* chore(dev): add CognitoProvider to dev app
* feat(log): log `error_description` in OAuth callback
* fix(providers): migrate Cognito to v4
* docs: mention superblog.ai for infra support
* fix: return profile picture for Cognito
* fix(ts): add picture to CognitoProfile
* docs(readme): add opencollective details to readme
* docs(www): add sponsors to docs footer
* docs(readme): move support under ack
* docs(www): dropped docusaurus link in footer
This change aligns the API with `openid-client`'s `checks` https://github.com/panva/node-openid-client/blob/main/docs/README.md#clientcallbackredirecturi-parameters-checks-extras, a library which we intend to migrate to in the future. Aligning our API early, so people get used to it.
Also, objectively the name `protection` might not have been as clear as I first thought. `checks` better describe the intention.
BREAKING CHANGE:
The `state` option on OAuth providers is now deprecated. Use `checks: ["state"]` instead.
`protections` is renamed to `checks`, here is an example:
```diff
- protection: ["pkce"]
+ checks: ["pkece"]
```
Furthermore, string values are not supported anymore. This is to be able to handle fewer cases internally.
```diff
- checks: "state"
+ checks: ["state"]
```
A living session could be a requirement for specific pages (like dashboards). If it doesn’t exist, the user should be redirected to a page asking them to sign in again.
Sometimes, a user might log out by accident, or by deleting cookies on purpose. If that happens (e.g. on a separate tab), then `useSession({ required: true })` should detect the absence of a session cookie and always return a non-nullable Session object type.
When `required: true` is set, the default behavior will be to redirect the user to the sign-in page. This can be overridden by an `action()` callback:
```js
const session = useSession({
required: true,
action() {
// ....
}
})
if (session.status === "Loading") return "Loading or not authenticated..."
// session.data is always defined here.
```
Co-authored-by: Kristóf Poduszló <kripod@protonmail.com>
Co-authored-by: Lluis Agusti <hi@llu.lu>
BREAKING CHANGE:
The `useSession` hook now returns an object. Here is how to accommodate for this change:
```diff
- const [ session, loading ] = useSession()
+ const { data: session, status } = useSession()
+ const loading = status === "loading"
```
With the new `status` option, you can test states much more clearly.
**What**:
These changes ensure that we work more tightly with React that can also result in unforeseen performance boosts. In case we would decide on expanding to other libraries/frameworks, a new file per framework could be added.
**Why**:
Some performance issues (https://github.com/nextauthjs/next-auth/issues/844) could only be fixed by moving more of the client code into the `Provider`.
**How**:
Refactoring `next-auth/client`
Related: #1461, #1084, #1462
BREAKING CHANGE:
**1.** `next-auth/client` is renamed to `next-auth/react`.
**2.** In the past, we exposed most of the functions with different names for convenience. To simplify our source code, the new React specific client code exports only the following functions, listed with the necessary changes:
- `setOptions`: Not exposed anymore, use `SessionProvider` props
- `options`: Not exposed anymore, use `SessionProvider` props
- `session`: Rename to `getSession`
- `providers`: Rename to `getProviders`
- `csrfToken`: Rename to `getCsrfToken`
- `signin`: Rename to `signIn`
- `signout`: Rename to `signOut`
- `Provider`: Rename to `SessionProvider`
**3.** `Provider` changes.
- `Provider` is renamed to `SessionProvider`
- The `options` prop is now flattened as the props of `SessionProvider`.
- `clientMaxAge` has been renamed to `staleTime`.
- `keepAlive` has been renamed to `refetchInterval`.
An example of the changes:
```diff
- <Provider options={{clientMaxAge: 0, keepAlive: 0}}>{children}</Provider>
+ <SessionProvider staleTime={0} refetchInterval={0}>{children}</SessionProvider>
```
**4.** It is now **required** to wrap the part of your application that uses `useSession` into a `SessionProvider`.
Usually, the best place for this is in your `pages/_app.jsx` file:
```jsx
import { SessionProvider } from "next-auth/react"
export default function App({
Component,
pageProps: { session, ...pageProps }
}) {
return (
// `session` comes from `getServerSideProps` or `getInitialProps`.
