeoProfile extends Record<string, any> {
/**
*
* ## Setup
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/asgardeo
* ```
*
* #### Configuration
*
* Import the provider and configure it in your **Auth.js** initialization file:
*
@@ -75,12 +82,12 @@ export interface AsgardeoProfile extends Record<string, any> {
* ASGARDEO_ISSUER="Copy the issuer url from the info tab here"
* ```
*
* ## Resources
* ### Resources
*
* - [Asgardeo - Authentication Guide](https://wso2.com/asgardeo/docs/guides/authentication)
* - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
*
* ## Notes
* ### Notes
*
* The Asgardeo provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
*

13
packages/core/src/providers/atlassian.ts
View File

@@ -33,7 +33,14 @@ export interface AtlassianProfile extends Record<string, any> {
}
/**
* ## Setup
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/atlassian
* ```
*
* #### Configuration
*
* Import the provider and configure it in your **Auth.js** initialization file:
*
@@ -51,11 +58,11 @@ export interface AtlassianProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Atlassian docs](https://developer.atlassian.com/server/jira/platform/oauth/)
*
* ## Notes
* ### Notes
*
* The Atlassian provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/atlassian.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
*

13
packages/core/src/providers/auth0.ts
View File

@@ -75,7 +75,14 @@ export interface Auth0Profile extends Record<string, any> {
}
/**
* ## Setup
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/auth0
* ```
*
* #### Configuration
*
* Import the provider and configure it in your **Auth.js** initialization file:
*
@@ -93,11 +100,11 @@ export interface Auth0Profile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Auth0 docs](https://auth0.com/docs/authenticate)
*
* ## Notes
* ### Notes
*
* The Auth0 provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
*

20
packages/core/src/providers/authentik.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#0072c6", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <div style={{backgroundColor: "#fd4b2d", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>Authentik</b> integration.</span>
* TODO: SVG logo
* <a href="https://goauthentik.io/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/authentik.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/authentik
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -36,9 +34,15 @@ export interface AuthentikProfile extends Record<string, any> {
/**
* Add Authentik login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/authentik
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Authentik from "@auth/core/providers/authentik"
*
@@ -47,16 +51,16 @@ export interface AuthentikProfile extends Record<string, any> {
* providers: [Authentik({ clientId: AUTHENTIK_CLIENT_ID, clientSecret: AUTHENTIK_CLIENT_SECRET, issuer: AUTHENTIK_ISSUER })],
* })
* ```
*
*
* :::note
* issuer should include the slug without a trailing slash e.g., https://my-authentik-domain.com/application/o/My_Slug
* :::
*
* ## Resources
* ### Resources
*
* - [Authentik OAuth documentation](https://goauthentik.io/docs/providers/oauth2)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Authentik provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

7
packages/core/src/providers/azure-ad-b2c.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/azure-ad-b2c
*/
@@ -60,7 +59,7 @@ export interface AzureADB2CProfile {
* - Identity Provider Access Token
* - User's Object ID
*
* ## Example
* @example
*
* ```ts
* import { Auth } from "@auth/core"
@@ -75,13 +74,13 @@ export interface AzureADB2CProfile {
*
* ---
*
* ## Resources
* ### Resources
*
* - [Azure Active Directory B2C documentation](https://learn.microsoft.com/en-us/azure/active-directory-b2c)
*
* ---
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Azure AD B2C provider is
* based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.

39
packages/core/src/providers/azure-ad.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/azure-ad
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface AzureADProfile extends Record<string, any> {
/**
* Add AzureAd login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/azure-ad
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import AzureAd from "@auth/core/providers/azure-ad"
*
@@ -33,15 +38,15 @@ export interface AzureADProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [AzureAd OAuth documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow/)
* - [AzureAd OAuth apps](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app/)
*
* ## Example
*
* @example
*
* ### To allow specific Active Directory users access:
*
*
* - In https://portal.azure.com/ search for "Azure Active Directory", and select your organization.
* - Next, go to "App Registration" in the left menu, and create a new one.
* - Pay close attention to "Who can use this application or access this API?"
@@ -53,26 +58,26 @@ export interface AzureADProfile extends Record<string, any> {
* - Application (client) ID
* - Directory (tenant) ID
* - Client secret (value)
*
*
* In `.env.local` create the following entries:
*
*
* ```
* AZURE_AD_CLIENT_ID=<copy Application (client) ID here>
* AZURE_AD_CLIENT_SECRET=<copy generated client secret value here>
* AZURE_AD_TENANT_ID=<copy the tenant id here>
* ```
*
*
* That will default the tenant to use the `common` authorization endpoint. [For more details see here](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
*
*
* :::note
* Azure AD returns the profile picture in an ArrayBuffer, instead of just a URL to the image, so our provider converts it to a base64 encoded image string and returns that instead. See: https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples. The default image size is 48x48 to avoid [running out of space](https://next-auth.js.org/faq#:~:text=What%20are%20the%20disadvantages%20of%20JSON%20Web%20Tokens%3F) in case the session is saved as a JWT.
* :::
*
*
* In `pages/api/auth/[...nextauth].js` find or add the `AzureAD` entries:
*
*
* ```js
* import AzureADProvider from "next-auth/providers/azure-ad";
*
*
* ...
* providers: [
* AzureADProvider({
@@ -82,10 +87,10 @@ export interface AzureADProfile extends Record<string, any> {
* }),
* ]
* ...
*
*
* ```
*
* ## Notes
*
* ### Notes
*
* By default, Auth.js assumes that the AzureAd provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

16
packages/core/src/providers/battlenet.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>Battle.net</b> integration.</span>
* TODO: SVG logo
* <a href="https://Battle.net/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/battlenet.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/battlenet
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -25,9 +23,15 @@ export type BattleNetIssuer =
/**
* Add Battle.net login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/battlenet
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import BattleNet from "@auth/core/providers/battlenet"
*
@@ -46,11 +50,11 @@ export type BattleNetIssuer =
* | "https://tw.battle.net/oauth"
* ```
*
* ## Resources
* ### Resources
*
* - [BattleNet OAuth documentation](https://develop.battle.net/documentation/guides/using-oauth)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the BattleNet provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

7
packages/core/src/providers/beyondidentity.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/beyondidentity
*/
@@ -27,7 +26,7 @@ export interface BeyondIdentityProfile {
/**
* Add Beyond Identity login to your page.
*
* ## Example
* @example
*
* ```ts
* import { Auth } from "@auth/core"
@@ -41,13 +40,13 @@ export interface BeyondIdentityProfile {
*
* ---
*
* ## Resources
* ### Resources
*
* - [Beyond Identity Developer Docs](https://developer.beyondidentity.com/)
*
* ---
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the BeyondIdentity provider is
* based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.

19
packages/core/src/providers/box.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>Box</b> integration.</span>
* TODO: SVG logo
* <a href="https://box.com/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/box.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/box
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Box login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/box
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Box from "@auth/core/providers/box"
*
@@ -27,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Box developers documentation](https://developer.box.com/reference/)
* - [Box OAuth documentation](https://developer.box.com/guides/sso-identities-and-app-users/connect-okta-to-app-users/configure-box/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Box provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -54,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Box(options: OAuthUserConfig<Record<string, any>>
export default function Box(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "box",

