correction

* chore(docs): Session management sample for Svelte

Added a code sample for managing the session through the $page store.
The sample demonstrates how to retrieve the session data in the root
+page.server.ts file and make it globally accessible through the $page
store, simplifying state management in the application. The previous
examples already used the data available in this store but did not show
how to set it.

* docs: Add authorization section to SvelteKit docs

This authorization section was added to make sure a few caveats with
SvelteKit were well documented to anyone using the library.

The problem is documented here: https://github.com/sveltejs/kit/issues/6315

Essentially, propagation of data between leafs is not guaranteed when
using the +layout.server.ts file as its load function is not guaranteed
to rerun every page change. The current approach to solve this is to do
authorization in each +page.server.ts file and additionally make sure to
grab the session data by awaiting the parent instead of directly
accessing the $page store, to make sure the information there is
current.

* docs: Fix small typesafety mistake in SvelteKit

PageLoad type should actually be PageServerLoad. Not setting this does
not actually generate any problems other than TypeScript complaining
that this type is not actually exported.

* docs: Add handle hook authorization management

Another way to handle authorization is through a path-based method. This
added part of the documentation uses the handle hook to protect certain
routes based on their path. The previous method which is per-component
is still present.

* docs: Simplify component approach for Svelte auth

Using event.locals.getSession() exposed by SvelteKitAuth instead of
relying in the root layout file making that available in the $page
store.

* docs: Complete SvelteKit authorization docs

Finalize the explanation for the URI-based approach and also clarify
interactions with the component-based approach.

* docs: Add formatting to vars in the SvelteKit docs

Format the variables like this: `var` so that it appears clearly as code
when reading the documentation.

Co-authored-by: Thang Vu <hi@thvu.dev>

.github/actions/issue-validator/src/index.mjs

@@ -41,13 +41,7 @@ async function run() {
       label: { name: newLabel },
     } = payload
 
-    if (
-      pull_request ||
-      !issue?.body ||
-      !process.env.GITHUB_TOKEN ||
-      !process.env.GITHUB_ACTION_PATH
-    )
-      return
+    if (pull_request || !issue?.body || !process.env.GITHUB_TOKEN) return
 
     const labels = issue.labels.map((l) => l.name)
     // const isBugReport =
@@ -78,7 +72,9 @@ async function run() {
         client.issues.createComment({
           ...issueCommon,
           body: readFileSync(
-            join(process.env.GITHUB_ACTION_PATH, "repro.md"),
+            join(
+              "/home/runner/work/next-auth/next-auth/.github/actions/issue-validator/repro.md"
+            ),
             "utf8"
           ),
         }),

apps/dev/nextjs/components/header.js

@@ -1,5 +1,5 @@
 import Link from "next/link"
-import { signIn, signOut, useSession } from "next-auth/react"
+import { useSession } from "next-auth/react"
 import styles from "./header.module.css"
 
 // The approach used in this component shows how to built a sign in and sign out
@@ -24,14 +24,7 @@ export default function Header() {
               <span className={styles.notSignedInText}>
                 You are not signed in
               </span>
-              <a
-                href="/api/auth/signin"
-                className={styles.buttonPrimary}
-                onClick={(e) => {
-                  e.preventDefault()
-                  signIn()
-                }}
-              >
+              <a href="/api/auth/signin" className={styles.buttonPrimary}>
                 Sign in
               </a>
             </>
@@ -47,14 +40,7 @@ export default function Header() {
                 <strong>{session.user.email} </strong>
                 {session.user.name ? `(${session.user.name})` : null}
               </span>
-              <a
-                href="/api/auth/signout"
-                className={styles.button}
-                onClick={(e) => {
-                  e.preventDefault()
-                  signOut()
-                }}
-              >
+              <a href="/api/auth/signout" className={styles.button}>
                 Sign out
               </a>
             </>

apps/examples/nextjs/README.md

@@ -1,9 +1,14 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://next-auth.js.org" target="_blank"><img width="150px" src="https://next-auth.js.org/img/logo/logo-sm.png" /></a>
-   <h3 align="center">NextAuth.js Example App</h3>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://nextjs.org" target="_blank">
+   <img height="64" src="https://nextjs.org/static/favicon/android-chrome-192x192.png" />
+   </a>
+   <h3 align="center"><b>NextAuth.js</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -25,20 +30,14 @@
 
 ## Overview
 
-NextAuth.js is a complete open source authentication solution.
+NextAuth.js is a complete open-source authentication solution.
 
