From 523fcbab716b11ed1ad9accde56951d83d54fb1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Fri, 28 Apr 2023 16:52:00 +0200
Subject: [PATCH 1/9] fix(docs): document Callback URL for every provider

---
 docs/static/img/providers/authentik.svg       |  1 +
 packages/core/src/providers/42-school.ts      | 20 +++--
 packages/core/src/providers/apple.ts          | 13 +++-
 packages/core/src/providers/asgardeo.ts       | 13 +++-
 packages/core/src/providers/atlassian.ts      | 13 +++-
 packages/core/src/providers/auth0.ts          | 13 +++-
 packages/core/src/providers/authentik.ts      | 20 +++--
 packages/core/src/providers/azure-ad-b2c.ts   |  7 +-
 packages/core/src/providers/azure-ad.ts       | 39 ++++++----
 packages/core/src/providers/battlenet.ts      | 16 ++--
 packages/core/src/providers/beyondidentity.ts |  7 +-
 packages/core/src/providers/box.ts            | 19 +++--
 packages/core/src/providers/boxyhq-saml.ts    | 36 +++++----
 packages/core/src/providers/bungie.ts         | 77 ++++++++++---------
 packages/core/src/providers/cognito.ts        | 19 +++--
 packages/core/src/providers/coinbase.ts       | 20 +++--
 packages/core/src/providers/discord.ts        | 15 ++--
 packages/core/src/providers/dropbox.ts        | 18 +++--
 .../src/providers/duende-identity-server6.ts  | 25 +++---
 packages/core/src/providers/eveonline.ts      | 17 ++--
 packages/core/src/providers/facebook.ts       | 25 +++---
 packages/core/src/providers/faceit.ts         | 18 +++--
 packages/core/src/providers/foursquare.ts     | 22 ++++--
 packages/core/src/providers/freshbooks.ts     | 18 +++--
 packages/core/src/providers/fusionauth.ts     | 23 +++---
 packages/core/src/providers/github.ts         | 23 ++++--
 packages/core/src/providers/gitlab.ts         | 19 +++--
 packages/core/src/providers/google.ts         | 39 ++++++----
 packages/core/src/providers/hubspot.ts        | 15 ++--
 .../core/src/providers/identity-server4.ts    | 19 +++--
 packages/core/src/providers/instagram.ts      | 22 ++++--
 packages/core/src/providers/kakao.ts          | 17 ++--
 packages/core/src/providers/keycloak.ts       | 29 ++++---
 packages/core/src/providers/line.ts           | 17 ++--
 packages/core/src/providers/linkedin.ts       | 15 ++--
 packages/core/src/providers/mailchimp.ts      | 18 +++--
 packages/core/src/providers/mailru.ts         | 18 +++--
 packages/core/src/providers/mattermost.ts     | 23 +++---
 packages/core/src/providers/medium.ts         | 18 +++--
 packages/core/src/providers/naver.ts          | 15 ++--
 packages/core/src/providers/netlify.ts        | 18 +++--
 packages/core/src/providers/notion.ts         |  9 +--
 packages/core/src/providers/okta.ts           | 16 ++--
 packages/core/src/providers/onelogin.ts       | 16 ++--
 packages/core/src/providers/osso.ts           | 15 ++--
 packages/core/src/providers/osu.ts            | 15 ++--
 packages/core/src/providers/patreon.ts        | 15 ++--
 packages/core/src/providers/pinterest.ts      | 23 +++---
 packages/core/src/providers/pipedrive.ts      | 15 ++--
 packages/core/src/providers/reddit.ts         | 15 ++--
 packages/core/src/providers/salesforce.ts     | 15 ++--
 packages/core/src/providers/slack.ts          | 17 ++--
 packages/core/src/providers/spotify.ts        | 15 ++--
 packages/core/src/providers/strava.ts         | 15 ++--
 packages/core/src/providers/todoist.ts        | 15 ++--
 packages/core/src/providers/trakt.ts          | 19 +++--
 packages/core/src/providers/twitch.ts         | 21 +++--
 packages/core/src/providers/twitter.ts        | 29 ++++---
 packages/core/src/providers/united-effects.ts | 22 +++---
 packages/core/src/providers/vk.ts             | 15 ++--
 packages/core/src/providers/wikimedia.ts      | 26 ++++---
 packages/core/src/providers/wordpress.ts      | 15 ++--
 packages/core/src/providers/workos.ts         | 35 +++++----
 packages/core/src/providers/yandex.ts         |  5 +-
 packages/core/src/providers/zitadel.ts        | 21 +++--
 packages/core/src/providers/zoho.ts           | 15 ++--
 packages/core/src/providers/zoom.ts           | 15 ++--
 67 files changed, 808 insertions(+), 485 deletions(-)
 create mode 100644 docs/static/img/providers/authentik.svg

diff --git a/docs/static/img/providers/authentik.svg b/docs/static/img/providers/authentik.svg
new file mode 100644
index 00000000..517eb179
--- /dev/null
+++ b/docs/static/img/providers/authentik.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 526.49"><defs><style>.cls-1{fill:#ffffff;}</style></defs><path class="cls-1" d="M90.84,418.79h26.37V523.88H90.84V512.77a52,52,0,0,1-15.48,10.58,43.48,43.48,0,0,1-16.84,3.23q-20.35,0-35.21-15.79T8.45,471.52q0-24.33,14.37-39.89t34.93-15.55a44.43,44.43,0,0,1,17.75,3.57,48.57,48.57,0,0,1,15.34,10.73ZM63.12,440.42a26.62,26.62,0,0,0-20.31,8.65q-8.09,8.64-8.09,22.16T43,493.64a26.67,26.67,0,0,0,20.27,8.79,27.19,27.19,0,0,0,20.6-8.64Q92,485.15,92,471.14q0-13.71-8.18-22.22T63.12,440.42Z"/><path class="cls-1" d="M155.64,418.79H182.3V469.4q0,14.78,2,20.53a18,18,0,0,0,6.54,8.93A18.74,18.74,0,0,0,202,502.05a19.38,19.38,0,0,0,11.18-3.14,18.42,18.42,0,0,0,6.83-9.23q1.64-4.53,1.64-19.41V418.79H248v44.52q0,27.54-4.34,37.67A41.1,41.1,0,0,1,228,520q-10.34,6.62-26.27,6.62-17.29,0-28-7.73t-15-21.54q-3.09-9.56-3.09-34.77Z"/><path class="cls-1" d="M289.51,380.05h26.37v38.74h15.64v22.69H315.88v82.4H289.51v-82.4H276V418.79h13.53Z"/><path class="cls-1" d="M357.59,378.22h26.18v51.19a60,60,0,0,1,15.55-10,40.11,40.11,0,0,1,15.84-3.33,35.7,35.7,0,0,1,26.37,10.82q9.18,9.36,9.18,27.53v69.45h-26V477.8q0-18.26-1.74-24.73c-1.15-4.31-3.14-7.53-5.94-9.65a16.64,16.64,0,0,0-10.38-3.19,19.56,19.56,0,0,0-13.76,5.31q-5.76,5.31-8,14.49-1.15,4.73-1.16,21.64v42.21H357.59Z"/><path class="cls-1" d="M593.36,479H508.65q1.83,11.21,9.8,17.82t20.34,6.62a35.11,35.11,0,0,0,25.4-10.34l22.22,10.44a52.58,52.58,0,0,1-19.9,17.43q-11.6,5.66-27.53,5.65-24.74,0-40.28-15.6t-15.55-39.07q0-24,15.5-39.94t38.88-15.89q24.83,0,40.38,15.89t15.55,42ZM567,458.19a26.5,26.5,0,0,0-10.3-14.29,29.9,29.9,0,0,0-17.86-5.51,31.53,31.53,0,0,0-19.35,6.19q-5.22,3.85-9.67,13.61Z"/><path class="cls-1" d="M626.58,418.79h26.36v10.77q9-7.57,16.26-10.52a39.28,39.28,0,0,1,14.9-3A36.07,36.07,0,0,1,710.62,427q9.17,9.28,9.17,27.44v69.45H693.71v-46q0-18.83-1.69-25a17.08,17.08,0,0,0-5.88-9.41,16.48,16.48,0,0,0-10.36-3.23,19.41,19.41,0,0,0-13.73,5.35q-5.73,5.35-7.95,14.81-1.15,4.92-1.16,21.32v42.17H626.58Z"/><path class="cls-1" d="M760.34,380.05h26.37v38.74h15.65v22.69H786.71v82.4H760.34v-82.4H746.82V418.79h13.52Z"/><path class="cls-1" d="M838.62,375.51a16.14,16.14,0,0,1,11.89,5,16.68,16.68,0,0,1,5,12.17,16.45,16.45,0,0,1-4.91,12,15.92,15.92,0,0,1-11.75,5,16.17,16.17,0,0,1-12-5.08,16.93,16.93,0,0,1-5-12.31,16.8,16.8,0,0,1,16.76-16.81Z"/><rect class="cls-1" x="825.43" y="418.79" width="26.37" height="105.09"/><path class="cls-1" d="M887.82,378.22h26.37v83.89L953,418.79h33.12l-45.27,50.36,50.68,54.73H958.82l-44.63-48.44v48.44H887.82Z"/><rect class="cls-1" x="466.5" y="78.74" width="16.65" height="47.58"/><rect class="cls-1" x="509.81" y="76.74" width="16.65" height="37.21"/><path class="cls-1" d="M267.09,131.08a60.71,60.71,0,0,0-53.36,31.83H242c12.5-10.78,30.66-13.93,43.79,0h29.89C304,147.14,286.47,131.08,267.09,131.08Z"/><path class="cls-1" d="M307.42,191.62c-38.94,81.44-107.21,12-65.47-28.71H213.73c-22.16,38.61,8.46,90.67,53.36,89.49,34.72,0,63.39-51.54,63.39-60.66,0-4-5.6-16.34-14.85-28.83H285.74C295.65,171.9,304.29,185,307.42,191.62Zm1-2.37Z"/><path class="cls-1" d="M682.22,78.16v215a74.83,74.83,0,0,1-74.75,74.74H575.75V294.7H424.25v73.2H392.53a74.83,74.83,0,0,1-74.75-74.74V225.55H558V96.24H442v72.65H317.78V78.16a71.49,71.49,0,0,1,.51-8.58,73.9,73.9,0,0,1,1.84-10.07c.28-1.06.59-2.12.9-3.15a6.08,6.08,0,0,1,.25-.79c.17-.53.33-1,.5-1.53s.37-1,.56-1.54.42-1.15.64-1.71.48-1.11.7-1.67a76.7,76.7,0,0,1,6.79-12.61l.09-.11c.67-1,1.37-2,2.09-2.94.62-.81,1.23-1.59,1.85-2.37s1.48-1.76,2.24-2.6,1.48-1.65,2.26-2.43l.08-.09c.39-.44.81-.84,1.26-1.26a75.74,75.74,0,0,1,8.89-7.43c.84-.62,1.73-1.2,2.63-1.79s2-1.26,3-1.87c2-1.15,4-2.21,6-3.16.65-.31,1.32-.62,2-.89a69.57,69.57,0,0,1,8.75-3.16c1.15-.34,2.29-.65,3.47-.93.55-.14,1.11-.28,1.7-.39a76.61,76.61,0,0,1,10.12-1.48l1.48-.08c.25,0,.48,0,.73,0,1.11-.06,2.26-.08,3.41-.08H607.47c1.15,0,2.3,0,3.41.08.25,0,.48,0,.73,0l1.48.08a76.61,76.61,0,0,1,10.12,1.48c.59.11,1.15.25,1.7.39,1.18.28,2.32.59,3.47.93a69.57,69.57,0,0,1,8.75,3.16c.64.27,1.31.58,2,.89,2.06.95,4,2,6,3.16,1,.61,2,1.23,3,1.87s1.79,1.17,2.63,1.79A74.72,74.72,0,0,1,661,26.06c.78.78,1.54,1.59,2.26,2.43s1.51,1.73,2.24,2.6,1.23,1.56,1.85,2.37c.72,1,1.42,2,2.09,2.94l.09.11a76.7,76.7,0,0,1,6.79,12.61c.22.56.47,1.11.7,1.67s.42,1.12.64,1.71.39,1,.56,1.54.33,1,.5,1.53a6.08,6.08,0,0,1,.25.79c.31,1,.62,2.09.9,3.15a73.9,73.9,0,0,1,1.84,10.07A71.49,71.49,0,0,1,682.22,78.16Z"/><path class="cls-1" d="M669.52,36.51h-339a74.73,74.73,0,0,1,62-33.08h215A74.73,74.73,0,0,1,669.52,36.51Z"/><path class="cls-1" d="M681.74,69.59H318.26a73.92,73.92,0,0,1,12.22-33.08h339A73.92,73.92,0,0,1,681.74,69.59Z"/><path class="cls-1" d="M682.24,78.16v24.51H558V96.24H442v6.43H317.76V78.16a71.5,71.5,0,0,1,.5-8.58H681.74A71.5,71.5,0,0,1,682.24,78.16Z"/><rect class="cls-1" x="317.76" y="102.67" width="124.27" height="33.09"/><rect class="cls-1" x="557.97" y="102.67" width="124.27" height="33.09"/><rect class="cls-1" x="317.76" y="135.77" width="124.27" height="33.07"/><rect class="cls-1" x="557.97" y="135.77" width="124.27" height="33.07"/></svg>
diff --git a/packages/core/src/providers/42-school.ts b/packages/core/src/providers/42-school.ts
index 59ce0a63..76f0e519 100644
--- a/packages/core/src/providers/42-school.ts
+++ b/packages/core/src/providers/42-school.ts
@@ -1,13 +1,11 @@
 /**
- * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <div style={{backgroundColor: "#fff", display: "flex", justifyContent: "space-between", color: "#000", padding: 16}}>
  * <span>Built-in <b>42School</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://api.intra.42.fr//">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/42-school.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/42-school
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -167,9 +165,15 @@ export interface FortyTwoProfile extends UserData, Record<string, any> {
 /**
  * Add 42School login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/42-school
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import 42School from "@auth/core/providers/42-school"
  *
@@ -179,13 +183,13 @@ export interface FortyTwoProfile extends UserData, Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [42School OAuth documentation](https://api.intra.42.fr/apidoc/guides/web_application_flow)
  *
- * ## Notes
+ * ### Notes
+ *
  *
- * 
  * :::note
  * 42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
  * :::
diff --git a/packages/core/src/providers/apple.ts b/packages/core/src/providers/apple.ts
index ed71dcc7..9391cf4c 100644
--- a/packages/core/src/providers/apple.ts
+++ b/packages/core/src/providers/apple.ts
@@ -97,7 +97,14 @@ export interface AppleProfile extends Record<string, any> {
 }
 
 /**
- * ## Setup
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/apple
+ * ```
+ *
+ * #### Configuration
  *
  * Import the provider and configure it in your **Auth.js** initialization file:
  *
@@ -115,14 +122,14 @@ export interface AppleProfile extends Record<string, any> {
  * })
  * ```
  * 
- * ## Resources
+ * ### Resources
  * 
  * - Sign in with Apple [Overview](https://developer.apple.com/sign-in-with-apple/get-started/)
  * - Sign in with Apple [REST API](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api)
  * - [How to retrieve](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773) the user's information from Apple ID servers
  * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
 
- * ## Notes
+ * ### Notes
  * 
  * The Apple provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/apple.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
  *
diff --git a/packages/core/src/providers/asgardeo.ts b/packages/core/src/providers/asgardeo.ts
index 2acf5514..2b8fb4db 100644
--- a/packages/core/src/providers/asgardeo.ts
+++ b/packages/core/src/providers/asgardeo.ts
@@ -35,7 +35,14 @@ export interface AsgardeoProfile extends Record<string, any> {
 
 /**
  *
- * ## Setup
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/asgardeo
+ * ```
+ *
+ * #### Configuration
  *
  * Import the provider and configure it in your **Auth.js** initialization file:
  *
@@ -75,12 +82,12 @@ export interface AsgardeoProfile extends Record<string, any> {
  * ASGARDEO_ISSUER="Copy the issuer url from the info tab here"
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Asgardeo - Authentication Guide](https://wso2.com/asgardeo/docs/guides/authentication)
  * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
  *
- * ## Notes
+ * ### Notes
  *
  * The Asgardeo provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
  *
diff --git a/packages/core/src/providers/atlassian.ts b/packages/core/src/providers/atlassian.ts
index 38daa260..c3f4daef 100644
--- a/packages/core/src/providers/atlassian.ts
+++ b/packages/core/src/providers/atlassian.ts
@@ -33,7 +33,14 @@ export interface AtlassianProfile extends Record<string, any> {
 }
 
 /**
- * ## Setup
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/atlassian
+ * ```
+ *
+ * #### Configuration
  *
  * Import the provider and configure it in your **Auth.js** initialization file:
  *
@@ -51,11 +58,11 @@ export interface AtlassianProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Atlassian docs](https://developer.atlassian.com/server/jira/platform/oauth/)
  *
- * ## Notes
+ * ### Notes
  *
  * The Atlassian provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/atlassian.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
  *
diff --git a/packages/core/src/providers/auth0.ts b/packages/core/src/providers/auth0.ts
index cf0aa8ba..956ddca3 100644
--- a/packages/core/src/providers/auth0.ts
+++ b/packages/core/src/providers/auth0.ts
@@ -75,7 +75,14 @@ export interface Auth0Profile extends Record<string, any> {
 }
 
 /**
- * ## Setup
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/auth0
+ * ```
+ *
+ * #### Configuration
  *
  * Import the provider and configure it in your **Auth.js** initialization file:
  *
@@ -93,11 +100,11 @@ export interface Auth0Profile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Auth0 docs](https://auth0.com/docs/authenticate)
  *
- * ## Notes
+ * ### Notes
  *
  * The Auth0 provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
  *
diff --git a/packages/core/src/providers/authentik.ts b/packages/core/src/providers/authentik.ts
index 948c6a9c..767998bb 100644
--- a/packages/core/src/providers/authentik.ts
+++ b/packages/core/src/providers/authentik.ts
@@ -1,13 +1,11 @@
 /**
- * <div style={{backgroundColor: "#0072c6", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <div style={{backgroundColor: "#fd4b2d", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>Authentik</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://goauthentik.io/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/authentik.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/authentik
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -36,9 +34,15 @@ export interface AuthentikProfile extends Record<string, any> {
 /**
  * Add Authentik login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/authentik
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Authentik from "@auth/core/providers/authentik"
  *
@@ -47,16 +51,16 @@ export interface AuthentikProfile extends Record<string, any> {
  *   providers: [Authentik({ clientId: AUTHENTIK_CLIENT_ID, clientSecret: AUTHENTIK_CLIENT_SECRET, issuer: AUTHENTIK_ISSUER })],
  * })
  * ```
- * 
+ *
  * :::note
  * issuer should include the slug without a trailing slash – e.g., https://my-authentik-domain.com/application/o/My_Slug
  * :::
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Authentik OAuth documentation](https://goauthentik.io/docs/providers/oauth2)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Authentik provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/azure-ad-b2c.ts b/packages/core/src/providers/azure-ad-b2c.ts
index 3d341794..c817346d 100644
--- a/packages/core/src/providers/azure-ad-b2c.ts
+++ b/packages/core/src/providers/azure-ad-b2c.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/azure-ad-b2c
  */
 