36
packages/core/src/providers/boxyhq-saml.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>BoxyHQ SAML</b> integration.</span>
* TODO: SVG logo
* <a href="https://boxyhq.com/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/boxyhq-saml.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/boxyhq-saml
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -23,12 +21,18 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
* Add BoxyHQ SAML login to your page.
*
* BoxyHQ SAML is an open source service that handles the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol.
*
* You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
*
* @example
*
* ```js
* You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
*
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/boxyhq-saml
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import BoxyHQ from "@auth/core/providers/boxyhq-saml"
*
@@ -38,23 +42,23 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [BoxyHQ OAuth documentation](https://example.com)
*
* ## Configuration
*
*
* SAML login requires a configuration for every tenant of yours. One common method is to use the domain for an email address to figure out which tenant they belong to. You can also use a unique tenant ID (string) from your backend for this, typically some kind of account or organization ID.
*
*
* Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-config-api) for more details.
*
*
*
*
* On the client side you'll need to pass additional parameters `tenant` and `product` to the `signIn` function. This will allow BoxyHQL SAML to figure out the right SAML configuration and take your user to the right SAML Identity Provider to sign them in.
*
*
* ```tsx
* import { signIn } from "next-auth/react";
* ...
*
*
* // Map your users's email to a tenant and product
* const tenant = email.split("@")[1];
* const product = 'my_awesome_product';
@@ -62,12 +66,12 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
* <Button
* onClick={async (event) => {
* event.preventDefault();
*
*
* signIn("boxyhq-saml", {}, { tenant, product });
* }}>
* ...
* ```
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the BoxyHQ provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

77
packages/core/src/providers/bungie.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>Bungie</b> integration.</span>
* TODO: SVG logo
* <a href="https://bungie.net/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/bungie.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/bungie
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Bungie login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/bungie
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Bungie from "@auth/core/providers/bungie"
*
@@ -27,22 +31,22 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Bungie OAuth documentation](https://github.com/Bungie-net/api/wiki/OAuth-Documentation)
*
* ## Configuration
*
*
* :::tip
* Bungie require all sites to run HTTPS (including local development instances).
* :::
*
*
* :::tip
* Bungie doesn't allow you to use localhost as the website URL, instead you need to use https://127.0.0.1:3000
* :::
*
*
* Navigate to https://www.bungie.net/en/Application and fill in the required details:
*
*
* - Application name
* - Application Status
* - Website
@@ -53,73 +57,73 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* - Scope
* - `Access items like your Bungie.net notifications, memberships, and recent Bungie.Net forum activity.`
* - Origin Header
*
*
* The following guide may be helpful:
*
*
* - [How to setup localhost with HTTPS with a Next.js app](https://medium.com/@anMagpie/secure-your-local-development-server-with-https-next-js-81ac6b8b3d68)
*
* ### Example server
*
*
* #@example server
*
* You will need to edit your host file and point your site at `127.0.0.1`
*
*
* [How to edit my host file?](https://phoenixnap.com/kb/how-to-edit-hosts-file-in-windows-mac-or-linux)
*
*
* On Windows (Run Powershell as administrator)
*
*
* ```ps
* Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "127.0.0.1`tdev.example.com" -Force
* ```
*
*
* ```
* 127.0.0.1 dev.example.com
* ```
*
*
* ### Create certificate
*
*
* Creating a certificate for localhost is easy with openssl. Just put the following command in the terminal. The output will be two files: localhost.key and localhost.crt.
*
*
* ```bash
* openssl req -x509 -out localhost.crt -keyout localhost.key \
* -newkey rsa:2048 -nodes -sha256 \
* -subj "/CN=localhost" -extensions EXT -config <( \
* printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
* ```
*
*
* :::tip
* **Windows**
*
*
* The OpenSSL executable is distributed with [Git](https://git-scm.com/download/win]9) for Windows.
* Once installed you will find the openssl.exe file in `C:/Program Files/Git/mingw64/bin` which you can add to the system PATH environment variable if its not already done.
*
*
* Add environment variable `OPENSSL_CONF=C:/Program Files/Git/mingw64/ssl/openssl.cnf`
*
*
* ```bash
* req -x509 -out localhost.crt -keyout localhost.key \
* -newkey rsa:2048 -nodes -sha256 \
* -subj "/CN=localhost"
* ```
*
*
* :::
*
*
* Create directory `certificates` and place `localhost.key` and `localhost.crt`
*
*
* You can create a `server.js` in the root of your project and run it with `node server.js` to test Sign in with Bungie integration locally:
*
*
* ```js
* const { createServer } = require("https")
* const { parse } = require("url")
* const next = require("next")
* const fs = require("fs")
*
*
* const dev = process.env.NODE_ENV !== "production"
* const app = next({ dev })
* const handle = app.getRequestHandler()
*
*
* const httpsOptions = {
* key: fs.readFileSync("./certificates/localhost.key"),
* cert: fs.readFileSync("./certificates/localhost.crt"),
* }
*
*
* app.prepare().then(() => {
* createServer(httpsOptions, (req, res) => {
* const parsedUrl = parse(req.url, true)
@@ -130,9 +134,9 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* })
* ```
*
*
* ## Notes
*
*
* ### Notes
*
* By default, Auth.js assumes that the Bungie provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -154,7 +158,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Bungie(options: OAuthUserConfig<Record<string, any>>
export default function Bungie(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "bungie",

19
packages/core/src/providers/cognito.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/cognito
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface CognitoProfile extends Record<string, any> {
/**
* Add Cognito login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/cognito
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Cognito from "@auth/core/providers/cognito"
*
@@ -33,13 +38,13 @@ export interface CognitoProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Cognito OAuth documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html)
*
* ## Notes
* ### Notes
* You need to select your AWS region to go the the Cognito dashboard.
*
*
* :::tip
* The issuer is a URL, that looks like this: https://cognito-idp.{region}.amazonaws.com/{PoolId}
* :::
@@ -47,7 +52,7 @@ export interface CognitoProfile extends Record<string, any> {
* :::warning
* Make sure you select all the appropriate client settings or the OAuth flow will not work.
* :::
*
*
* By default, Auth.js assumes that the Cognito provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
*

20
packages/core/src/providers/coinbase.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/coinbase
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Coinbase login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/coinbase
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Coinbase from "@auth/core/providers/coinbase"
*
@@ -26,16 +31,16 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Coinbase OAuth documentation](https://developers.coinbase.com/api/v2)
*
* ## Notes
* ### Notes
*
* :::tip
* This Provider template has a 2 hour access token to it. A refresh token is also returned.
* :::
*
*
* By default, Auth.js assumes that the Coinbase provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
@@ -56,7 +61,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Coinbase(options: OAuthUserConfig<Record<string, any>>
export default function Coinbase(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "coinbase",

15
packages/core/src/providers/discord.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/discord
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -88,9 +87,15 @@ export interface DiscordProfile extends Record<string, any> {
/**
* Add Discord login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/discord
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Discord from "@auth/core/providers/discord"
*
@@ -100,12 +105,12 @@ export interface DiscordProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Discord OAuth documentation](https://discord.com/developers/docs/topics/oauth2)
* - [Discord OAuth apps](https://discord.com/developers/applications)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Discord provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

18
packages/core/src/providers/dropbox.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/dropbox
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Dropbox login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/dropbox
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Dropbox from "@auth/core/providers/dropbox"
*
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Dropbox OAuth documentation](https://developers.dropbox.com/oauth-guide)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Dropbox provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -52,7 +57,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Dropbox(options: OAuthUserConfig<Record<string, any>>
export default function Dropbox(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "dropbox",

25
packages/core/src/providers/duende-identity-server6.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/duende-identity-server6
*/
import type { OAuthConfig, OAuthUserConfig } from "./oauth.js"
@@ -21,9 +20,15 @@ export interface DuendeISUser extends Record<string, any> {
/**
* Add DuendeIdentityServer6 login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/duende-identity-server6
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import DuendeIdentityServer6 from "@auth/core/providers/duende-identity-server6"
*
@@ -33,21 +38,21 @@ export interface DuendeISUser extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [DuendeIdentityServer6 documentation](https://docs.duendesoftware.com/identityserver/v6)
*
* ## Notes
* ### Notes
*
*
*
* ## Demo IdentityServer
*
*
* The configuration below is for the demo server at https://demo.duendesoftware.com/
*
*
* If you want to try it out, you can copy and paste the configuration below.
*
*
* You can sign in to the demo service with either <b>bob/bob</b> or <b>alice/alice</b>.
*
*
* ```js title=pages/api/auth/[...nextauth].js
* import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
* providers: [

