* docs(sveltekit): autogenerate API reference
* feat(sveltekit): update to use latest `@auth/core`
* chore: format
* chore: add auth packages as docs dependency
* chore: format
* chore: more formatting
* chore: don't run build before tests
* clean up `package.json` files
* chore(ts): make sure `next-auth/next` does not conflict with `next`
* simplify `turbo.json`
* fix: apply suggestion
* simplify doc dev command
* ignore upstash redis again
* ignore mikro orm for now
* chore: dev command
* update lock file
* update css path for dev only
* Update apps/dev/package.json
Co-authored-by: Thang Vu <thvu@hey.com>
We haven't kept up with the recent TypeORM changes, and since they are still <1, it's likely that users kept upgrading, even if there were breaking changes.
BREAKING CHANGE:
[`typeorm`](https://github.com/typeorm/typeorm) is still in active development and has not yet published a stable release. Because of this, you can expect breaking changes in minor versions. This release of the adapter expects `typeorm@0.3.7` and is not validated against previous or future releases.
Run `npm i typeorm@latest` and make sure to read the [release notes](https://github.com/typeorm/typeorm/releases) for breaking changes in TypeORM
* fix labeler
* try fixing test runs in GitHub Actions
* pass flags to test command
* test version pr
* move versoin-pr action
* remove --dry-run flag
* re-enable testing, re-add semantic release for now
* add docs
* use `yarn.lock` and different docs port
* simplify dev app config
* fix coverage report
* fix provider source links
* fix more links
* fix(provider): correct authorization for Atlassian
* feat(providers): use wellKnown for better configuration
* fix(atlassian): switch back to raw config
* fix(providers): pass generic to `OAuthUserConfig`
Co-authored-by: Lluis Agusti <hi@llu.lu>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
BREAKING CHANGE:
`prisma-legacy` is now gone. Use `@next-auth/prisma-adapter`. Any features from the old adapter will be migrated over to the new one eventually. This is done so we can require the same default set of options from all the built-in providers, rather than allowing ambiguity on what an official adapter has to support.
The `TypeORM` adapter will probably be the only one migrated as-is, but in the future, we would like to break it down to lighter-weight adapters that only support single databases.
Adapters no longer have to return a `getAdapter()` method, they can return the actual adapter methods instead. All the values previously being provided through the arguments of `getAdapter` will now be available in a more digestible format directly in the concerning methods. This behavior was created so that connections could be handled more efficiently. Our review has shown that currently, the TypeORM adapter is the only one that does not handle connections out-of-the-box, so we are going to look into how we can create a wrapper/util function to make it work in the new version. For all other adapters, this will be a huge gain, as with this new API, methods are actually overrideable without creating a whole new custom adapter! 🥳
Example:
```js
function MySlightlyCustomAdapter(...args) {
const adapter = AdapterFromSomeoneElse(...args)
adapter.someMethodIWantToModify = (...args) => {
// Much better implementation goes here.
}
return adapter
}
```
**The following method names are changing:**
```diff
- getSession
+ getSessionAndUser
```
This method now requires that you return both the user and the session as `{user, session}`. If any of these could not be retrieved, you will have to return `null` instead. (In other words, this must be a transaction.) This requires one less database call, improving the user session retrieval. Any expiry logic included in the Adapter before is now done in the core as well.
```diff
- createVerificationRequest
+ createVerificationToken
```
Better describes the functionality. This method no longer needs to call `provider.sendVerificationRequest`, we are moving this into the core. This responsibility shouldn't have fallen to the adapter in the first place.
`createVerificationToken` will now receive a `VerificationToken` object, which looks like this:
```ts
interface VerificationToken {
identifier: string
expires: Date
token: string
}
```
The token provided is already hashed, so nothing has to be done, simply write it to your database. (Here we lift up the responsibility from the adapter to hash tokens)
```diff
- getVerificationRequest
+ useVerificationToken
```
Better describes the functionality. It now also has the responsibility to delete the used-up token from the database. Most ORMs should support retrieving the value while deleting it at the same time, so it will reduce the number of database calls.