@@ -60,7 +59,7 @@ export interface AzureADB2CProfile {
  *   - Identity Provider Access Token
  *   - User's Object ID
  *
- * ## Example
+ * @example
  *
  * ```ts
  * import { Auth } from "@auth/core"
@@ -75,13 +74,13 @@ export interface AzureADB2CProfile {
  *
  * ---
  *
- * ## Resources
+ * ### Resources
  *
  * - [Azure Active Directory B2C documentation](https://learn.microsoft.com/en-us/azure/active-directory-b2c)
  *
  * ---
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Azure AD B2C provider is
  * based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/azure-ad.ts b/packages/core/src/providers/azure-ad.ts
index 9e38d39c..6ac6bbde 100644
--- a/packages/core/src/providers/azure-ad.ts
+++ b/packages/core/src/providers/azure-ad.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/azure-ad
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface AzureADProfile extends Record<string, any> {
 /**
  * Add AzureAd login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/azure-ad
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import AzureAd from "@auth/core/providers/azure-ad"
  *
@@ -33,15 +38,15 @@ export interface AzureADProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [AzureAd OAuth documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow/)
  *  - [AzureAd OAuth apps](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app/)
  *
- * ## Example
- * 
+ * @example
+ *
  * ### To allow specific Active Directory users access:
- * 
+ *
  * - In https://portal.azure.com/ search for "Azure Active Directory", and select your organization.
  * - Next, go to "App Registration" in the left menu, and create a new one.
  * - Pay close attention to "Who can use this application or access this API?"
@@ -53,26 +58,26 @@ export interface AzureADProfile extends Record<string, any> {
  *   - Application (client) ID
  *   - Directory (tenant) ID
  *   - Client secret (value)
- * 
+ *
  * In `.env.local` create the following entries:
- * 
+ *
  * ```
  * AZURE_AD_CLIENT_ID=<copy Application (client) ID here>
  * AZURE_AD_CLIENT_SECRET=<copy generated client secret value here>
  * AZURE_AD_TENANT_ID=<copy the tenant id here>
  * ```
- * 
+ *
  * That will default the tenant to use the `common` authorization endpoint. [For more details see here](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
- * 
+ *
  * :::note
  * Azure AD returns the profile picture in an ArrayBuffer, instead of just a URL to the image, so our provider converts it to a base64 encoded image string and returns that instead. See: https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples. The default image size is 48x48 to avoid [running out of space](https://next-auth.js.org/faq#:~:text=What%20are%20the%20disadvantages%20of%20JSON%20Web%20Tokens%3F) in case the session is saved as a JWT.
  * :::
- * 
+ *
  * In `pages/api/auth/[...nextauth].js` find or add the `AzureAD` entries:
- * 
+ *
  * ```js
  * import AzureADProvider from "next-auth/providers/azure-ad";
- * 
+ *
  * ...
  * providers: [
  *   AzureADProvider({
@@ -82,10 +87,10 @@ export interface AzureADProfile extends Record<string, any> {
  *   }),
  * ]
  * ...
- * 
+ *
  * ```
- * 
- * ## Notes
+ *
+ * ### Notes
  *
  * By default, Auth.js assumes that the AzureAd provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/battlenet.ts b/packages/core/src/providers/battlenet.ts
index b06aa9fb..36712359 100644
--- a/packages/core/src/providers/battlenet.ts
+++ b/packages/core/src/providers/battlenet.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>Battle.net</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://Battle.net/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/battlenet.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/battlenet
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -25,9 +23,15 @@ export type BattleNetIssuer =
 /**
  * Add Battle.net login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/battlenet
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import BattleNet from "@auth/core/providers/battlenet"
  *
@@ -46,11 +50,11 @@ export type BattleNetIssuer =
  *   | "https://tw.battle.net/oauth"
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [BattleNet OAuth documentation](https://develop.battle.net/documentation/guides/using-oauth)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the BattleNet provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/beyondidentity.ts b/packages/core/src/providers/beyondidentity.ts
index b26b1859..8b39a377 100644
--- a/packages/core/src/providers/beyondidentity.ts
+++ b/packages/core/src/providers/beyondidentity.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/beyondidentity
  */
 
@@ -27,7 +26,7 @@ export interface BeyondIdentityProfile {
 /**
  * Add Beyond Identity login to your page.
  *
- * ## Example
+ * @example
  *
  * ```ts
  * import { Auth } from "@auth/core"
@@ -41,13 +40,13 @@ export interface BeyondIdentityProfile {
  *
  * ---
  *
- * ## Resources
+ * ### Resources
  *
  * - [Beyond Identity Developer Docs](https://developer.beyondidentity.com/)
  *
  * ---
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the BeyondIdentity provider is
  * based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/box.ts b/packages/core/src/providers/box.ts
index 490fa59d..d0e55721 100644
--- a/packages/core/src/providers/box.ts
+++ b/packages/core/src/providers/box.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>Box</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://box.com/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/box.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/box
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Box login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/box
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Box from "@auth/core/providers/box"
  *
@@ -27,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Box developers documentation](https://developer.box.com/reference/)
  *  - [Box OAuth documentation](https://developer.box.com/guides/sso-identities-and-app-users/connect-okta-to-app-users/configure-box/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Box provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -54,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Box(options: OAuthUserConfig<Record<string, any>>
+export default function Box(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "box",
diff --git a/packages/core/src/providers/boxyhq-saml.ts b/packages/core/src/providers/boxyhq-saml.ts
index 3bf0ca93..e53b8701 100644
--- a/packages/core/src/providers/boxyhq-saml.ts
+++ b/packages/core/src/providers/boxyhq-saml.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>BoxyHQ SAML</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://boxyhq.com/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/boxyhq-saml.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/boxyhq-saml
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -23,12 +21,18 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
  * Add BoxyHQ SAML login to your page.
  *
  * BoxyHQ SAML is an open source service that handles the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol.
- * 
- * You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
- * 
- * @example
  *
- * ```js
+ * You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/boxyhq-saml
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import BoxyHQ from "@auth/core/providers/boxyhq-saml"
  *
@@ -38,23 +42,23 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [BoxyHQ OAuth documentation](https://example.com)
  *
  * ## Configuration
- * 
+ *
  * SAML login requires a configuration for every tenant of yours. One common method is to use the domain for an email address to figure out which tenant they belong to. You can also use a unique tenant ID (string) from your backend for this, typically some kind of account or organization ID.
- * 
+ *
  * Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-config-api) for more details.
- * 
- * 
+ *
+ *
  * On the client side you'll need to pass additional parameters `tenant` and `product` to the `signIn` function. This will allow BoxyHQL SAML to figure out the right SAML configuration and take your user to the right SAML Identity Provider to sign them in.
- * 
+ *
  * ```tsx
  * import { signIn } from "next-auth/react";
  * ...
- * 
+ *
  *   // Map your users's email to a tenant and product
  *   const tenant = email.split("@")[1];
  *   const product = 'my_awesome_product';
@@ -62,12 +66,12 @@ export interface BoxyHQSAMLProfile extends Record<string, any> {
  *   <Button
  *     onClick={async (event) => {
  *       event.preventDefault();
- * 
+ *
  *       signIn("boxyhq-saml", {}, { tenant, product });
  *     }}>
  * ...
  * ```
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the BoxyHQ provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/bungie.ts b/packages/core/src/providers/bungie.ts
index 3a8295ce..50698f47 100644
--- a/packages/core/src/providers/bungie.ts
+++ b/packages/core/src/providers/bungie.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>Bungie</b> integration.</span>
- * TODO: SVG logo
  * <a href="https://bungie.net/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/bungie.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/bungie
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Bungie login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/bungie
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Bungie from "@auth/core/providers/bungie"
  *
@@ -27,22 +31,22 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Bungie OAuth documentation](https://github.com/Bungie-net/api/wiki/OAuth-Documentation)
  *
  * ## Configuration
- * 
+ *
  * :::tip
  * Bungie require all sites to run HTTPS (including local development instances).
  * :::
- * 
+ *
  * :::tip
  * Bungie doesn't allow you to use localhost as the website URL, instead you need to use https://127.0.0.1:3000
  * :::
- * 
+ *
  * Navigate to https://www.bungie.net/en/Application and fill in the required details:
- * 
+ *
  * - Application name
  * - Application Status
  * - Website
@@ -53,73 +57,73 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * - Scope
  *   - `Access items like your Bungie.net notifications, memberships, and recent Bungie.Net forum activity.`
  * - Origin Header
- * 
+ *
  * The following guide may be helpful:
- * 
+ *
  * - [How to setup localhost with HTTPS with a Next.js app](https://medium.com/@anMagpie/secure-your-local-development-server-with-https-next-js-81ac6b8b3d68)
- * 
- * ### Example server
- * 
+ *
+ * #@example server
+ *
  * You will need to edit your host file and point your site at `127.0.0.1`
- * 
+ *
  * [How to edit my host file?](https://phoenixnap.com/kb/how-to-edit-hosts-file-in-windows-mac-or-linux)
- * 
+ *
  * On Windows (Run Powershell as administrator)
- * 
+ *
  * ```ps
  * Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "127.0.0.1`tdev.example.com" -Force
  * ```
- * 
+ *
  * ```
  * 127.0.0.1 dev.example.com
  * ```
- * 
+ *
  * ### Create certificate
- * 
+ *
  * Creating a certificate for localhost is easy with openssl. Just put the following command in the terminal. The output will be two files: localhost.key and localhost.crt.
- * 
+ *
  * ```bash
  * openssl req -x509 -out localhost.crt -keyout localhost.key \
  *   -newkey rsa:2048 -nodes -sha256 \
  *   -subj "/CN=localhost" -extensions EXT -config <( \
  *    printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
  * ```
- * 
+ *
  * :::tip
  * **Windows**
- * 
+ *
  * The OpenSSL executable is distributed with [Git](https://git-scm.com/download/win]9) for Windows.
  * Once installed you will find the openssl.exe file in `C:/Program Files/Git/mingw64/bin` which you can add to the system PATH environment variable if it’s not already done.
- * 
+ *
  * Add environment variable `OPENSSL_CONF=C:/Program Files/Git/mingw64/ssl/openssl.cnf`
- * 
+ *
  * ```bash
  *  req -x509 -out localhost.crt -keyout localhost.key \
  *   -newkey rsa:2048 -nodes -sha256 \
  *   -subj "/CN=localhost"
  * ```
- * 
+ *
  * :::
- * 
+ *
  * Create directory `certificates` and place `localhost.key` and `localhost.crt`
- * 
+ *
  * You can create a `server.js` in the root of your project and run it with `node server.js` to test Sign in with Bungie integration locally:
- * 
+ *
  * ```js
  * const { createServer } = require("https")
  * const { parse } = require("url")
  * const next = require("next")
  * const fs = require("fs")
- * 
+ *
  * const dev = process.env.NODE_ENV !== "production"
  * const app = next({ dev })
  * const handle = app.getRequestHandler()
- * 
+ *
  * const httpsOptions = {
  *   key: fs.readFileSync("./certificates/localhost.key"),
  *   cert: fs.readFileSync("./certificates/localhost.crt"),
  * }
- * 
+ *
  * app.prepare().then(() => {
  *   createServer(httpsOptions, (req, res) => {
  *     const parsedUrl = parse(req.url, true)
@@ -130,9 +134,9 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *   })
  * })
  * ```
- * 
- * 
- * ## Notes
+ *
+ *
+ * ### Notes
  *
  * By default, Auth.js assumes that the Bungie provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -154,7 +158,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Bungie(options: OAuthUserConfig<Record<string, any>>
+export default function Bungie(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "bungie",
diff --git a/packages/core/src/providers/cognito.ts b/packages/core/src/providers/cognito.ts
index 8444f392..a6d7ce64 100644
--- a/packages/core/src/providers/cognito.ts
+++ b/packages/core/src/providers/cognito.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/cognito
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface CognitoProfile extends Record<string, any> {
 /**
  * Add Cognito login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/cognito
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Cognito from "@auth/core/providers/cognito"
  *
@@ -33,13 +38,13 @@ export interface CognitoProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Cognito OAuth documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html)
  *
- * ## Notes
+ * ### Notes
  * You need to select your AWS region to go the the Cognito dashboard.
- * 
+ *
  * :::tip
  * The issuer is a URL, that looks like this: https://cognito-idp.{region}.amazonaws.com/{PoolId}
  * :::
@@ -47,7 +52,7 @@ export interface CognitoProfile extends Record<string, any> {
  * :::warning
  * Make sure you select all the appropriate client settings or the OAuth flow will not work.
  * :::
- * 
+ *
  * By default, Auth.js assumes that the Cognito provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
  *
diff --git a/packages/core/src/providers/coinbase.ts b/packages/core/src/providers/coinbase.ts
index 778d7b13..aa7a2829 100644
--- a/packages/core/src/providers/coinbase.ts
+++ b/packages/core/src/providers/coinbase.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/coinbase
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Coinbase login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/coinbase
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Coinbase from "@auth/core/providers/coinbase"
  *
@@ -26,16 +31,16 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Coinbase OAuth documentation](https://developers.coinbase.com/api/v2)
  *
- * ## Notes
+ * ### Notes
  *
  * :::tip
  * This Provider template has a 2 hour access token to it. A refresh token is also returned.
  * :::
- * 
+ *
  * By default, Auth.js assumes that the Coinbase provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
@@ -56,7 +61,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Coinbase(options: OAuthUserConfig<Record<string, any>>
+export default function Coinbase(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "coinbase",
diff --git a/packages/core/src/providers/discord.ts b/packages/core/src/providers/discord.ts
index b36c9110..3e60db73 100644
--- a/packages/core/src/providers/discord.ts
+++ b/packages/core/src/providers/discord.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/discord
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -88,9 +87,15 @@ export interface DiscordProfile extends Record<string, any> {
 /**
  * Add Discord login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/discord
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Discord from "@auth/core/providers/discord"
  *
@@ -100,12 +105,12 @@ export interface DiscordProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Discord OAuth documentation](https://discord.com/developers/docs/topics/oauth2)
  *  - [Discord OAuth apps](https://discord.com/developers/applications)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Discord provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/dropbox.ts b/packages/core/src/providers/dropbox.ts
index eecc1ab8..8e88b2c4 100644
--- a/packages/core/src/providers/dropbox.ts
+++ b/packages/core/src/providers/dropbox.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/dropbox
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Dropbox login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/dropbox
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Dropbox from "@auth/core/providers/dropbox"
  *
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Dropbox OAuth documentation](https://developers.dropbox.com/oauth-guide)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Dropbox provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -52,7 +57,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Dropbox(options: OAuthUserConfig<Record<string, any>>
+export default function Dropbox(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "dropbox",
diff --git a/packages/core/src/providers/duende-identity-server6.ts b/packages/core/src/providers/duende-identity-server6.ts
index 4246674c..be0b0992 100644
--- a/packages/core/src/providers/duende-identity-server6.ts
+++ b/packages/core/src/providers/duende-identity-server6.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/duende-identity-server6
  */
 import type { OAuthConfig, OAuthUserConfig } from "./oauth.js"
@@ -21,9 +20,15 @@ export interface DuendeISUser extends Record<string, any> {
 /**
  * Add DuendeIdentityServer6 login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/duende-identity-server6
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import DuendeIdentityServer6 from "@auth/core/providers/duende-identity-server6"
  *
@@ -33,21 +38,21 @@ export interface DuendeISUser extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [DuendeIdentityServer6 documentation](https://docs.duendesoftware.com/identityserver/v6)
  *
- * ## Notes
+ * ### Notes
+ *
  *
- * 
  * ## Demo IdentityServer
- * 
+ *
  * The configuration below is for the demo server at https://demo.duendesoftware.com/
- * 
+ *
  * If you want to try it out, you can copy and paste the configuration below.
- * 
+ *
  * You can sign in to the demo service with either <b>bob/bob</b> or <b>alice/alice</b>.
- * 
+ *
  * ```js title=pages/api/auth/[...nextauth].js
  * import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
  * providers: [
diff --git a/packages/core/src/providers/eveonline.ts b/packages/core/src/providers/eveonline.ts
index a8309a9d..8f7276e2 100644
--- a/packages/core/src/providers/eveonline.ts
+++ b/packages/core/src/providers/eveonline.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/eveonline
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -24,9 +23,15 @@ export interface EVEOnlineProfile extends Record<string, any> {
 /**
  * Add EveOnline login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/eveonline
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import EveOnline from "@auth/core/providers/eveonline"
  *
@@ -36,16 +41,16 @@ export interface EVEOnlineProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [EveOnline OAuth documentation](https://developers.eveonline.com/blog/article/sso-to-authenticated-calls)
  *
- * ## Notes
+ * ### Notes
  *
  * :::tip
  * When creating your application, make sure to select `Authentication Only` as the connection type.
  * :::
- * 
+ *
  * :::tip
  * If using JWT for the session, you can add the `CharacterID` to the JWT token and session. Example:
  * ```js
diff --git a/packages/core/src/providers/facebook.ts b/packages/core/src/providers/facebook.ts
index cb7bef25..1811b84f 100644
--- a/packages/core/src/providers/facebook.ts
+++ b/packages/core/src/providers/facebook.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/facebook
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -26,9 +25,15 @@ export interface FacebookProfile extends Record<string, any> {
 /**
  * Add Facebook login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/facebook
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Facebook from "@auth/core/providers/facebook"
  *
@@ -38,20 +43,20 @@ export interface FacebookProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Facebook OAuth documentation](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/)
  *
- * ## Notes
+ * ### Notes
  *
- * :::tip 
- * Production applications cannot use localhost URLs to sign in with Facebook. You need to use a dedicated development application in Facebook to use localhost callback URLs. 
+ * :::tip
+ * Production applications cannot use localhost URLs to sign in with Facebook. You need to use a dedicated development application in Facebook to use localhost callback URLs.
  * :::
- * 
- * :::tip 
+ *
+ * :::tip
  * Email address may not be returned for accounts created on mobile.
  * :::
- * 
+ *
  * By default, Auth.js assumes that the Facebook provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
diff --git a/packages/core/src/providers/faceit.ts b/packages/core/src/providers/faceit.ts
index 573b3ac2..7bce6c12 100644
--- a/packages/core/src/providers/faceit.ts
+++ b/packages/core/src/providers/faceit.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/faceit
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add FACEIT login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/faceit
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import FACEIT from "@auth/core/providers/faceit"
  *
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [FACEIT OAuth documentation](https://cdn.faceit.com/third_party/docs/FACEIT_Connect_3.0.pdf)
  *
- * ## Notes
+ * ### Notes
  *
  * Grant type: Authorization Code
  * Scopes to have basic infos (email, nickname, guid and avatar) : openid, email, profile
@@ -54,7 +59,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function FACEIT(options: OAuthUserConfig<Record<string, any>>
+export default function FACEIT(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "faceit",
diff --git a/packages/core/src/providers/foursquare.ts b/packages/core/src/providers/foursquare.ts
index d7f4a8fa..6a034fb9 100644
--- a/packages/core/src/providers/foursquare.ts
+++ b/packages/core/src/providers/foursquare.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/foursquare
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add FourSquare login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/foursquare
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import FourSquare from "@auth/core/providers/foursquare"
  *
@@ -26,16 +31,16 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [FourSquare OAuth documentation](https://developer.foursquare.com/docs/places-api/authentication/#web-applications)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the FourSquare provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
- * 
- * :::warning 
+ *
+ * :::warning
  * Foursquare requires an additional apiVersion parameter in YYYYMMDD format, which essentially states "I'm prepared for API changes up to this date".
  * :::
  *
@@ -56,7 +61,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Foursquare(options: OAuthUserConfig<Record<string, any>> & { apiVersion?: string } 
+export default function Foursquare(
+  options: OAuthUserConfig<Record<string, any>> & { apiVersion?: string }
 ): OAuthConfig<Record<string, any>> {
   const { apiVersion = "20230131" } = options
   return {
diff --git a/packages/core/src/providers/freshbooks.ts b/packages/core/src/providers/freshbooks.ts
index 2d0eafe2..75dab908 100644
--- a/packages/core/src/providers/freshbooks.ts
+++ b/packages/core/src/providers/freshbooks.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/freshbooks
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add FreshBooks login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/freshbooks
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import FreshBooks from "@auth/core/providers/freshbooks"
  *
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [FreshBooks OAuth documentation](https://www.freshbooks.com/api/authenticating-with-oauth-2-0-on-the-new-freshbooks-api
 )
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the FreshBooks provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Freshbooks(options: OAuthUserConfig<Record<string, any>>
+export default function Freshbooks(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "freshbooks",
diff --git a/packages/core/src/providers/fusionauth.ts b/packages/core/src/providers/fusionauth.ts
index d14d2ed5..bdf610c1 100644
--- a/packages/core/src/providers/fusionauth.ts
+++ b/packages/core/src/providers/fusionauth.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/fushionauth
  */
 import type { OAuthConfig, OAuthUserConfig } from "./oauth.js"
@@ -35,9 +34,15 @@ export interface FusionAuthProfile extends Record<string, any> {
 /**
  * Add FusionAuth login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/fusionauth
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import FusionAuth from "@auth/core/providers/fusionauth"
  *
@@ -50,11 +55,11 @@ export interface FusionAuthProfile extends Record<string, any> {
  * If you're using multi-tenancy, you need to pass in the tenantId option to apply the proper theme.
  * :::
  *
- * ## Resources
+ * ### Resources
  *
  *  - [FusionAuth OAuth documentation](https://fusionauth.io/docs/v1/tech/oauth/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the FusionAuth provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -62,17 +67,17 @@ export interface FusionAuthProfile extends Record<string, any> {
  * ## Configuration
  * :::tip
  * An application can be created at https://your-fusionauth-server-url/admin/application.
- * 
+ *
  * For more information, follow the [FusionAuth 5-minute setup guide](https://fusionauth.io/docs/v1/tech/5-minute-setup-guide).
  * :::
- * 
+ *
  * In the OAuth settings for your application, configure the following.
- * 
+ *
  * - Redirect URL
  *   - https://localhost:3000/api/auth/callback/fusionauth
  * - Enabled grants
  *   - Make sure _Authorization Code_ is enabled.
- * 
+ *
  * If using JSON Web Tokens, you need to make sure the signing algorithm is RS256, you can create an RS256 key pair by
  * going to Settings, Key Master, generate RSA and choosing SHA-256 as algorithm. After that, go to the JWT settings of
  * your application and select this key as Access Token signing key and Id Token signing key.
diff --git a/packages/core/src/providers/github.ts b/packages/core/src/providers/github.ts
index f12d6b1c..c6820a08 100644
--- a/packages/core/src/providers/github.ts
+++ b/packages/core/src/providers/github.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/github
  */
 