8
packages/core/src/providers/email.ts
View File

@@ -29,7 +29,7 @@ export interface SendVerificationRequestParams {
export interface EmailConfig extends CommonProviderOptions {
type: "email"
// TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
server: string | SMTPTransportOptions
server?: string | SMTPTransportOptions
/** @default `"Auth.js <no-reply@authjs.dev>"` */
from?: string
/**
@@ -72,7 +72,7 @@ export interface EmailConfig extends CommonProviderOptions {
* By default, we treat email addresses as all lower case,
* but you can override this function to change this behavior.
*
* [Documentation](https://authjs.dev/guides/providers/email#normalizing-the-e-mail-address) | [RFC 2821](https://tools.ietf.org/html/rfc2821) | [Email syntax](https://en.wikipedia.org/wiki/Email_address#Syntax)
* [Normalizing the email address](https://authjs.dev/reference/core/providers_email#normalizing-the-email-address) | [RFC 2821](https://tools.ietf.org/html/rfc2821) | [Email syntax](https://en.wikipedia.org/wiki/Email_address#Syntax)
*/
normalizeIdentifier?: (identifier: string) => string
}
@@ -287,7 +287,7 @@ export type EmailProviderType = "email"
*
* ## Normalizing the email address
*
* By default, NextAuth.js will normalize the email address. It treats values as case-insensitive (which is technically not compliant to the [RFC 2821 spec](https://datatracker.ietf.org/doc/html/rfc2821), but in practice this causes more problems than it solves, eg. when looking up users by e-mail from databases.) and also removes any secondary email address that was passed in as a comma-separated list. You can apply your own normalization via the `normalizeIdentifier` method on the `EmailProvider`. The following example shows the default behavior:
* By default, Auth.js will normalize the email address. It treats values as case-insensitive (which is technically not compliant to the [RFC 2821 spec](https://datatracker.ietf.org/doc/html/rfc2821), but in practice this causes more problems than it solves, eg. when looking up users by e-mail from databases.) and also removes any secondary email address that was passed in as a comma-separated list. You can apply your own normalization via the `normalizeIdentifier` method on the `EmailProvider`. The following example shows the default behavior:
* ```ts
* EmailProvider({
* // ...
@@ -301,7 +301,7 @@ export type EmailProviderType = "email"
* return `${local}@${domain}`
*
* // You can also throw an error, which will redirect the user
* // to the error page with error=EmailSignin in the URL
* // to the sign-in page with error=EmailSignin in the URL
* // if (identifier.split("@").length > 2) {
* // throw new Error("Only one email allowed")
* // }

19
packages/core/src/providers/eveonline.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/eveonline
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -24,9 +23,15 @@ export interface EVEOnlineProfile extends Record<string, any> {
/**
* Add EveOnline login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/eveonline
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import EveOnline from "@auth/core/providers/eveonline"
*
@@ -36,18 +41,18 @@ export interface EVEOnlineProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [EveOnline OAuth documentation](https://developers.eveonline.com/blog/article/sso-to-authenticated-calls)
*
* ## Notes
* ### Notes
*
* :::tip
* When creating your application, make sure to select `Authentication Only` as the connection type.
* :::
*
*
* :::tip
* If using JWT for the session, you can add the `CharacterID` to the JWT token and session. Example:
* If using JWT for the session, you can add the `CharacterID` to the JWT and session. Example:
* ```js
* options: {
* jwt: {

25
packages/core/src/providers/facebook.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/facebook
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -26,9 +25,15 @@ export interface FacebookProfile extends Record<string, any> {
/**
* Add Facebook login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/facebook
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Facebook from "@auth/core/providers/facebook"
*
@@ -38,20 +43,20 @@ export interface FacebookProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Facebook OAuth documentation](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/)
*
* ## Notes
* ### Notes
*
* :::tip
* Production applications cannot use localhost URLs to sign in with Facebook. You need to use a dedicated development application in Facebook to use localhost callback URLs.
* :::tip
* Production applications cannot use localhost URLs to sign in with Facebook. You need to use a dedicated development application in Facebook to use localhost callback URLs.
* :::
*
* :::tip
*
* :::tip
* Email address may not be returned for accounts created on mobile.
* :::
*
*
* By default, Auth.js assumes that the Facebook provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*

18
packages/core/src/providers/faceit.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/faceit
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add FACEIT login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/faceit
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import FACEIT from "@auth/core/providers/faceit"
*
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [FACEIT OAuth documentation](https://cdn.faceit.com/third_party/docs/FACEIT_Connect_3.0.pdf)
*
* ## Notes
* ### Notes
*
* Grant type: Authorization Code
* Scopes to have basic infos (email, nickname, guid and avatar) : openid, email, profile
@@ -54,7 +59,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function FACEIT(options: OAuthUserConfig<Record<string, any>>
export default function FACEIT(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "faceit",

22
packages/core/src/providers/foursquare.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/foursquare
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add FourSquare login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/foursquare
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import FourSquare from "@auth/core/providers/foursquare"
*
@@ -26,16 +31,16 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [FourSquare OAuth documentation](https://developer.foursquare.com/docs/places-api/authentication/#web-applications)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the FourSquare provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
* :::warning
*
* :::warning
* Foursquare requires an additional apiVersion parameter in YYYYMMDD format, which essentially states "I'm prepared for API changes up to this date".
* :::
*
@@ -56,7 +61,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Foursquare(options: OAuthUserConfig<Record<string, any>> & { apiVersion?: string }
export default function Foursquare(
options: OAuthUserConfig<Record<string, any>> & { apiVersion?: string }
): OAuthConfig<Record<string, any>> {
const { apiVersion = "20230131" } = options
return {

18
packages/core/src/providers/freshbooks.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/freshbooks
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add FreshBooks login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/freshbooks
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import FreshBooks from "@auth/core/providers/freshbooks"
*
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [FreshBooks OAuth documentation](https://www.freshbooks.com/api/authenticating-with-oauth-2-0-on-the-new-freshbooks-api
)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the FreshBooks provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Freshbooks(options: OAuthUserConfig<Record<string, any>>
export default function Freshbooks(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "freshbooks",

23
packages/core/src/providers/fusionauth.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/fushionauth
*/
import type { OAuthConfig, OAuthUserConfig } from "./oauth.js"
@@ -35,9 +34,15 @@ export interface FusionAuthProfile extends Record<string, any> {
/**
* Add FusionAuth login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/fusionauth
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import FusionAuth from "@auth/core/providers/fusionauth"
*
@@ -50,11 +55,11 @@ export interface FusionAuthProfile extends Record<string, any> {
* If you're using multi-tenancy, you need to pass in the tenantId option to apply the proper theme.
* :::
*
* ## Resources
* ### Resources
*
* - [FusionAuth OAuth documentation](https://fusionauth.io/docs/v1/tech/oauth/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the FusionAuth provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -62,17 +67,17 @@ export interface FusionAuthProfile extends Record<string, any> {
* ## Configuration
* :::tip
* An application can be created at https://your-fusionauth-server-url/admin/application.
*
*
* For more information, follow the [FusionAuth 5-minute setup guide](https://fusionauth.io/docs/v1/tech/5-minute-setup-guide).
* :::
*
*
* In the OAuth settings for your application, configure the following.
*
*
* - Redirect URL
* - https://localhost:3000/api/auth/callback/fusionauth
* - Enabled grants
* - Make sure _Authorization Code_ is enabled.
*
*
* If using JSON Web Tokens, you need to make sure the signing algorithm is RS256, you can create an RS256 key pair by
* going to Settings, Key Master, generate RSA and choosing SHA-256 as algorithm. After that, go to the JWT settings of
* your application and select this key as Access Token signing key and Id Token signing key.