``` diff
- deleteVerificationRequest
```
This method is gone. See `useVerificationToken`.
Most of the method signatures have been changed, have a look at the [TypeScript interface](ba4ec5faa3/types/adapters.d.ts) to get a better picture.
Adds a new way to import providers for modularity and better tree-shaking.
BREAKING CHANGE:
Providers now have to be imported one-by-one:
Example:
```diff
- import Provider from "next-auth/providers"
- Providers.Auth0({...})
+ import Auth0Provider from "next-auth/providers/auth0"
+ Auth0Provider({...})
```
**What**:
These changes ensure that we work more tightly with React that can also result in unforeseen performance boosts. In case we would decide on expanding to other libraries/frameworks, a new file per framework could be added.
**Why**:
Some performance issues (https://github.com/nextauthjs/next-auth/issues/844) could only be fixed by moving more of the client code into the `Provider`.
**How**:
Refactoring `next-auth/client`
Related: #1461, #1084, #1462
BREAKING CHANGE:
**1.** `next-auth/client` is renamed to `next-auth/react`.
**2.** In the past, we exposed most of the functions with different names for convenience. To simplify our source code, the new React specific client code exports only the following functions, listed with the necessary changes:
- `setOptions`: Not exposed anymore, use `SessionProvider` props
- `options`: Not exposed anymore, use `SessionProvider` props
- `session`: Rename to `getSession`
- `providers`: Rename to `getProviders`
- `csrfToken`: Rename to `getCsrfToken`
- `signin`: Rename to `signIn`
- `signout`: Rename to `signOut`
- `Provider`: Rename to `SessionProvider`
**3.** `Provider` changes.
- `Provider` is renamed to `SessionProvider`
- The `options` prop is now flattened as the props of `SessionProvider`.
- `clientMaxAge` has been renamed to `staleTime`.
- `keepAlive` has been renamed to `refetchInterval`.
An example of the changes:
```diff
- <Provider options={{clientMaxAge: 0, keepAlive: 0}}>{children}</Provider>
+ <SessionProvider staleTime={0} refetchInterval={0}>{children}</SessionProvider>
```
**4.** It is now **required** to wrap the part of your application that uses `useSession` into a `SessionProvider`.
Usually, the best place for this is in your `pages/_app.jsx` file:
```jsx
import { SessionProvider } from "next-auth/react"
export default function App({
Component,
pageProps: { session, ...pageProps }
}) {
return (
// `session` comes from `getServerSideProps` or `getInitialProps`.
// Avoids flickering/session loading on first load.
<SessionProvider session={session}>
<Component {...pageProps} />
</SessionProvider>
)
}
```
* chore: move dev app to its own folder
* docs: update CONTRIBUTING.md
* docs: fix typos in CONTRIBUTING
* chore: gitignore dev app lock files
* chore: move release config into package.json
* docs(tutorials): refresh token rotation
* use simple initialization
* be optimistic
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* add yarn.lock to .gitignore
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: simplify NextAuth instantiation (#911)
* feat: allow react 17 as a peer dependency (#819)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update for Now to Vercel (#847)
Vercel archived their now packages a while back, so you can use vercel env pull to pull in the .env
* docs: fix discord example code (#850)
* docs: fix typo in callbacks.md (#815)
This is a simple typographical error changed accesed to accessed
* fix: update nodemailer version in response to CVE. (#860)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769 reports a high-severity issue with the current version of nodemailer. This should be merged and released right away if possible.
* fix: ensure Images are produced for discord (#734)
* fix: update Okta routes (#763)
the current routing for the Okta provider does not follow the standard
set by Okta, and as such doesn't allow for custom subdomains. this
update amends the routes to allow for customer subdomains, and also
aligns next-auth with Okta's documentation.