@@ -71,8 +70,14 @@ export interface GitHubProfile {
 /**
  * Add GitHub login to your page and make requests to [GitHub APIs](https://docs.github.com/en/rest).
  *
- * ## Example
+ * ### Setup
  *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/github
+ * ```
+ *
+ * #### Configuration
  * ```ts
  * import { Auth } from "@auth/core"
  * import GitHub from "@auth/core/providers/github"
@@ -83,7 +88,7 @@ export interface GitHubProfile {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
  * - [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
@@ -91,7 +96,7 @@ export interface GitHubProfile {
  * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
  * - [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the GitHub provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -129,14 +134,20 @@ export default function GitHub(
       url: "https://api.github.com/user",
       async request({ tokens, provider }) {
         const profile = await fetch(provider.userinfo?.url as URL, {
-          headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
+          headers: {
+            Authorization: `Bearer ${tokens.access_token}`,
+            "User-Agent": "authjs",
+          },
         }).then(async (res) => await res.json())
 
         if (!profile.email) {
           // If the user does not have a public email, get another via the GitHub API
           // See https://docs.github.com/en/rest/users/emails#list-public-email-addresses-for-the-authenticated-user
           const res = await fetch("https://api.github.com/user/emails", {
-            headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
+            headers: {
+              Authorization: `Bearer ${tokens.access_token}`,
+              "User-Agent": "authjs",
+            },
           })
 
           if (res.ok) {
diff --git a/packages/core/src/providers/gitlab.ts b/packages/core/src/providers/gitlab.ts
index df8f85b8..9c5c2b88 100644
--- a/packages/core/src/providers/gitlab.ts
+++ b/packages/core/src/providers/gitlab.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/gitlab
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -59,9 +58,15 @@ export interface GitLabProfile extends Record<string, any> {
 /**
  * Add GitLab login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/gitlab
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import GitLab from "@auth/core/providers/gitlab"
  *
@@ -71,19 +76,19 @@ export interface GitLabProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [GitLab OAuth documentation](https://docs.gitlab.com/ee/api/oauth2.html)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the GitLab provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
- * :::tip 
+ * :::tip
  * Enable the `read_user` option in scope if you want to save the users email address on sign up.
  * :::
- * 
+ *
  * :::tip
  *
  * The GitLab provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/gitlab.ts).
diff --git a/packages/core/src/providers/google.ts b/packages/core/src/providers/google.ts
index 8dc35560..b06386a9 100644
--- a/packages/core/src/providers/google.ts
+++ b/packages/core/src/providers/google.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/google
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -32,9 +31,15 @@ export interface GoogleProfile extends Record<string, any> {
 /**
  * Add Google login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/google
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Google from "@auth/core/providers/google"
  *
@@ -44,32 +49,32 @@ export interface GoogleProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Google OAuth documentation](https://developers.google.com/identity/protocols/oauth2)
  *  - [Google OAuth Configuration](https://console.developers.google.com/apis/credentials)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Google provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
  *
- * 
+ *
  * The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path. For example;
- * 
+ *
  * - For production: `https://{YOUR_DOMAIN}/api/auth/callback/google`
  * - For development: `http://localhost:3000/api/auth/callback/google`
- * 
+ *
  * :::warning
  * Google only provides Refresh Token to an application the first time a user signs in.
- * 
+ *
  * To force Google to re-issue a Refresh Token, the user needs to remove the application from their account and sign in again:
  * https://myaccount.google.com/permissions
- * 
+ *
  * Alternatively, you can also pass options in the `params` object of `authorization` which will force the Refresh Token to always be provided on sign in, however this will ask all users to confirm if they wish to grant your application access every time they sign in.
- * 
+ *
  * If you need access to the RefreshToken or AccessToken for a Google account and you are not using a database to persist user accounts, this may be something you need to do.
- * 
+ *
  * ```js title="pages/api/auth/[...nextauth].js"
  * const options = {
  *   providers: [
@@ -87,14 +92,14 @@ export interface GoogleProfile extends Record<string, any> {
  *   ],
  * }
  * ```
- * 
+ *
  * :::
- * 
+ *
  * :::tip
  * Google also returns a `email_verified` boolean property in the OAuth profile.
- * 
+ *
  * You can use this property to restrict access to people with verified accounts at a particular domain.
- * 
+ *
  * ```js
  * const options = {
  *   ...
@@ -109,7 +114,7 @@ export interface GoogleProfile extends Record<string, any> {
  *   ...
  * }
  * ```
- * 
+ *
  * :::
  * :::tip
  *
diff --git a/packages/core/src/providers/hubspot.ts b/packages/core/src/providers/hubspot.ts
index 7f910574..5e16ce1a 100644
--- a/packages/core/src/providers/hubspot.ts
+++ b/packages/core/src/providers/hubspot.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/hubspot
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -22,9 +21,15 @@ interface HubSpotProfile extends Record<string, any> {
 /**
  * Add HubSpot login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/hubspot
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import HubSpot from "@auth/core/providers/hubspot"
  *
@@ -34,11 +39,11 @@ interface HubSpotProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [HubSpot OAuth documentation](https://developers.hubspot.com/docs/api/oauth-quickstart-guide)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the HubSpot provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/identity-server4.ts b/packages/core/src/providers/identity-server4.ts
index 1ca78782..4dba56db 100644
--- a/packages/core/src/providers/identity-server4.ts
+++ b/packages/core/src/providers/identity-server4.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>IdentityServer4</b> integration.</span>
- * TODO: SVG LOGO
  * <a href="https://identityserver4.readthedocs.io">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/identity-server4.svg" height="48" width="48"/>
  * </a>
  * </div>
  *
- * ---
  * @module providers/identity-server4
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add IdentityServer4 login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/identity-server4
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import IdentityServer4 from "@auth/core/providers/identity-server4"
  *
@@ -27,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [IdentityServer4 OAuth documentation](https://identityserver4.readthedocs.io/en/latest/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the IdentityServer4 provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
@@ -56,7 +60,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function IdentityServer4(options: OAuthUserConfig<Record<string, any>>
+export default function IdentityServer4(
+  options: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "identity-server4",
diff --git a/packages/core/src/providers/instagram.ts b/packages/core/src/providers/instagram.ts
index de3570e8..cc8ae3aa 100644
--- a/packages/core/src/providers/instagram.ts
+++ b/packages/core/src/providers/instagram.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/instagram
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Instagram login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/instagram
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Instagram from "@auth/core/providers/instagram"
  *
@@ -26,21 +31,21 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Instagram OAuth documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started)
  *  - [Instagram OAuth apps](https://developers.facebook.com/apps/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Instagram provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
- * 
+ *
  * :::warning
  * Email address is not returned by the Instagram API.
  * :::
- * 
+ *
  * :::tip
  * Instagram display app required callback URL to be configured in your Facebook app and Facebook required you to use **https** even for localhost! In order to do that, you either need to [add an SSL to your localhost](https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/) or use a proxy such as [ngrok](https://ngrok.com/docs).
  * :::
@@ -61,7 +66,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Instagram(config: OAuthUserConfig<Record<string, any>>
+export default function Instagram(
+  config: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "instagram",
diff --git a/packages/core/src/providers/kakao.ts b/packages/core/src/providers/kakao.ts
index ed51e13f..0be793b6 100644
--- a/packages/core/src/providers/kakao.ts
+++ b/packages/core/src/providers/kakao.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/kakao
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -81,9 +80,15 @@ export interface KakaoProfile extends Record<string, any> {
 /**
  * Add Kakao login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/kakao
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Kakao from "@auth/core/providers/kakao"
  *
@@ -93,15 +98,15 @@ export interface KakaoProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Kakao OAuth documentation](https://developers.kakao.com/product/kakaoLogin)
  *  - [Kakao OAuth configuration](https://developers.kakao.com/docs/latest/en/kakaologin/common)
- * 
+ *
  * ## Configuration
  * Create a provider and a Kakao application at https://developers.kakao.com/console/app. In the settings of the app under Kakao Login, activate web app, change consent items and configure callback URL.
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Kakao provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/keycloak.ts b/packages/core/src/providers/keycloak.ts
index 315be709..46e5d9ba 100644
--- a/packages/core/src/providers/keycloak.ts
+++ b/packages/core/src/providers/keycloak.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/keycloak
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -38,9 +37,15 @@ export interface KeycloakProfile extends Record<string, any> {
 /**
  * Add Keycloak login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/keycloak
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Keycloak from "@auth/core/providers/keycloak"
  *
@@ -50,22 +55,22 @@ export interface KeycloakProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Keycloak OIDC documentation](https://www.keycloak.org/docs/latest/server_admin/#_oidc_clients)
- * 
- * :::tip 
- * 
+ *
+ * :::tip
+ *
  * Create an openid-connect client in Keycloak with "confidential" as the "Access Type".
- * 
+ *
  * :::
- * 
+ *
  * :::note
- * 
+ *
  * issuer should include the realm – e.g. https://my-keycloak-domain.com/realms/My_Realm
- * 
+ *
  * :::
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Keycloak provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/line.ts b/packages/core/src/providers/line.ts
index 167d1924..5f60187a 100644
--- a/packages/core/src/providers/line.ts
+++ b/packages/core/src/providers/line.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/line
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -26,9 +25,15 @@ export interface LineProfile extends Record<string, any> {
 /**
  * Add LINE login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/line
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import LINE from "@auth/core/providers/line"
  *
@@ -38,15 +43,15 @@ export interface LineProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [LINE Login documentation](https://developers.line.biz/en/docs/line-login/integrate-line-login/)
  *  - [LINE app console](https://developers.line.biz/console/)
- * 
+ *
  * ## Configuration
  * Create a provider and a LINE login channel at https://developers.line.biz/console/. In the settings of the channel under LINE Login, activate web app and configure the following: Callback URL `http://localhost:3000/api/auth/callback/line`
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the LINE provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/linkedin.ts b/packages/core/src/providers/linkedin.ts
index bcd75cd7..30dc9f93 100644
--- a/packages/core/src/providers/linkedin.ts
+++ b/packages/core/src/providers/linkedin.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/linkedin
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -33,9 +32,15 @@ export interface LinkedInProfile extends Record<string, any> {
 /**
  * Add Linkedin login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/linkedin
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Linkedin from "@auth/core/providers/linkedin"
  *
@@ -45,12 +50,12 @@ export interface LinkedInProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Linkedin OAuth documentation](https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow)
  *  - [Linkedin app console](https://www.linkedin.com/developers/apps/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Linkedin provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/mailchimp.ts b/packages/core/src/providers/mailchimp.ts
index dc9dc319..ad72fa61 100644
--- a/packages/core/src/providers/mailchimp.ts
+++ b/packages/core/src/providers/mailchimp.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/mailchimp
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Mailchimp login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/mailchimp
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Mailchimp from "@auth/core/providers/mailchimp"
  *
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Mailchimp OAuth documentation](https://admin.mailchimp.com/account/oauth2/client/)
  *  - [Mailchimp documentation: Access user data](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Mailchimp provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Mailchimp(config: OAuthUserConfig<Record<string, any>>
+export default function Mailchimp(
+  config: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "mailchimp",
diff --git a/packages/core/src/providers/mailru.ts b/packages/core/src/providers/mailru.ts
index 871dd8ed..f52fb607 100644
--- a/packages/core/src/providers/mailru.ts
+++ b/packages/core/src/providers/mailru.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/mailru
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Mailru login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/mailru
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Mailru from "@auth/core/providers/mailru"
  *
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Mailru OAuth documentation](https://o2.mail.ru/docs)
  *  - [Mailru app console](https://o2.mail.ru/app/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Mailru provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -53,7 +58,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Mailru(config: OAuthUserConfig<Record<string, any>>
+export default function Mailru(
+  config: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "mailru",
diff --git a/packages/core/src/providers/mattermost.ts b/packages/core/src/providers/mattermost.ts
index 30200e4e..d7acc2a6 100644
--- a/packages/core/src/providers/mattermost.ts
+++ b/packages/core/src/providers/mattermost.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/mattermost
  */
 import type { OAuthConfig, OAuthUserConfig } from "./oauth"
@@ -70,9 +69,15 @@ export interface MattermostProfile {
 /**
  * Add Mattermost login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/mattermost
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Mattermost from "@auth/core/providers/mattermost"
  *
@@ -82,23 +87,23 @@ export interface MattermostProfile {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Mattermost OAuth documentation](https://example.com)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Mattermost provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
- * 
+ *
  * To create your Mattermost OAuth2 app visit `http://<your Mattermost instance url>/<your team>/integrations/oauth2-apps`
  *
  * :::warning
- * 
+ *
  * The Mattermost provider requires the `issuer` option to be set. This is the base url of your Mattermost instance. e.g https://my-cool-server.cloud.mattermost.com
- * 
+ *
  * :::
- * 
+ *
  * :::tip
  *
  * The Mattermost provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/mattermost.ts).
diff --git a/packages/core/src/providers/medium.ts b/packages/core/src/providers/medium.ts
index 62092510..8094d3a6 100644
--- a/packages/core/src/providers/medium.ts
+++ b/packages/core/src/providers/medium.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/medium
  */
 
@@ -15,9 +14,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Medium login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/medium
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Medium from "@auth/core/providers/medium"
  *
@@ -27,11 +32,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Medium OAuth documentation](https://example.com)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Medium provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -59,7 +64,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Medium(config: OAuthUserConfig<Record<string, any>>
+export default function Medium(
+  config: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "medium",
diff --git a/packages/core/src/providers/naver.ts b/packages/core/src/providers/naver.ts
index 155acb22..b5ac6d91 100644
--- a/packages/core/src/providers/naver.ts
+++ b/packages/core/src/providers/naver.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/naver
  */
 
@@ -33,9 +32,15 @@ export interface NaverProfile extends Record<string, any> {
 /**
  * Add Naver login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/naver
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Naver from "@auth/core/providers/naver"
  *
@@ -45,12 +50,12 @@ export interface NaverProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Naver OAuth documentation](https://developers.naver.com/docs/login/overview/overview.md)
  *  - [Naver OAuth documentation 2](https://developers.naver.com/docs/login/api/api.md)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Naver provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/netlify.ts b/packages/core/src/providers/netlify.ts
index 57294e72..8c67dfac 100644
--- a/packages/core/src/providers/netlify.ts
+++ b/packages/core/src/providers/netlify.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/netlify
  */
 
@@ -15,9 +14,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Netlify login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/netlify
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Netlify from "@auth/core/providers/netlify"
  *
@@ -27,12 +32,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Netlify OAuth blog](https://www.netlify.com/blog/2016/10/10/integrating-with-netlify-oauth2/)
  *  - [Netlify OAuth example](https://github.com/netlify/netlify-oauth-example/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Netlify provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
@@ -54,7 +59,8 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  *
  * :::
  */
-export default function Netlify(config: OAuthUserConfig<Record<string, any>>
+export default function Netlify(
+  config: OAuthUserConfig<Record<string, any>>
 ): OAuthConfig<Record<string, any>> {
   return {
     id: "netlify",
diff --git a/packages/core/src/providers/notion.ts b/packages/core/src/providers/notion.ts
index 4d97b65f..e6ba7b47 100644
--- a/packages/core/src/providers/notion.ts
+++ b/packages/core/src/providers/notion.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/notion
  */
 
@@ -60,7 +59,7 @@ const NOTION_API_VERSION = "2022-06-28"
 /**
  * Add Notion login to your page.
  *
- * ## Example
+ * @example
  *
  * ```ts
  * import { Auth } from "@auth/core"
@@ -74,15 +73,15 @@ const NOTION_API_VERSION = "2022-06-28"
  *
  * ---
  *
- * ## Resources
+ * ### Resources
  * - [Notion Docs](https://developers.notion.com/docs)
  * - [Notion Authorization Docs](https://developers.notion.com/docs/authorization)
  * - [Notion Integrations](https://www.notion.so/my-integrations)
  *
  * ---
  *
- * ## Notes
- * You need to select "Public Integration" on the configuration page to get an `oauth_id` and `oauth_secret`. Private integrations do not provide these details. 
+ * ### Notes
+ * You need to select "Public Integration" on the configuration page to get an `oauth_id` and `oauth_secret`. Private integrations do not provide these details.
  * You must provide a `clientId` and `clientSecret` to use this provider, as-well as a redirect URI (due to this being required by Notion endpoint to fetch tokens).
  *
  * :::tip
diff --git a/packages/core/src/providers/okta.ts b/packages/core/src/providers/okta.ts
index 2ab77390..3028e2d9 100644
--- a/packages/core/src/providers/okta.ts
+++ b/packages/core/src/providers/okta.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>Okta</b> integration.</span>
- * TODO: SVG LOGO
  * <a href="https://okta.com/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/okta.svg" height="48" />
  * </a>
  * </div>
  *
- * ---
  * @module providers/okta
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -49,9 +47,15 @@ export interface OktaProfile extends Record<string, any> {
 /**
  * Add Okta login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/okta
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Okta from "@auth/core/providers/okta"
  *
@@ -61,11 +65,11 @@ export interface OktaProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Okta OAuth documentation](https://developer.okta.com/docs/reference/api/oidc)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Okta provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/onelogin.ts b/packages/core/src/providers/onelogin.ts
index 5bd059d1..64699d21 100644
--- a/packages/core/src/providers/onelogin.ts
+++ b/packages/core/src/providers/onelogin.ts
@@ -1,13 +1,11 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>OneLogin</b> integration.</span>
- * TODO: SVG LOGO
  * <a href="https://onelogin.com/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/onelogin.svg" height="48" />
  * </a>
  * </div>
  *
- * ---
  * @module providers/onelogin
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -15,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add OneLogin login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/onelogin
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import OneLogin from "@auth/core/providers/onelogin"
  *
@@ -27,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [OneLogin OAuth documentation](https://example.com)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the OneLogin provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/osso.ts b/packages/core/src/providers/osso.ts
index 0bc0a868..d02bf6f0 100644
--- a/packages/core/src/providers/osso.ts
+++ b/packages/core/src/providers/osso.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/osso
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Osso login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/osso
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Osso from "@auth/core/providers/osso"
  *
@@ -26,7 +31,7 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  * Osso is an open source service that handles SAML authentication against Identity Providers, normalizes profiles, and makes those profiles available to you in an OAuth 2.0 code grant flow.
  * 
  * - If you don't yet have an Osso instance, you can use [Osso's Demo App](https://demo.ossoapp.com) for your testing purposes. For documentation on deploying an Osso instance, see https://ossoapp.com/docs/deploy/overview/
@@ -37,7 +42,7 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 
  * See Osso's complete configuration and testing documentation at https://ossoapp.com/docs/configure/overview
  * 
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Osso provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/osu.ts b/packages/core/src/providers/osu.ts
index 6c22cbb5..1e4bdd85 100644
--- a/packages/core/src/providers/osu.ts
+++ b/packages/core/src/providers/osu.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/osu
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -63,9 +62,15 @@ export interface OsuProfile extends OsuUserCompact, Record<string, any> {
 /**
  * Add Osu login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/osu
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Osu! from "@auth/core/providers/osu"
  *
@@ -75,12 +80,12 @@ export interface OsuProfile extends OsuUserCompact, Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Osu OAuth documentation](https://osu.ppy.sh/docs/index.html#authentication)
  *  - [Osu app console](https://osu.ppy.sh/home/account/edit#new-oauth-application)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Osu provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/patreon.ts b/packages/core/src/providers/patreon.ts
