remove engines restriction

Merge branch 'main' into fix/add-node-19
fix: add node 19 as compatible engine
2026-05-01 10:55:20 +00:00 · 2023-01-21 16:12:22 +07:00 · 2023-01-21 15:57:09 +07:00 · 2023-01-17 21:43:15 -05:00
80 changed files with 3518 additions and 3969 deletions
--- a/.eslintignore
+++ b/.eslintignore
@@ -23,8 +23,8 @@ pnpm-lock.yaml

 .docusaurus
 build
-docs/docs/reference/core
-docs/docs/reference/sveltekit
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit
 static

 # --------------- Packages ---------------
--- a/.github/ISSUE_TEMPLATE/1_bug_framework.yml
+++ b/.github/ISSUE_TEMPLATE/1_bug_framework.yml
@@ -30,7 +30,7 @@ body:
        Run this command in your project's root folder and paste the result:

        ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
        ```
        Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
    validations:
--- a/.github/ISSUE_TEMPLATE/2_bug_provider.yml
+++ b/.github/ISSUE_TEMPLATE/2_bug_provider.yml
@@ -25,7 +25,6 @@ body:
        - "Custom provider"
        - "42 School"
        - "Apple"
-        - "Asgardeo"
        - "Atlassian"
        - "Auth0"
        - "Authentik"
@@ -58,7 +57,6 @@ body:
        - "Medium"
        - "Naver"
        - "Netlify"
-        - "Notion"
        - "Okta"
        - "OneLogin"
        - "Osso"
@@ -89,7 +87,7 @@ body:
        Run this command in your project's root folder and paste the result:

        ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
        ```
        Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
    validations:
--- a/.github/ISSUE_TEMPLATE/3_bug_adapter.yml
+++ b/.github/ISSUE_TEMPLATE/3_bug_adapter.yml
@@ -44,7 +44,7 @@ body:
        Run this command in your project's root folder and paste the result:

        ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*" && npx envinfo --npmPackages "@next-auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth" && npx envinfo --npmPackages "@next-auth/*"
        ```
        Alternatively, if the above command did not work, we need the version of the following packages from your package.json: "next", "react", "next-auth" and your adapter. Please also mention your OS and Node.js version, as well as the browser you are using.
    validations:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,22 +35,21 @@ jobs:
          UPSTASH_REDIS_KEY: ${{ secrets.UPSTASH_REDIS_KEY }}
          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
          TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-      # - name: Run E2E tests
-      #   if: github.repository == 'nextauthjs/next-auth'
-      #   run: pnpm e2e
-      #   timeout-minutes: 15
-      #   env:
-      #     AUTH0_USERNAME: ${{ secrets.AUTH0_USERNAME }}
-      #     AUTH0_PASSWORD: ${{ secrets.AUTH0_PASSWORD }}
-      #     TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-      #     TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-      # - name: Upload E2E artifacts
-      #   if: github.repository == 'nextauthjs/next-auth'
-      #   uses: actions/upload-artifact@v3
-      #   with:
-      #     name: playwright-report
-      #     path: apps/dev/nextjs/playwright-report/
-      #     retention-days: 30
+      - name: Run E2E tests
+        run: pnpm e2e
+        timeout-minutes: 15
+        env:
+          AUTH0_USERNAME: ${{ secrets.AUTH0_USERNAME }}
+          AUTH0_PASSWORD: ${{ secrets.AUTH0_PASSWORD }}
+          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+          TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+      - name: Upload E2E artifacts
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: playwright-report
+          path: apps/dev/nextjs/playwright-report/
+          retention-days: 30
      # - name: Coverage
      #   uses: codecov/codecov-action@v1
      #   with:
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,6 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 firebase-debug.log
-ui-debug.log
 .pnpm-debug.log