* fix(provider): handle no profile image for Spotify (#914)
* chore(deps): upgrade "standard"
* style(lint): run lint fix
* fix(provider): optional chain Spotify provider profile img
* Merge main into canary (#917)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* docs: Update default ports for support Databases (#839)
https://next-auth.js.org/configuration/databases
* Fix for Reddit Authentication (#866)
* Fixed Reddit Authentication
* updated fix for build test
* updated buffer to avoid deprecation message
* Updated for passing tests
* WIP: Update Docusaurus + Site dependencies (#802)
* update: deps
* fix: broken link
* fix: search upgrade change
* Include callbackUrl in newUser page (#790)
* Include callbackUrl in newUser page
* Update src/server/routes/callback.js
Co-authored-by: Iain Collins <me@iaincollins.com>
* Update src/server/routes/callback.js
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* add(db): Add support for Fauna DB (#708)
* Add support for Fauna DB
* Add integration tests
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(provider): add netlify (#555)
Co-authored-by: styxlab <cws@DE01WP777.scdom.net>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Bump next from 9.5.3 to 9.5.4 in /test/docker/app (#759)
Bumps [next](https://github.com/vercel/next.js) from 9.5.3 to 9.5.4.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v9.5.3...v9.5.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(provider): Add Bungie (#589)
* Add Bungie provider
* Use absolute URL for images
* Correct image URL and use consistent formatting
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat: add foursquare (#584)
* feat(provider): Add Azure Active Directory B2C (#921)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* doc: add provider to FAQ
* update(provider): Update Slack provider to use V2 OAuth endpoints (#895)
* Update Slack to v2 authorize urls, option for additional authorize params
* acessTokenGetter + documentation
* refactor(db): update Prisma calls to support 2.12+ (#881)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* chore(dep): Bump highlight.js from 9.18.1 to 9.18.5 (#880)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 9.18.1 to 9.18.5.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/9.18.5/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...9.18.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
* chore: disallow issues without template
* chore: add note about conveting questions to discussions
* chore: create PULL_REQUEST_TEMPLATE.md
* chore: reword PR template
* feat: Store user ID in sub claim of default JWT (#784)
This allows us to check if the user is signed in when using JWTs
Part of #625
* docs: fix incorrect references in cypress docs (#932)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* docs: fix incorrect references in cypress docs
* chore: add additional docs clarification
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* feat: Display error if no [...nextauth].js found (#678)
* Display error if no [...nextauth].js found
fixes#647
* Log the error and describe it inside errors.md
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore(deps): Bump ini from 1.3.5 to 1.3.8 in /www (#953)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: fix typo Adapater -> Adapter (#960)
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* docs: We have twice the word "side" (#964)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* We have twice the word "side"
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* docs: Correcting a typo. "available" Line 70 (#965)
* chore: use stale label, instead of wontfix
* chore: add link to issue explaining stalebot
* chore: fix typo in stalebot comment
* chore: run build GitHub Action on canary also
* chore: run build GitHub Actions on canary as well
* chore: add reproduction section to questions
* feat(provider): Add Azure Active Directory B2C (#809)
* add provider: Microsoft
* documentation
* support no tenant setup
* fix code style
* chore: rename Microsoft provider to AzureADB2C
* chore: alphabetical order in providers/index
* Revert "feat(provider): Add Azure Active Directory B2C (#809)" (#919)
This reverts commit 6e6a24a7af.
* chore: add myself to the contributors list 🙈
* Correcting a typo. "available" Line 70
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
* chore: hide comments from pull request template
* Update README.md
Updated the readme to include the projects logo, fixed some typos, and added license info and contributor image.