index c59248ae..837c71dc 100644
--- a/packages/core/src/providers/patreon.ts
+++ b/packages/core/src/providers/patreon.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/patreon
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface PatreonProfile extends Record<string, any> {
 /**
  * Add Patreon login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/patreon
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Patreon from "@auth/core/providers/patreon"
  *
@@ -33,13 +38,13 @@ export interface PatreonProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Patreon OAuth documentation](https://docs.patreon.com/#apiv2-oauth)
  *  - [Patreon Platform](https://www.patreon.com/portal/registration/register-clients)
  *  - [ApiV2 Scopes](https://docs.patreon.com/#scopes)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Patreon provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/pinterest.ts b/packages/core/src/providers/pinterest.ts
index 3471d75e..92670c30 100644
--- a/packages/core/src/providers/pinterest.ts
+++ b/packages/core/src/providers/pinterest.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/pinterest
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface PinterestProfile extends Record<string, any> {
 /**
  * Add Pinterest login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/pinterest
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Pinterest from "@auth/core/providers/pinterest"
  *
@@ -33,23 +38,23 @@ export interface PinterestProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Pinterest OAuth documentation](https://developers.pinterest.com/docs/getting-started/authentication/)
  *  - [Pinterest app console](https://developers.pinterest.com/apps/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Pinterest provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
- * 
+ *
  * :::tip
- * 
+ *
  * To use in production, make sure the app has standard API access and not trial access
- * 
+ *
  * :::
- * 
+ *
  * :::tip
  *
  * The Pinterest provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/pinterest.ts).
diff --git a/packages/core/src/providers/pipedrive.ts b/packages/core/src/providers/pipedrive.ts
index 0c4bd35f..1d9ac8b9 100644
--- a/packages/core/src/providers/pipedrive.ts
+++ b/packages/core/src/providers/pipedrive.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/pipedrive
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -49,9 +48,15 @@ export interface PipedriveProfile extends Record<string, any> {
 /**
  * Add Pipedrive login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/pipedrive
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Pipedrive from "@auth/core/providers/pipedrive"
  *
@@ -61,11 +66,11 @@ export interface PipedriveProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  *  - [Pipedrive OAuth documentation](https://pipedrive.readme.io/docs/marketplace-oauth-authorization)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Pipedrive provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/reddit.ts b/packages/core/src/providers/reddit.ts
index 72fd54b2..15d7e0e0 100644
--- a/packages/core/src/providers/reddit.ts
+++ b/packages/core/src/providers/reddit.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/reddit
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add Reddit login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/reddit
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Reddit from "@auth/core/providers/reddit"
  *
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Reddit API documentation](https://www.reddit.com/dev/api/)
  * - [Reddit app console](https://www.reddit.com/prefs/apps/ )
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Reddit provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/salesforce.ts b/packages/core/src/providers/salesforce.ts
index ec1fe419..ca6c336c 100644
--- a/packages/core/src/providers/salesforce.ts
+++ b/packages/core/src/providers/salesforce.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/saleforce
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface SalesforceProfile extends Record<string, any> {
 /**
  * Add SaleForce login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/saleforce
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import SaleForce from "@auth/core/providers/saleforce"
  *
@@ -33,11 +38,11 @@ export interface SalesforceProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [SaleForce OAuth documentation](https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=5)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the SaleForce provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/slack.ts b/packages/core/src/providers/slack.ts
index bb298718..4675c731 100644
--- a/packages/core/src/providers/slack.ts
+++ b/packages/core/src/providers/slack.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/slack
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -46,9 +45,15 @@ export interface SlackProfile extends Record<string, any> {
 /**
  * Add Slack login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/slack
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Slack from "@auth/core/providers/slack"
  *
@@ -58,19 +63,19 @@ export interface SlackProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Slack OAuth documentation](https://api.slack.com/authentication https://api.slack.com/docs/sign-in-with-slack)
  * - [Slack app console](https://api.slack.com/apps)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Slack provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
  *
  * :::danger
  *
- * Slack requires that the redirect URL of your app uses https, even for local development. 
+ * Slack requires that the redirect URL of your app uses https, even for local development.
  * An easy workaround for this is using a service like [ngrok](https://ngrok.com/) that creates a secure tunnel to your app, using https. Remember to set the url as `NEXTAUTH_URL` as well.
  *
  * :::
diff --git a/packages/core/src/providers/spotify.ts b/packages/core/src/providers/spotify.ts
index 5247506a..a90b55fa 100644
--- a/packages/core/src/providers/spotify.ts
+++ b/packages/core/src/providers/spotify.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/spotify
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -25,9 +24,15 @@ export interface SpotifyProfile extends Record<string, any> {
 /**
  * Add Spotify login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/spotify
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Spotify from "@auth/core/providers/spotify"
  *
@@ -37,12 +42,12 @@ export interface SpotifyProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Spotify OAuth documentation](https://developer.spotify.com/documentation/general/guides/authorization-guide)
  * - [Spotify app console](https://developer.spotify.com/dashboard/applications)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Spotify provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/strava.ts b/packages/core/src/providers/strava.ts
index f7e07c00..a67ee7df 100644
--- a/packages/core/src/providers/strava.ts
+++ b/packages/core/src/providers/strava.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/strava
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface StravaProfile extends Record<string, any> {
 /**
  * Add Strava login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/strava
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Strava from "@auth/core/providers/strava"
  *
@@ -33,11 +38,11 @@ export interface StravaProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Strava API documentation](http://developers.strava.com/docs/reference/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Strava provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/todoist.ts b/packages/core/src/providers/todoist.ts
index 22c7d3ac..d21251f4 100644
--- a/packages/core/src/providers/todoist.ts
+++ b/packages/core/src/providers/todoist.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/todoist
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -24,9 +23,15 @@ interface TodoistProfile extends Record<string, any> {
 /**
  * Add Todoist login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/todoist
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Todoist from "@auth/core/providers/todoist"
  *
@@ -36,12 +41,12 @@ interface TodoistProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Todoist OAuth documentation](https://developer.todoist.com/guides/#oauth)
  * - [Todoist configuration](https://developer.todoist.com/appconsole.html)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Todoist provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/trakt.ts b/packages/core/src/providers/trakt.ts
index 67e585da..c4bd7b83 100644
--- a/packages/core/src/providers/trakt.ts
+++ b/packages/core/src/providers/trakt.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/trakt
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -29,9 +28,15 @@ export interface TraktUser extends Record<string, any> {
 /**
  * Add Trakt login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/trakt
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Trakt from "@auth/core/providers/trakt"
  *
@@ -41,15 +46,15 @@ export interface TraktUser extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Trakt OAuth documentation](https://trakt.docs.apiary.io/#reference/authentication-oauth)
- * 
+ *
  * If you're using the api in production by calling `api.trakt.tv`. Follow the example. If you wish to develop on Trakt's sandbox environment by calling `api-staging.trakt.tv`, change the URLs.
- * 
+ *
  * Start by creating an OAuth app on Trakt for production or development. Then set the Client ID and Client Secret as TRAKT_ID and TRAKT_SECRET in .env.
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Trakt provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/twitch.ts b/packages/core/src/providers/twitch.ts
index af435ec4..46972671 100644
--- a/packages/core/src/providers/twitch.ts
+++ b/packages/core/src/providers/twitch.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/twitch
  */
 import type { OIDCConfig, OIDCUserConfig } from "./index.js"
@@ -21,9 +20,15 @@ export interface TwitchProfile extends Record<string, any> {
 /**
  * Add Twitch login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/twitch
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Twitch from "@auth/core/providers/twitch"
  *
@@ -33,14 +38,14 @@ export interface TwitchProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Twitch app documentation](https://dev.twitch.tv/console/apps)
- * 
- * Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/twitch`
- * 
  *
- * ## Notes
+ * Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/twitch`
+ *
+ *
+ * ### Notes
  *
  * By default, Auth.js assumes that the Twitch provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/twitter.ts b/packages/core/src/providers/twitter.ts
index 2fe769ec..c3061380 100644
--- a/packages/core/src/providers/twitter.ts
+++ b/packages/core/src/providers/twitter.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/twitter
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -105,9 +104,15 @@ export interface TwitterProfile {
 /**
  * Add Twitter login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/twitter
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Twitter from "@auth/core/providers/twitter"
  *
@@ -117,7 +122,7 @@ export interface TwitterProfile {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Twitter App documentation](https://developer.twitter.com/en/apps)
  *
@@ -131,19 +136,19 @@ export interface TwitterProfile {
  * })
  * ```
  * Keep in mind that although this change is easy, it changes how and with which of Twitter APIs you can interact with. Read the official Twitter OAuth 2 documentation for more details.
- * 
- * 
+ *
+ *
  * :::note
- * 
- * Email is currently not supported by Twitter OAuth 2.0. 
+ *
+ * Email is currently not supported by Twitter OAuth 2.0.
  *
  * :::
- * 
- * ## Notes
  *
- * Twitter is currently the only built-in provider using the OAuth 1.0 spec. 
+ * ### Notes
+ *
+ * Twitter is currently the only built-in provider using the OAuth 1.0 spec.
  * This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
- * 
+ *
  * :::tip
  *
  * You must enable the "Request email address from users" option in your app permissions if you want to obtain the users email address.
diff --git a/packages/core/src/providers/united-effects.ts b/packages/core/src/providers/united-effects.ts
index 8e74c554..f8338aac 100644
--- a/packages/core/src/providers/united-effects.ts
+++ b/packages/core/src/providers/united-effects.ts
@@ -1,15 +1,13 @@
 /**
  * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
  * <span>Built-in <b>United Effects</b> integration.</span>
- * TODO: SVG LOGO
  * <a href="https://www.unitedeffects.com/">
  *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/united-effects.svg" height="48" />
  * </a>
  * </div>
-*
-* ---
-* @module providers/united-effects
-*/
+ *
+ * @module providers/united-effects
+ */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 export interface UnitedEffectsProfile extends Record<string, any> {
   sub: string
@@ -18,9 +16,15 @@ export interface UnitedEffectsProfile extends Record<string, any> {
 /**
  * Add United Effects login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/united-effects
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import UnitedEffects from "@auth/core/providers/united-effects"
  *
@@ -30,11 +34,11 @@ export interface UnitedEffectsProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [UnitedEffects Auth.js documentation](https://docs.unitedeffects.com/integrations/nextauthjs)",
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the UnitedEffects provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
diff --git a/packages/core/src/providers/vk.ts b/packages/core/src/providers/vk.ts
index ffab573d..9330c82e 100644
--- a/packages/core/src/providers/vk.ts
+++ b/packages/core/src/providers/vk.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/vk
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -295,9 +294,15 @@ export interface VkProfile {
 /**
  * Add VK login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/vk
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import VK from "@auth/core/providers/vk"
  *
@@ -307,12 +312,12 @@ export interface VkProfile {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [VK API documentation](https://vk.com/dev/first_guide)
  * - [VK App configuration](https://vk.com/apps?act=manage)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the VK provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/wikimedia.ts b/packages/core/src/providers/wikimedia.ts
index f1c8bf32..3f4d8db2 100644
--- a/packages/core/src/providers/wikimedia.ts
+++ b/packages/core/src/providers/wikimedia.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/wikimedia
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -164,13 +163,18 @@ export interface WikimediaProfile extends Record<string, any> {
   email: string
 }
 
-
 /**
  * Add Wikimedia login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wikimedia
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Wikimedia from "@auth/core/providers/wikimedia"
  *
@@ -180,30 +184,30 @@ export interface WikimediaProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Wikimedia OAuth documentation](https://www.mediawiki.org/wiki/Extension:OAuth)
  *
  * ## Configuration steps
  * - Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
- * - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 
+ * - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
  *   - Add the following redirect URL into the console: `http://<your-next-app-url>/api/auth/callback/wikimedia`
- *   - Do not check the box next to This consumer is only for __your username__ 
+ *   - Do not check the box next to This consumer is only for __your username__
  *   - Unless you explicitly need a larger scope, feel free to select the radio button labelled User identity verification only - no ability to read pages or act on the users behalf.
- * 
+ *
  * After registration, you can initially test your application only with your own Wikimedia account.
  * You may have to wait several days for the application to be approved for it to be used by everyone.
  *
- * ## Notes
+ * ### Notes
  * This provider also supports all Wikimedia projects:
  * - Wikipedia
  * - Wikidata
  * - Wikibooks
  * - Wiktionary
  * - etc..
- * 
+ *
  * Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.
- * 
+ *
  * By default, Auth.js assumes that the Wikimedia provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
  *
diff --git a/packages/core/src/providers/wordpress.ts b/packages/core/src/providers/wordpress.ts
index 2979732c..21cffb3d 100644
--- a/packages/core/src/providers/wordpress.ts
+++ b/packages/core/src/providers/wordpress.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/wordpress
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add WordPress login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wordpress
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import WordPress from "@auth/core/providers/wordpress"
  *
@@ -26,11 +31,11 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [WordPress OAuth documentation](https://developer.wordpress.com/docs/oauth2/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the WordPress provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/workos.ts b/packages/core/src/providers/workos.ts
index f0f5347e..3c713416 100644
--- a/packages/core/src/providers/workos.ts
+++ b/packages/core/src/providers/workos.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/workos
  */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"
@@ -35,9 +34,15 @@ export interface WorkOSProfile extends Record<string, any> {
 /**
  * Add WorkOS login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/workos
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import WorkOS from "@auth/core/providers/workos"
  *
@@ -47,19 +52,19 @@ export interface WorkOSProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [WorkOS SSO OAuth documentation](https://workos.com/docs/reference/sso)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the WorkOS provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
- * 
- * WorkOS is not an identity provider itself, but, rather, a bridge to multiple single sign-on (SSO) providers. 
+ *
+ * WorkOS is not an identity provider itself, but, rather, a bridge to multiple single sign-on (SSO) providers.
  * As a result, we need to make some additional changes to authenticate users using WorkOS.
- * 
- * In order to sign a user in using WorkOS, we need to specify which WorkOS Connection to use. 
+ *
+ * In order to sign a user in using WorkOS, we need to specify which WorkOS Connection to use.
  * A common way to do this is to collect the user's email address and extract the domain. This can be done using a custom login page.
  * To add a custom login page, you can use the `pages` option:
  * ```js title="pages/api/auth/[...nextauth].js"
@@ -67,15 +72,15 @@ export interface WorkOSProfile extends Record<string, any> {
  *   signIn: "/auth/signin",
  * }
  * ```
- * We can then add a custom login page that displays an input where the user can enter their email address. 
+ * We can then add a custom login page that displays an input where the user can enter their email address.
  * We then extract the domain from the user's email address and pass it to the `authorizationParams` parameter on the `signIn` function:
  * ```js title="pages/auth/signin.js"
  * import { useState } from "react"
  * import { getProviders, signIn } from "next-auth/react"
- * 
+ *
  * export default function SignIn({ providers }) {
  *   const [email, setEmail] = useState("")
- * 
+ *
  *   return (
  *     <>
  *       {Object.values(providers).map((provider) => {
@@ -100,7 +105,7 @@ export interface WorkOSProfile extends Record<string, any> {
  *             </div>
  *           )
  *         }
- * 
+ *
  *         return (
  *           <div key={provider.id}>
  *             <button onClick={() => signIn(provider.id)}>
@@ -112,7 +117,7 @@ export interface WorkOSProfile extends Record<string, any> {
  *     </>
  *   )
  * }
- * 
+ *
  * export async function getServerSideProps(context) {
  *   const providers = await getProviders()
  *   return {
@@ -120,7 +125,7 @@ export interface WorkOSProfile extends Record<string, any> {
  *   }
  * }
  * ```
- * 
+ *
  * :::tip
  *
  * The WorkOS provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/workos.ts).
diff --git a/packages/core/src/providers/yandex.ts b/packages/core/src/providers/yandex.ts
index 215394de..f5f544db 100644
--- a/packages/core/src/providers/yandex.ts
+++ b/packages/core/src/providers/yandex.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/yandex
  */
 
@@ -45,7 +44,7 @@ export interface YandexProfile {
    * ID of the Yandex user's profile picture.
    * Format for downloading user avatars: `https://avatars.yandex.net/get-yapic/<default_avatar_id>/<size>`
    * @example "https://avatars.yandex.net/get-yapic/31804/BYkogAC6AoB17bN1HKRFAyKiM4-1/islands-200"
-   * Available sizes: 
+   * Available sizes:
    * `islands-small`: 28×28 pixels.
    * `islands-34`: 34×34 pixels.
    * `islands-middle`: 42×42 pixels.
@@ -99,7 +98,7 @@ export interface YandexProfile {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Yandex - Creating an OAuth app](https://yandex.com/dev/id/doc/en/register-client#create)
  * - [Yandex - Manage OAuth apps](https://oauth.yandex.com/)
diff --git a/packages/core/src/providers/zitadel.ts b/packages/core/src/providers/zitadel.ts
index 94af1c03..2f8536f3 100644
--- a/packages/core/src/providers/zitadel.ts
+++ b/packages/core/src/providers/zitadel.ts
@@ -6,14 +6,13 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/zitadel
  */
 
 import type { OIDCConfig, OAuthUserConfig } from "./index.js"
 
 /**
- * The returned user profile from ZITADEL when using the profile callback. See the standard claims reference [here](https://zitadel.com/docs/apis/openidoauth/claims#standard-claims). 
+ * The returned user profile from ZITADEL when using the profile callback. See the standard claims reference [here](https://zitadel.com/docs/apis/openidoauth/claims#standard-claims).
  * If you need access to ZITADEL APIs or need additional information, make sure to add the corresponding scopes.
  */
 export interface ZitadelProfile extends Record<string, any> {
@@ -43,9 +42,15 @@ export interface ZitadelProfile extends Record<string, any> {
 /**
  * Add ZITADEL login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/zitadel
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import ZITADEL from "@auth/core/providers/zitadel"
  *
@@ -55,19 +60,19 @@ export interface ZitadelProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  * - [ZITADEL OpenID Endpoints](https://zitadel.com/docs/apis/openidoauth/endpoints)
  * - [ZITADEL recommended OAuth Flows](https://docs.zitadel.com/docs/guides/integrate/oauth-recommended-flows)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the ZITADEL provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
- * 
+ *
  * The Redirect URIs used when creating the credentials must include your full domain and end in the callback path. For example:
  * - For production: `https://{YOUR_DOMAIN}/api/auth/callback/zitadel`
  * - For development: `http://localhost:3000/api/auth/callback/zitadel`
- * 
+ *
  * Make sure to enable dev mode in ZITADEL console to allow redirects for local development.
  *
  * :::tip
diff --git a/packages/core/src/providers/zoho.ts b/packages/core/src/providers/zoho.ts
index 09c95148..18accca9 100644
--- a/packages/core/src/providers/zoho.ts
+++ b/packages/core/src/providers/zoho.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/zoho
  */
 
@@ -14,9 +13,15 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
 /**
  * Add ZOHO login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/zoho
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import ZOHO from "@auth/core/providers/zoho"
  *
@@ -26,12 +31,12 @@ import type { OAuthConfig, OAuthUserConfig } from "./index.js"
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Zoho OAuth 2.0 Integration Guide](https://www.zoho.com/accounts/protocol/oauth/web-server-applications.html)
  * - [Zoho API Console](https://api-console.zoho.com)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the ZOHO provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
diff --git a/packages/core/src/providers/zoom.ts b/packages/core/src/providers/zoom.ts
index 46f4336e..57ecdbae 100644
--- a/packages/core/src/providers/zoom.ts
+++ b/packages/core/src/providers/zoom.ts
@@ -6,7 +6,6 @@
  * </a>
  * </div>
  *
- * ---
  * @module providers/zoom
  */
 
@@ -47,9 +46,15 @@ export interface ZoomProfile extends Record<string, any> {
 /**
  * Add Zoom login to your page.
  *
- * @example
+ * ### Setup
  *
- * ```js
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/zoom
+ * ```
+ *
+ * #### Configuration
+ *```js
  * import Auth from "@auth/core"
  * import Zoom from "@auth/core/providers/zoom"
  *
@@ -59,11 +64,11 @@ export interface ZoomProfile extends Record<string, any> {
  * })
  * ```
  *
- * ## Resources
+ * ### Resources
  *
  * - [Zoom OAuth 2.0 Integration Guide](https://developers.zoom.us/docs/integrations/oauth/)
  *
- * ## Notes
+ * ### Notes
  *
  * By default, Auth.js assumes that the Zoom provider is
  * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.