23
packages/core/src/providers/github.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/github
*/
@@ -71,8 +70,14 @@ export interface GitHubProfile {
/**
* Add GitHub login to your page and make requests to [GitHub APIs](https://docs.github.com/en/rest).
*
* ## Example
* ### Setup
*
* #### Callback URL
* ```
* https://example.com/api/auth/callback/github
* ```
*
* #### Configuration
* ```ts
* import { Auth } from "@auth/core"
* import GitHub from "@auth/core/providers/github"
@@ -83,7 +88,7 @@ export interface GitHubProfile {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
* - [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
@@ -91,7 +96,7 @@ export interface GitHubProfile {
* - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
* - [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the GitHub provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -129,14 +134,20 @@ export default function GitHub(
url: "https://api.github.com/user",
async request({ tokens, provider }) {
const profile = await fetch(provider.userinfo?.url as URL, {
headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
headers: {
Authorization: `Bearer ${tokens.access_token}`,
"User-Agent": "authjs",
},
}).then(async (res) => await res.json())
if (!profile.email) {
// If the user does not have a public email, get another via the GitHub API
// See https://docs.github.com/en/rest/users/emails#list-public-email-addresses-for-the-authenticated-user
const res = await fetch("https://api.github.com/user/emails", {
headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
headers: {
Authorization: `Bearer ${tokens.access_token}`,
"User-Agent": "authjs",
},
})
if (res.ok) {

19
packages/core/src/providers/gitlab.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/gitlab
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -59,9 +58,15 @@ export interface GitLabProfile extends Record<string, any> {
/**
* Add GitLab login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/gitlab
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import GitLab from "@auth/core/providers/gitlab"
*
@@ -71,19 +76,19 @@ export interface GitLabProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [GitLab OAuth documentation](https://docs.gitlab.com/ee/api/oauth2.html)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the GitLab provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
* :::tip
* :::tip
* Enable the `read_user` option in scope if you want to save the users email address on sign up.
* :::
*
*
* :::tip
*
* The GitLab provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/gitlab.ts).

39
packages/core/src/providers/google.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/google
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -32,9 +31,15 @@ export interface GoogleProfile extends Record<string, any> {
/**
* Add Google login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/google
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Google from "@auth/core/providers/google"
*
@@ -44,32 +49,32 @@ export interface GoogleProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Google OAuth documentation](https://developers.google.com/identity/protocols/oauth2)
* - [Google OAuth Configuration](https://console.developers.google.com/apis/credentials)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Google provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
*
*
*
* The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path. For example;
*
*
* - For production: `https://{YOUR_DOMAIN}/api/auth/callback/google`
* - For development: `http://localhost:3000/api/auth/callback/google`
*
*
* :::warning
* Google only provides Refresh Token to an application the first time a user signs in.
*
*
* To force Google to re-issue a Refresh Token, the user needs to remove the application from their account and sign in again:
* https://myaccount.google.com/permissions
*
*
* Alternatively, you can also pass options in the `params` object of `authorization` which will force the Refresh Token to always be provided on sign in, however this will ask all users to confirm if they wish to grant your application access every time they sign in.
*
*
* If you need access to the RefreshToken or AccessToken for a Google account and you are not using a database to persist user accounts, this may be something you need to do.
*
*
* ```js title="pages/api/auth/[...nextauth].js"
* const options = {
* providers: [
@@ -87,14 +92,14 @@ export interface GoogleProfile extends Record<string, any> {
* ],
* }
* ```
*
*
* :::
*
*
* :::tip
* Google also returns a `email_verified` boolean property in the OAuth profile.
*
*
* You can use this property to restrict access to people with verified accounts at a particular domain.
*
*
* ```js
* const options = {
* ...
@@ -109,7 +114,7 @@ export interface GoogleProfile extends Record<string, any> {
* ...
* }
* ```
*
*
* :::
* :::tip
*

15
packages/core/src/providers/hubspot.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/hubspot
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -22,9 +21,15 @@ interface HubSpotProfile extends Record<string, any> {
/**
* Add HubSpot login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/hubspot
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import HubSpot from "@auth/core/providers/hubspot"
*
@@ -34,11 +39,11 @@ interface HubSpotProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [HubSpot OAuth documentation](https://developers.hubspot.com/docs/api/oauth-quickstart-guide)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the HubSpot provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

19
packages/core/src/providers/identity-server4.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>IdentityServer4</b> integration.</span>
* TODO: SVG LOGO
* <a href="https://identityserver4.readthedocs.io">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/identity-server4.svg" height="48" width="48"/>
* </a>
* </div>
*
* ---
* @module providers/identity-server4
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add IdentityServer4 login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/identity-server4
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import IdentityServer4 from "@auth/core/providers/identity-server4"
*
@@ -27,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [IdentityServer4 OAuth documentation](https://identityserver4.readthedocs.io/en/latest/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the IdentityServer4 provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
@@ -56,7 +60,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function IdentityServer4(options: OAuthUserConfig<Record<string, any>>
export default function IdentityServer4(
options: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "identity-server4",

22
packages/core/src/providers/instagram.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/instagram
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Instagram login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/instagram
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Instagram from "@auth/core/providers/instagram"
*
@@ -26,21 +31,21 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Instagram OAuth documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started)
* - [Instagram OAuth apps](https://developers.facebook.com/apps/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Instagram provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
*
*
* :::warning
* Email address is not returned by the Instagram API.
* :::
*
*
* :::tip
* Instagram display app required callback URL to be configured in your Facebook app and Facebook required you to use **https** even for localhost! In order to do that, you either need to [add an SSL to your localhost](https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/) or use a proxy such as [ngrok](https://ngrok.com/docs).
* :::
@@ -61,7 +66,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Instagram(config: OAuthUserConfig<Record<string, any>>
export default function Instagram(
config: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "instagram",

17
packages/core/src/providers/kakao.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/kakao
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -81,9 +80,15 @@ export interface KakaoProfile extends Record<string, any> {
/**
* Add Kakao login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/kakao
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Kakao from "@auth/core/providers/kakao"
*
@@ -93,15 +98,15 @@ export interface KakaoProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Kakao OAuth documentation](https://developers.kakao.com/product/kakaoLogin)
* - [Kakao OAuth configuration](https://developers.kakao.com/docs/latest/en/kakaologin/common)
*
*
* ## Configuration
* Create a provider and a Kakao application at https://developers.kakao.com/console/app. In the settings of the app under Kakao Login, activate web app, change consent items and configure callback URL.
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Kakao provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

29
packages/core/src/providers/keycloak.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/keycloak
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -38,9 +37,15 @@ export interface KeycloakProfile extends Record<string, any> {
/**
* Add Keycloak login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/keycloak
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Keycloak from "@auth/core/providers/keycloak"
*
@@ -50,22 +55,22 @@ export interface KeycloakProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Keycloak OIDC documentation](https://www.keycloak.org/docs/latest/server_admin/#_oidc_clients)
*
* :::tip
*
*
* :::tip
*
* Create an openid-connect client in Keycloak with "confidential" as the "Access Type".
*
*
* :::
*
*
* :::note
*
*
* issuer should include the realm e.g. https://my-keycloak-domain.com/realms/My_Realm
*
*
* :::
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Keycloak provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

17
packages/core/src/providers/line.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/line
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -26,9 +25,15 @@ export interface LineProfile extends Record<string, any> {
/**
* Add LINE login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/line
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import LINE from "@auth/core/providers/line"
*
@@ -38,15 +43,15 @@ export interface LineProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [LINE Login documentation](https://developers.line.biz/en/docs/line-login/integrate-line-login/)
* - [LINE app console](https://developers.line.biz/console/)
*
*
* ## Configuration
* Create a provider and a LINE login channel at https://developers.line.biz/console/. In the settings of the channel under LINE Login, activate web app and configure the following: Callback URL `http://localhost:3000/api/auth/callback/line`
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the LINE provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

15
packages/core/src/providers/linkedin.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/linkedin
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -33,9 +32,15 @@ export interface LinkedInProfile extends Record<string, any> {
/**
* Add Linkedin login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/linkedin
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Linkedin from "@auth/core/providers/linkedin"
*
@@ -45,12 +50,12 @@ export interface LinkedInProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Linkedin OAuth documentation](https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow)
* - [Linkedin app console](https://www.linkedin.com/developers/apps/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Linkedin provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

18
packages/core/src/providers/mailchimp.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/mailchimp
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Mailchimp login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/mailchimp
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Mailchimp from "@auth/core/providers/mailchimp"
*
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Mailchimp OAuth documentation](https://admin.mailchimp.com/account/oauth2/client/)
* - [Mailchimp documentation: Access user data](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Mailchimp provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Mailchimp(config: OAuthUserConfig<Record<string, any>>
export default function Mailchimp(
config: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "mailchimp",

18
packages/core/src/providers/mailru.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/mailru
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Mailru login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/mailru
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Mailru from "@auth/core/providers/mailru"
*
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Mailru OAuth documentation](https://o2.mail.ru/docs)
* - [Mailru app console](https://o2.mail.ru/app/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Mailru provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Mailru(config: OAuthUserConfig<Record<string, any>>
export default function Mailru(
config: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "mailru",

23
packages/core/src/providers/mattermost.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/mattermost
*/
import type { OAuthConfig, OAuthUserConfig } from "./oauth"
@@ -70,9 +69,15 @@ export interface MattermostProfile {
/**
* Add Mattermost login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/mattermost
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Mattermost from "@auth/core/providers/mattermost"
*
@@ -82,23 +87,23 @@ export interface MattermostProfile {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Mattermost OAuth documentation](https://example.com)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Mattermost provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
*
* To create your Mattermost OAuth2 app visit `http://<your Mattermost instance url>/<your team>/integrations/oauth2-apps`
*
* :::warning
*
*
* The Mattermost provider requires the `issuer` option to be set. This is the base url of your Mattermost instance. e.g https://my-cool-server.cloud.mattermost.com
*
*
* :::
*
*
* :::tip
*
* The Mattermost provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/mattermost.ts).

18
packages/core/src/providers/medium.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/medium
*/
@@ -15,9 +14,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Medium login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/medium
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Medium from "@auth/core/providers/medium"
*
@@ -27,11 +32,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Medium OAuth documentation](https://example.com)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Medium provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -59,7 +64,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Medium(config: OAuthUserConfig<Record<string, any>>
export default function Medium(
config: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "medium",

15
packages/core/src/providers/naver.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/naver
*/
@@ -33,9 +32,15 @@ export interface NaverProfile extends Record<string, any> {
/**
* Add Naver login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/naver
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Naver from "@auth/core/providers/naver"
*
@@ -45,12 +50,12 @@ export interface NaverProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Naver OAuth documentation](https://developers.naver.com/docs/login/overview/overview.md)
* - [Naver OAuth documentation 2](https://developers.naver.com/docs/login/api/api.md)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Naver provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

18
packages/core/src/providers/netlify.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/netlify
*/
@@ -15,9 +14,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Netlify login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/netlify
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Netlify from "@auth/core/providers/netlify"
*
@@ -27,12 +32,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Netlify OAuth blog](https://www.netlify.com/blog/2016/10/10/integrating-with-netlify-oauth2/)
* - [Netlify OAuth example](https://github.com/netlify/netlify-oauth-example/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Netlify provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -54,7 +59,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
*
* :::
*/
export default function Netlify(config: OAuthUserConfig<Record<string, any>>
export default function Netlify(
config: OAuthUserConfig<Record<string, any>>
): OAuthConfig<Record<string, any>> {
return {
id: "netlify",

9
packages/core/src/providers/notion.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/notion
*/
@@ -60,7 +59,7 @@ const NOTION_API_VERSION = "2022-06-28"
/**
* Add Notion login to your page.
*
* ## Example
* @example
*
* ```ts
* import { Auth } from "@auth/core"
@@ -74,15 +73,15 @@ const NOTION_API_VERSION = "2022-06-28"
*
* ---
*
* ## Resources
* ### Resources
* - [Notion Docs](https://developers.notion.com/docs)
* - [Notion Authorization Docs](https://developers.notion.com/docs/authorization)
* - [Notion Integrations](https://www.notion.so/my-integrations)
*
* ---
*
* ## Notes
* You need to select "Public Integration" on the configuration page to get an `oauth_id` and `oauth_secret`. Private integrations do not provide these details.
* ### Notes
* You need to select "Public Integration" on the configuration page to get an `oauth_id` and `oauth_secret`. Private integrations do not provide these details.
* You must provide a `clientId` and `clientSecret` to use this provider, as-well as a redirect URI (due to this being required by Notion endpoint to fetch tokens).
*
* :::tip