// Avoids flickering/session loading on first load.
<SessionProvider session={session}>
<Component {...pageProps} />
</SessionProvider>
)
}
```
* feat(adapter): remove built-in adapters and database
BREAKING CHANGE:
From now on, you will have to import your own adapter
Check out https://github.com/nextauthjs/adapters
The migration is super easy and has HUGE advantages for those not using TypeORM.
```diff
// [...nextauth].js
+ import TypeORMAdapter from "@next-auth/typeorm-legacy-adapter"
import NextAuth from "next-auth"
...
export default NextAuth({
- database: "yourconnectionstring",
+ adapter: TypeORMAdapter("yourconnectionstring")
})
```
Co-authored-by: Lluis Agusti <hi@llu.lu>
Co-authored-by: Giovanni Carnel <479046+g10@users.noreply.github.com>
* chore: add beta to release flow/GH actions
* feat(ts): expose types from the package (#1665)
* chore(types): move existing types to the repo
* feat(ts): expose types from the main package
* chore(deps): bring back `react-dom` version range
* chore(ts): cleanup deps and comments
* chore(ci): run types tests on a separate workflow
* chore(ci): fix typo on types workflow
* fix(ts): correctly export sub-module types (#1677)
* chore(types): build types script
Adds a script that moves the declaration files we have in `./types` to `./dist` relative to the files they intend to type.
This is the first step, we still need to change what we declare in `package.json`, add the script to the CI pipeline if we're happy with it and figure out how to type `next-auth/jwt`.
* refactor(lint): fix build-types script
* fix(ts): add .d.ts sub-module files to package.json
#1677 seemed to miss this
* fix(built): typo in package.json
* fix(build): fix release
* feat(ts): support module augmentation (#1681)
* chore(ts): remove unused imports
* refactor(ts): clean up CallbackOptions
* docs(ts): explain Module Augmentation
* docs(ts): don't use @ in folder name "types"
* test(ts): make jwt params optional
* docs(ts): fix typo (TypeScript -> NextAuth.js)
* style: replace ts-standard with eslint/prettier (#1724)
* style: move from ts-standard to eslint/prettier
* fix: install remaining eslint-config-standard peer deps
* fix: add remaining missing dependencies/config
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(lint): update contributing.md (#1760)
Regarding ESLint / Prettier use and link to their VSCode extensions
* refactor(ts): de-duplicate types (#1690)
* refactor(ts): deduplicate internal types
* refactor(ts): ease up providers typings
* test(ts): fix failing TS tests
* test(ts): rename TS property to fix test
* docs(ts): mention TS docs in README.md
* feat(ts): move/update client types
* refactor(TS): rename some types
* test(ts): fix client tests
* docs(ts): move function descriptions to .d.ts
* chore: fix lint error
* refactor(ts): separate internal types
* chore: simplify build-types script
* chore: update type import paths in src
* chore(build): create root files at build
* chore: remove unnecessary .npmignore
* chore: run prettier on types
* fix(ts): clean up jwt types
* fix(ts): make getToken return type depend on raw param
* docs(page): explain page errors, add theming note
* docs(ts): add JSDoc to NextAuthOptions props
* chore(ts): remove unused import
* docs(ts): change JSDOC docs notation
* refactor(build): extract module entries into enum
* chore(ts): move ClientSafeProvider
* chore(ts): simplify GetTokenParams generic
* style(lint): fix linting errors
* chore: re-add generic extension to GetTokenParams
* fix(ts): extract EmailConfigServerOptions to interface
* fix(ts): use relative imports
* Merge branch 'main' into beta
* Merge main into beta
* fix(ts): fix typos, add more links to documentation
* test(ts): update JWT getToken test
* fix(build): fix tsconfig.json formatting
* test(ts): use absolute imports in test files
* fix(ts): add missing callbacks JSDoc
* docs: mention TS in FAQ, fix typos
* docs: fix some typos in the docs
Co-authored-by: Lluis Agusti <hi@llu.lu>
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat: simplify NextAuth instantiation (#911)
* feat: allow react 17 as a peer dependency (#819)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update for Now to Vercel (#847)
Vercel archived their now packages a while back, so you can use vercel env pull to pull in the .env
* docs: fix discord example code (#850)
* docs: fix typo in callbacks.md (#815)
This is a simple typographical error changed accesed to accessed
* fix: update nodemailer version in response to CVE. (#860)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769 reports a high-severity issue with the current version of nodemailer. This should be merged and released right away if possible.