From 2313ef63e0adfd476300016aa6b6161cb763620a Mon Sep 17 00:00:00 2001
From: Dawid Weltrowski-Knopik <32630534+Kukiezi@users.noreply.github.com>
Date: Fri, 28 Apr 2023 16:54:48 +0200
Subject: [PATCH 2/9] fix(adapters): allow `neo4j-driver@5` as a peer
 dependency  (#7392)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* upgrade neo4j-driver

* Correcting depdendency to also allow for ^4.0.0 and pnpm install

---------

Co-authored-by: Balázs Orbán <info@balazsorban.com>
---
 packages/adapter-neo4j/package.json |   6 +-
 pnpm-lock.yaml                      | 104 ++++++----------------------
 2 files changed, 24 insertions(+), 86 deletions(-)

diff --git a/packages/adapter-neo4j/package.json b/packages/adapter-neo4j/package.json
index 531ad58d..17c18943 100644
--- a/packages/adapter-neo4j/package.json
+++ b/packages/adapter-neo4j/package.json
@@ -33,7 +33,7 @@
     "dist"
   ],
   "peerDependencies": {
-    "neo4j-driver": "^4.0.0",
+    "neo4j-driver": "^4.0.0 || ^5.7.0",
     "next-auth": "^4"
   },
   "devDependencies": {
@@ -41,7 +41,7 @@
     "@next-auth/tsconfig": "workspace:*",
     "@types/uuid": "^8.3.3",
     "jest": "^27.4.3",
-    "neo4j-driver": "^4.4.0",
+    "neo4j-driver": "^5.7.0",
     "next-auth": "workspace:*"
   },
   "dependencies": {
@@ -50,4 +50,4 @@
   "jest": {
     "preset": "@next-auth/adapter-test/jest"
   }
-}
+}
\ No newline at end of file
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 63842af3..04f7b783 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -102,57 +102,6 @@ importers:
       sqlite3: 5.0.8
       typeorm: 0.3.7_pg@8.7.3+sqlite3@5.0.8
 
-  apps/dev/nextjs-2:
-    specifiers:
-      '@auth/core': workspace:*
-      '@next-auth/fauna-adapter': workspace:*
-      '@next-auth/prisma-adapter': workspace:*
-      '@next-auth/supabase-adapter': workspace:*
-      '@next-auth/typeorm-legacy-adapter': workspace:*
-      '@playwright/test': 1.29.2
-      '@prisma/client': ^3
-      '@supabase/supabase-js': ^2.0.5
-      '@types/jsonwebtoken': ^8.5.5
-      '@types/react': 18.0.37
-      '@types/react-dom': ^18.0.6
-      dotenv: ^16.0.3
-      fake-smtp-server: ^0.8.0
-      faunadb: ^4
-      next: 13.3.0
-      next-auth: workspace:*
-      nodemailer: ^6
-      pg: ^8.7.3
-      prisma: ^3
-      react: ^18
-      react-dom: ^18
-      sqlite3: ^5.0.8
-      typeorm: 0.3.7
-    dependencies:
-      '@auth/core': link:../../../packages/core
-      '@next-auth/fauna-adapter': link:../../../packages/adapter-fauna
-      '@next-auth/prisma-adapter': link:../../../packages/adapter-prisma
-      '@next-auth/supabase-adapter': link:../../../packages/adapter-supabase
-      '@next-auth/typeorm-legacy-adapter': link:../../../packages/adapter-typeorm-legacy
-      '@prisma/client': 3.15.2_prisma@3.15.2
-      '@supabase/supabase-js': 2.0.5
-      faunadb: 4.6.0
-      next: 13.3.0_biqbaboplfbrettd7655fr4n2y
-      next-auth: link:../../../packages/next-auth
-      nodemailer: 6.8.0
-      react: 18.2.0
-      react-dom: 18.2.0_react@18.2.0
-    devDependencies:
-      '@playwright/test': 1.29.2
-      '@types/jsonwebtoken': 8.5.9
-      '@types/react': 18.0.37
-      '@types/react-dom': 18.0.6
-      dotenv: 16.0.3
-      fake-smtp-server: 0.8.0
-      pg: 8.7.3
-      prisma: 3.15.2
-      sqlite3: 5.0.8
-      typeorm: 0.3.7_pg@8.7.3+sqlite3@5.0.8
-
   apps/dev/nextjs-v4:
     specifiers:
       '@next-auth/fauna-adapter': workspace:*
@@ -421,7 +370,7 @@ importers:
       '@next-auth/tsconfig': workspace:*
       '@types/uuid': ^8.3.3
       jest: ^27.4.3
-      neo4j-driver: ^4.4.0
+      neo4j-driver: ^5.7.0
       next-auth: workspace:*
       uuid: ^8.3.2
     dependencies:
@@ -431,7 +380,7 @@ importers:
       '@next-auth/tsconfig': link:../tsconfig
       '@types/uuid': 8.3.4
       jest: 27.5.1
-      neo4j-driver: 4.4.6
+      neo4j-driver: 5.7.0
       next-auth: link:../next-auth
 
   packages/adapter-pouchdb:
@@ -5181,13 +5130,6 @@ packages:
       regenerator-runtime: 0.13.11
     dev: true
 
-  /@babel/runtime/7.18.3:
-    resolution: {integrity: sha512-38Y8f7YUhce/K7RMwTp7m0uCumpv9hZkitCbBClqQIow1qSbCvGkcegKOXpEWCQLfWmevgRiWokZ1GkpfhbZug==}
-    engines: {node: '>=6.9.0'}
-    dependencies:
-      regenerator-runtime: 0.13.9
-    dev: true
-
   /@babel/runtime/7.20.13:
     resolution: {integrity: sha512-gt3PKXs0DBoL9xCvOIIZ2NEqAGZqHjAnmVbfQtB620V0uReIQutpel14KcneZuer7UioY8ALKZ7iocavvzTNFA==}
     engines: {node: '>=6.9.0'}
@@ -12212,7 +12154,7 @@ packages:
   /axios/0.21.4_debug@4.3.4:
     resolution: {integrity: sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==}
     dependencies:
-      follow-redirects: 1.15.1
+      follow-redirects: 1.15.1_debug@4.3.4
     transitivePeerDependencies:
       - debug
 
@@ -17946,6 +17888,7 @@ packages:
     peerDependenciesMeta:
       debug:
         optional: true
+    dev: true
 
   /follow-redirects/1.15.1_debug@4.3.4:
     resolution: {integrity: sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==}
@@ -17957,7 +17900,6 @@ packages:
         optional: true
     dependencies:
       debug: 4.3.4
-    dev: true
 
   /for-each/0.3.3:
     resolution: {integrity: sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==}
@@ -19985,7 +19927,7 @@ packages:
       mute-stream: 0.0.8
       ora: 5.4.1
       run-async: 2.4.1
-      rxjs: 7.6.0
+      rxjs: 7.8.1
       string-width: 4.2.3
       strip-ansi: 6.0.1
       through: 2.3.8
@@ -20006,7 +19948,7 @@ packages:
       mute-stream: 0.0.8
       ora: 6.1.2
       run-async: 2.4.1
-      rxjs: 7.6.0
+      rxjs: 7.8.1
       string-width: 5.1.2
       strip-ansi: 7.0.1
       through: 2.3.8
@@ -24574,25 +24516,24 @@ packages:
   /neo-async/2.6.2:
     resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==}
 
-  /neo4j-driver-bolt-connection/4.4.6:
-    resolution: {integrity: sha512-ZjYVwHk8oMeRtBf4j/1CmA/7t88OHl7WOiZtFnbdU3LHkfnhtrovLk7sU1zGK60f6AmaQrA9lAh1rpxwDfri5Q==}
+  /neo4j-driver-bolt-connection/5.7.0:
+    resolution: {integrity: sha512-TMXNJuwEEYBqzyKsiyfF2DDaG/eV13y86nhxbXICcq9/1/j36OJx2zEuhzk1XstLYFD0WioSJZ3khV1+3aVRkw==}
     dependencies:
       buffer: 6.0.3
-      neo4j-driver-core: 4.4.6
+      neo4j-driver-core: 5.7.0
       string_decoder: 1.3.0
     dev: true
 
-  /neo4j-driver-core/4.4.6:
-    resolution: {integrity: sha512-8Pc5lLeWwrxjrEGyJm8QASfguKK90i4YxB4Unz1FWV1z3xRq2xFtLhNl6PSa5Kx1VtKS5dhiwHlJArBJJEQjZA==}
+  /neo4j-driver-core/5.7.0:
+    resolution: {integrity: sha512-q/mP1oDtt562+8uSMZZJJ8k8MNGeghTegzmmDCo9v4LDxuq+wkaKQ3tHm92o1xemuko+uyqlX8lU/844rX3T4A==}
     dev: true
 
-  /neo4j-driver/4.4.6:
-    resolution: {integrity: sha512-KzTEQ/PYuaVkeEuQmr8jZm0cFLlK/zAAMe3IkhxWj56Tgwn2nT2RASPrqwvyEVfk8jg6xS4U1Fx2VABmkO4cdQ==}
+  /neo4j-driver/5.7.0:
+    resolution: {integrity: sha512-Le5lgMERk0nIHPHQa18DRifrzXpPYkJEr9Sz/bxPQ8gbWFqTTL292LtJ/qM8RjByaRH2C923dKk2Ni8b0mzLNQ==}
     dependencies:
-      '@babel/runtime': 7.18.3
-      neo4j-driver-bolt-connection: 4.4.6
-      neo4j-driver-core: 4.4.6
-      rxjs: 6.6.7
+      neo4j-driver-bolt-connection: 5.7.0
+      neo4j-driver-core: 5.7.0
+      rxjs: 7.8.1
     dev: true
 
   /netmask/2.0.2:
@@ -27853,10 +27794,6 @@ packages:
   /regenerator-runtime/0.13.11:
     resolution: {integrity: sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==}
 
-  /regenerator-runtime/0.13.9:
-    resolution: {integrity: sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==}
-    dev: true
-
   /regenerator-transform/0.15.0:
     resolution: {integrity: sha512-LsrGtPmbYg19bcPHwdtmXwbW+TqNvtY4riE3P83foeHRroMbH6/2ddFBfab3t7kbzc7v7p4wbkIecHImqt0QNg==}
     dependencies:
@@ -28344,6 +28281,7 @@ packages:
     engines: {npm: '>=2.0.0'}
     dependencies:
       tslib: 1.14.1
+    dev: false
 
   /rxjs/7.5.5:
     resolution: {integrity: sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==}
@@ -28351,8 +28289,8 @@ packages:
       tslib: 2.4.1
     dev: true
 
-  /rxjs/7.6.0:
-    resolution: {integrity: sha512-DDa7d8TFNUalGC9VqXvQ1euWNN7sc63TrUCuM9J998+ViviahMIjKSOU7rfcgFOF+FCD71BhDRv4hrFz+ImDLQ==}
+  /rxjs/7.8.1:
+    resolution: {integrity: sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==}
     dependencies:
       tslib: 2.4.1
     dev: true
@@ -32005,7 +31943,7 @@ packages:
       joi: 17.7.0
       lodash: 4.17.21
       minimist: 1.2.6
-      rxjs: 7.6.0
+      rxjs: 7.8.1
     transitivePeerDependencies:
       - debug
     dev: true
@@ -32019,7 +31957,7 @@ packages:
       joi: 17.7.0
       lodash: 4.17.21
       minimist: 1.2.6
-      rxjs: 7.6.0
+      rxjs: 7.8.1
     transitivePeerDependencies:
       - debug
     dev: true

From 7f6967fc3c18bebfc25dfef30ce163da652512c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Fri, 28 Apr 2023 16:55:31 +0200
Subject: [PATCH 3/9] chore: update lock file

---
 pnpm-lock.yaml | 57 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 54 insertions(+), 3 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 04f7b783..b2e15c33 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -102,6 +102,57 @@ importers:
       sqlite3: 5.0.8
       typeorm: 0.3.7_pg@8.7.3+sqlite3@5.0.8
 