@@ -35,10 +34,13 @@ packages/next-auth/utils
 packages/next-auth/core
 packages/next-auth/jwt
 packages/next-auth/react
+packages/next-auth/adapters.d.ts
+packages/next-auth/adapters.js
+packages/next-auth/index.d.ts
+packages/next-auth/index.js
 packages/next-auth/next
-packages/*/*.js
-packages/*/*.d.ts
-packages/*/*.d.ts.map
+packages/next-auth/middleware.d.ts
+packages/next-auth/middleware.js

 # Development app
 apps/dev/src/css
@@ -79,12 +81,14 @@ docs/.docusaurus
 docs/providers.json

 # Core
-packages/core/src/providers/oauth-types.ts
+packages/core/*.js
+packages/core/*.d.ts
+packages/core/*.d.ts.map
 packages/core/lib
 packages/core/providers
 packages/core/src/lib/pages/styles.ts
-docs/docs/reference/core
-docs/docs/reference/sveltekit
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit


 # SvelteKit
@@ -94,7 +98,3 @@ packages/frameworks-sveltekit/.svelte-kit
 packages/frameworks-sveltekit/package
 packages/frameworks-sveltekit/vite.config.js.timestamp-*
 packages/frameworks-sveltekit/vite.config.ts.timestamp-*
-
-# Adapters
-
-docs/docs/reference/adapter
--- a/.prettierignore
+++ b/.prettierignore
@@ -20,8 +20,8 @@ pnpm-lock.yaml

 .docusaurus
 build
-docs/docs/reference/core
-docs/docs/reference/sveltekit
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit
 static
 docs/providers.json

--- a/apps/dev/nextjs/.env.local.example
+++ b/apps/dev/nextjs/.env.local.example
@@ -9,10 +9,6 @@ NEXTAUTH_URL=http://localhost:3000
 # and/or verification tokens.
 NEXTAUTH_SECRET=secret

-ASGARDEO_CLIENT_ID=
-ASGARDEO_CLIENT_SECRET=
-ASGARDEO_ISSUER=
-
 AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
@@ -21,10 +17,6 @@ KEYCLOAK_ID=
 KEYCLOAK_SECRET=
 KEYCLOAK_ISSUER=

-NOTION_ID=
-NOTION_SECRET=
-NOTION_REDIRECT_URI=
-
 IDS4_ID=
 IDS4_SECRET=
 IDS4_ISSUER=
--- a/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
+++ b/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
@@ -2,7 +2,6 @@ import { Auth, type AuthConfig } from "@auth/core"

 // Providers
 import Apple from "@auth/core/providers/apple"
-import Asgardeo from "@auth/core/providers/asgardeo"
 import Auth0 from "@auth/core/providers/auth0"
 import AzureAD from "@auth/core/providers/azure-ad"
 import AzureB2C from "@auth/core/providers/azure-ad-b2c"
@@ -24,7 +23,6 @@ import Instagram from "@auth/core/providers/instagram"
 import Line from "@auth/core/providers/line"
 import LinkedIn from "@auth/core/providers/linkedin"
 import Mailchimp from "@auth/core/providers/mailchimp"
-import Notion from "@auth/core/providers/notion"
 // import Okta from "@auth/core/providers/okta"
 import Osu from "@auth/core/providers/osu"
 import Patreon from "@auth/core/providers/patreon"
@@ -70,7 +68,7 @@ import WorkOS from "@auth/core/providers/workos"