* fix: ensure Images are produced for discord (#734)
* fix: update Okta routes (#763)
the current routing for the Okta provider does not follow the standard
set by Okta, and as such doesn't allow for custom subdomains. this
update amends the routes to allow for customer subdomains, and also
aligns next-auth with Okta's documentation.
* fix(provider): handle no profile image for Spotify (#914)
* chore(deps): upgrade "standard"
* style(lint): run lint fix
* fix(provider): optional chain Spotify provider profile img
* Merge main into canary (#917)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* docs: Update default ports for support Databases (#839)
https://next-auth.js.org/configuration/databases
* Fix for Reddit Authentication (#866)
* Fixed Reddit Authentication
* updated fix for build test
* updated buffer to avoid deprecation message
* Updated for passing tests
* WIP: Update Docusaurus + Site dependencies (#802)
* update: deps
* fix: broken link
* fix: search upgrade change
* Include callbackUrl in newUser page (#790)
* Include callbackUrl in newUser page
* Update src/server/routes/callback.js
Co-authored-by: Iain Collins <me@iaincollins.com>
* Update src/server/routes/callback.js
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* add(db): Add support for Fauna DB (#708)
* Add support for Fauna DB
* Add integration tests
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(provider): add netlify (#555)
Co-authored-by: styxlab <cws@DE01WP777.scdom.net>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Bump next from 9.5.3 to 9.5.4 in /test/docker/app (#759)
Bumps [next](https://github.com/vercel/next.js) from 9.5.3 to 9.5.4.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v9.5.3...v9.5.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(provider): Add Bungie (#589)
* Add Bungie provider
* Use absolute URL for images
* Correct image URL and use consistent formatting
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat: add foursquare (#584)
* feat(provider): Add Azure Active Directory B2C (#921)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* doc: add provider to FAQ
* update(provider): Update Slack provider to use V2 OAuth endpoints (#895)
* Update Slack to v2 authorize urls, option for additional authorize params
* acessTokenGetter + documentation
* refactor(db): update Prisma calls to support 2.12+ (#881)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* chore(dep): Bump highlight.js from 9.18.1 to 9.18.5 (#880)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 9.18.1 to 9.18.5.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/9.18.5/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...9.18.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* chore: disallow issues without template
* chore: add note about conveting questions to discussions
* chore: create PULL_REQUEST_TEMPLATE.md
* chore: reword PR template
* feat: Store user ID in sub claim of default JWT (#784)
This allows us to check if the user is signed in when using JWTs
Part of #625
* docs: fix incorrect references in cypress docs (#932)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* docs: fix incorrect references in cypress docs
* chore: add additional docs clarification
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* feat: Display error if no [...nextauth].js found (#678)
* Display error if no [...nextauth].js found
fixes#647
* Log the error and describe it inside errors.md
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore(deps): Bump ini from 1.3.5 to 1.3.8 in /www (#953)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: fix typo Adapater -> Adapter (#960)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* docs: We have twice the word "side" (#964)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* We have twice the word "side"
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* docs: Correcting a typo. "available" Line 70 (#965)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* Correcting a typo. "available" Line 70
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* chore: hide comments from pull request template
* Update README.md
Updated the readme to include the projects logo, fixed some typos, and added license info and contributor image.
