* Ensure that GitHub provider always gives an email
* Update src/providers/github.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix(provider): correct authorization for Atlassian
* feat(providers): use wellKnown for better configuration
* fix(atlassian): switch back to raw config
* fix(providers): pass generic to `OAuthUserConfig`
Co-authored-by: Lluis Agusti <hi@llu.lu>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* refactor EVEOnlineProvider into typescript, fix default scopes
* Update src/providers/eveonline.ts
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* update to new OIDC SSO endpoints
* set idToken: true
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Added support for zoom in beta
* Converted to typescript
* rename
* Now reflects response from Zoom
* chore: Prettier
Co-authored-by: Balázs Orbán <info@balazsorban.com>
If the expected cookie size would exceed the 4096 bytes most browsers allow, we split up the cookie value and put the content into multiple cookies, then assemble it upon reading it back. This eliminates the need for a database or user-land solutions in case the user wants to save more data or is constrained by their IdP for certain fields.
With no scope defined, it sets `openid` by default, which is an invalid 42 scope.
Co-authored-by: Alaa Zorkane <alaazorkane@gmail.com>
Co-authored-by: Alaa Zorkane <alaazorkane@gmail.com>
BREAKING CHANGE:
The `session.jwt: boolean` option has been renamed to `session.strategy: "jwt" | "database"`. The goal is to make the user's options more intuitive:
1. No adapter, `strategy: "jwt"`: This is the default. The session is saved in a cookie and never persisted anywhere.
2. With Adapter, `strategy: "database"`: If an Adapter is defined, this will be the implicit setting. No user config is needed.
3. With Adapter, `strategy: "jwt"`: The user can explicitly instruct `next-auth` to use JWT even if a database is available. This can result in faster lookups in compromise of lowered security. Read more about: https://next-auth.js.org/faq#json-web-tokens
Example:
```diff
session: {
- jwt: true,
+ strategy: "jwt",
}
```
* feat(react): preserve history on client-side navigation
* chore(deps): upgrade jest
* test(client): use absolute URL since `whatwg-*` refusing relative URLs
Updates the `jose` and `openid-client` packages.
BREAKING CHANGE:
The `jwt` option has been simplified and the NextAuth.js issued JWT is now encrypted by default.
If you want to override the defaults, you can still use the `encode` and `decode` functions. These are advanced options and they should only be used if you know what you are doing.
The default secret generation has been removed in this PR, which will be added back in a separate one. Remember, that is only for developer convenience, it is **highly** recommended to always create your own secret for production.