* feat: add strava provider (#986)
* Add Strava as a provider
* Add documentation for Strava provider
* Fix lint errors
Co-authored-by: Paul Kenneth Kent <paul@ventureharbour.com>
* Update README.md
* Update README.md
* feat: add semantic-release (#920)
* chore(release): change semantic-release/git to semantic-release/github
* docs(database): add mssql indexes in docs, fix typos (#925)
* added mssql indexes in docs, fixed typo
* docs: fix typo in www/docs/schemas/mssql.md
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore(release): delete old workflow
* chore(release): trigger release on docs type
* fix: treat user.id as optional param (#1010)
* fix(adapter): use findOne for typeorm (#1014)
* Change image to text from varchar (#777)
Co-authored-by: Nico Domino <yo@ndo.dev>
* feat(db): make Fauna DB collections & indexes configurable (#968)
* Add collections & indexes overrides for Fauna DB
* Fix the name of the verification token index
Co-authored-by: Florian Michaut <florian@coding-days.com>
* docs: Remove unnecessary promises (#915)
* feat: allow to return string in signIn callback (#1019)
* docs: small update to sign in/out examples (#1016)
* Update examples in client.md
* Update more examples
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update contributing information [skip release] (#1011)
* docs: update CONTRIBUTING.md
* docs: use db instead of database for more space
* docs: update CONTRIBUTING.md
* docs: update PR template
* docs: add note about skipping a release
* docs: fix typos in CONTRIBUTING.md [skip release]
* refactor: code base improvements (#959)
* chore: fix casing of OAuth
* refacotr: simplify default callbacks lib file
* refactor: use native URL instead of string concats
* refactor: move redirect to res.redirect, done to res.end
* refactor: move options to req
* refactor: improve IntelliSense, name all functions
* fix(lint): fix lint errors
* refactor: remove jwt-decode dependency
* refactor: refactor some callbacks to Promises
* revert: "refactor: use native URL instead of string concats"
Refs: 690c55b04089e4f3157424c816d43ee4cecb77a0
* chore: misc changes
Co-authored-by: Balazs Orban <balazs@nhi.no>
* feat(provider): Add Mail.ru OAuth Service Provider and Callback snippet (#522)
* Update callback.js
- Fix Mail.ru bug (missing request parameter: access_token)
Note: setGetAccessTokenProfileUrl should be added to Mail.ru provider to enable support.
* Add Mail.ru OAuth Service Provider
* Update callbacks.md
- Fix broken callbacks snippet.
* Update callback.js
- Bug fix https://github.com/nextauthjs/next-auth/pull/522#issuecomment-669851914
- Minor refactoring.
* Fix: Code linting.
* Update callback.js
Improve approach for building of URL based review recommendation.
* Feat: Reduce API surface expansion
Make use of provider.id === "mailru" as suggested in review discussion in place of setGetAccessTokenProfileUrl.
* Fix: Code linting
* feat: forward id_token to jwt and signIn callbacks (#1024)
* chore: add auto labeling to PRs [skip release] (#1025)
* chore: add auto labeling to PRs [skip release]
* chore: allow any file type for test label to be added
* chore: rename labeler.yaml to labeler.yml [skip release]
* fix: miscellaneous bugfixes (#1030)
* fix: use named params to fix order
* fix: avoid recursive redirects
* fix: revert to use parsed baseUrl
* fix: avoid recursive res.end calls
* fix: use named params in renderPage
* fix: promisify lib/oauth/callback result
* fix: don't chain on res.end on non-chainable res methods (#1031)
* docs: add powered by vercel logo [skip release]
* chore: run tests on canary [skip release]
* docs: misc improvements [skip release] (#1043)
* refactor: code base improvements 2 (#1045)
* fix: trigger release
* fix: use authorizationUrl correctly
* feat(provider): reduce user facing API (#1023)
Co-authored-by: Balazs Orban <balazs@nhi.no>
* fix: remove async from NextAuth default handler
This function should not return a Promise
* feat(provider): add vk.com provider (#1060)
* feat(provider): add vk.com provider
* refactor(provider): reduce vk.com provider api
* refactor: code base improvements 3 (#1072)
* refactor: extend res.{end,send,json}, redirect
* refactor: chain res methods, remove unnecessary ones
* refactor: simplify oauth callback signature
* refactor: code simplifications
* refactor: re-export everything from routes in one
* refactor: split up main index.js to multiple files
* refactor: simplify passing of provider(s) around
* refactor: extend req with callbackUrl inline
* refactor: simplify page rendering
* refactor: move error page redirects to main file, simplify renderer