* feat: add strava provider (#986)
* Add Strava as a provider
* Add documentation for Strava provider
* Fix lint errors
Co-authored-by: Paul Kenneth Kent <paul@ventureharbour.com>
* Update README.md
* Update README.md
* feat: add semantic-release (#920)
* chore(release): change semantic-release/git to semantic-release/github
* docs(database): add mssql indexes in docs, fix typos (#925)
* added mssql indexes in docs, fixed typo
* docs: fix typo in www/docs/schemas/mssql.md
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore(release): delete old workflow
* chore(release): trigger release on docs type
* fix: treat user.id as optional param (#1010)
* fix(adapter): use findOne for typeorm (#1014)
* Change image to text from varchar (#777)
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(db): make Fauna DB collections & indexes configurable (#968)
* Add collections & indexes overrides for Fauna DB
* Fix the name of the verification token index
Co-authored-by: Florian Michaut <florian@coding-days.com>
* docs: Remove unnecessary promises (#915)
* feat: allow to return string in signIn callback (#1019)
* docs: small update to sign in/out examples (#1016)
* Update examples in client.md
* Update more examples
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update contributing information [skip release] (#1011)
* docs: update CONTRIBUTING.md
* docs: use db instead of database for more space
* docs: update CONTRIBUTING.md
* docs: update PR template
* docs: add note about skipping a release
* docs: fix typos in CONTRIBUTING.md [skip release]
* refactor: code base improvements (#959)
* chore: fix casing of OAuth
* refacotr: simplify default callbacks lib file
* refactor: use native URL instead of string concats
* refactor: move redirect to res.redirect, done to res.end
* refactor: move options to req
* refactor: improve IntelliSense, name all functions
* fix(lint): fix lint errors
* refactor: remove jwt-decode dependency
* refactor: refactor some callbacks to Promises
* revert: "refactor: use native URL instead of string concats"
Refs: 690c55b04089e4f3157424c816d43ee4cecb77a0
* chore: misc changes
Co-authored-by: Balazs Orban <balazs@nhi.no>
* feat(provider): Add Mail.ru OAuth Service Provider and Callback snippet (#522)
* Update callback.js
- Fix Mail.ru bug (missing request parameter: access_token)
Note: setGetAccessTokenProfileUrl should be added to Mail.ru provider to enable support.
* Add Mail.ru OAuth Service Provider
* Update callbacks.md
- Fix broken callbacks snippet.
* Update callback.js
- Bug fix https://github.com/nextauthjs/next-auth/pull/522#issuecomment-669851914
- Minor refactoring.
* Fix: Code linting.
* Update callback.js
Improve approach for building of URL based review recommendation.
* Feat: Reduce API surface expansion
Make use of provider.id === "mailru" as suggested in review discussion in place of setGetAccessTokenProfileUrl.