 export const authConfig: AuthConfig = {
  // adapter,
-  debug: process.env.NODE_ENV !== "production",
+  // debug: process.env.NODE_ENV !== "production",
  theme: {
    logo: "https://next-auth.js.org/img/logo/logo-sm.png",
    brandColor: "#1786fb",
@@ -84,7 +82,6 @@ export const authConfig: AuthConfig = {
      },
    }),
    Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
-    Asgardeo({ clientId: process.env.ASGARDEO_CLIENT_ID, clientSecret: process.env.ASGARDEO_CLIENT_SECRET, issuer: process.env.ASGARDEO_ISSUER }),
    Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
    AzureAD({
      clientId: process.env.AZURE_AD_CLIENT_ID,
@@ -108,7 +105,6 @@ export const authConfig: AuthConfig = {
    Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
    LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
    Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
-    Notion({ clientId: process.env.NOTION_ID, clientSecret: process.env.NOTION_SECRET, redirectUri: process.env.NOTION_REDIRECT_URI }),
    // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
    Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
    Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),
--- a/apps/dev/sveltekit/package.json
+++ b/apps/dev/sveltekit/package.json
@@ -19,8 +19,8 @@
    "vite": "4.0.1"
  },
  "dependencies": {
-    "@auth/core": "workspace:*",
-    "@auth/sveltekit": "workspace:*"
+    "@auth/core": "0.2.5",
+    "@auth/sveltekit": "0.1.12"
  },
  "type": "module"
 }
--- a/apps/playgrounds/nuxt/package.json
+++ b/apps/playgrounds/nuxt/package.json
@@ -2,10 +2,11 @@
  "name": "playground-nuxt",
  "private": true,
  "scripts": {
-    "build": "nuxt prepare && nuxt build",
-    "dev": "nuxt prepare &&  export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
+    "build": "nuxt build",
+    "dev": "export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
    "generate": "nuxt generate",
-    "preview": "nuxt preview"
+    "preview": "nuxt preview",
+    "postinstall": "nuxt prepare"
  },
  "devDependencies": {
    "@nuxt/eslint-config": "^0.1.1",
--- a/docs/docs/getting-started/05-typescript.md
+++ b/docs/docs/getting-started/05-typescript.md
@@ -5,7 +5,7 @@ title: TypeScript
 Auth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.

 Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-example
+https://github.com/nextauthjs/next-auth-typescript-example

 ---

--- a/docs/docs/guides/03-basics/refresh-token-rotation.md
+++ b/docs/docs/guides/03-basics/refresh-token-rotation.md
@@ -22,7 +22,7 @@ Using a JWT to store the `refresh_token` is less secure than saving it in a data

 #### JWT strategy

-Using the [jwt](../../reference/core/types#jwt) and [session](../../reference/core/types#session) callbacks, we can persist OAuth tokens and refresh them when they expire.
+Using the [jwt](../../reference/03-core/interfaces/types.CallbacksOptions.md#jwt) and [session](../../reference/03-core/interfaces/types.CallbacksOptions.md#session) callbacks, we can persist OAuth tokens and refresh them when they expire.

 Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.