 This is an example application that shows how `next-auth` is applied to a basic Next.js app.
 
 The deployed version can be found at [`next-auth-example.vercel.app`](https://next-auth-example.vercel.app)
 
-### About NextAuth.js
-
-NextAuth.js is an easy to implement, full-stack (client/server) open source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com). Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
-
 Go to [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
 
-> _NextAuth.js is not officially associated with Vercel or Next.js._
-
 ## Getting Started
 
 ### 1. Clone the repository and install dependencies
@@ -98,15 +97,13 @@ npm run start
 
 ### 5. Preparing for Production
 
-Follow the [Deployment documentation](https://next-auth.js.org/deployment)
+Follow the [Deployment documentation](https://authjs.dev/guides/basics/deployment) or deploy the example instantly using [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=next-auth-example)
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/next-auth-example&project-name=next-auth-example&repository-name=next-auth-example)
 
 ## Acknowledgements
 
 <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
-<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/canary/www/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
+<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
 </a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire NextAuth.js Team</p>
-
-## License
-
-ISC
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/solid-start/README.MD

@@ -1,16 +1,57 @@
-# Create JD App
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/solid-start). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
-This project was created using [Create JD App](https://github.com/OrJDev/create-jd-app)
+<p align="center">
+   <br/>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://start.solidjs.com" target="_blank">
+   <img height="64" src="https://www.solidjs.com/assets/logo-123b04bc.svg" />
+   </a>
+   <h3 align="center"><b>SolidStart Auth</b> - Example App</h3>
+   <p align="center">
+   Open Source. Full Stack. Own Your Data.
+   </p>
+   <p align="center" style="align: center;">
+      <a href="https://npm.im/@auth/solid-start">
+        <img alt="npm" src="https://img.shields.io/npm/v/@auth/solid-start?color=green&label=@auth/solid-start&style=flat-square">
+      </a>
+      <a href="https://bundlephobia.com/result?p=@auth/solid-start">
+        <img src="https://img.shields.io/bundlephobia/minzip/@auth/solid-start?label=size&style=flat-square" alt="Bundle Size"/>
+      </a>
+      <a href="https://www.npmtrends.com/@auth/solid-start">
+        <img src="https://img.shields.io/npm/dm/@auth/solid-start?label=downloads&style=flat-square" alt="Downloads" />
+      </a>
+      <a href="https://npm.im/@auth/solid-start">
+        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+      </a>
+   </p>
+</p>
 
-## Deploying To Vercel
+## Overview
+
+This is the official SolidStart Auth example for [Auth.js](https://authjs.dev).
+
+
+## Getting started
+
+You can follow the guide below, or click the following button to deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=solid-start-auth-example).
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/solid-start-auth-example&project-name=solid-start-auth-example&repository-name=solid-start-auth-example)
 
 ### Installing
 
-```bash
-npm install solid-start-vercel@latest -D
+```sh
+pnpm add -D solid-start-vercel
+```
+```sh
+npm i -D solid-start-vercel
+```
+```sh
+yarn add -D solid-start-vercel
 ```
 
-### Adding to vite config
+### Adding to Vite config
 
 ```ts
 import solid from "solid-start/vite";
@@ -32,6 +73,13 @@ export default defineConfig(() => {
 
 - `ENABLE_VC_BUILD`=`1` .
 
-### You Are Done
+### Finishing up
 
-Create a github repo and push your code to it, then deploy it to vercel (:
+Create a GitHub repo and push the code to it, then deploy it to Vercel.
+
+## Acknowledgements
+
+<a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
+<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
+</a>
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/sveltekit/README.md