* Fix: Code linting
* feat: forward id_token to jwt and signIn callbacks (#1024)
* chore: add auto labeling to PRs [skip release] (#1025)
* chore: add auto labeling to PRs [skip release]
* chore: allow any file type for test label to be added
* chore: rename labeler.yaml to labeler.yml [skip release]
* fix: miscellaneous bugfixes (#1030)
* fix: use named params to fix order
* fix: avoid recursive redirects
* fix: revert to use parsed baseUrl
* fix: avoid recursive res.end calls
* fix: use named params in renderPage
* fix: promisify lib/oauth/callback result
* fix: don't chain on res.end on non-chainable res methods (#1031)
* docs: add powered by vercel logo [skip release]
* chore: run tests on canary [skip release]
* docs: misc improvements [skip release] (#1043)
* refactor: code base improvements 2 (#1045)
* fix: trigger release
* fix: use authorizationUrl correctly
* feat(provider): reduce user facing API (#1023)
Co-authored-by: Balazs Orban <balazs@nhi.no>
* fix: remove async from NextAuth default handler
This function should not return a Promise
* feat(provider): add vk.com provider (#1060)
* feat(provider): add vk.com provider
* refactor(provider): reduce vk.com provider api
* refactor: code base improvements 3 (#1072)
* refactor: extend res.{end,send,json}, redirect
* refactor: chain res methods, remove unnecessary ones
* refactor: simplify oauth callback signature
* refactor: code simplifications
* refactor: re-export everything from routes in one
* refactor: split up main index.js to multiple files
* refactor: simplify passing of provider(s) around
* refactor: extend req with callbackUrl inline
* refactor: simplify page rendering
* refactor: move error page redirects to main file, simplify renderer
* refactor: inline req.options definition
* refactor: simplify error fallbacks
* refactor: remove else branches and unnecessary try..catch
* refactor: add docs, and simplify jwt functions
* refactor: prefer errors object over switch..case in signin page
* feat: log all params sent to logger instead of only first
* refactor: fewer lines input validation
* refactor: remove even more unnecessary else branches
* feat: improve package development experience (#1064)
* chore(deps): add next and react to dev dependencies
* chore: move build configs to avoid crash with next dev
* chore: add next js dev app
* chore: remove .txt extension from LICENSE file
* chore: update CONTRIBUTING.md
* chore: watch css under development
* style(lint): run linter on index.css
* chore: fix some imports for dev server
* refactor: simplify client code
* chore: mention VSCode extension for linting
* docs: reword CONTRIBUTING.md
* chore: ignore linting pages and components
* fix: pass csrfToken to signin renderer
* feat: replace blur/focus event to visibility API for getSession (#1081)
* docs: clarify .env usage in CONTRIBUTING.md [skip release] (#1085)
* docs: improve FAQ docs [skip release]
* chore: update caiuse-lite db
* docs: update some urls in the docs [skip release]
* feat(pages): add dark theme support (#1088)
* feat(pages): add dark theme support
* docs: document theme option
* chore: remove ts-check from dev app
* style(pages): fix some text colors in dark mode
* feat(provider): add LINE provider (#1091)
* refactor: be explicit about path in jsonconfig [skip release]
* refactor: show signin page in dev app [skip release]
* fix: export getSession [skip release]
somehow the default export does not work in the dev app
* style: make p system theme aware [skip release]
* feat(provider): finish Reddit provider and add documentation (#1094)
* Create reddit.md
* uncommented profile callback
* Update reddit.md
* fix lint issues
* added reddit provider
* added reddit provider
* Add Reddit Provider
For some reason a bunch of providers got deleted in the last commit
* Add Reddit Provider
* Add Reddit Provider
* chore: define providers in single file for docs [skip release]
* chore: Comply to Vercel Open Source sponsorship [skip release] (#1087)
* added banner
* Changed banner image allignment
* changed location of banner again
* added to acknowledgement
* added to acknowledgement 1
* changed image size
* k
* l
* s
* s
* .
* added link to the banner in readme.md
* fixed image redirect
* fixed image allignment
* made changes in readme and index.js
* Changed the source of the banner image
* added banner to the footer of the site
* chore: fix lint issues [skip release]
* feat: add native hkdf (#1124)
* feat: add native hkdf
* feat: import only needed to do hkdf
* feat: tweak digest and arguments
* chore(deps): upgrade typeorm to v0.2.30 (#1145)
* docs: remove v1 documentation (#1142)
* chore(adapters): remove fauna (#1148)
* feat: forward signIn auth params to /authorize (#1149)
* refactor: authorisation -> authorization
* feat: forward authorizationParams from signIn function
* refactor: take auth params as third argument
* docs: document signIn authorizationParams
* fix(adapter): fix ISO Datetime type error in Prisma updateSession (#640)
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat(provider): add option to generate email verification token (#541)
* Add option to generate email verification token
* chore: remove unused import
* refactor: define default generateVerificationToken in-place
* refactor: define default generateVerificationToken in-place
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update info about TypeScript [skip release]
* feat: add PKCE support (#941)
* chore(deps): upgrade dependencies
* chore(deps): add pkce-challenge
* feat(pkce): initial implementation of PCKE support
* chore: remove URLSearchParams
* chore(deps): upgrade lockfile
* refactor: store code_verifier in a cookie
* refactor: add pkce handlers
* docs: add PKCE documentation
* chore: remove unused param
* chore: revert unnecessary code change
* fix: correct variable names
* fix: correct logger import
* feat(provider): add Salesforce provider (#1027)
* docs(provider): add Salesforce provider
* fix(provider): use authed_user on slack instead of spotify (#1174)
* fix: use startsWith for protocol matching in parseUrl
closes#842
* fix: fix lint issues
* docs: clear things up around using access_token [skip release]
#1078
* docs: fix typo in callbacks.md [skip release]
* chore(provider): remove Mixer (#1178)
"Thank you to our amazing community and Partners.