37
packages/core/src/providers/oauth.ts
View File

@@ -52,7 +52,10 @@ interface AdvancedEndpointHandler<P extends UrlParams, C, R> {
conform?: (response: Response) => Awaitable<Response | undefined>
}
/** Either an URL (containing all the parameters) or an object with more granular control. */
/**
* Either an URL (containing all the parameters) or an object with more granular control.
* @internal
*/
export type EndpointHandler<
P extends UrlParams,
C = any,
@@ -92,6 +95,8 @@ export type ProfileCallback<Profile> = (
tokens: TokenSet
) => Awaitable<User>
export type AccountCallback = (account: TokenSet) => TokenSet
export interface OAuthProviderButtonStyles {
logo: string
logoDark: string
@@ -138,13 +143,25 @@ export interface OAuth2Config<Profile>
userinfo?: string | UserinfoEndpointHandler
type: "oauth"
/**
* Receives the profile object returned by the OAuth provider, and returns the user object.
* This will be used to create the user in the database.
* Receives the full {@link Profile} returned by the OAuth provider, and returns a subset.
* It is used to create the user in the database.
*
* Defaults to: `id`, `email`, `name`, `image`
*
* [Documentation](https://authjs.dev/reference/adapters/models#user)
* @see [Database Adapter: User model](https://authjs.dev/reference/adapters#user)
*/
profile?: ProfileCallback<Profile>
/**
* Receives the full {@link TokenSet} returned by the OAuth provider, and returns a subset.
* It is used to create the account associated with a user in the database.
*
* Defaults to: `access_token` and `id_token`
*
* @see [Database Adapter: Account model](https://authjs.dev/reference/adapters#account)
* @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
* @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
*/
account?: AccountCallback
/**
* The CSRF protection performed on the callback endpoint.
* @default ["pkce"]
@@ -190,7 +207,11 @@ export interface OAuth2Config<Profile>
options?: OAuthUserConfig<Profile>
}
/** TODO: Document */
/**
* Extension of the {@link OAuth2Config}.
*
* @see https://openid.net/specs/openid-connect-core-1_0.html
*/
export interface OIDCConfig<Profile>
extends Omit<OAuth2Config<Profile>, "type" | "checks"> {
type: "oidc"
@@ -204,6 +225,7 @@ export type OAuthEndpointType = "authorization" | "token" | "userinfo"
/**
* We parsed `authorization`, `token` and `userinfo`
* to always contain a valid `URL`, with the params
* @internal
*/
export type OAuthConfigInternal<Profile> = Omit<
OAuthConfig<Profile>,
@@ -229,7 +251,10 @@ export type OAuthConfigInternal<Profile> = Omit<
*
*/
redirectProxyUrl?: OAuth2Config<Profile>["redirectProxyUrl"]
} & Pick<Required<OAuthConfig<Profile>>, "clientId" | "checks" | "profile">
} & Pick<
Required<OAuthConfig<Profile>>,
"clientId" | "checks" | "profile" | "account"
>
export type OIDCConfigInternal<Profile> = OAuthConfigInternal<Profile> & {
checks: OIDCConfig<Profile>["checks"]

16
packages/core/src/providers/okta.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>Okta</b> integration.</span>
* TODO: SVG LOGO
* <a href="https://okta.com/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/okta.svg" height="48" />
* </a>
* </div>
*
* ---
* @module providers/okta
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -49,9 +47,15 @@ export interface OktaProfile extends Record<string, any> {
/**
* Add Okta login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/okta
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Okta from "@auth/core/providers/okta"
*
@@ -61,11 +65,11 @@ export interface OktaProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Okta OAuth documentation](https://developer.okta.com/docs/reference/api/oidc)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Okta provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

16
packages/core/src/providers/onelogin.ts
View File

@@ -1,13 +1,11 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>OneLogin</b> integration.</span>
* TODO: SVG LOGO
* <a href="https://onelogin.com/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/onelogin.svg" height="48" />
* </a>
* </div>
*
* ---
* @module providers/onelogin
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add OneLogin login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/onelogin
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import OneLogin from "@auth/core/providers/onelogin"
*
@@ -27,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [OneLogin OAuth documentation](https://example.com)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the OneLogin provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

15
packages/core/src/providers/osso.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/osso
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Osso login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/osso
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Osso from "@auth/core/providers/osso"
*
@@ -26,7 +31,7 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
* Osso is an open source service that handles SAML authentication against Identity Providers, normalizes profiles, and makes those profiles available to you in an OAuth 2.0 code grant flow.
*
* - If you don't yet have an Osso instance, you can use [Osso's Demo App](https://demo.ossoapp.com) for your testing purposes. For documentation on deploying an Osso instance, see https://ossoapp.com/docs/deploy/overview/
@@ -37,7 +42,7 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* See Osso's complete configuration and testing documentation at https://ossoapp.com/docs/configure/overview
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Osso provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/osu.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/osu
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -63,9 +62,15 @@ export interface OsuProfile extends OsuUserCompact, Record<string, any> {
/**
* Add Osu login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/osu
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Osu! from "@auth/core/providers/osu"
*
@@ -75,12 +80,12 @@ export interface OsuProfile extends OsuUserCompact, Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Osu OAuth documentation](https://osu.ppy.sh/docs/index.html#authentication)
* - [Osu app console](https://osu.ppy.sh/home/account/edit#new-oauth-application)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Osu provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/patreon.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/patreon
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface PatreonProfile extends Record<string, any> {
/**
* Add Patreon login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/patreon
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Patreon from "@auth/core/providers/patreon"
*
@@ -33,13 +38,13 @@ export interface PatreonProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Patreon OAuth documentation](https://docs.patreon.com/#apiv2-oauth)
* - [Patreon Platform](https://www.patreon.com/portal/registration/register-clients)
* - [ApiV2 Scopes](https://docs.patreon.com/#scopes)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Patreon provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

23
packages/core/src/providers/pinterest.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/pinterest
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface PinterestProfile extends Record<string, any> {
/**
* Add Pinterest login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/pinterest
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Pinterest from "@auth/core/providers/pinterest"
*
@@ -33,23 +38,23 @@ export interface PinterestProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Pinterest OAuth documentation](https://developers.pinterest.com/docs/getting-started/authentication/)
* - [Pinterest app console](https://developers.pinterest.com/apps/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Pinterest provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
*
*
* :::tip
*
*
* To use in production, make sure the app has standard API access and not trial access
*
*
* :::
*
*
* :::tip
*
* The Pinterest provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/pinterest.ts).