* refactor: inline req.options definition
* refactor: simplify error fallbacks
* refactor: remove else branches and unnecessary try..catch
* refactor: add docs, and simplify jwt functions
* refactor: prefer errors object over switch..case in signin page
* feat: log all params sent to logger instead of only first
* refactor: fewer lines input validation
* refactor: remove even more unnecessary else branches
* feat: improve package development experience (#1064)
* chore(deps): add next and react to dev dependencies
* chore: move build configs to avoid crash with next dev
* chore: add next js dev app
* chore: remove .txt extension from LICENSE file
* chore: update CONTRIBUTING.md
* chore: watch css under development
* style(lint): run linter on index.css
* chore: fix some imports for dev server
* refactor: simplify client code
* chore: mention VSCode extension for linting
* docs: reword CONTRIBUTING.md
* chore: ignore linting pages and components
* fix: pass csrfToken to signin renderer
* feat: replace blur/focus event to visibility API for getSession (#1081)
* docs: clarify .env usage in CONTRIBUTING.md [skip release] (#1085)
* docs: improve FAQ docs [skip release]
* chore: update caiuse-lite db
* docs: update some urls in the docs [skip release]
* feat(pages): add dark theme support (#1088)
* feat(pages): add dark theme support
* docs: document theme option
* chore: remove ts-check from dev app
* style(pages): fix some text colors in dark mode
* feat(provider): add LINE provider (#1091)
* refactor: be explicit about path in jsonconfig [skip release]
* refactor: show signin page in dev app [skip release]
* fix: export getSession [skip release]
somehow the default export does not work in the dev app
* style: make p system theme aware [skip release]
* feat(provider): finish Reddit provider and add documentation (#1094)
* Create reddit.md
* uncommented profile callback
* Update reddit.md
* fix lint issues
* added reddit provider
* added reddit provider
* Add Reddit Provider
For some reason a bunch of providers got deleted in the last commit
* Add Reddit Provider
* Add Reddit Provider
* chore: define providers in single file for docs [skip release]
* chore: Comply to Vercel Open Source sponsorship [skip release] (#1087)
* added banner
* Changed banner image allignment
* changed location of banner again
* added to acknowledgement
* added to acknowledgement 1
* changed image size
* k
* l
* s
* s
* .
* added link to the banner in readme.md
* fixed image redirect
* fixed image allignment
* made changes in readme and index.js
* Changed the source of the banner image
* added banner to the footer of the site
* chore: fix lint issues [skip release]
* feat: add native hkdf (#1124)
* feat: add native hkdf
* feat: import only needed to do hkdf
* feat: tweak digest and arguments
* chore(deps): upgrade typeorm to v0.2.30 (#1145)
* docs: remove v1 documentation (#1142)
* chore(adapters): remove fauna (#1148)
* feat: forward signIn auth params to /authorize (#1149)
* refactor: authorisation -> authorization
* feat: forward authorizationParams from signIn function
* refactor: take auth params as third argument
* docs: document signIn authorizationParams
* fix(adapter): fix ISO Datetime type error in Prisma updateSession (#640)
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat(provider): add option to generate email verification token (#541)
* Add option to generate email verification token
* chore: remove unused import
* refactor: define default generateVerificationToken in-place
* refactor: define default generateVerificationToken in-place
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs: update info about TypeScript [skip release]
* feat: add PKCE support (#941)
* chore(deps): upgrade dependencies
* chore(deps): add pkce-challenge
* feat(pkce): initial implementation of PCKE support
* chore: remove URLSearchParams
* chore(deps): upgrade lockfile
* refactor: store code_verifier in a cookie
* refactor: add pkce handlers
* docs: add PKCE documentation
* chore: remove unused param
* chore: revert unnecessary code change
* fix: correct variable names
* fix: correct logger import
* feat(provider): add Salesforce provider (#1027)
* docs(provider): add Salesforce provider
* fix(provider): use authed_user on slack instead of spotify (#1174)
* fix: use startsWith for protocol matching in parseUrl
closes#842
* fix: fix lint issues
* docs: clear things up around using access_token [skip release]
#1078
* docs: fix typo in callbacks.md [skip release]
* chore(provider): remove Mixer (#1178)
"Thank you to our amazing community and Partners.