+  apps/dev/nextjs-2:
+    specifiers:
+      '@auth/core': workspace:*
+      '@next-auth/fauna-adapter': workspace:*
+      '@next-auth/prisma-adapter': workspace:*
+      '@next-auth/supabase-adapter': workspace:*
+      '@next-auth/typeorm-legacy-adapter': workspace:*
+      '@playwright/test': 1.29.2
+      '@prisma/client': ^3
+      '@supabase/supabase-js': ^2.0.5
+      '@types/jsonwebtoken': ^8.5.5
+      '@types/react': 18.0.37
+      '@types/react-dom': ^18.0.6
+      dotenv: ^16.0.3
+      fake-smtp-server: ^0.8.0
+      faunadb: ^4
+      next: 13.3.0
+      next-auth: workspace:*
+      nodemailer: ^6
+      pg: ^8.7.3
+      prisma: ^3
+      react: ^18
+      react-dom: ^18
+      sqlite3: ^5.0.8
+      typeorm: 0.3.7
+    dependencies:
+      '@auth/core': link:../../../packages/core
+      '@next-auth/fauna-adapter': link:../../../packages/adapter-fauna
+      '@next-auth/prisma-adapter': link:../../../packages/adapter-prisma
+      '@next-auth/supabase-adapter': link:../../../packages/adapter-supabase
+      '@next-auth/typeorm-legacy-adapter': link:../../../packages/adapter-typeorm-legacy
+      '@prisma/client': 3.15.2_prisma@3.15.2
+      '@supabase/supabase-js': 2.0.5
+      faunadb: 4.6.0
+      next: 13.3.0_biqbaboplfbrettd7655fr4n2y
+      next-auth: link:../../../packages/next-auth
+      nodemailer: 6.8.0
+      react: 18.2.0
+      react-dom: 18.2.0_react@18.2.0
+    devDependencies:
+      '@playwright/test': 1.29.2
+      '@types/jsonwebtoken': 8.5.9
+      '@types/react': 18.0.37
+      '@types/react-dom': 18.0.6
+      dotenv: 16.0.3
+      fake-smtp-server: 0.8.0
+      pg: 8.7.3
+      prisma: 3.15.2
+      sqlite3: 5.0.8
+      typeorm: 0.3.7_pg@8.7.3+sqlite3@5.0.8
+
   apps/dev/nextjs-v4:
     specifiers:
       '@next-auth/fauna-adapter': workspace:*
@@ -12154,7 +12205,7 @@ packages:
   /axios/0.21.4_debug@4.3.4:
     resolution: {integrity: sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==}
     dependencies:
-      follow-redirects: 1.15.1_debug@4.3.4
+      follow-redirects: 1.15.1
     transitivePeerDependencies:
       - debug
 
@@ -17469,7 +17520,7 @@ packages:
       express-basic-auth: 1.2.1
       lodash: 4.17.21
       mailparser: 2.8.1
-      moment: 2.29.3
+      moment: 2.29.4
       smtp-server: 3.11.0
     transitivePeerDependencies:
       - supports-color
@@ -17888,7 +17939,6 @@ packages:
     peerDependenciesMeta:
       debug:
         optional: true
-    dev: true
 
   /follow-redirects/1.15.1_debug@4.3.4:
     resolution: {integrity: sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==}
@@ -17900,6 +17950,7 @@ packages:
         optional: true
     dependencies:
       debug: 4.3.4
+    dev: true
 
   /for-each/0.3.3:
     resolution: {integrity: sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==}

From 1ca87809d603ef96e718871e27c39b4635766735 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Fri, 28 Apr 2023 15:09:12 +0000
Subject: [PATCH 4/9] chore(release): bump package version(s) [skip ci]

---
 packages/adapter-neo4j/.npmrc       | 1 +
 packages/adapter-neo4j/package.json | 2 +-
 packages/core/package.json          | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 packages/adapter-neo4j/.npmrc

diff --git a/packages/adapter-neo4j/.npmrc b/packages/adapter-neo4j/.npmrc
new file mode 100644
index 00000000..ae643592
--- /dev/null
+++ b/packages/adapter-neo4j/.npmrc
@@ -0,0 +1 @@
+//registry.npmjs.org/:_authToken=${NPM_TOKEN}
diff --git a/packages/adapter-neo4j/package.json b/packages/adapter-neo4j/package.json
index 17c18943..0133bdc8 100644
--- a/packages/adapter-neo4j/package.json
+++ b/packages/adapter-neo4j/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/neo4j-adapter",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "neo4j adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",
diff --git a/packages/core/package.json b/packages/core/package.json
index ffcdbbd5..9c3253ad 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@auth/core",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Authentication for the Web.",
   "keywords": [
     "authentication",
@@ -93,4 +93,4 @@
     "postcss": "8.4.19",
     "postcss-nested": "6.0.0"
   }
-}
+}
\ No newline at end of file

From 5da6549c48952b2a720342c5dbb555bc4c2cd39f Mon Sep 17 00:00:00 2001
From: Zack Reneau-Wedeen <zack@cointracker.com>
Date: Fri, 28 Apr 2023 13:26:30 -0700
Subject: [PATCH 5/9] chore(docs): update xata docs link (#7397)

Update link to a working page (Workspaces API reference)

Co-authored-by: Nico Domino <yo@ndo.dev>
---
 packages/adapter-xata/src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/adapter-xata/src/index.ts b/packages/adapter-xata/src/index.ts
index 860c728d..fefea69c 100644
--- a/packages/adapter-xata/src/index.ts
+++ b/packages/adapter-xata/src/index.ts
@@ -195,7 +195,7 @@ import type { XataClient } from "./xata"
  * xata init --schema=./path/to/your/schema.json
  * ```
  *
- * The CLI will walk you through a setup process where you choose a [workspace](https://docs.xata.io/concepts/workspaces) (kind of like a GitHub org or a Vercel team) and an appropriate database. We recommend using a fresh database for this, as we'll augment it with tables that Auth.js needs.
+ * The CLI will walk you through a setup process where you choose a [workspace](https://xata.io/docs/api-reference/workspaces) (kind of like a GitHub org or a Vercel team) and an appropriate database. We recommend using a fresh database for this, as we'll augment it with tables that Auth.js needs.
  *
  * Once you're done, you can continue using Auth.js in your project as expected, like creating a `./pages/api/auth/[...nextauth]` route.
  *

From 6111662df7659d567dddf2d7541f3446c3b80d16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Sun, 30 Apr 2023 09:52:47 +0200
Subject: [PATCH 6/9] docs: Update creating-a-database-adapter.md

---
 docs/docs/guides/adapters/creating-a-database-adapter.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/guides/adapters/creating-a-database-adapter.md b/docs/docs/guides/adapters/creating-a-database-adapter.md
index e8620008..b31ca33f 100644
--- a/docs/docs/guides/adapters/creating-a-database-adapter.md
+++ b/docs/docs/guides/adapters/creating-a-database-adapter.md
@@ -6,7 +6,7 @@ Using a custom adapter you can connect to any database back-end or even several
 
 ## How to create an adapter
 
-For more information about the data these methods need to manage see [models](/reference/adapters/models).
+For more information about the data these methods need to manage see [models](/reference/adapters#models).
 
 _See the code below for practical example._
 

From c2eb9b3ad4c2a747c5179ff575903ede97328993 Mon Sep 17 00:00:00 2001
From: Victor <saptefrativictor@gmail.com>
Date: Sun, 30 Apr 2023 11:34:05 +0300
Subject: [PATCH 7/9] fix(docs): fix default `maxAge` formula (#7406)

---
 packages/core/src/jwt.ts            | 4 ++--
 packages/next-auth/src/jwt/types.ts | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/core/src/jwt.ts b/packages/core/src/jwt.ts
index 73f566ce..87f8cd1a 100644
--- a/packages/core/src/jwt.ts
+++ b/packages/core/src/jwt.ts
@@ -190,7 +190,7 @@ export interface JWTEncodeParams<Payload = JWT> {
   /**
    * The maximum age of the Auth.js issued JWT in seconds.
    *
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
    */
   maxAge?: number
 }
@@ -213,7 +213,7 @@ export interface JWTOptions {
   /**
    * The maximum age of the Auth.js issued JWT in seconds.
    *
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
    */
   maxAge: number
   /** Override this method to control the Auth.js issued JWT encoding. */
diff --git a/packages/next-auth/src/jwt/types.ts b/packages/next-auth/src/jwt/types.ts
index ecd0e2a9..58242fc8 100644
--- a/packages/next-auth/src/jwt/types.ts
+++ b/packages/next-auth/src/jwt/types.ts
@@ -21,7 +21,7 @@ export interface JWTEncodeParams {
   secret: string | Buffer
   /**
    * The maximum age of the NextAuth.js issued JWT in seconds.
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
    */
   maxAge?: number
 }
@@ -42,7 +42,7 @@ export interface JWTOptions {
   secret: string
   /**
    * The maximum age of the NextAuth.js issued JWT in seconds.
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
    */
   maxAge: number
   /** Override this method to control the NextAuth.js issued JWT encoding. */

From d739e8e04e19c03831ee27d73348845e2e564657 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Sun, 30 Apr 2023 13:25:26 +0200
Subject: [PATCH 8/9] feat(adapters): add Account mapping before database write
 (#7369)

* feat: map Account before saving to database

* document `acconut()`, explain default behaviour

* generate `expires_at` based on `expires_in`

Fixes #6538

* rename

* strip undefined on `defaultProfile`

* don't forward defaults to account callback

* improve internal namings, types, docs
---
 docs/docs/reference/adapters/index.md     | 45 ++++++++-----------
 docs/docusaurus.config.js                 |  2 +-
 packages/core/src/adapters.ts             |  4 ++
 packages/core/src/lib/callback-handler.ts |  7 ++-
 packages/core/src/lib/oauth/callback.ts   | 33 +++++++++-----
 packages/core/src/lib/providers.ts        | 47 ++++++++++++++++----
 packages/core/src/lib/routes/callback.ts  | 22 ++++++---
 packages/core/src/providers/oauth.ts      | 37 +++++++++++++---
 packages/core/src/types.ts                | 54 ++++++++++++++++++++---
 9 files changed, 186 insertions(+), 65 deletions(-)

diff --git a/docs/docs/reference/adapters/index.md b/docs/docs/reference/adapters/index.md
index 1ad11728..17662141 100644
--- a/docs/docs/reference/adapters/index.md
+++ b/docs/docs/reference/adapters/index.md
@@ -2,7 +2,7 @@
 title: Overview
 ---
 
-Using a Auth.js / NextAuth.js adapter you can connect to any database service or even several different services at the same time. The following listed official adapters are created and maintained by the community:
+Using an Auth.js / NextAuth.js adapter you can connect to any database service or even several different services at the same time. The following listed official adapters are created and maintained by the community:
 
 <div class="adapter-card-list">
   <a href="/reference/adapter/dgraph" class="adapter-card">
@@ -71,7 +71,7 @@ If you don't find an adapter for the database or service you use, you can always
 ## Models
 
 
-Auth.js can be used with any database. Models tell you what structures Auth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this. Each adapter's model/schema will be slightly adapted for its needs, but will look very much like this schema below:
+Auth.js can be used with any database. Models tell you what structures Auth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this:
 