15
packages/core/src/providers/pipedrive.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/pipedrive
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -49,9 +48,15 @@ export interface PipedriveProfile extends Record<string, any> {
/**
* Add Pipedrive login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/pipedrive
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Pipedrive from "@auth/core/providers/pipedrive"
*
@@ -61,11 +66,11 @@ export interface PipedriveProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Pipedrive OAuth documentation](https://pipedrive.readme.io/docs/marketplace-oauth-authorization)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Pipedrive provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/reddit.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/reddit
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add Reddit login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/reddit
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Reddit from "@auth/core/providers/reddit"
*
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Reddit API documentation](https://www.reddit.com/dev/api/)
* - [Reddit app console](https://www.reddit.com/prefs/apps/ )
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Reddit provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/salesforce.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/saleforce
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface SalesforceProfile extends Record<string, any> {
/**
* Add SaleForce login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/saleforce
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import SaleForce from "@auth/core/providers/saleforce"
*
@@ -33,11 +38,11 @@ export interface SalesforceProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [SaleForce OAuth documentation](https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=5)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the SaleForce provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

17
packages/core/src/providers/slack.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/slack
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -46,9 +45,15 @@ export interface SlackProfile extends Record<string, any> {
/**
* Add Slack login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/slack
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Slack from "@auth/core/providers/slack"
*
@@ -58,19 +63,19 @@ export interface SlackProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Slack OAuth documentation](https://api.slack.com/authentication https://api.slack.com/docs/sign-in-with-slack)
* - [Slack app console](https://api.slack.com/apps)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Slack provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
*
* :::danger
*
* Slack requires that the redirect URL of your app uses https, even for local development.
* Slack requires that the redirect URL of your app uses https, even for local development.
* An easy workaround for this is using a service like [ngrok](https://ngrok.com/) that creates a secure tunnel to your app, using https. Remember to set the url as `NEXTAUTH_URL` as well.
*
* :::

15
packages/core/src/providers/spotify.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/spotify
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -25,9 +24,15 @@ export interface SpotifyProfile extends Record<string, any> {
/**
* Add Spotify login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/spotify
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Spotify from "@auth/core/providers/spotify"
*
@@ -37,12 +42,12 @@ export interface SpotifyProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Spotify OAuth documentation](https://developer.spotify.com/documentation/general/guides/authorization-guide)
* - [Spotify app console](https://developer.spotify.com/dashboard/applications)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Spotify provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/strava.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/strava
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface StravaProfile extends Record<string, any> {
/**
* Add Strava login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/strava
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Strava from "@auth/core/providers/strava"
*
@@ -33,11 +38,11 @@ export interface StravaProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Strava API documentation](http://developers.strava.com/docs/reference/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Strava provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/todoist.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/todoist
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -24,9 +23,15 @@ interface TodoistProfile extends Record<string, any> {
/**
* Add Todoist login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/todoist
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Todoist from "@auth/core/providers/todoist"
*
@@ -36,12 +41,12 @@ interface TodoistProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Todoist OAuth documentation](https://developer.todoist.com/guides/#oauth)
* - [Todoist configuration](https://developer.todoist.com/appconsole.html)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Todoist provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

19
packages/core/src/providers/trakt.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/trakt
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -29,9 +28,15 @@ export interface TraktUser extends Record<string, any> {
/**
* Add Trakt login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/trakt
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Trakt from "@auth/core/providers/trakt"
*
@@ -41,15 +46,15 @@ export interface TraktUser extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Trakt OAuth documentation](https://trakt.docs.apiary.io/#reference/authentication-oauth)
*
*
* If you're using the api in production by calling `api.trakt.tv`. Follow the example. If you wish to develop on Trakt's sandbox environment by calling `api-staging.trakt.tv`, change the URLs.
*
*
* Start by creating an OAuth app on Trakt for production or development. Then set the Client ID and Client Secret as TRAKT_ID and TRAKT_SECRET in .env.
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Trakt provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

21
packages/core/src/providers/twitch.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/twitch
*/
import type { OIDCConfig, OIDCUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface TwitchProfile extends Record<string, any> {
/**
* Add Twitch login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/twitch
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Twitch from "@auth/core/providers/twitch"
*
@@ -33,14 +38,14 @@ export interface TwitchProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Twitch app documentation](https://dev.twitch.tv/console/apps)
*
* Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/twitch`
*
*
* ## Notes
* Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/twitch`
*
*
* ### Notes
*
* By default, Auth.js assumes that the Twitch provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