As of July 22, the Mixer service has closed."
* feat(provider): re-add state, expand protection provider options (#1184)
* refactor: move OAuthCallbackError to errors file
* refactor: improve pkce handling
* feat(provider): re-introduce state to provider options
* docs(provider): mention protection options "state" and "none"
* docs(provider): document state property deprecation
* fix: only add code_verifier param if protection is pkce
* docs: explain state deprecation better
* chore: unify string
* fix: send /authorize params through url
* fix: Add a null check to the window 'storage' event listener (#1198)
* Add a null check to the window 'storage' event listener
While testing in Cypress it's possible to receive a null value on Storage Events when 'clear' is called and will cause errors as seen in #1125.
* Update index.js
typo
* Update src/client/index.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* formatting
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(provider): fix typos in providers code snippets [skip release] (#1204)
* docs(adapter): add adapter repo to documentation [skip release] (#1173)
* docs(adapter): add adapter repo to documentation
* docs(adapter): elaborate on custom repo
* fix: forward second argument to fetch body in signIn
fixes#1206
* docs: Fix grammar in "Feature Requests" section of FAQs [skip release] (#1212)
* refactor: provide raw idToken through account object (#1211)
* refactor: provide raw idToken through account object
* docs: clear up accessToken naming
* refactor: provide raw token response to account
* chore: fix grammar in comments
* feat: send all params to logger function (#1214)
* feat(provider): Add Medium (#1213)
* fix: leave accessTokenExpires as null
Forwarding expires_in as is to accessTokenExpires has shown to cause issues with Prisma, and maybe with other flows as well. Setting it back to `null` for now. We still forward `expires_in`, so users can use it if they want to.
Fixes#1216
* docs: more emphasis on req methods [skip release]
* docs: remove announcement bar [skip release]
* fix: make OAuth 1 work after refactoring (#1218)
* chore: add twitter provider to dev app
* feat: bind client instance to overriden methods
* fix: don't add extra params to getOAuthRequestToken
* chore: add twitter to env example, add secret gen instructions
* docs: Update Providers.Credential Example Block [skip release] (#1225)
Closing curly bracket where it should have been a square bracket.
* feat(provider): option to disable client-side redirects (credentials) (#1219)
* chore: add credentials provider to dev app
* feat: add redirect option to signIn, signOut
* feat: set correct status codes for credentials errors
* chore: add credentials page to dev app
* fix: support any provider name for credentials
* feat(ts): preliminary TypeScript support (#1223)
* chore: replace standard with ts-standard
* feat(ts): add some initial types
* feat(ts): import and use types
* chore: allow global fetch through package.json
* chore: upgrade lint scripts to use ts-standard
* chore: run linter on dev app
* chore(ts): satisfy dev Next.js server for TS
* fix: add eslint as dev dependency
* fix(lint): ignore next-env.d.ts from linting
* feat(ts): improve cookies options types
* fix: run linter with fix
* feat(provider): add EVE Online provider (#1227)
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
* Adding EVEOnline provider
Co-authored-by: Gerald McNicholl <gerald.mcnicholl@xero.com>
* docs: clarify custom pages usage [skip release] (#1239)
* docs(provider): Update Atlassian docs (#1255)
* docs: Update Atlassian docs [skip release]
* Update atlassian.md
* fix(provider): okta client authentication (#1257)
* fix: okta client authentication
* chore: run lint fix
* Update pages/api/auth/[...nextauth].js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: mgraser <matt.graser@mlb.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore: don't sync labels with labeler [skip release]
manually added PR labels were constantly removed on new commits/builds, this hopefully fixes that
* fix(provider): add verificationRequest flag to email signIn callback (#1258)
* fix(ui): use color text var for input color (#1260)
Co-authored-by: Archit Khode <archit.khode@gmail.com>
* docs: Minor text error fixed [skip release] (#1263)
* feat(provider): update session when signIn/signOut successful (#1267)
* feat(provider): update session when login/logout successful
* chore: remove manual page reload from dev app
* docs(client): document redirect: false
* fix(page): fix typo in error page
* Merge pull request from GHSA-pg53-56cg-4m8q
* fix(adapter): Verify identifier as well as token in Prisma adapter
* feat(adapter): Improve typeorm adapter
Improve conditional check in TypeORM adapter.