--- a/docs/docs/guides/03-basics/role-based-authentication.md
+++ b/docs/docs/guides/03-basics/role-based-authentication.md
@@ -1,153 +0,0 @@
---
-title: Role-based authentication
---
-
-There are two ways to add role-based authentication (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
-
-## Getting the role
-
-We are going to start by adding a `profile()` callback to the providers' config to determine the user role:
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-
-export default NextAuth({
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      },
-      ...
-    })  
-  ],
-})
-```
-
-:::tip
-To determine the user's role, you can either add your logic or if your provider assigns roles already, use that instead.
-:::
-
-## Persisting the role
-### With JWT
-
-When you don't have a database configured, the role will be persisted in a cookie, by using the `jwt()` callback. On sign-in, the `role` property is exposed from the `profile` callback on the `user` object. Persist the `user.role` value by assigning it to `token.role`. That's it!
-
-If you also want to use the role on the client, you can expose it via the `session` callback.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-
-export default NextAuth({
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      },
-      ...
-    })  
-  ],
-  // highlight-start
-  callbacks: {
-    jwt({ token, user }) {
-      if(user) token.role = user.role
-      return token
-    },
-    session({ session, token }) {
-      session.user.role = token.role
-      return session
-    }
-  }
-  // highlight-end
-})
-```
-
-:::info
-With this strategy, if you want to update the role, the user needs to be forced to sign in again.
-:::
-
-### With Database
-
-When you have a database, you can save the user role on the [User model](/reference/adapters/models#user). The below example is showing you how to do this with Prisma, but the idea is the same for all adapters.
-
-First, add a `role` column to the User model.
-
-```ts title="/prisma/schema.prisma"
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  role          String?  // New column
-  accounts      Account[]
-  sessions      Session[]
-}
-```
-
-The `profile()` callback's return value is used to create users in the database. That's it! Your newly created users will now have an assigned role.
-
-If you also want to use the role on the client, you can expose it via the `session` callback.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-  // highlight-next-line
-import prisma from "lib/prisma"
-
-export default NextAuth({
-  // highlight-next-line
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      }
-      ...
-    })  
-  ],
-  // highlight-start
-  callbacks: {
-    session({ session, user }) {
-      session.user.role = user.role
-      return session
-    }
-  }
-  // highlight-end
-})
-```
-
-:::info
-It is up to you how you want to manage to update the roles, either through direct database access or building your role update API.
-:::
-
-## Using the role
-
-If you want to use the role in the client, for both cases above, when using the `useSession` hook, `session.user.role` will have the required role if you exposed it via the `session` callback. You can use this to render a different UI for different users.
-
-```ts title="/pages/admin.tsx"
-import { useSession } from "next-auth/react"
-
-export default function Page() {
-  const session = await useSession()
-
-  if (session?.user.role === "admin") {
-    return <p>You are an admin, welcome!</p>
-  }
-
-  return <p>You are not authorized to view this page!</p>
-}
-```
-
-:::tip
-When using Next.js and JWT, you can alternatively also use [Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware) to redirect the user based on their role, even before rendering the page.
-:::
-
-## Resources
-
- [Concepts: Session strategies](/concepts/session-strategies)
- [Next.js: Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware)
- [Adapters: User model](/reference/adapters/models#user)
- [Adapters: Prisma adapter](/reference/adapters/prisma)
- [TypeScript](/getting-started/typescript)
--- a/docs/docs/guides/03-basics/role-based-login-strategy.md
+++ b/docs/docs/guides/03-basics/role-based-login-strategy.md
@@ -0,0 +1,64 @@
+---
+title: Role based logins
+---
+
+To add role based authentication to your application, you must do three things.
+
+1. Update your database schema
+2. Add the `role` to the session object
+3. Check for `role` in your pages/components
+
+First modify the `user` table and add a `role` column with the type of `String?`.
+
+Below is an example Prisma schema file.
+
+```javascript title="/prisma/schema.prisma"
+model User {
+  id            String    @id @default(cuid())
+  name          String?
+  email         String?   @unique
+  emailVerified DateTime?
+  image         String?
+  role          String?  // New Column
+  accounts      Account[]
+  sessions      Session[]
+}
+
+```
+
+Next, implement a custom session callback in the `[...nextauth].js` file, as shown below.
+
+```javascript title="/pages/api/auth/[...nextauth].js"
+callbacks: {
+  async session({ session, token, user }) {
+    session.user.role = user.role; // Add role value to user object so it is passed along with session
+    return session;
+},
+```
+
+Going forward, when using the `getSession` hook, check that `session.user.role` matches the required role. The example below assumes the role `'admin'` is required.
+
+```javascript title="/pages/admin.js"
+import { getSession } from "next-auth/react"
+
+export default function Page() {
+  const session = await getSession({ req })
+
+  if (session && session.user.role === "admin") {
+    return (
+      <div>
+        <h1>Admin</h1>
+        <p>Welcome to the Admin Portal!</p>
+      </div>
+    )
+  } else {
+    return (
+      <div>
+        <h1>You are not authorized to view this page!</h1>
+      </div>
+    )
+  }
+}
+```
+
+Then it is up to you how you manage your roles, either through direct database access or building your own role update API.
--- a/docs/docs/reference/04-providers/04-email.md
+++ b/docs/docs/reference/04-providers/04-email.md
@@ -16,4 +16,4 @@ sidebar_label: Email options
 See our guides on magic links authentication for further tips on how to customize this provider:

 - [Tutorial](/getting-started/email-tutorial)
- [Guide deep-dive](/guides/providers/email)
+- [Guide deep-dive](guides/providers/email)
--- a/docs/docs/reference/06-adapters/firebase.md
+++ b/docs/docs/reference/06-adapters/firebase.md
@@ -0,0 +1,75 @@
+---
+id: firebase
+title: Firebase
+---
+
+:::warning
+This adapter is still experimental and does not work with Auth.js 4 or newer. If you would like to help out upgrading it, please visit [this PR](https://github.com/nextauthjs/next-auth/pull/3873)
+:::
+
+This is the Firebase Adapter for [`next-auth`](https://authjs.dev). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
+
+## Getting Started
+
+1. Install the necessary packages
+
+```bash npm2yarn
+npm install next-auth @next-auth/firebase-adapter@experimental
+```
+
+2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
+
+```javascript title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import GoogleProvider from "next-auth/providers/google"
+import { FirebaseAdapter } from "@next-auth/firebase-adapter"
+
+import firebase from "firebase/app"
+import "firebase/firestore"
+
+const firestore = (
+  firebase.apps[0] ?? firebase.initializeApp(/* your config */)
+).firestore()
+
+// For more information on each option (and a full list of options) go to
+// https://authjs.dev/reference/configuration/auth-options
+export default NextAuth({
+  // https://authjs.dev/reference/providers/
+  providers: [
+    GoogleProvider({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+    }),
+  ],
+  adapter: FirebaseAdapter(firestore),
+  ...
+})
+```
+
+## Options
+
+When initializing the firestore adapter, you must pass in the firebase config object with the details from your project. More details on how to obtain that config object can be found [here](https://support.google.com/firebase/answer/7015592).
+
+An example firebase config looks like this:
+
+```js
+const firebaseConfig = {
+  apiKey: "AIzaSyDOCAbC123dEf456GhI789jKl01-MnO",
+  authDomain: "myapp-project-123.firebaseapp.com",
+  databaseURL: "https://myapp-project-123.firebaseio.com",
+  projectId: "myapp-project-123",
+  storageBucket: "myapp-project-123.appspot.com",
+  messagingSenderId: "65211879809",
+  appId: "1:65211879909:web:3ae38ef1cdcb2e01fe5f0c",
+  measurementId: "G-8GSGZQ44ST",
+}
+```
+
+See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
+
+:::tip **From Firebase**
+
+**Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.
+
+For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object).
+:::
--- a/docs/docs/reference/06-adapters/prisma.md
+++ b/docs/docs/reference/06-adapters/prisma.md
@@ -139,10 +139,9 @@ Prisma supports MongoDB, and so does Auth.js. Following the instructions of the
 id  String  @id @default(auto()) @map("_id") @db.ObjectId
 ```

-2. The Native database type attribute to `@db.String` from `@db.Text` and userId to `@db.ObjectId`.
+2. The Native database type attribute to `@db.String` from `@db.Text`.