 ```mermaid
 erDiagram
@@ -96,15 +96,8 @@ erDiagram
       string type
       string provider
       string providerAccountId
-      string refresh_token
       string access_token
-      int expires_at
-      string token_type
-      string scope
       string id_token
-      string session_state
-      string oauth_token_secret
-      string oauth_token
     }
     VerificationToken {
       string identifier
@@ -113,10 +106,10 @@ erDiagram
     }
 ```
 
-More information about each Model / Table can be found below.
+More information about each Model/Table can be found below.
 
 :::note
-You can [create your own adapter](/guides/adapters/creating-a-database-adapter) if you want to use Auth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
+You can [create your adapter](/guides/adapters/creating-a-database-adapter) if you want to use Auth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
 :::
 
 ---
@@ -125,30 +118,31 @@ You can [create your own adapter](/guides/adapters/creating-a-database-adapter)
 
 The User model is for information such as the user's name and email address.
 
-Email address is optional, but if one is specified for a User then it must be unique.
+Email address is optional, but if one is specified for a User, then it must be unique.
 
 :::note
-If a user first signs in with OAuth then their email address is automatically populated using the one from their OAuth profile, if the OAuth provider returns one.
+If a user first signs in with an OAuth provider, then their email address is automatically populated using the one from their OAuth profile if the OAuth provider returns one.
 
-This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in future (if the [Email Provider](/getting-started/email-tutorial) is configured).
+This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in the future (if the [Email Provider](/reference/core/providers_email) is configured).
 :::
 
-User creation in the database is automatic, and happens when the user is logging in for the first time with a provider. The default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider](/guides/providers/custom-provider)'s [`profile()`](/reference/core/providers#profile) callback.
+User creation in the database is automatic and happens when the user is logging in for the first time with a provider. 
+If the first sign-in is via the [OAuth Provider](/reference/core/providers_oauth), the default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider](/guides/providers/custom-provider)'s [`profile()`](/reference/core/providers#profile) callback.
+
+If the first sign-in is via the [Email Provider](/reference/core/providers_email), then the saved user will have `id`, `email`, `emailVerified`, where `emailVerified` is the timestamp of when the user was created.
 
 ### Account
 
-The Account model is for information about OAuth accounts associated with a User. It will usually contain `access_token`, `id_token` and other OAuth specific data. [`TokenSet`](https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-tokensetinput) from `openid-client` might give you an idea of all the fields.
-
-:::note
-In case of an OAuth 1.0 provider (like Twitter), you will have to look for `oauth_token` and `oauth_token_secret` string fields. GitHub also has an extra `refresh_token_expires_in` integer field. You have to make sure that your database schema includes these fields.
-:::
+The Account model is for information about OAuth accounts associated with a User
 
 A single User can have multiple Accounts, but each Account can only have one User.
 
-Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information why this is a requirement.
+Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `refresh_token`, `id_token` and `expires_at`. You can save other fields by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
+
+Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information on why this is a requirement.
 
 :::tip
-You can manually unlink accounts, if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
+You can manually unlink accounts if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
 :::
 
 :::note
@@ -162,7 +156,7 @@ The Session model is used for database sessions. It is not used if JSON Web Toke
 A single User can have multiple Sessions, each Session can only have one User.
 
 :::tip
-When a Session is read, we check if it's `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
+When a Session is read, we check if its `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
 :::
 
 ### Verification Token
@@ -171,7 +165,7 @@ The Verification Token model is used to store tokens for passwordless sign in.
 
 A single User can have multiple open Verification Tokens (e.g. to sign in to different devices).
 
-It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / short codes).
+It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / magic codes, etc.).
 
 :::note
 Auth.js makes sure that every token is usable only once, and by default has a short (1 day, can be configured by [`maxAge`](/guides/providers/email)) lifetime. If your user did not manage to finish the sign-in flow in time, they will have to start the sign-in process again.
@@ -183,8 +177,7 @@ Due to users forgetting or failing at the sign-in flow, you might end up with un
 
 ## RDBMS Naming Convention
 
-Auth.js / NextAuth.js uses `camelCase` for its own database rows, while respecting the conventional `snake_case` formatting for OAuth related values. If mixed casing is an issue for you, most adapters have a dedicated section on how to use a single naming convention.
-
+Auth.js / NextAuth.js uses `camelCase` for its database rows while respecting the conventional `snake_case` formatting for OAuth-related values. If the mixed casing is an issue for you, most adapters have a dedicated documentation section on how to force a casing convention.
 
 ## TypeScript
 
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index d403102a..72a6b539 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -7,7 +7,7 @@ const path = require("path")
 const coreSrc = "../packages/core/src"
 const providers = fs
   .readdirSync(path.join(__dirname, coreSrc, "/providers"))
-  .filter((file) => file.endsWith(".ts") && !file.startsWith("oauth"))
+  .filter((file) => file.endsWith(".ts"))
   .map((p) => `${coreSrc}/providers/${p}`)
 
 const typedocConfig = require("./typedoc.json")
diff --git a/packages/core/src/adapters.ts b/packages/core/src/adapters.ts
index 4d67cbce..8dfa65db 100644
--- a/packages/core/src/adapters.ts
+++ b/packages/core/src/adapters.ts
@@ -228,6 +228,10 @@ export interface Adapter {
   deleteUser?(
     userId: string
   ): Promise<void> | Awaitable<AdapterUser | null | undefined>
+  /**
+   * This method is invoked internally (but optionally can be used for manual linking).
+   * It creates an [Account](https://authjs.dev/reference/adapters#models) in the database.
+   */
   linkAccount?(
     account: AdapterAccount
   ): Promise<void> | Awaitable<AdapterAccount | null | undefined>
diff --git a/packages/core/src/lib/callback-handler.ts b/packages/core/src/lib/callback-handler.ts
index 2344a81d..2348e789 100644
--- a/packages/core/src/lib/callback-handler.ts
+++ b/packages/core/src/lib/callback-handler.ts
@@ -49,7 +49,7 @@ export async function handleLogin(
   }
 
   const profile = _profile as AdapterUser
-  const account = _account as AdapterAccount
+  let account = _account as AdapterAccount
 
   const {
     createUser,
@@ -154,6 +154,11 @@ export async function handleLogin(
 
       return { session, user: userByAccount, isNewUser }
     } else {
+      const { provider: p } = options as InternalOptions<"oauth" | "oidc">
+      const { type, provider, providerAccountId, userId, ...tokenSet } = account
+      const defaults = { providerAccountId, provider, type, userId }
+      account = Object.assign(p.account(tokenSet), defaults)
+
       if (user) {
         // If the user is already signed in and the OAuth account isn't already associated
         // with another user account then we can go ahead and link the accounts safely.
diff --git a/packages/core/src/lib/oauth/callback.ts b/packages/core/src/lib/oauth/callback.ts
index 04f5079d..456b9246 100644
--- a/packages/core/src/lib/oauth/callback.ts
+++ b/packages/core/src/lib/oauth/callback.ts
@@ -3,6 +3,7 @@ import * as o from "oauth4webapi"
 import { OAuthCallbackError, OAuthProfileParseError } from "../../errors.js"
 
 import type {
+  Account,
   InternalOptions,
   LoggerInstance,
   Profile,
@@ -123,8 +124,8 @@ export async function handleOAuth(
     throw new Error("TODO: Handle www-authenticate challenges as needed")
   }
 
-  let profile: Profile = {}
-  let tokens: TokenSet
+  let profile: Profile
+  let tokens: TokenSet & Pick<Account, "expires_at">
 
   if (provider.type === "oidc") {
     const nonce = await checks.nonce.use(cookies, resCookies, options)
@@ -162,37 +163,49 @@ export async function handleOAuth(
         (tokens as any).access_token
       )
       profile = await userinfoResponse.json()
+    } else {
+      throw new TypeError("No userinfo endpoint configured")
     }
   }
 
-  const profileResult = await getProfile(profile, provider, tokens, logger)
+  if (tokens.expires_in) {
+    tokens.expires_at =
+      Math.floor(Date.now() / 1000) + Number(tokens.expires_in)
+  }
+
+  const profileResult = await getUserAndProfile(
+    profile,
+    provider,
+    tokens,
+    logger
+  )
 
   return { ...profileResult, cookies: resCookies }
 }
 
 /** Returns profile, raw profile and auth provider details */
-async function getProfile(
+async function getUserAndProfile(
   OAuthProfile: Profile,
   provider: OAuthConfigInternal<any>,
   tokens: TokenSet,
   logger: LoggerInstance
 ) {
   try {
-    const profile = await provider.profile(OAuthProfile, tokens)
-    profile.email = profile.email?.toLowerCase()
+    const user = await provider.profile(OAuthProfile, tokens)
+    user.email = user.email?.toLowerCase()
 
-    if (!profile.id) {
+    if (!user.id) {
       throw new TypeError(
-        `Profile id is missing in ${provider.name} OAuth profile response`
+        `User id is missing in ${provider.name} OAuth profile response`
       )
     }
 
     return {
-      profile,
+      user,
       account: {
         provider: provider.id,
         type: provider.type,
-        providerAccountId: profile.id.toString(),
+        providerAccountId: user.id.toString(),
         ...tokens,
       },
       OAuthProfile,
diff --git a/packages/core/src/lib/providers.ts b/packages/core/src/lib/providers.ts
index 2da2d80b..496e34b2 100644
--- a/packages/core/src/lib/providers.ts
+++ b/packages/core/src/lib/providers.ts
@@ -1,13 +1,15 @@
 import { merge } from "./utils/merge.js"
 
 import type {
+  AccountCallback,
   OAuthConfig,
   OAuthConfigInternal,
   OAuthEndpointType,
   OAuthUserConfig,
+  ProfileCallback,
   Provider,
 } from "../providers/index.js"
-import type { AuthConfig, InternalProvider } from "../types.js"
+import type { AuthConfig, InternalProvider, Profile } from "../types.js"
 
 /**
  * Adds `signinUrl` and `callbackUrl` to each provider
@@ -77,18 +79,47 @@ function normalizeOAuth(
     checks,
     userinfo,
     profile: c.profile ?? defaultProfile,
+    account: c.account ?? defaultAccount,
   }
 }
 
-function defaultProfile(profile: any) {
-  return {
+/**
+ * Returns basic user profile from the userinfo response/`id_token` claims.
+ * @see https://authjs.dev/reference/adapters#user
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#IDToken
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+ */
+const defaultProfile: ProfileCallback<Profile> = (profile) => {
+  return stripUndefined({
     id: profile.sub ?? profile.id,
-    name:
-      profile.name ?? profile.nickname ?? profile.preferred_username ?? null,
-    email: profile.email ?? null,
-    image: profile.picture ?? null,
-  }
+    name: profile.name ?? profile.nickname ?? profile.preferred_username,
+    email: profile.email,
+    image: profile.picture,
+  })
 }
+
+/**
+ * Returns basic OAuth/OIDC values from the token response.
+ * @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
+ * @see https://authjs.dev/reference/adapters#account
+ *
+ * @todo Return `refresh_token` and `expires_at` as well when built-in
+ * refresh token support is added. (Can make it opt-in first with a flag).
+ */
+const defaultAccount: AccountCallback = (account) => {
+  return stripUndefined({
+    access_token: account.access_token,
+    id_token: account.id_token,
+  })
+}
+
+function stripUndefined<T extends object>(o: T): T {
+  const result = {} as any
+  for (let [k, v] of Object.entries(o)) v !== undefined && (result[k] = v)
+  return result as T
+}
+
 function normalizeEndpoint(
   e?: OAuthConfig<any>[OAuthEndpointType],
   issuer?: string
diff --git a/packages/core/src/lib/routes/callback.ts b/packages/core/src/lib/routes/callback.ts
index 4b0fead9..dba511ea 100644
--- a/packages/core/src/lib/routes/callback.ts
+++ b/packages/core/src/lib/routes/callback.ts
@@ -68,14 +68,18 @@ export async function callback(params: {
 
       logger.debug("authorization result", authorizationResult)
 
-      const { profile, account, OAuthProfile } = authorizationResult
+      const {
+        user: userFromProvider,
+        account,
+        OAuthProfile,
+      } = authorizationResult
 
       // If we don't have a profile object then either something went wrong
       // or the user cancelled signing in. We don't know which, so we just
       // direct the user to the signin page for now. We could do something
       // else in future.
       // TODO: Handle user cancelling signin
-      if (!profile || !account || !OAuthProfile) {
+      if (!userFromProvider || !account || !OAuthProfile) {
         return { redirect: `${url}/signin`, cookies }
       }
 
@@ -83,7 +87,7 @@ export async function callback(params: {
       // Attempt to get Profile from OAuth provider details before invoking
       // signIn callback - but if no user object is returned, that is fine
       // (that just means it's a new user signing in for the first time).
-      let userOrProfile = profile
+      let userByAccountOrFromProvider
       if (adapter) {
         const { getUserByAccount } = adapter
         const userByAccount = await getUserByAccount({
@@ -91,11 +95,15 @@ export async function callback(params: {
           provider: provider.id,
         })
 
-        if (userByAccount) userOrProfile = userByAccount
+        if (userByAccount) userByAccountOrFromProvider = userByAccount
       }
 
       const unauthorizedOrError = await handleAuthorized(
-        { user: userOrProfile, account, profile: OAuthProfile },
+        {
+          user: userByAccountOrFromProvider,
+          account,
+          profile: OAuthProfile,
+        },
         options
       )
 
@@ -104,7 +112,7 @@ export async function callback(params: {
       // Sign user in
       const { user, session, isNewUser } = await handleLogin(
         sessionStore.value,
-        profile,
+        userFromProvider,
         account,
         options
       )
@@ -152,7 +160,7 @@ export async function callback(params: {
         })
       }
 
-      await events.signIn?.({ user, account, profile, isNewUser })
+      await events.signIn?.({ user, account, profile: OAuthProfile, isNewUser })
 
       // Handle first logins on new accounts
       // e.g. option to send users to a new account landing page on initial login
diff --git a/packages/core/src/providers/oauth.ts b/packages/core/src/providers/oauth.ts
index 8069abef..0f13eae6 100644
--- a/packages/core/src/providers/oauth.ts
+++ b/packages/core/src/providers/oauth.ts
@@ -52,7 +52,10 @@ interface AdvancedEndpointHandler<P extends UrlParams, C, R> {
   conform?: (response: Response) => Awaitable<Response | undefined>
 }
 
-/** Either an URL (containing all the parameters) or an object with more granular control. */
+/**
+ * Either an URL (containing all the parameters) or an object with more granular control.
+ * @internal
+ */
 export type EndpointHandler<
   P extends UrlParams,
   C = any,
@@ -92,6 +95,8 @@ export type ProfileCallback<Profile> = (
   tokens: TokenSet
 ) => Awaitable<User>
 
+export type AccountCallback = (account: TokenSet) => TokenSet
+
 export interface OAuthProviderButtonStyles {
   logo: string
   logoDark: string
@@ -138,13 +143,25 @@ export interface OAuth2Config<Profile>
   userinfo?: string | UserinfoEndpointHandler
   type: "oauth"
   /**
-   * Receives the profile object returned by the OAuth provider, and returns the user object.
-   * This will be used to create the user in the database.
+   * Receives the full {@link Profile} returned by the OAuth provider, and returns a subset.
+   * It is used to create the user in the database.
+   *
    * Defaults to: `id`, `email`, `name`, `image`
    *
-   * [Documentation](https://authjs.dev/reference/adapters/models#user)
+   * @see [Database Adapter: User model](https://authjs.dev/reference/adapters#user)
    */
   profile?: ProfileCallback<Profile>
+  /**
+   * Receives the full {@link TokenSet} returned by the OAuth provider, and returns a subset.
+   * It is used to create the account associated with a user in the database.
+   *
+   * Defaults to: `access_token` and `id_token`
+   *
+   * @see [Database Adapter: Account model](https://authjs.dev/reference/adapters#account)
+   * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
+   * @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
+   */
+  account?: AccountCallback
   /**
    * The CSRF protection performed on the callback endpoint.
    * @default ["pkce"]
@@ -190,7 +207,11 @@ export interface OAuth2Config<Profile>
   options?: OAuthUserConfig<Profile>
 }
 
-/** TODO: Document */
+/**
+ * Extension of the {@link OAuth2Config}.
+ *
+ * @see https://openid.net/specs/openid-connect-core-1_0.html
+ */
 export interface OIDCConfig<Profile>
   extends Omit<OAuth2Config<Profile>, "type" | "checks"> {
   type: "oidc"
@@ -204,6 +225,7 @@ export type OAuthEndpointType = "authorization" | "token" | "userinfo"
 /**
  * We parsed `authorization`, `token` and `userinfo`
  * to always contain a valid `URL`, with the params
+ * @internal
  */
 export type OAuthConfigInternal<Profile> = Omit<
   OAuthConfig<Profile>,
@@ -229,7 +251,10 @@ export type OAuthConfigInternal<Profile> = Omit<
    *
    */
   redirectProxyUrl?: OAuth2Config<Profile>["redirectProxyUrl"]
-} & Pick<Required<OAuthConfig<Profile>>, "clientId" | "checks" | "profile">
+} & Pick<
+    Required<OAuthConfig<Profile>>,
+    "clientId" | "checks" | "profile" | "account"
+  >
 
 export type OIDCConfigInternal<Profile> = OAuthConfigInternal<Profile> & {
   checks: OIDCConfig<Profile>["checks"]
diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts
index 8d5a5b43..5d154be8 100644
--- a/packages/core/src/types.ts
+++ b/packages/core/src/types.ts
@@ -116,16 +116,58 @@ export interface Account extends Partial<OpenIDTokenEndpointResponse> {
   providerAccountId: string
   /** Provider's type for this account */
   type: ProviderType
-  /** id of the user this account belongs to */
+  /**
+   * id of the user this account belongs to
+   *
+   * @see https://authjs.dev/reference/adapters#user
+   */
   userId?: string
+  /**
+   * Calculated value based on {@link OAuth2TokenEndpointResponse.expires_in}.
+   *
+   * It is the absolute timestamp (in seconds) when the {@link OAuth2TokenEndpointResponse.access_token} expires.
+   *
+   * This value can be used for implementing token rotation together with {@link OAuth2TokenEndpointResponse.refresh_token}.
+   *
+   * @see https://authjs.dev/guides/basics/refresh-token-rotation#database-strategy
+   * @see https://www.rfc-editor.org/rfc/rfc6749#section-5.1
+   */
+  expires_at?: number
 }
 
-/** The OAuth profile returned from your provider */
+/**
+ * The user info returned from your OAuth provider.
+ *
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+ */
 export interface Profile {
-  sub?: string | null
-  name?: string | null
-  email?: string | null
-  image?: string | null
+  sub: string
+  name?: string
+  given_name?: string
+  family_name?: string
+  middle_name?: string
+  nickname?: string
+  preferred_username?: string
+  profile?: string
+  picture?: string
+  website?: string
+  email?: string
+  email_verified?: boolean
+  gender?: string
+  birthdate?: string
+  zoneinfo?: string
+  locale?: string
+  phone_number?: string
+  updated_at?: number
+  address?: {
+    formatted?: string
+    street_address?: string
+    locality?: string
+    region?: string
+    postal_code?: string
+    country?: string
+  }
+  [claim: string]: unknown
 }
 
 /** [Documentation](https://authjs.dev/guides/basics/callbacks) */

From 5400645221de86fed01781428a8e6c8809305ec9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Mon, 1 May 2023 11:32:20 +0200
Subject: [PATCH 9/9] chore: improve errors, add more docs (#7415)

* JWT Token -> JWT

* document some errors

* improve errors, docs
---
 docs/docs/concepts/faq.md                 |   2 +-
 docs/docs/guides/basics/events.md         |   4 +-
 packages/core/src/errors.ts               |  80 +++++++--
 packages/core/src/lib/callback-handler.ts | 208 +++++++++++-----------
 packages/core/src/lib/index.ts            |   3 -
 packages/core/src/lib/oauth/callback.ts   |   4 +-
 packages/core/src/lib/routes/callback.ts  |   1 +
 packages/core/src/lib/routes/signin.ts    |   5 +-
 packages/core/src/lib/web.ts              |   2 +
 packages/core/src/providers/email.ts      |   8 +-
 packages/core/src/providers/eveonline.ts  |   2 +-
 packages/core/src/types.ts                |  35 +++-
 12 files changed, 212 insertions(+), 142 deletions(-)

diff --git a/docs/docs/concepts/faq.md b/docs/docs/concepts/faq.md
index 4279eb7e..3c86a4c4 100644
--- a/docs/docs/concepts/faq.md
+++ b/docs/docs/concepts/faq.md
@@ -269,7 +269,7 @@ Ultimately if your request is not accepted or is not actively in development, yo
 </summary>
 <p>
 
-Auth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/guides/adapters/using-a-database-adapter), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/reference/configuration/auth-config#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
+Auth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/guides/adapters/using-a-database-adapter), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/reference/configuration/auth-config#session). Since v4 all our JWTs are now encrypted by default with A256GCM.
 
 </p>
 </details>
diff --git a/docs/docs/guides/basics/events.md b/docs/docs/guides/basics/events.md
index 33305562..2d699eac 100644
--- a/docs/docs/guides/basics/events.md
+++ b/docs/docs/guides/basics/events.md
@@ -29,7 +29,7 @@ Sent when the user signs out.
 
 The message object will contain one of these depending on if you use JWT or database persisted sessions:
 
-- `token`: The JWT token for this session.
+- `token`: The JWT for this session.
 - `session`: The session object from your adapter that is being ended
 
 ### createUser
@@ -60,5 +60,5 @@ Sent at the end of a request for the current session.
 
 The message object will contain one of these depending on if you use JWT or database persisted sessions:
 
-- `token`: The JWT token for this session.
+- `token`: The JWT for this session.
 - `session`: The session object from your adapter.
diff --git a/packages/core/src/errors.ts b/packages/core/src/errors.ts
index 35589432..d6c2d5dd 100644
--- a/packages/core/src/errors.ts
+++ b/packages/core/src/errors.ts
@@ -20,13 +20,6 @@ export class AuthError extends Error {
   }
 }
 
-/**
- * @todo
- * Thrown when an Email address is already associated with an account
- * but the user is trying an OAuth account that is not linked to it.
- */
-export class AccountNotLinked extends AuthError {}
-
 /**
  * @todo
  * One of the database `Adapter` methods failed.
@@ -37,8 +30,8 @@ export class AdapterError extends AuthError {}
 export class AuthorizedCallbackError extends AuthError {}
 
 /**
- * There was an error while trying to finish up authenticating the user.
- * Depending on the type of provider, this could be for multiple reasons.
+ * This error occurs when the user cannot finish the sign-in process.
+ * Depending on the provider type, this could have happened for multiple reasons.
  *
  * :::tip
  * Check out `[auth][details]` in the error message to know which provider failed.
@@ -48,7 +41,7 @@ export class AuthorizedCallbackError extends AuthError {}
  * ```
  * :::
  *
- * For an **OAuth provider**, possible causes are:
+ * For an [OAuth provider](https://authjs.dev/reference/core/providers_oauth), possible causes are:
  * - The user denied access to the application
  * - There was an error parsing the OAuth Profile:
  *   Check out the provider's `profile` or `userinfo.request` method to make sure
@@ -56,7 +49,7 @@ export class AuthorizedCallbackError extends AuthError {}
  * - The `signIn` or `jwt` callback methods threw an uncaught error:
  *   Check the callback method implementations.
  *
- * For an **Email provider**, possible causes are:
+ * For an [Email provider](https://authjs.dev/reference/core/providers_email), possible causes are:
  * - The provided email/token combination was invalid/missing:
  *   Check if the provider's `sendVerificationRequest` method correctly sends the email.
  * - The provided email/token combination has expired:
@@ -64,7 +57,7 @@ export class AuthorizedCallbackError extends AuthError {}
  * - There was an error with the database:
  *   Check the database logs.
  *
- * For a **Credentials provider**, possible causes are:
+ * For a [Credentials provider](https://authjs.dev/reference/core/providers_credentials), possible causes are:
  * - The `authorize` method threw an uncaught error:
  *   Check the provider's `authorize` method.
  * - The `signIn` or `jwt` callback methods threw an uncaught error:
@@ -107,11 +100,30 @@ export class MissingAPIRoute extends AuthError {}
 /** @todo */
 export class MissingAuthorize extends AuthError {}
 
-/** @todo */
+/**
+ * Auth.js requires a secret to be set, but none was not found. This is used to encrypt cookies, JWTs and other sensitive data.
+ *
+ * :::note
+ * If you are using a framework like Next.js, we try to automatically infer the secret from the `AUTH_SECRET` environment variable.
+ * Alternatively, you can also explicitly set the [`AuthConfig.secret`](https://authjs.dev/reference/core#secret).
+ * :::
+ *
+ *
+ * :::tip
+ * You can generate a good secret value:
+ *  - On Unix systems: type `openssl rand -hex 32` in the terminal
+ *  - Or generate one [online](https://generate-secret.vercel.app/32)
+ *
+ * :::
+ */
 export class MissingSecret extends AuthError {}
 
-/** @todo */
-export class OAuthSignInError extends AuthError {}
+/**
+ * @todo
+ * Thrown when an Email address is already associated with an account
+ * but the user is trying an OAuth account that is not linked to it.
+ */
+export class OAuthAccountNotLinked extends AuthError {}
 
 /** @todo */
 export class OAuthCallbackError extends AuthError {}
@@ -119,19 +131,51 @@ export class OAuthCallbackError extends AuthError {}
 /** @todo */
 export class OAuthCreateUserError extends AuthError {}
 
-/** @todo */
+/**
+ * This error occurs during an OAuth sign in attempt when the provdier's
+ * response could not be parsed. This could for example happen if the provider's API
+ * changed, or the [`OAuth2Config.profile`](https://authjs.dev/reference/core/providers_oauth#profile) method is not implemented correctly.
+ */
 export class OAuthProfileParseError extends AuthError {}
 
 /** @todo */
 export class SessionTokenError extends AuthError {}
 
-/** @todo */
+/**
+ * This error occurs when the user cannot initiate the sign-in process.
+ * Depending on the provider type, this could have happened for multiple reasons.
+ *
+ * :::tip
+ * Check out `[auth][details]` in the error message to know which provider failed.
+ * @example
+ * ```sh
+ * [auth][details]: { "provider": "github" }
+ * ```
+ * :::
+ *
+ * For an [OAuth provider](https://authjs.dev/reference/core/providers_oauth), possible causes are:
+ * - The Authorization Server is not compliant with the [OAuth 2.0 specifcation](https://www.ietf.org/rfc/rfc6749.html)
+ *   Check the details in the error message.
+ * - A runtime error occurred in Auth.js. This should be reported as a bug.
+ *
+ * For an [Email provider](https://authjs.dev/reference/core/providers_email), possible causes are:
+ * - The email sent from the client is invalid, could not be normalized by [`EmailConfig.normalizeIdentifier`](https://authjs.dev/reference/core/providers_email#normalizeidentifier)
+ * - The provided email/token combination has expired:
+ *   Ask the user to log in again.
+ * - There was an error with the database:
+ *   Check the database logs.
+ *
+ */
 export class SignInError extends AuthError {}
 