@@ -1,9 +1,14 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://authjs.dev" target="_blank"><img width="150px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
-   <h3 align="center">Auth.js Example App with <a href="https://kit.svelte.dev">SvelteKit</a></h3>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://kit.svelte.dev" target="_blank">
+   <img height="64" src="https://upload.wikimedia.org/wikipedia/commons/1/1b/Svelte_Logo.svg" />
+   </a>
+   <h3 align="center"><b>SvelteKit Auth</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -11,18 +16,25 @@
       <a href="https://npm.im/@auth/sveltekit">
         <img alt="npm" src="https://img.shields.io/npm/v/@auth/sveltekit?color=green&label=@auth/sveltekit&style=flat-square">
       </a>
-      <a href="https://bundlephobia.com/result?p=sveltekit-auth-example">
+      <a href="https://bundlephobia.com/result?p=@auth/sveltekit">
         <img src="https://img.shields.io/bundlephobia/minzip/@auth/sveltekit?label=size&style=flat-square" alt="Bundle Size"/>
       </a>
       <a href="https://www.npmtrends.com/@auth/sveltekit">
-        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=%20downloads&style=flat-square" alt="Downloads" />
+        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=downloads&style=flat-square" alt="Downloads" />
       </a>
-      <a href="https://npm.im/next-auth">
+      <a href="https://npm.im/@auth/sveltekit">
         <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
       </a>
    </p>
 </p>
 
-# Documentation
+## Overview
 
-- [sveltekit.authjs.dev](https://sveltekit.authjs.dev)
+This is the official SvelteKit Auth example for [Auth.js](https://sveltekit.authjs.dev).
+
+
+## Getting started
+
+You can instantly deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=sveltekit-auth-example) by clicking the following button.
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/sveltekit-auth-example&project-name=sveltekit-auth-example&repository-name=sveltekit-auth-example)

docs/docs/reference/04-solidstart/protected.md

@@ -70,7 +70,7 @@ export default Page;
 
 ## When Using CSR
 
-When using CSR, the `Protected` component will not work as expected and will cause the screen to flash, so I had to come up with a tricky solution, we will use a Solid-Start middleare:
+When using CSR, the `Protected` component will not work as expected and will cause the screen to flash, so I had to come up with a tricky solution, we will use a Solid-Start middleware:
 
 ```tsx
 // entry-server.tsx
@@ -116,4 +116,4 @@ export default () => {
 };
 ```
 
-**Note: the CSR method should also work when using SSR, the SSR method shouldn't work when using CSR**
+**Note: the CSR method should also work when using SSR, the SSR method shouldn't work when using CSR**

docs/docs/reference/05-oauth-providers/mattermost.md

@@ -0,0 +1,36 @@
+---
+id: mattermost
+title: Mattermost
+---
+
+## Documentation
+
+https://developers.mattermost.com/integrate/apps/authentication/oauth2
+
+## Configuration
+
+http://my-cool-server.cloud.mattermost.com/mycoolteam/integrations/oauth2-apps
+
+## Options
+
+The **Mattermost provider** comes with a set of default options:
+
+- [Mattermost Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/mattermost.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```ts
+import Mattermost from "@auth/core/providers/mattermost";
+...
+providers: [
+  Mattermost({
+    // The base url of your Mattermost instance. e.g https://my-cool-server.cloud.mattermost.com
+    clientId: env.MATTERMOST_ID,
+    clientSecret: env.MATTERMOST_SECRET,
+    issuer: env.MATTERMOST_ISSUER,
+  })
+]
+...
+```

package.json

@@ -13,7 +13,7 @@
     "dev": "turbo run dev --parallel --continue --filter=next-auth-app... --filter=!./packages/adapter-*",
     "dev:kit": "turbo run dev --parallel --continue --filter=sveltekit-auth-app...",
     "dev:docs": "turbo run dev --filter=docs",
-    "email": "cd apps/dev && pnpm email",
+    "email": "cd apps/dev/nextjs && pnpm email",
     "eslint": "eslint --cache .",
     "lint": "prettier --check .",
     "format": "prettier --write .",

packages/core/src/lib/pages/signin.tsx

@@ -87,10 +87,14 @@ export default function SigninPage(props: {
                     "--provider-dark-bg": provider.style?.bgDark ?? "",
                     "--provider-color": provider.style?.text ?? "",
                     "--provider-dark-color": provider.style?.textDark ?? "",
+                    gap: 8,
                   }}
                 >
                   {provider.style?.logo && (
                     <img
+                      loading="lazy"
+                      height={24}
+                      width={24}
                       id="provider-logo"
                       src={`${
                         provider.style.logo.startsWith("/") ? logos : ""
@@ -99,6 +103,9 @@ export default function SigninPage(props: {
                   )}
                   {provider.style?.logoDark && (
                     <img
+                      loading="lazy"
+                      height={24}
+                      width={24}
                       id="provider-logo-dark"
                       src={`${
                         provider.style.logo.startsWith("/") ? logos : ""