This should have no impact in practice but sets a good example.
* docs(adapter): Update Prisma docs [skip release] (#1279) (#1283)
Co-authored-by: Iain Collins <me@iaincollins.com>
* docs(provider): Update azure-ad-b2c.md [skip release] (#1280)
* docs(adapter): Update Prisma docs (#1279)
* Update azure-ad-b2c.md
add hint for redirection URL, otherwise difficult to find out
* Update azure-ad-b2c.md
changed .env ro .env.local as per recommendation
* Update azure-ad-b2c.md
* Update azure-ad-b2c.md
* Update azure-ad-b2c.md
* update conf in .env.local
follow the .env guidelines
* Update azure-ad-b2c.md
* Create azure-ad-b2c.md
* Create azure-ad-b2c.md
* Update azure-ad-b2c.md
Co-authored-by: Iain Collins <me@iaincollins.com>
* docs: Change "docs" to "documentation"
* fix(provider): Fixes for email sign in (#1285)
* fix(adapter): Fix Prisma delete
Must use Prsima deleteMany() instead of delete() with multiple clauses.
* feat: Update example project
Update example project to make it easier to test with database adapters.
* fix(ui): Fix message text in light / auto theme
Info message text is always on the same background (blue) on both themes so should always be white.
* docs: Update example .env [skip release]
* feat: Update Prisma peerOptionalDependencies
* docs: trigger release
Co-authored-by: Luke Lau <luke_lau@icloud.com>
Co-authored-by: James Perkins <jamesperkins@hey.com>
Co-authored-by: Joshua K. Martinez <joshkmartinez@gmail.com>
Co-authored-by: Pauldic <Pauldiconline@yahoo.com>
Co-authored-by: Josh Padnick <josh@gruntwork.io>
Co-authored-by: Daggy1234 <arnav.jindal7@gmail.com>
Co-authored-by: Alan Ray <71240883+ohheyalanray@users.noreply.github.com>
Co-authored-by: Manish Chiniwalar <manishrc@users.noreply.github.com>
Co-authored-by: Aymeric <34040599+afoyer@users.noreply.github.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Fabrizio Ruggeri <ramiel@users.noreply.github.com>
Co-authored-by: Iain Collins <me@iaincollins.com>
Co-authored-by: Joseph Vaughan <Joev-@users.noreply.github.com>
Co-authored-by: Joost Jansky <styxlab@users.noreply.github.com>
Co-authored-by: styxlab <cws@DE01WP777.scdom.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: RobertCraigie <robertcraigie30@gmail.com>
Co-authored-by: Joe Bell <joe@joebell.co.uk>
Co-authored-by: Vladimir Evdokimov <evdokimov.vladimir@gmail.com>
Co-authored-by: Cathy Chen <cathykaichen@gmail.com>
Co-authored-by: Kristóf Poduszló <kripod@protonmail.com>
Co-authored-by: Haldun Anil <haldunanil@users.noreply.github.com>
Co-authored-by: Jakub Naskręski <36169811+kleyu@users.noreply.github.com>
Co-authored-by: imgregduh <imgregorywong@gmail.com>
Co-authored-by: pkabore <paulkabore333@gmail.com>
Co-authored-by: Paul Kenneth Kent <pkennethkent@gmail.com>
Co-authored-by: Paul Kenneth Kent <paul@ventureharbour.com>
Co-authored-by: Balazs Orban <balazs@nhi.no>
Co-authored-by: Junior Vidotti <jrvidotti@gmail.com>