 /** @todo */
 export class SignOutError extends AuthError {}
 
-/** @todo */
+/**
+ * Auth.js was requested to handle an operation that it does not support.
+ *
+ * See [`AuthAction`](https://authjs.dev/reference/core/types#authaction) for the supported actions.
+ */
 export class UnknownAction extends AuthError {}
 
 /** @todo */
diff --git a/packages/core/src/lib/callback-handler.ts b/packages/core/src/lib/callback-handler.ts
index 2348e789..bae3ade9 100644
--- a/packages/core/src/lib/callback-handler.ts
+++ b/packages/core/src/lib/callback-handler.ts
@@ -1,4 +1,4 @@
-import { AccountNotLinked } from "../errors.js"
+import { OAuthAccountNotLinked } from "../errors.js"
 import { fromDate } from "./utils/date.js"
 
 import type {
@@ -122,118 +122,116 @@ export async function handleLogin(
         })
 
     return { session, user, isNewUser }
-  } else if (account.type === "oauth" || account.type === "oidc") {
-    // If signing in with OAuth account, check to see if the account exists already
-    const userByAccount = await getUserByAccount({
-      providerAccountId: account.providerAccountId,
-      provider: account.provider,
-    })
-    if (userByAccount) {
-      if (user) {
-        // If the user is already signed in with this account, we don't need to do anything
-        if (userByAccount.id === user.id) {
-          return { session, user, isNewUser }
-        }
-        // If the user is currently signed in, but the new account they are signing in
-        // with is already associated with another user, then we cannot link them
-        // and need to return an error.
-        throw new AccountNotLinked(
-          "The account is already associated with another user",
-          { provider: account.provider }
-        )
-      }
-      // If there is no active session, but the account being signed in with is already
-      // associated with a valid user then create session to sign the user in.
-      session = useJwtSession
-        ? {}
-        : await createSession({
-            sessionToken: generateSessionToken(),
-            userId: userByAccount.id,
-            expires: fromDate(options.session.maxAge),
-          })
+  }
 
-      return { session, user: userByAccount, isNewUser }
-    } else {
-      const { provider: p } = options as InternalOptions<"oauth" | "oidc">
-      const { type, provider, providerAccountId, userId, ...tokenSet } = account
-      const defaults = { providerAccountId, provider, type, userId }
-      account = Object.assign(p.account(tokenSet), defaults)
-
-      if (user) {
-        // If the user is already signed in and the OAuth account isn't already associated
-        // with another user account then we can go ahead and link the accounts safely.
-        await linkAccount({ ...account, userId: user.id })
-        await events.linkAccount?.({ user, account, profile })
-
-        // As they are already signed in, we don't need to do anything after linking them
+  // If signing in with OAuth account, check to see if the account exists already
+  const userByAccount = await getUserByAccount({
+    providerAccountId: account.providerAccountId,
+    provider: account.provider,
+  })
+  if (userByAccount) {
+    if (user) {
+      // If the user is already signed in with this account, we don't need to do anything
+      if (userByAccount.id === user.id) {
         return { session, user, isNewUser }
       }
+      // If the user is currently signed in, but the new account they are signing in
+      // with is already associated with another user, then we cannot link them
+      // and need to return an error.
+      throw new OAuthAccountNotLinked(
+        "The account is already associated with another user",
+        { provider: account.provider }
+      )
+    }
+    // If there is no active session, but the account being signed in with is already
+    // associated with a valid user then create session to sign the user in.
+    session = useJwtSession
+      ? {}
+      : await createSession({
+          sessionToken: generateSessionToken(),
+          userId: userByAccount.id,
+          expires: fromDate(options.session.maxAge),
+        })
 
-      // If the user is not signed in and it looks like a new OAuth account then we
-      // check there also isn't an user account already associated with the same
-      // email address as the one in the OAuth profile.
-      //
-      // This step is often overlooked in OAuth implementations, but covers the following cases:
-      //
-      // 1. It makes it harder for someone to accidentally create two accounts.
-      //    e.g. by signin in with email, then again with an oauth account connected to the same email.
-      // 2. It makes it harder to hijack a user account using a 3rd party OAuth account.
-      //    e.g. by creating an oauth account then changing the email address associated with it.
-      //
-      // It's quite common for services to automatically link accounts in this case, but it's
-      // better practice to require the user to sign in *then* link accounts to be sure
-      // someone is not exploiting a problem with a third party OAuth service.
-      //
-      // OAuth providers should require email address verification to prevent this, but in
-      // practice that is not always the case; this helps protect against that.
-      const userByEmail = profile.email
-        ? await getUserByEmail(profile.email)
-        : null
-      if (userByEmail) {
-        const provider = options.provider as OAuthConfig<any>
-        if (provider?.allowDangerousEmailAccountLinking) {
-          // If you trust the oauth provider to correctly verify email addresses, you can opt-in to
-          // account linking even when the user is not signed-in.
-          user = userByEmail
-        } else {
-          // We end up here when we don't have an account with the same [provider].id *BUT*
-          // we do already have an account with the same email address as the one in the
-          // OAuth profile the user has just tried to sign in with.
-          //
-          // We don't want to have two accounts with the same email address, and we don't
-          // want to link them in case it's not safe to do so, so instead we prompt the user
-          // to sign in via email to verify their identity and then link the accounts.
-          throw new AccountNotLinked(
-            "Another account already exists with the same e-mail address",
-            { provider: account.provider }
-          )
-        }
-      } else {
-        // If the current user is not logged in and the profile isn't linked to any user
-        // accounts (by email or provider account id)...
-        //
-        // If no account matching the same [provider].id or .email exists, we can
-        // create a new account for the user, link it to the OAuth account and
-        // create a new session for them so they are signed in with it.
-        const { id: _, ...newUser } = { ...profile, emailVerified: null }
-        user = await createUser(newUser)
-      }
-      await events.createUser?.({ user })
+    return { session, user: userByAccount, isNewUser }
+  } else {
+    const { provider: p } = options as InternalOptions<"oauth" | "oidc">
+    const { type, provider, providerAccountId, userId, ...tokenSet } = account
+    const defaults = { providerAccountId, provider, type, userId }
+    account = Object.assign(p.account(tokenSet), defaults)
 
+    if (user) {
+      // If the user is already signed in and the OAuth account isn't already associated
+      // with another user account then we can go ahead and link the accounts safely.
       await linkAccount({ ...account, userId: user.id })
       await events.linkAccount?.({ user, account, profile })
 
-      session = useJwtSession
-        ? {}
-        : await createSession({
-            sessionToken: generateSessionToken(),
-            userId: user.id,
-            expires: fromDate(options.session.maxAge),
-          })
-
-      return { session, user, isNewUser: true }
+      // As they are already signed in, we don't need to do anything after linking them
+      return { session, user, isNewUser }
     }
-  }
 
-  throw new Error("Unsupported account type")
+    // If the user is not signed in and it looks like a new OAuth account then we
+    // check there also isn't an user account already associated with the same
+    // email address as the one in the OAuth profile.
+    //
+    // This step is often overlooked in OAuth implementations, but covers the following cases:
+    //
+    // 1. It makes it harder for someone to accidentally create two accounts.
+    //    e.g. by signin in with email, then again with an oauth account connected to the same email.
+    // 2. It makes it harder to hijack a user account using a 3rd party OAuth account.
+    //    e.g. by creating an oauth account then changing the email address associated with it.
+    //
+    // It's quite common for services to automatically link accounts in this case, but it's
+    // better practice to require the user to sign in *then* link accounts to be sure
+    // someone is not exploiting a problem with a third party OAuth service.
+    //
+    // OAuth providers should require email address verification to prevent this, but in
+    // practice that is not always the case; this helps protect against that.
+    const userByEmail = profile.email
+      ? await getUserByEmail(profile.email)
+      : null
+    if (userByEmail) {
+      const provider = options.provider as OAuthConfig<any>
+      if (provider?.allowDangerousEmailAccountLinking) {
+        // If you trust the oauth provider to correctly verify email addresses, you can opt-in to
+        // account linking even when the user is not signed-in.
+        user = userByEmail
+      } else {
+        // We end up here when we don't have an account with the same [provider].id *BUT*
+        // we do already have an account with the same email address as the one in the
+        // OAuth profile the user has just tried to sign in with.
+        //
+        // We don't want to have two accounts with the same email address, and we don't
+        // want to link them in case it's not safe to do so, so instead we prompt the user
+        // to sign in via email to verify their identity and then link the accounts.
+        throw new OAuthAccountNotLinked(
+          "Another account already exists with the same e-mail address",
+          { provider: account.provider }
+        )
+      }
+    } else {
+      // If the current user is not logged in and the profile isn't linked to any user
+      // accounts (by email or provider account id)...
+      //
+      // If no account matching the same [provider].id or .email exists, we can
+      // create a new account for the user, link it to the OAuth account and
+      // create a new session for them so they are signed in with it.
+      const { id: _, ...newUser } = { ...profile, emailVerified: null }
+      user = await createUser(newUser)
+    }
+    await events.createUser?.({ user })
+
+    await linkAccount({ ...account, userId: user.id })
+    await events.linkAccount?.({ user, account, profile })
+
+    session = useJwtSession
+      ? {}
+      : await createSession({
+          sessionToken: generateSessionToken(),
+          userId: user.id,
+          expires: fromDate(options.session.maxAge),
+        })
+
+    return { session, user, isNewUser: true }
+  }
 }
diff --git a/packages/core/src/lib/index.ts b/packages/core/src/lib/index.ts
index 1bcb468b..2a44f7c1 100644
--- a/packages/core/src/lib/index.ts
+++ b/packages/core/src/lib/index.ts
@@ -110,14 +110,11 @@ export async function AuthInternal<
         if (
           [
             "Signin",
-            "OAuthSignin",
             "OAuthCallback",
             "OAuthCreateAccount",
             "EmailCreateAccount",
             "Callback",
             "OAuthAccountNotLinked",
-            "EmailSignin",
-            "CredentialsSignin",
             "SessionRequired",
           ].includes(error as string)
         ) {
diff --git a/packages/core/src/lib/oauth/callback.ts b/packages/core/src/lib/oauth/callback.ts
index 456b9246..44ed06d3 100644
--- a/packages/core/src/lib/oauth/callback.ts
+++ b/packages/core/src/lib/oauth/callback.ts
@@ -219,6 +219,8 @@ async function getUserAndProfile(
     // redirected back to the sign up page. We log the error to help developers
     // who might be trying to debug this when configuring a new provider.
     logger.debug("getProfile error details", OAuthProfile)
-    logger.error(new OAuthProfileParseError(e as Error))
+    logger.error(
+      new OAuthProfileParseError(e as Error, { provider: provider.id })
+    )
   }
 }
diff --git a/packages/core/src/lib/routes/callback.ts b/packages/core/src/lib/routes/callback.ts
index dba511ea..8b708a45 100644
--- a/packages/core/src/lib/routes/callback.ts
+++ b/packages/core/src/lib/routes/callback.ts
@@ -370,6 +370,7 @@ export async function callback(params: {
   } catch (e) {
     const error = new CallbackRouteError(e as Error, { provider: provider.id })
 
+    logger.debug("callback route error details", { method, query, body })
     logger.error(error)
     url.searchParams.set("error", CallbackRouteError.name)
     url.pathname += "/error"
diff --git a/packages/core/src/lib/routes/signin.ts b/packages/core/src/lib/routes/signin.ts
index f5533236..f31aeb8d 100644
--- a/packages/core/src/lib/routes/signin.ts
+++ b/packages/core/src/lib/routes/signin.ts
@@ -55,8 +55,9 @@ export async function signin(
   } catch (e) {
     const error = new SignInError(e as Error, { provider: provider.id })
     logger.error(error)
-    url.searchParams.set("error", error.name)
-    url.pathname += "/error"
+    const code = provider.type === "email" ? "EmailSignin" : "OAuthSignin"
+    url.searchParams.set("error", code)
+    url.pathname += "/signin"
     return { redirect: url.toString() }
   }
 }
diff --git a/packages/core/src/lib/web.ts b/packages/core/src/lib/web.ts
index 5191d15e..475c35a3 100644
--- a/packages/core/src/lib/web.ts
+++ b/packages/core/src/lib/web.ts
@@ -33,6 +33,8 @@ export async function toInternalRequest(
     // TODO: url.toString() should not include action and providerId
     // see init.ts
     const url = new URL(req.url.replace(/\/$/, ""))
+    // FIXME: Upstream issue in Next.js, pathname segments get included as part of the query string
+    url.searchParams.delete("nextauth")
     const { pathname } = url
 
     const action = actions.find((a) => pathname.includes(a))
diff --git a/packages/core/src/providers/email.ts b/packages/core/src/providers/email.ts
index 8942b758..d77c4fe2 100644
--- a/packages/core/src/providers/email.ts
+++ b/packages/core/src/providers/email.ts
@@ -29,7 +29,7 @@ export interface SendVerificationRequestParams {
 export interface EmailConfig extends CommonProviderOptions {
   type: "email"
   // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
-  server: string | SMTPTransportOptions
+  server?: string | SMTPTransportOptions
   /** @default `"Auth.js <no-reply@authjs.dev>"` */
   from?: string
   /**
@@ -72,7 +72,7 @@ export interface EmailConfig extends CommonProviderOptions {
    * By default, we treat email addresses as all lower case,
    * but you can override this function to change this behavior.
    *
-   * [Documentation](https://authjs.dev/guides/providers/email#normalizing-the-e-mail-address) | [RFC 2821](https://tools.ietf.org/html/rfc2821) | [Email syntax](https://en.wikipedia.org/wiki/Email_address#Syntax)
+   * [Normalizing the email address](https://authjs.dev/reference/core/providers_email#normalizing-the-email-address) | [RFC 2821](https://tools.ietf.org/html/rfc2821) | [Email syntax](https://en.wikipedia.org/wiki/Email_address#Syntax)
    */
   normalizeIdentifier?: (identifier: string) => string
 }
@@ -287,7 +287,7 @@ export type EmailProviderType = "email"
  * 
  * ## Normalizing the email address
  * 
- * By default, NextAuth.js will normalize the email address. It treats values as case-insensitive (which is technically not compliant to the [RFC 2821 spec](https://datatracker.ietf.org/doc/html/rfc2821), but in practice this causes more problems than it solves, eg. when looking up users by e-mail from databases.) and also removes any secondary email address that was passed in as a comma-separated list. You can apply your own normalization via the `normalizeIdentifier` method on the `EmailProvider`. The following example shows the default behavior:
+ * By default, Auth.js will normalize the email address. It treats values as case-insensitive (which is technically not compliant to the [RFC 2821 spec](https://datatracker.ietf.org/doc/html/rfc2821), but in practice this causes more problems than it solves, eg. when looking up users by e-mail from databases.) and also removes any secondary email address that was passed in as a comma-separated list. You can apply your own normalization via the `normalizeIdentifier` method on the `EmailProvider`. The following example shows the default behavior:
  * ```ts
  *   EmailProvider({
  *     // ...
@@ -301,7 +301,7 @@ export type EmailProviderType = "email"
  *       return `${local}@${domain}`
  * 
  *       // You can also throw an error, which will redirect the user
- *       // to the error page with error=EmailSignin in the URL
+ *       // to the sign-in page with error=EmailSignin in the URL
  *       // if (identifier.split("@").length > 2) {
  *       //   throw new Error("Only one email allowed")
  *       // }
diff --git a/packages/core/src/providers/eveonline.ts b/packages/core/src/providers/eveonline.ts
index 8f7276e2..d7291996 100644
--- a/packages/core/src/providers/eveonline.ts
+++ b/packages/core/src/providers/eveonline.ts
@@ -52,7 +52,7 @@ export interface EVEOnlineProfile extends Record<string, any> {
  * :::
  *
  * :::tip
- * If using JWT for the session, you can add the `CharacterID` to the JWT token and session. Example:
+ * If using JWT for the session, you can add the `CharacterID` to the JWT and session. Example:
  * ```js
  * options: {
  *   jwt: {
diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts
index 5d154be8..5933d9ea 100644
--- a/packages/core/src/types.ts
+++ b/packages/core/src/types.ts
@@ -304,7 +304,7 @@ export interface EventCallbacks {
   /**
    * The message object will contain one of these depending on
    * if you use JWT or database persisted sessions:
-   * - `token`: The JWT token for this session.
+   * - `token`: The JWT for this session.
    * - `session`: The session object from your adapter that is being ended.
    */
   signOut: (
@@ -322,7 +322,7 @@ export interface EventCallbacks {
   /**
    * The message object will contain one of these depending on
    * if you use JWT or database persisted sessions:
-   * - `token`: The JWT token for this session.
+   * - `token`: The JWT for this session.
    * - `session`: The session object from your adapter.
    */
   session: (message: { session: Session; token: JWT }) => Awaitable<void>
@@ -427,15 +427,40 @@ export type InternalProvider<T = ProviderType> = (T extends "oauth"
   callbackUrl: string
 }
 
+/**
+ * Supported actions by Auth.js. Each action map to a REST API endpoint.
+ * Some actions have a `GET` and `POST` variant, depending on if the action
+ * changes the state of the server.
+ *
+ * - **`"callback"`**:
+ *   - **`GET`**: Handles the callback from an [OAuth provider](https://authjs.dev/reference/core/providers_oauth).
+ *   - **`POST`**: Handles the callback from a [Credentials provider](https://authjs.dev/reference/core/providers_credentials).
+ * - **`"csrf"`**: Returns the raw CSRF token, which is saved in a cookie (encrypted).
+ * It is used for CSRF protection, implementing the [double submit cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) technique.
+ * :::note
+ * Some frameworks have built-in CSRF protection and can therefore disable this action. In this case, the corresponding endpoint will return a 404 response. Read more at [`skipCSRFCheck`](https://authjs.dev/reference/core#skipcsrfcheck).
+ * _⚠ We don't recommend manually disabling CSRF protection, unless you know what you're doing._
+ * :::
+ * - **`"error"`**: Renders the built-in error page.
+ * - **`"providers"`**: Returns a client-safe list of all configured providers.
+ * - **`"session"`**: Returns the user's session if it exists, otherwise `null`.
+ * - **`"signin"`**:
+ *   - **`GET`**: Renders the built-in sign-in page.
+ *   - **`POST`**: Initiates the sign-in flow.
+ * - **`"signout"`**:
+ *   - **`GET`**: Renders the built-in sign-out page.
+ *   - **`POST`**: Initiates the sign-out flow. This will invalidate the user's session (deleting the cookie, and if there is a session in the database, it will be deleted as well).
+ * - **`"verify-request"`**: Renders the built-in verification request page.
+ */
 export type AuthAction =
+  | "callback"
+  | "csrf"
+  | "error"
   | "providers"
   | "session"
-  | "csrf"
   | "signin"
   | "signout"
-  | "callback"
   | "verify-request"
-  | "error"
 
 /** @internal */
 export interface RequestInternal {