As of July 22, the Mixer service has closed."
* feat(provider): re-add state, expand protection provider options (#1184)
* refactor: move OAuthCallbackError to errors file
* refactor: improve pkce handling
* feat(provider): re-introduce state to provider options
* docs(provider): mention protection options "state" and "none"
* docs(provider): document state property deprecation
* fix: only add code_verifier param if protection is pkce
* docs: explain state deprecation better
* chore: unify string
* fix: send /authorize params through url
* fix: Add a null check to the window 'storage' event listener (#1198)
* Add a null check to the window 'storage' event listener
While testing in Cypress it's possible to receive a null value on Storage Events when 'clear' is called and will cause errors as seen in #1125.
* Update index.js
typo
* Update src/client/index.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* formatting
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(provider): fix typos in providers code snippets [skip release] (#1204)
* docs(adapter): add adapter repo to documentation [skip release] (#1173)
* docs(adapter): add adapter repo to documentation
* docs(adapter): elaborate on custom repo
* fix: forward second argument to fetch body in signIn
fixes#1206
* docs: Fix grammar in "Feature Requests" section of FAQs [skip release] (#1212)
* refactor: provide raw idToken through account object (#1211)
* refactor: provide raw idToken through account object
* docs: clear up accessToken naming
* refactor: provide raw token response to account
* chore: fix grammar in comments
* feat: send all params to logger function (#1214)
* feat(provider): Add Medium (#1213)
* fix: leave accessTokenExpires as null
Forwarding expires_in as is to accessTokenExpires has shown to cause issues with Prisma, and maybe with other flows as well. Setting it back to `null` for now. We still forward `expires_in`, so users can use it if they want to.
Fixes#1216
* docs: more emphasis on req methods [skip release]
* docs: remove announcement bar [skip release]
* fix: make OAuth 1 work after refactoring (#1218)
* chore: add twitter provider to dev app
* feat: bind client instance to overriden methods
* fix: don't add extra params to getOAuthRequestToken
* chore: add twitter to env example, add secret gen instructions
* docs: Update Providers.Credential Example Block [skip release] (#1225)
Closing curly bracket where it should have been a square bracket.