packages/core/src/providers/mattermost.ts

@@ -0,0 +1,91 @@
+import type { OAuthConfig, OAuthUserConfig } from "./oauth"
+
+/** @see [Get a user](https://api.mattermost.com/#tag/users/operation/GetUser) */
+export interface MattermostProfile {
+  id: string
+  /** The time in milliseconds a user was created */
+  create_at: number
+  /** The time in milliseconds a user was last updated */
+  update_at: number
+  /** The time in milliseconds a user was deleted */
+  delete_at: number
+  username: string
+  auth_data: string
+  auth_service: string
+  email: string
+  email_verified: boolean
+  nickname: string
+  first_name: string
+  last_name: string
+  position: string
+  roles: string
+  notify_props: {
+    /** Set to "true" to enable channel-wide notifications (@channel, @all, etc.), "false" to disable. Defaults to "true". */
+    channel: string
+    comments: string
+    /** Set to "all" to receive desktop notifications for all activity, "mention" for mentions and direct messages only, and "none" to disable. Defaults to "all". */
+    desktop: string
+    /** Set to "true" to enable sound on desktop notifications, "false" to disable. Defaults to "true". */
+    desktop_sound: string
+    desktop_threads: string
+    /** Set to "true" to enable email notifications, "false" to disable. Defaults to "true". */
+    email: string
+    email_threads: string
+    /** Set to "true" to enable mentions for first name. Defaults to "true" if a first name is set, "false" otherwise. */
+    first_name: string
+    /** A comma-separated list of words to count as mentions. Defaults to username and @username. */
+    mention_keys: string
+    /** Set to "all" to receive push notifications for all activity, "mention" for mentions and direct messages only, and "none" to disable. Defaults to "mention". */
+    push: string
+    push_status: string
+    push_threads: string
+  }
+  last_password_update: number
+  locale: string
+  timezone: {
+    /** This value is set automatically when the "useAutomaticTimezone" is set to "true". */
+    automaticTimezone: string
+    /** Value when setting manually the timezone, i.e. "Europe/Berlin". */
+    manualTimezone: string
+    /** Set to "true" to use the browser/system timezone, "false" to set manually. Defaults to "true". */
+    useAutomaticTimezone: string
+  }
+  disable_welcome_email: boolean
+  /** ID of accepted terms of service, if any. This field is not present if empty. */
+  terms_of_service_id?: string
+  /** The time in milliseconds the user accepted the terms of service */
+  terms_of_service_create_at?: number
+}
+
+export default function Mattermost<P extends MattermostProfile>(
+  config: OAuthUserConfig<P> & { issuer: string }
+): OAuthConfig<P> {
+  const { issuer, ...rest } = config
+
+  return {
+    id: "mattermost",
+    name: "Mattermost",
+    type: "oauth",
+    client: { token_endpoint_auth_method: "client_secret_post" },
+    token: `${issuer}/oauth/access_token`,
+    authorization: `${issuer}/oauth/authorize`,
+    userinfo: `${issuer}/api/v4/users/me`,
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.username ?? `${profile.first_name} ${profile.last_name}`,
+        email: profile.email,
+        image: null,
+      }
+    },
+    style: {
+      logo: "/mattermost.svg",
+      logoDark: "/mattermost-dark.svg",
+      bg: "#fff",
+      text: "#000",
+      bgDark: "#000",
+      textDark: "#fff",
+    },
+    options: rest,
+  }
+}