Co-authored-by: Yuma Matsune <yuma.matsune@gmail.com>
Co-authored-by: Ben West <Xodarap@users.noreply.github.com>
Co-authored-by: Florian Michaut <florianmichaut@gmail.com>
Co-authored-by: Florian Michaut <florian@coding-days.com>
Co-authored-by: Melanie Seltzer <melleh11@gmail.com>
Co-authored-by: Didi Keke <nyedidikeke@users.noreply.github.com>
Co-authored-by: Evgeniy Boreyko <boreykojenya@yandex.ru>
Co-authored-by: Alex B <lnikell@gmail.com>
Co-authored-by: Ben <5271788+bebax@users.noreply.github.com>
Co-authored-by: suraj10k <63460026+suraj10k@users.noreply.github.com>
Co-authored-by: t.kuriyama <koolii0909@gmail.com>
Co-authored-by: Yuri Gor <YuriGor@users.noreply.github.com>
Co-authored-by: Radhika <56536997+96RadhikaJadhav@users.noreply.github.com>
Co-authored-by: Henrik Wenz <HaNdTriX@users.noreply.github.com>
Co-authored-by: Zhao Lei <firede@firede.com>
Co-authored-by: Mohamed El Mahallawy <mmahalwy@gmail.com>
Co-authored-by: Dillon Mulroy <dillon.mulroy@gmail.com>
Co-authored-by: Carmelo Scandaliato <8927157+cascandaliato@users.noreply.github.com>
Co-authored-by: Aishah <aissshah@outlook.com>
Co-authored-by: Samson Zhang <wwsamson@yahoo.com>
Co-authored-by: Vova <volodimir.partytskyi@gmail.com>
Co-authored-by: Cody Ogden <cody@codyogden.com>
Co-authored-by: geraldm74 <gerald_mcnicholl@yahoo.com>
Co-authored-by: Gerald McNicholl <gerald.mcnicholl@xero.com>
Co-authored-by: Jeremy Caine <jezcaine@gmail.com>
Co-authored-by: Matthew Graser <mdgraser@gmail.com>
Co-authored-by: mgraser <matt.graser@mlb.com>
Co-authored-by: Kristofor Carle <kris@maphubs.com>
Co-authored-by: Archit Khode <arkits@outlook.com>
Co-authored-by: Archit Khode <archit.khode@gmail.com>
Co-authored-by: Daniel Gadd <danielgadd@outlook.com>
Co-authored-by: Robert Hufsky <Robert.Hufsky@gmx.net>
Full end-to-end integration tests for Twitter (OAuth 1) and GitHub (OAuth 2) using Puppeteer and Mocha.
This replaces Cypress tests due to issues with Cypress not being able to run tests against external URLs, which we need for our integration tests.
The integration test runner is hosted outside of GitHub Actions (it cannot be hosted by GitHub or on AWS due to IP access controls placed on sign in by providers like Twitter and GitHub) and so the integration tests may not pass if the test runner is offline. If this happens, tests can be re-run later when the test runner is available.
See Pull Request #641 for details.
Although previous config worked locally, it turns out it isn't compatible with now.sh.
It turns out when deploying from a subdir (like 'www') on now.sh the contents of the parent directory isn't avalible.
* Now has 'www' directory at root level for the website (was 'docs').
* The 'docs' directory now only contains Markdown docs.
* Docusarus config looks in '../docs' for the docs.
This is deployed with now.sh to https://next-auth-docs.now.sh