* feat(provider): option to disable client-side redirects (credentials) (#1219)
* chore: add credentials provider to dev app
* feat: add redirect option to signIn, signOut
* feat: set correct status codes for credentials errors
* chore: add credentials page to dev app
* fix: support any provider name for credentials
* feat(ts): preliminary TypeScript support (#1223)
* chore: replace standard with ts-standard
* feat(ts): add some initial types
* feat(ts): import and use types
* chore: allow global fetch through package.json
* chore: upgrade lint scripts to use ts-standard
* chore: run linter on dev app
* chore(ts): satisfy dev Next.js server for TS
* fix: add eslint as dev dependency
* fix(lint): ignore next-env.d.ts from linting
* feat(ts): improve cookies options types
* fix: run linter with fix
* feat(provider): add EVE Online provider (#1227)
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
Co-authored-by: Gerald McNicholl <gerald.mcnicholl@xero.com>
* docs: clarify custom pages usage [skip release] (#1239)
* docs(provider): Update Atlassian docs (#1255)
* docs: Update Atlassian docs [skip release]
* Update atlassian.md
* fix(provider): okta client authentication (#1257)
* fix: okta client authentication
* chore: run lint fix
* Update pages/api/auth/[...nextauth].js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: mgraser <matt.graser@mlb.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore: don't sync labels with labeler [skip release]
manually added PR labels were constantly removed on new commits/builds, this hopefully fixes that
* fix(provider): add verificationRequest flag to email signIn callback (#1258)
* fix(ui): use color text var for input color (#1260)
Co-authored-by: Archit Khode <archit.khode@gmail.com>
* docs: Minor text error fixed [skip release] (#1263)
* feat(provider): update session when signIn/signOut successful (#1267)
* feat(provider): update session when login/logout successful
* chore: remove manual page reload from dev app
* docs(client): document redirect: false
* fix(page): fix typo in error page
* Merge pull request from GHSA-pg53-56cg-4m8q
* fix(adapter): Verify identifier as well as token in Prisma adapter
* feat(adapter): Improve typeorm adapter
Improve conditional check in TypeORM adapter.
This should have no impact in practice but sets a good example.
* docs(adapter): Update Prisma docs [skip release] (#1279) (#1283)
Co-authored-by: Iain Collins <me@iaincollins.com>
* docs(provider): Update azure-ad-b2c.md [skip release] (#1280)
* docs(adapter): Update Prisma docs (#1279)
* Update azure-ad-b2c.md
add hint for redirection URL, otherwise difficult to find out
* Update azure-ad-b2c.md
changed .env ro .env.local as per recommendation
* Update azure-ad-b2c.md
* Update azure-ad-b2c.md
* Update azure-ad-b2c.md
* update conf in .env.local
follow the .env guidelines
* Update azure-ad-b2c.md
* Create azure-ad-b2c.md
* Create azure-ad-b2c.md
* Update azure-ad-b2c.md
Co-authored-by: Iain Collins <me@iaincollins.com>
* docs: Change "docs" to "documentation"
* fix(provider): Fixes for email sign in (#1285)
* fix(adapter): Fix Prisma delete
Must use Prsima deleteMany() instead of delete() with multiple clauses.
* feat: Update example project
Update example project to make it easier to test with database adapters.
* fix(ui): Fix message text in light / auto theme
Info message text is always on the same background (blue) on both themes so should always be white.
* docs: Update example .env [skip release]
* feat: Update Prisma peerOptionalDependencies
* docs: trigger release
Co-authored-by: Luke Lau <luke_lau@icloud.com>
Co-authored-by: James Perkins <jamesperkins@hey.com>
Co-authored-by: Joshua K. Martinez <joshkmartinez@gmail.com>
Co-authored-by: Pauldic <Pauldiconline@yahoo.com>
Co-authored-by: Josh Padnick <josh@gruntwork.io>
Co-authored-by: Daggy1234 <arnav.jindal7@gmail.com>
Co-authored-by: Alan Ray <71240883+ohheyalanray@users.noreply.github.com>
