* chore: separate build commands for core and app
* Move emitDeclarationOnly to next-auth
* Update release.yml
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix labeler
* try fixing test runs in GitHub Actions
* pass flags to test command
* test version pr
* move versoin-pr action
* remove --dry-run flag
* re-enable testing, re-add semantic release for now
* add docs
* use `yarn.lock` and different docs port
* simplify dev app config
* fix coverage report
* fix provider source links
* fix more links
* Added patreon provider - tested and working
* Update src/providers/patreon.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Update src/providers/patreon.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Update src/providers/patreon.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Update src/providers/patreon.js
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Switched to TS, restore .env.local, restore package.json as per comments on the PR
* chore: ran Prettier
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix: add eslintIgnore in package.json
* Let eslint runs in app, config + js files
* Add a separate tsconfig.eslint.json file
We want to run the lint command on `app`, `src` and `config`, but at the same time want `tsc` to compile files in `src` only. A separate `tsconfig.eslint.json` is a suitable solution to satisfy both `eslint` and `tsc`: 04d1f3e549/packages/parser/README.md
If the expected cookie size would exceed the 4096 bytes most browsers allow, we split up the cookie value and put the content into multiple cookies, then assemble it upon reading it back. This eliminates the need for a database or user-land solutions in case the user wants to save more data or is constrained by their IdP for certain fields.
* feat(react): preserve history on client-side navigation
* chore(deps): upgrade jest
* test(client): use absolute URL since `whatwg-*` refusing relative URLs
Updates the `jose` and `openid-client` packages.
BREAKING CHANGE:
The `jwt` option has been simplified and the NextAuth.js issued JWT is now encrypted by default.
If you want to override the defaults, you can still use the `encode` and `decode` functions. These are advanced options and they should only be used if you know what you are doing.
The default secret generation has been removed in this PR, which will be added back in a separate one. Remember, that is only for developer convenience, it is **highly** recommended to always create your own secret for production.
BREAKING CHANGE:
`prisma-legacy` is now gone. Use `@next-auth/prisma-adapter`. Any features from the old adapter will be migrated over to the new one eventually. This is done so we can require the same default set of options from all the built-in providers, rather than allowing ambiguity on what an official adapter has to support.
The `TypeORM` adapter will probably be the only one migrated as-is, but in the future, we would like to break it down to lighter-weight adapters that only support single databases.
Adapters no longer have to return a `getAdapter()` method, they can return the actual adapter methods instead. All the values previously being provided through the arguments of `getAdapter` will now be available in a more digestible format directly in the concerning methods. This behavior was created so that connections could be handled more efficiently. Our review has shown that currently, the TypeORM adapter is the only one that does not handle connections out-of-the-box, so we are going to look into how we can create a wrapper/util function to make it work in the new version. For all other adapters, this will be a huge gain, as with this new API, methods are actually overrideable without creating a whole new custom adapter! 🥳
Example:
```js
function MySlightlyCustomAdapter(...args) {
const adapter = AdapterFromSomeoneElse(...args)
adapter.someMethodIWantToModify = (...args) => {
// Much better implementation goes here.
}
return adapter
}
```
**The following method names are changing:**
```diff
- getSession
+ getSessionAndUser
```
This method now requires that you return both the user and the session as `{user, session}`. If any of these could not be retrieved, you will have to return `null` instead. (In other words, this must be a transaction.) This requires one less database call, improving the user session retrieval. Any expiry logic included in the Adapter before is now done in the core as well.
```diff
- createVerificationRequest
+ createVerificationToken
```
Better describes the functionality. This method no longer needs to call `provider.sendVerificationRequest`, we are moving this into the core. This responsibility shouldn't have fallen to the adapter in the first place.
`createVerificationToken` will now receive a `VerificationToken` object, which looks like this:
```ts
interface VerificationToken {
identifier: string
expires: Date
token: string
}
```
The token provided is already hashed, so nothing has to be done, simply write it to your database. (Here we lift up the responsibility from the adapter to hash tokens)
```diff
- getVerificationRequest
+ useVerificationToken
```
Better describes the functionality. It now also has the responsibility to delete the used-up token from the database. Most ORMs should support retrieving the value while deleting it at the same time, so it will reduce the number of database calls.
``` diff
- deleteVerificationRequest
```
This method is gone. See `useVerificationToken`.
Most of the method signatures have been changed, have a look at the [TypeScript interface](ba4ec5faa3/types/adapters.d.ts) to get a better picture.
Adds a new way to import providers for modularity and better tree-shaking.
BREAKING CHANGE:
Providers now have to be imported one-by-one:
Example:
```diff
- import Provider from "next-auth/providers"
- Providers.Auth0({...})
+ import Auth0Provider from "next-auth/providers/auth0"
+ Auth0Provider({...})
```
* chore(deps): add openid-client
* chore: merge in next
* refactor(provider): remove redundant requestUrl param
* feat(provider): make profile callback optional
* refactor: use openid-client for OAuth2/OIDC
* refactor: use openidClient in oauth signin handler
* refactor: use openidClient in oauth callback handler
* docs(warn): add async issuer/old config warnings
* chore(deps): remove jsonwebtoken
* chore: add issuer property for testing locally
* chore(dev): import providers one-by-one
* fix(oauth): handle when no user in body/query
* chore(deps): remove pkce-challenge
* chore(dev): change Auth0 protection
* refactor(oauth): simplify pkce/state
* refactor: split OAuth1 client, reduce openid client
will improve API in another PR
* chore: change comment, dev app
* chore: mention OIDC client config discovery
* fix: add new operator when creating OIDC client
* refactor: delete req.query.nextauth after use
* docs(ts): use `TokenSet` from `openid-client`
* chore: simplify/type signin route
* refactor: rename to client-legacy to indicate intnet of maintenance
* chore(deps): try setting `oauth` as optional peer dep
* chore(deps): add `oauth` back as regular dependency
* chore(deps): add @types/oauth as dev dependency
* chore: remove params kept for backwards compatibility
* chore: don't make breaking changes in this PR
* chore(core): use correct TS declarations
* refactor: move files/add more accurate types internally
* chore: remove TODO comment
* chore: catch all errors in authorization URL generation