 ```prisma
-user_id            String   @db.ObjectId
 refresh_token      String?  @db.String
 access_token       String?  @db.String
 id_token           String?  @db.String
--- a/docs/docs/reference/index.md
+++ b/docs/docs/reference/index.md
@@ -0,0 +1,25 @@
+---
+title: Overview
+sidebar_label: Overview
+sidebar_position: 0
+---
+
+## Core
+
+## Providers
+
+- OAuth/OIDC
+- Email/Passwordless
+- Credentials
+
+## Database Adapters
+
+## Frameworks
+
+- Next.js
+- SvelteKit
+- SolidStart
+- Remix
+- Nuxt
+- Gatsby
+- etc.
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -62,7 +62,7 @@ const docusaurusConfig = {
          position: "left",
        },
        {
-          to: "/reference/core",
+          to: "/reference/core/modules/main",
          // TODO: change to this when the overview page looks better.
          // to: "/reference",
          activeBasePath: "/reference",
@@ -101,7 +101,7 @@ const docusaurusConfig = {
    announcementBar: {
      id: "new-major-announcement",
      content:
-        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out <a href='/reference/sveltekit'>the docs</a>. Note, this site is under active development.",
+        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out <a href='/reference/sveltekit'>the docs</a>.",
      backgroundColor: "#000",
      textColor: "#fff",
    },
@@ -182,7 +182,10 @@ const docusaurusConfig = {
          lastVersion: "current",
          showLastUpdateAuthor: true,
          showLastUpdateTime: true,
-          remarkPlugins: [require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm],
+          remarkPlugins: [
+            require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm,
+            require("remark-github"),
+          ],
          versions: {
            current: {
              label: "experimental",
@@ -201,14 +204,20 @@ const docusaurusConfig = {
      {
        ...typedocConfig,
        id: "core",
-        plugin: [require.resolve("./typedoc-mdn-links")],
-        watch: process.env.TYPEDOC_WATCH,
-        entryPoints: ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"].map((e) => `${coreSrc}/${e}`).concat(providers),
+        plugin: ["./tyepdoc"],
+        entryPoints: [
+          "index.ts",
+          "adapters.ts",
+          "errors.ts",
+          "jwt.ts",
+          "types.ts",
+        ]
+          .map((e) => `${coreSrc}/${e}`)
+          .concat(providers),
        tsconfig: "../packages/core/tsconfig.json",
-        out: "reference/core",
-        sidebar: {
-          indexLabel: "index",
-        },
+        out: "reference/03-core",
+        watch: process.env.TYPEDOC_WATCH,
+        includeExtension: false,
      },
    ],
    [
@@ -216,29 +225,14 @@ const docusaurusConfig = {
      {
        ...typedocConfig,
        id: "sveltekit",
-        plugin: [require.resolve("./typedoc-mdn-links")],
-        watch: process.env.TYPEDOC_WATCH,
-        entryPoints: ["index.ts", "client.ts"].map((e) => `../packages/frameworks-sveltekit/src/lib/${e}`),
+        plugin: ["./tyepdoc"],
+        entryPoints: ["index.ts", "client.ts"].map(
+          (e) => `../packages/frameworks-sveltekit/src/lib/${e}`
+        ),
        tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
-        out: "reference/sveltekit",
-        sidebar: {
-          indexLabel: "index",
-        },
-      },
-    ],
-    [
-      "docusaurus-plugin-typedoc",
-      {
-        ...typedocConfig,
-        id: "firebase-adapter",
-        plugin: [require.resolve("./typedoc-mdn-links")],
+        out: "reference/04-sveltekit",
        watch: process.env.TYPEDOC_WATCH,
-        entryPoints: ["../packages/adapter-firebase/src/index.ts"],
-        tsconfig: "../packages/adapter-firebase/tsconfig.json",
-        out: "reference/adapter/firebase",
-        sidebar: {
-          indexLabel: "Firebase",
-        },
+        includeExtension: false,
      },
    ],
  ],
--- a/docs/package.json
+++ b/docs/package.json
@@ -3,7 +3,7 @@
  "repository": "https://github.com/nextauthjs/next-auth",
  "name": "docs",
  "scripts": {
-    "start": "TYPEDOC_WATCH=true docusaurus start --no-open",
+    "start": "TYPEDOC_WATCH=true docusaurus start --no-open --port 8000",