Co-authored-by: Manish Chiniwalar <manishrc@users.noreply.github.com>
Co-authored-by: Aymeric <34040599+afoyer@users.noreply.github.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Fabrizio Ruggeri <ramiel@users.noreply.github.com>
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Joseph Vaughan <Joev-@users.noreply.github.com>
Co-authored-by: Joost Jansky <styxlab@users.noreply.github.com>
Co-authored-by: styxlab <cws@DE01WP777.scdom.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: RobertCraigie <robertcraigie30@gmail.com>
Co-authored-by: Joe Bell <joe@joebell.co.uk>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
Co-authored-by: Cathy Chen <cathykaichen@gmail.com>
Co-authored-by: Kristóf Poduszló <kripod@protonmail.com>
Co-authored-by: Haldun Anil <haldunanil@users.noreply.github.com>
Co-authored-by: Jakub Naskręski <36169811+kleyu@users.noreply.github.com>
Co-authored-by: imgregduh <imgregorywong@gmail.com>
Co-authored-by: pkabore <paulkabore333@gmail.com>
Co-authored-by: Paul Kenneth Kent <pkennethkent@gmail.com>
Co-authored-by: Paul Kenneth Kent <paul@ventureharbour.com>
Co-authored-by: Balazs Orban <balazs@nhi.no>
Co-authored-by: Junior Vidotti <jrvidotti@gmail.com>
Co-authored-by: Yuma Matsune <yuma.matsune@gmail.com>
Co-authored-by: Ben West <Xodarap@users.noreply.github.com>
Co-authored-by: Florian Michaut <florianmichaut@gmail.com>
Co-authored-by: Florian Michaut <florian@coding-days.com>
Co-authored-by: Melanie Seltzer <melleh11@gmail.com>
Co-authored-by: Didi Keke <nyedidikeke@users.noreply.github.com>
Co-authored-by: Evgeniy Boreyko <boreykojenya@yandex.ru>
Co-authored-by: Alex B <lnikell@gmail.com>
Co-authored-by: Ben <5271788+bebax@users.noreply.github.com>
Co-authored-by: suraj10k <63460026+suraj10k@users.noreply.github.com>
Co-authored-by: t.kuriyama <koolii0909@gmail.com>
Co-authored-by: Yuri Gor <YuriGor@users.noreply.github.com>
Co-authored-by: Radhika <56536997+96RadhikaJadhav@users.noreply.github.com>
Co-authored-by: Henrik Wenz <HaNdTriX@users.noreply.github.com>
Co-authored-by: Zhao Lei <firede@firede.com>
Co-authored-by: Mohamed El Mahallawy <mmahalwy@gmail.com>
Co-authored-by: Dillon Mulroy <dillon.mulroy@gmail.com>
Co-authored-by: Carmelo Scandaliato <8927157+cascandaliato@users.noreply.github.com>
Co-authored-by: Aishah <aissshah@outlook.com>
Co-authored-by: Samson Zhang <wwsamson@yahoo.com>
Co-authored-by: Vova <volodimir.partytskyi@gmail.com>
Co-authored-by: Cody Ogden <cody@codyogden.com>
Co-authored-by: geraldm74 <gerald_mcnicholl@yahoo.com>
Co-authored-by: Gerald McNicholl <gerald.mcnicholl@xero.com>
Co-authored-by: Jeremy Caine <jezcaine@gmail.com>
Co-authored-by: Matthew Graser <mdgraser@gmail.com>
Co-authored-by: mgraser <matt.graser@mlb.com>
Co-authored-by: Kristofor Carle <kris@maphubs.com>
Co-authored-by: Archit Khode <arkits@outlook.com>
Co-authored-by: Archit Khode <archit.khode@gmail.com>
Co-authored-by: Daniel Gadd <danielgadd@outlook.com>
Co-authored-by: Robert Hufsky <Robert.Hufsky@gmx.net>
* added banner
* Changed banner image allignment
* changed location of banner again
* added to acknowledgement
* added to acknowledgement 1
* changed image size
* k
* l
* s
* s
* .
* added link to the banner in readme.md
* fixed image redirect
* fixed image allignment
* made changes in readme and index.js
* Changed the source of the banner image
* added banner to the footer of the site
Full end-to-end integration tests for Twitter (OAuth 1) and GitHub (OAuth 2) using Puppeteer and Mocha.
This replaces Cypress tests due to issues with Cypress not being able to run tests against external URLs, which we need for our integration tests.
The integration test runner is hosted outside of GitHub Actions (it cannot be hosted by GitHub or on AWS due to IP access controls placed on sign in by providers like Twitter and GitHub) and so the integration tests may not pass if the test runner is offline. If this happens, tests can be re-run later when the test runner is available.
See Pull Request #641 for details.