packages/frameworks-sveltekit/src/lib/index.ts

@@ -38,6 +38,9 @@
  *
  * ## Signing in and signing out
  *
+ * The data for the current session in this example was made available through the `$page` store which can be set through you root `+page.server.ts` file.
+ * It is not necessary to store the data there, however, this makes it globally accessible throughout your application simplifying state management.
+ *
  * ```ts
  * <script>
  *   import { signIn, signOut } from "@auth/sveltekit/client"
@@ -65,6 +68,111 @@
  * </p>
  * ```
  *
+ * ## Managing the session
+ *
+ * The above example checks for a session available in `$page.data.session`, however that needs to be set by us somewhere.
+ * If you want this data to be available to all your routes you can add this to your root `+page.server.ts` file.
+ * The following code sets the session data in the `$page` store to be available to all routes.
+ *
+ * ```ts
+ * import type { LayoutServerLoad } from './$types';
+ *
+ * export const load: LayoutServerLoad = async (event) => {
+ *   return {
+ *     session: await event.locals.getSession()
+ *   };
+ * }; 
+ * ```
+ *
+ * What you return in the function `LayoutServerLoad` will be available inside the `$page` store, in the `data` property: `$page.data`.
+ * In this case we return an object with the 'session' property which is what we are accessing in the other code paths.
+ *
+ * ## Handling authorization
+ *
+ * In SvelteKit there are a few ways you could protect routes from unauthenticated users.
+ *
+ * ### Per component
+ *
+ * The simplest case is protecting a single page, in which case you should put the logic in the `+page.server.ts` file.
+ * Notice in this case that you could also await event.parent and grab the session from there, however this implementation works even if you haven't done the above in your root `+layout.server.ts`
+ *
+ * ```ts
+ * import { redirect } from '@sveltejs/kit';
+ * import type { PageServerLoad } from './$types';
+ *
+ * export const load: PageServerLoad = async (event) => {
+ *   const session = await event.locals.getSession();
+ *   if (!session?.user) throw redirect(303, '/auth');
+ *   return {};
+ * };
+ * ```
+ * 
+ * :::danger
+ * Make sure to ALWAYS grab the session information from the parent instead of using the store in the case of a `PageLoad`.
+ * Not doing so can lead to users being able to incorrectly access protected information in the case the `+layout.server.ts` does not run for that page load.
+ * This code sample already implements the correct method by using `const { session } = await parent();`
+ * :::
+ *
+ * You should NOT put authorization logic in a `+layout.server.ts` as the logic is not guaranteed to propragate to leafs in the tree.
+ * Prefer to manually protect each route through the `+page.server.ts` file to avoid mistakes.
+ * It is possible to force the layout file to run the load function on all routes, however that relies certain behaviours that can change and are not easily checked.
+ * For more information about these caveats make sure to read this issue in the SvelteKit repository: https://github.com/sveltejs/kit/issues/6315
+ *
+ * ### Per path
+ *
+ * Another method that's possible for handling authorization is by restricting certain URIs from being available.
+ * For many projects this is better because:
+ * - This automatically protects actions and api routes in those URIs
+ * - No code duplication between components
+ * - Very easy to modify
+ *
+ * The way to handle authorization through the URI is to override your handle hook.
+ * The handle hook, available in `hooks.server.ts`, is a function that receives ALL requests sent to your SvelteKit webapp.
+ * You may intercept them inside the handle hook, add and modify things in the request, block requests, etc.
+ * Some readers may notice we are already using this handle hook for SvelteKitAuth which returns a handle itself, so we are going to use SvelteKit's sequence to provide middleware-like functions that set the handle hook.
+ * 
+ * ```ts
+ * import { SvelteKitAuth } from '@auth/sveltekit';
+ * import GitHub from '@auth/core/providers/github';
+ * import { GITHUB_ID, GITHUB_SECRET } from '$env/static/private';
+ * import { redirect, type Handle } from '@sveltejs/kit';
+ * import { sequence } from '@sveltejs/kit/hooks';
+ * 
+ * async function authorization({ event, resolve }) {
+ * 	// Protect any routes under /authenticated
+ * 	if (event.url.pathname.startsWith('/authenticated')) {
+ *    const session = await event.locals.getSession();
+ * 		if (!session) {
+ * 			throw redirect(303, '/auth');
+ * 		}
+ * 	}
+ * 
+ * 	// If the request is still here, just proceed as normally
+ * 	const result = await resolve(event, {
+ * 		transformPageChunk: ({ html }) => html
+ * 	});
+ * 	return result;
+ * }
+ * 
+ * // First handle authentication, then authorization
+ * // Each function acts as a middleware, receiving the request handle
+ * // And returning a handle which gets passed to the next function
+ * export const handle: Handle = sequence(
+ * 	SvelteKitAuth({
+ * 		providers: [GitHub({ clientId: GITHUB_ID, clientSecret: GITHUB_SECRET })]
+ * 	}),
+ * 	authorization
+ * );
+ * ```
+ *
+ * :::info
+ * Learn more about SvelteKit's handle hooks and sequence [here](https://kit.svelte.dev/docs/modules#sveltejs-kit-hooks-sequence).
+ * :::
+ *
+ * Now any routes under `/authenticated` will be transparently protected by the handle hook.
+ * You may add more middleware-like functions to the sequence and also implement more complex authorization business logic inside this file.
+ * This can also be used along with the component-based approach in case you need a specific page to be protected and doing it by URI could be faulty.
+ *
  * ## Notes
  *
  * :::info