29
packages/core/src/providers/twitter.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/twitter
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -105,9 +104,15 @@ export interface TwitterProfile {
/**
* Add Twitter login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/twitter
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Twitter from "@auth/core/providers/twitter"
*
@@ -117,7 +122,7 @@ export interface TwitterProfile {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Twitter App documentation](https://developer.twitter.com/en/apps)
*
@@ -131,19 +136,19 @@ export interface TwitterProfile {
* })
* ```
* Keep in mind that although this change is easy, it changes how and with which of Twitter APIs you can interact with. Read the official Twitter OAuth 2 documentation for more details.
*
*
*
*
* :::note
*
* Email is currently not supported by Twitter OAuth 2.0.
*
* Email is currently not supported by Twitter OAuth 2.0.
*
* :::
*
* ## Notes
*
* Twitter is currently the only built-in provider using the OAuth 1.0 spec.
* ### Notes
*
* Twitter is currently the only built-in provider using the OAuth 1.0 spec.
* This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
*
*
* :::tip
*
* You must enable the "Request email address from users" option in your app permissions if you want to obtain the users email address.

22
packages/core/src/providers/united-effects.ts
View File

@@ -1,15 +1,13 @@
/**
* <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
* <span>Built-in <b>United Effects</b> integration.</span>
* TODO: SVG LOGO
* <a href="https://www.unitedeffects.com/">
* <img style={{display: "block"}} src="https://authjs.dev/img/providers/united-effects.svg" height="48" />
* </a>
* </div>
*
* ---
* @module providers/united-effects
*/
*
* @module providers/united-effects
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
export interface UnitedEffectsProfile extends Record<string, any> {
sub: string
@@ -18,9 +16,15 @@ export interface UnitedEffectsProfile extends Record<string, any> {
/**
* Add United Effects login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/united-effects
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import UnitedEffects from "@auth/core/providers/united-effects"
*
@@ -30,11 +34,11 @@ export interface UnitedEffectsProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [UnitedEffects Auth.js documentation](https://docs.unitedeffects.com/integrations/nextauthjs)",
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the UnitedEffects provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.

15
packages/core/src/providers/vk.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/vk
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -295,9 +294,15 @@ export interface VkProfile {
/**
* Add VK login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/vk
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import VK from "@auth/core/providers/vk"
*
@@ -307,12 +312,12 @@ export interface VkProfile {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [VK API documentation](https://vk.com/dev/first_guide)
* - [VK App configuration](https://vk.com/apps?act=manage)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the VK provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

26
packages/core/src/providers/wikimedia.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/wikimedia
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -164,13 +163,18 @@ export interface WikimediaProfile extends Record<string, any> {
email: string
}
/**
* Add Wikimedia login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/wikimedia
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Wikimedia from "@auth/core/providers/wikimedia"
*
@@ -180,30 +184,30 @@ export interface WikimediaProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Wikimedia OAuth documentation](https://www.mediawiki.org/wiki/Extension:OAuth)
*
* ## Configuration steps
* - Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
* - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
* - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
* - Add the following redirect URL into the console: `http://<your-next-app-url>/api/auth/callback/wikimedia`
* - Do not check the box next to This consumer is only for __your username__
* - Do not check the box next to This consumer is only for __your username__
* - Unless you explicitly need a larger scope, feel free to select the radio button labelled User identity verification only - no ability to read pages or act on the users behalf.
*
*
* After registration, you can initially test your application only with your own Wikimedia account.
* You may have to wait several days for the application to be approved for it to be used by everyone.
*
* ## Notes
* ### Notes
* This provider also supports all Wikimedia projects:
* - Wikipedia
* - Wikidata
* - Wikibooks
* - Wiktionary
* - etc..
*
*
* Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.
*
*
* By default, Auth.js assumes that the Wikimedia provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*

15
packages/core/src/providers/wordpress.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/wordpress
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add WordPress login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/wordpress
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import WordPress from "@auth/core/providers/wordpress"
*
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [WordPress OAuth documentation](https://developer.wordpress.com/docs/oauth2/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the WordPress provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

35
packages/core/src/providers/workos.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/workos
*/
import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -35,9 +34,15 @@ export interface WorkOSProfile extends Record<string, any> {
/**
* Add WorkOS login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/workos
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import WorkOS from "@auth/core/providers/workos"
*
@@ -47,19 +52,19 @@ export interface WorkOSProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [WorkOS SSO OAuth documentation](https://workos.com/docs/reference/sso)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the WorkOS provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
*
* WorkOS is not an identity provider itself, but, rather, a bridge to multiple single sign-on (SSO) providers.
*
* WorkOS is not an identity provider itself, but, rather, a bridge to multiple single sign-on (SSO) providers.
* As a result, we need to make some additional changes to authenticate users using WorkOS.
*
* In order to sign a user in using WorkOS, we need to specify which WorkOS Connection to use.
*
* In order to sign a user in using WorkOS, we need to specify which WorkOS Connection to use.
* A common way to do this is to collect the user's email address and extract the domain. This can be done using a custom login page.
* To add a custom login page, you can use the `pages` option:
* ```js title="pages/api/auth/[...nextauth].js"
@@ -67,15 +72,15 @@ export interface WorkOSProfile extends Record<string, any> {
* signIn: "/auth/signin",
* }
* ```
* We can then add a custom login page that displays an input where the user can enter their email address.
* We can then add a custom login page that displays an input where the user can enter their email address.
* We then extract the domain from the user's email address and pass it to the `authorizationParams` parameter on the `signIn` function:
* ```js title="pages/auth/signin.js"
* import { useState } from "react"
* import { getProviders, signIn } from "next-auth/react"
*
*
* export default function SignIn({ providers }) {
* const [email, setEmail] = useState("")
*
*
* return (
* <>
* {Object.values(providers).map((provider) => {
@@ -100,7 +105,7 @@ export interface WorkOSProfile extends Record<string, any> {
* </div>
* )
* }
*
*
* return (
* <div key={provider.id}>
* <button onClick={() => signIn(provider.id)}>
@@ -112,7 +117,7 @@ export interface WorkOSProfile extends Record<string, any> {
* </>
* )
* }
*
*
* export async function getServerSideProps(context) {
* const providers = await getProviders()
* return {
@@ -120,7 +125,7 @@ export interface WorkOSProfile extends Record<string, any> {
* }
* }
* ```
*
*
* :::tip
*
* The WorkOS provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/workos.ts).

5
packages/core/src/providers/yandex.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/yandex
*/
@@ -45,7 +44,7 @@ export interface YandexProfile {
* ID of the Yandex user's profile picture.
* Format for downloading user avatars: `https://avatars.yandex.net/get-yapic/<default_avatar_id>/<size>`
* @example "https://avatars.yandex.net/get-yapic/31804/BYkogAC6AoB17bN1HKRFAyKiM4-1/islands-200"
* Available sizes:
* Available sizes:
* `islands-small`: 28×28 pixels.
* `islands-34`: 34×34 pixels.
* `islands-middle`: 42×42 pixels.
@@ -99,7 +98,7 @@ export interface YandexProfile {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Yandex - Creating an OAuth app](https://yandex.com/dev/id/doc/en/register-client#create)
* - [Yandex - Manage OAuth apps](https://oauth.yandex.com/)

21
packages/core/src/providers/zitadel.ts
View File

@@ -6,14 +6,13 @@
* </a>
* </div>
*
* ---
* @module providers/zitadel
*/
import type { OIDCConfig, OAuthUserConfig } from "./index.js"
/**
* The returned user profile from ZITADEL when using the profile callback. See the standard claims reference [here](https://zitadel.com/docs/apis/openidoauth/claims#standard-claims).
* The returned user profile from ZITADEL when using the profile callback. See the standard claims reference [here](https://zitadel.com/docs/apis/openidoauth/claims#standard-claims).
* If you need access to ZITADEL APIs or need additional information, make sure to add the corresponding scopes.
*/
export interface ZitadelProfile extends Record<string, any> {
@@ -43,9 +42,15 @@ export interface ZitadelProfile extends Record<string, any> {
/**
* Add ZITADEL login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/zitadel
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import ZITADEL from "@auth/core/providers/zitadel"
*
@@ -55,19 +60,19 @@ export interface ZitadelProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
* - [ZITADEL OpenID Endpoints](https://zitadel.com/docs/apis/openidoauth/endpoints)
* - [ZITADEL recommended OAuth Flows](https://docs.zitadel.com/docs/guides/integrate/oauth-recommended-flows)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the ZITADEL provider is
* based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
*
*
* The Redirect URIs used when creating the credentials must include your full domain and end in the callback path. For example:
* - For production: `https://{YOUR_DOMAIN}/api/auth/callback/zitadel`
* - For development: `http://localhost:3000/api/auth/callback/zitadel`
*
*
* Make sure to enable dev mode in ZITADEL console to allow redirects for local development.
*
* :::tip

15
packages/core/src/providers/zoho.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/zoho
*/
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
/**
* Add ZOHO login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/zoho
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import ZOHO from "@auth/core/providers/zoho"
*
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Zoho OAuth 2.0 Integration Guide](https://www.zoho.com/accounts/protocol/oauth/web-server-applications.html)
* - [Zoho API Console](https://api-console.zoho.com)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the ZOHO provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

15
packages/core/src/providers/zoom.ts
View File

@@ -6,7 +6,6 @@
* </a>
* </div>
*
* ---
* @module providers/zoom
*/
@@ -47,9 +46,15 @@ export interface ZoomProfile extends Record<string, any> {
/**
* Add Zoom login to your page.
*
* @example
* ### Setup
*
* ```js
* #### Callback URL
* ```
* https://example.com/api/auth/callback/zoom
* ```
*
* #### Configuration
*```js
* import Auth from "@auth/core"
* import Zoom from "@auth/core/providers/zoom"
*
@@ -59,11 +64,11 @@ export interface ZoomProfile extends Record<string, any> {
* })
* ```
*
* ## Resources
* ### Resources
*
* - [Zoom OAuth 2.0 Integration Guide](https://developers.zoom.us/docs/integrations/oauth/)
*
* ## Notes
* ### Notes
*
* By default, Auth.js assumes that the Zoom provider is
* based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

89
packages/core/src/types.ts
View File

@@ -116,16 +116,58 @@ export interface Account extends Partial<OpenIDTokenEndpointResponse> {
providerAccountId: string
/** Provider's type for this account */
type: ProviderType
/** id of the user this account belongs to */
/**
* id of the user this account belongs to
*
* @see https://authjs.dev/reference/adapters#user
*/
userId?: string
/**
* Calculated value based on {@link OAuth2TokenEndpointResponse.expires_in}.
*
* It is the absolute timestamp (in seconds) when the {@link OAuth2TokenEndpointResponse.access_token} expires.
*
* This value can be used for implementing token rotation together with {@link OAuth2TokenEndpointResponse.refresh_token}.
*
* @see https://authjs.dev/guides/basics/refresh-token-rotation#database-strategy
* @see https://www.rfc-editor.org/rfc/rfc6749#section-5.1
*/
expires_at?: number
}
/** The OAuth profile returned from your provider */
/**
* The user info returned from your OAuth provider.
*
* @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
*/
export interface Profile {
sub?: string | null
name?: string | null
email?: string | null
image?: string | null
sub: string
name?: string
given_name?: string
family_name?: string
middle_name?: string
nickname?: string
preferred_username?: string
profile?: string
picture?: string
website?: string
email?: string
email_verified?: boolean
gender?: string
birthdate?: string
zoneinfo?: string
locale?: string
phone_number?: string
updated_at?: number
address?: {
formatted?: string
street_address?: string
locality?: string
region?: string
postal_code?: string
country?: string
}
[claim: string]: unknown
}
/** [Documentation](https://authjs.dev/guides/basics/callbacks) */
@@ -262,7 +304,7 @@ export interface EventCallbacks {
/**
* The message object will contain one of these depending on
* if you use JWT or database persisted sessions:
* - `token`: The JWT token for this session.
* - `token`: The JWT for this session.
* - `session`: The session object from your adapter that is being ended.
*/
signOut: (
@@ -280,7 +322,7 @@ export interface EventCallbacks {
/**
* The message object will contain one of these depending on
* if you use JWT or database persisted sessions:
* - `token`: The JWT token for this session.
* - `token`: The JWT for this session.
* - `session`: The session object from your adapter.
*/
session: (message: { session: Session; token: JWT }) => Awaitable<void>
@@ -385,15 +427,40 @@ export type InternalProvider<T = ProviderType> = (T extends "oauth"
callbackUrl: string
}
/**
* Supported actions by Auth.js. Each action map to a REST API endpoint.
* Some actions have a `GET` and `POST` variant, depending on if the action
* changes the state of the server.
*
* - **`"callback"`**:
* - **`GET`**: Handles the callback from an [OAuth provider](https://authjs.dev/reference/core/providers_oauth).
* - **`POST`**: Handles the callback from a [Credentials provider](https://authjs.dev/reference/core/providers_credentials).
* - **`"csrf"`**: Returns the raw CSRF token, which is saved in a cookie (encrypted).
* It is used for CSRF protection, implementing the [double submit cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) technique.
* :::note
* Some frameworks have built-in CSRF protection and can therefore disable this action. In this case, the corresponding endpoint will return a 404 response. Read more at [`skipCSRFCheck`](https://authjs.dev/reference/core#skipcsrfcheck).
* _⚠ We don't recommend manually disabling CSRF protection, unless you know what you're doing._
* :::
* - **`"error"`**: Renders the built-in error page.
* - **`"providers"`**: Returns a client-safe list of all configured providers.
* - **`"session"`**: Returns the user's session if it exists, otherwise `null`.
* - **`"signin"`**:
* - **`GET`**: Renders the built-in sign-in page.
* - **`POST`**: Initiates the sign-in flow.
* - **`"signout"`**:
* - **`GET`**: Renders the built-in sign-out page.
* - **`POST`**: Initiates the sign-out flow. This will invalidate the user's session (deleting the cookie, and if there is a session in the database, it will be deleted as well).
* - **`"verify-request"`**: Renders the built-in verification request page.
*/
export type AuthAction =
| "callback"
| "csrf"
| "error"
| "providers"
| "session"
| "csrf"
| "signin"
| "signout"
| "callback"
| "verify-request"
| "error"
/** @internal */
export interface RequestInternal {

4
packages/next-auth/src/jwt/types.ts
View File

@@ -21,7 +21,7 @@ export interface JWTEncodeParams {
secret: string | Buffer
/**
* The maximum age of the NextAuth.js issued JWT in seconds.
* @default 30 * 24 * 30 * 60 // 30 days
* @default 30 * 24 * 60 * 60 // 30 days
*/
maxAge?: number
}
@@ -42,7 +42,7 @@ export interface JWTOptions {
secret: string
/**
* The maximum age of the NextAuth.js issued JWT in seconds.
* @default 30 * 24 * 30 * 60 // 30 days
* @default 30 * 24 * 60 * 60 // 30 days
*/
maxAge: number
/** Override this method to control the NextAuth.js issued JWT encoding. */

51
pnpm-lock.yaml generated
View File

@@ -423,7 +423,7 @@ importers:
'@next-auth/tsconfig': workspace:*
'@types/uuid': ^8.3.3
jest: ^27.4.3
neo4j-driver: ^4.4.0
neo4j-driver: ^5.7.0
next-auth: workspace:*
uuid: ^8.3.2
dependencies:
@@ -433,7 +433,7 @@ importers:
'@next-auth/tsconfig': link:../tsconfig
'@types/uuid': 8.3.4
jest: 27.5.1
neo4j-driver: 4.4.6
neo4j-driver: 5.7.0
next-auth: link:../next-auth
packages/adapter-pouchdb:
@@ -5196,13 +5196,6 @@ packages:
regenerator-runtime: 0.13.11
dev: true
/@babel/runtime/7.18.3:
resolution: {integrity: sha512-38Y8f7YUhce/K7RMwTp7m0uCumpv9hZkitCbBClqQIow1qSbCvGkcegKOXpEWCQLfWmevgRiWokZ1GkpfhbZug==}
engines: {node: '>=6.9.0'}
dependencies:
regenerator-runtime: 0.13.9
dev: true
/@babel/runtime/7.20.13:
resolution: {integrity: sha512-gt3PKXs0DBoL9xCvOIIZ2NEqAGZqHjAnmVbfQtB620V0uReIQutpel14KcneZuer7UioY8ALKZ7iocavvzTNFA==}
engines: {node: '>=6.9.0'}
@@ -17739,7 +17732,7 @@ packages:
express-basic-auth: 1.2.1
lodash: 4.17.21
mailparser: 2.8.1
moment: 2.29.3
moment: 2.29.4
smtp-server: 3.11.0
transitivePeerDependencies:
- supports-color
@@ -20197,7 +20190,7 @@ packages:
mute-stream: 0.0.8
ora: 5.4.1
run-async: 2.4.1
rxjs: 7.6.0
rxjs: 7.8.1
string-width: 4.2.3
strip-ansi: 6.0.1
through: 2.3.8
@@ -20218,7 +20211,7 @@ packages:
mute-stream: 0.0.8
ora: 6.1.2
run-async: 2.4.1
rxjs: 7.6.0
rxjs: 7.8.1
string-width: 5.1.2
strip-ansi: 7.0.1
through: 2.3.8
@@ -24786,25 +24779,24 @@ packages:
/neo-async/2.6.2:
resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==}
/neo4j-driver-bolt-connection/4.4.6:
resolution: {integrity: sha512-ZjYVwHk8oMeRtBf4j/1CmA/7t88OHl7WOiZtFnbdU3LHkfnhtrovLk7sU1zGK60f6AmaQrA9lAh1rpxwDfri5Q==}
/neo4j-driver-bolt-connection/5.7.0:
resolution: {integrity: sha512-TMXNJuwEEYBqzyKsiyfF2DDaG/eV13y86nhxbXICcq9/1/j36OJx2zEuhzk1XstLYFD0WioSJZ3khV1+3aVRkw==}
dependencies:
buffer: 6.0.3
neo4j-driver-core: 4.4.6
neo4j-driver-core: 5.7.0
string_decoder: 1.3.0
dev: true
/neo4j-driver-core/4.4.6:
resolution: {integrity: sha512-8Pc5lLeWwrxjrEGyJm8QASfguKK90i4YxB4Unz1FWV1z3xRq2xFtLhNl6PSa5Kx1VtKS5dhiwHlJArBJJEQjZA==}
/neo4j-driver-core/5.7.0:
resolution: {integrity: sha512-q/mP1oDtt562+8uSMZZJJ8k8MNGeghTegzmmDCo9v4LDxuq+wkaKQ3tHm92o1xemuko+uyqlX8lU/844rX3T4A==}
dev: true
/neo4j-driver/4.4.6:
resolution: {integrity: sha512-KzTEQ/PYuaVkeEuQmr8jZm0cFLlK/zAAMe3IkhxWj56Tgwn2nT2RASPrqwvyEVfk8jg6xS4U1Fx2VABmkO4cdQ==}
/neo4j-driver/5.7.0:
resolution: {integrity: sha512-Le5lgMERk0nIHPHQa18DRifrzXpPYkJEr9Sz/bxPQ8gbWFqTTL292LtJ/qM8RjByaRH2C923dKk2Ni8b0mzLNQ==}
dependencies:
'@babel/runtime': 7.18.3
neo4j-driver-bolt-connection: 4.4.6
neo4j-driver-core: 4.4.6
rxjs: 6.6.7
neo4j-driver-bolt-connection: 5.7.0
neo4j-driver-core: 5.7.0
rxjs: 7.8.1
dev: true
/netmask/2.0.2:
@@ -28151,10 +28143,6 @@ packages:
/regenerator-runtime/0.13.11:
resolution: {integrity: sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==}
/regenerator-runtime/0.13.9:
resolution: {integrity: sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==}
dev: true
/regenerator-transform/0.15.0:
resolution: {integrity: sha512-LsrGtPmbYg19bcPHwdtmXwbW+TqNvtY4riE3P83foeHRroMbH6/2ddFBfab3t7kbzc7v7p4wbkIecHImqt0QNg==}
dependencies:
@@ -28642,6 +28630,7 @@ packages:
engines: {npm: '>=2.0.0'}
dependencies:
tslib: 1.14.1
dev: false
/rxjs/7.5.5:
resolution: {integrity: sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==}
@@ -28649,8 +28638,8 @@ packages:
tslib: 2.4.1
dev: true
/rxjs/7.6.0:
resolution: {integrity: sha512-DDa7d8TFNUalGC9VqXvQ1euWNN7sc63TrUCuM9J998+ViviahMIjKSOU7rfcgFOF+FCD71BhDRv4hrFz+ImDLQ==}
/rxjs/7.8.1:
resolution: {integrity: sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==}
dependencies:
tslib: 2.4.1
dev: true
@@ -32319,7 +32308,7 @@ packages:
joi: 17.7.0
lodash: 4.17.21
minimist: 1.2.6
rxjs: 7.6.0
rxjs: 7.8.1
transitivePeerDependencies:
- debug
dev: true
@@ -32333,7 +32322,7 @@ packages:
joi: 17.7.0
lodash: 4.17.21
minimist: 1.2.6
rxjs: 7.6.0
rxjs: 7.8.1
transitivePeerDependencies:
- debug
dev: true