packages/next-auth/provider-logos/mattermost-dark.svg

@@ -0,0 +1,4 @@
+<svg width="700" height="700" viewBox="0 0 700 700" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M496.909 147.716L499.54 200.779C542.559 248.303 559.539 315.609 538.125 378.865C506.159 473.292 400.753 522.93 302.694 489.735C204.635 456.54 151.057 353.081 183.023 258.653C204.508 195.186 259.171 151.953 322.48 140.505L356.685 100.091C249.969 97.2018 149.288 163.442 113.265 269.853C69.0048 400.598 139.114 542.468 269.859 586.729C400.604 630.99 542.474 560.88 586.735 430.135C622.7 323.895 583.148 210.308 496.909 147.716Z" fill="#dddddd"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M435.623 304.289L433.812 230.109L432.359 187.424L431.376 150.444C431.376 150.444 431.581 132.612 430.959 128.422C430.828 127.54 430.551 126.822 430.221 126.196C430.18 126.108 430.141 126.02 430.096 125.934C430.049 125.854 430.003 125.78 429.954 125.705C429.27 124.528 428.195 123.572 426.804 123.101C425.381 122.619 423.909 122.738 422.631 123.29C422.604 123.3 422.579 123.309 422.552 123.32C422.4 123.388 422.255 123.465 422.109 123.546C421.503 123.841 420.887 124.223 420.284 124.808C417.244 127.758 406.575 142.048 406.575 142.048L383.331 170.826L356.248 203.851L309.749 261.677C309.749 261.677 288.411 288.308 293.126 321.088C297.841 353.868 322.211 369.837 341.117 376.238C360.023 382.638 389.082 384.756 412.74 361.581C436.396 338.405 435.623 304.289 435.623 304.289Z" fill="#dddddd"/>
+</svg>

packages/next-auth/provider-logos/mattermost.svg

@@ -0,0 +1,4 @@
+<svg width="700" height="700" viewBox="0 0 700 700" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M496.909 147.716L499.54 200.779C542.559 248.303 559.539 315.609 538.125 378.865C506.159 473.292 400.753 522.93 302.694 489.735C204.635 456.54 151.057 353.081 183.023 258.653C204.508 195.186 259.171 151.953 322.48 140.505L356.685 100.091C249.969 97.2018 149.288 163.442 113.265 269.853C69.0048 400.598 139.114 542.468 269.859 586.729C400.604 630.99 542.474 560.88 586.735 430.135C622.7 323.895 583.148 210.308 496.909 147.716Z" fill="#222222"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M435.623 304.289L433.812 230.109L432.359 187.424L431.376 150.444C431.376 150.444 431.581 132.612 430.959 128.422C430.828 127.54 430.551 126.822 430.221 126.196C430.18 126.108 430.141 126.02 430.096 125.934C430.049 125.854 430.003 125.78 429.954 125.705C429.27 124.528 428.195 123.572 426.804 123.101C425.381 122.619 423.909 122.738 422.631 123.29C422.604 123.3 422.579 123.309 422.552 123.32C422.4 123.388 422.255 123.465 422.109 123.546C421.503 123.841 420.887 124.223 420.284 124.808C417.244 127.758 406.575 142.048 406.575 142.048L383.331 170.826L356.248 203.851L309.749 261.677C309.749 261.677 288.411 288.308 293.126 321.088C297.841 353.868 322.211 369.837 341.117 376.238C360.023 382.638 389.082 384.756 412.74 361.581C436.396 338.405 435.623 304.289 435.623 304.289Z" fill="#222222"/>
+</svg>

turbo.json

@@ -21,6 +21,10 @@
         "middleware.js"
       ]
     },
+    "@auth/core#build": {
+      "dependsOn": ["^build"],
+      "outputs": ["lib/**", "providers/**", "*.js", "*.d.ts", "*.d.ts.map"]
+    },
     "clean": {
       "cache": false
     },