    "dev": "pnpm providers && pnpm snippets && pnpm start",
    "build": "pnpm providers && docusaurus build",
    "docusaurus": "docusaurus",
@@ -27,6 +27,7 @@
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "react-marquee-slider": "^1.1.5",
+    "remark-github": "10.1.0",
    "styled-components": "5.3.6"
  },
  "devDependencies": {
@@ -36,9 +37,7 @@
    "@docusaurus/preset-classic": "2.2.0",
    "@docusaurus/theme-common": "2.2.0",
    "@docusaurus/types": "2.2.0",
-    "docusaurus-plugin-typedoc": "1.0.0-next.2",
-    "typedoc": "^0.23.24",
-    "typedoc-plugin-markdown": "4.0.0-next.2"
+    "docusaurus-plugin-typedoc": "^0.18.0"
  },
  "browserslist": {
    "production": [
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -14,28 +14,61 @@ module.exports = {
    },
  ],
  referenceSidebar: [
+    "reference/index",
    {
      type: "category",
      label: "@auth/core",
-      link: { type: "doc", id: "reference/core/index" },
-      items: [{ type: "autogenerated", dirName: "reference/core" }],
+      link: {
+        type: "doc",
+        id: "reference/core/modules/main",
+      },
+      items: [
+        {
+          type: "autogenerated",
+          dirName: "reference/03-core/modules",
+          // See: https://github.com/facebook/docusaurus/issues/5689
+          // exclude: ["index"],
+        },
+        {
+          type: "category",
+          label: "Reflections",
+          collapsed: true,
+          className: "reflection-category", // See src/index.css
+          items: [{ type: "autogenerated", dirName: "reference/03-core" }],
+        },
+      ],
    },
    {
      type: "category",
      label: "@auth/sveltekit",
-      link: { type: "doc", id: "reference/sveltekit/index" },
-      items: [{ type: "autogenerated", dirName: "reference/sveltekit" }],
+      link: { type: "doc", id: "reference/sveltekit/modules/main" },
+      items: [
+        { type: "autogenerated", dirName: "reference/04-sveltekit/modules" },
+        {
+          type: "category",
+          label: "Reflections",
+          collapsed: true,
+          className: "reflection-category", // See src/index.css
+          items: [{ type: "autogenerated", dirName: "reference/04-sveltekit" }],
+        },
+      ],
    },
    {
      type: "category",
      label: "@auth/solid-start",
-      link: { type: "doc", id: "reference/solidstart/index" },
-      items: [{ type: "autogenerated", dirName: "reference/04-solidstart" }],
+      link: {
+        type: "doc",
+        id: "reference/solidstart/index",
+      },
+      items: ["reference/solidstart/client", "reference/solidstart/protected"],
    },
    {
      type: "category",
      label: "@auth/nextjs",
-      link: { type: "doc", id: "reference/nextjs/index" },
+      link: {
+        type: "doc",
+        id: "reference/nextjs/index",
+      },
      items: [
        "reference/nextjs/client",
        {
@@ -50,8 +83,12 @@ module.exports = {
      label: "Database Adapters",
      link: { type: "doc", id: "reference/adapters/overview" },
      items: [
-        { type: "doc", id: "reference/adapter/firebase/index" },
-        { type: "autogenerated", dirName: "reference/06-adapters" },
+        {
+          type: "autogenerated",
+          dirName: "reference/06-adapters",
+          // See: https://github.com/facebook/docusaurus/issues/5689
+          // exclude: ["index"],
+        },
      ],
    },
    {
--- a/docs/src/css/index.css
+++ b/docs/src/css/index.css
@@ -272,4 +272,27 @@ html[data-theme="dark"] #carbonads > span {
 html[data-theme="dark"] #carbonads .carbon-poweredby {
  color: #aaa;
  background: #1e2021;
-}
+}
+
+/* 
+  This is a hack to hide the "Reflection" category and "main" module from the sidebar.
+  This is because:
+  1. opening any page under the "Reflection" category would hide the entire sidebar.
+  2. the "main" module would show up twice.
+  See sidebars.js
+*/
+.reflection-category,
+.theme-doc-sidebar-item-link-level-2 [href="/reference/core/modules/main"],
+.theme-doc-sidebar-item-link-level-2
+  [href="/reference/sveltekit/modules/main"] {
+  display: none;
+}
+
+/*
+ HACK: to hide the "Classes" header and duplicate items together with the "typedoc-plugin-markdown" patch.
+ See: https://github.com/TypeStrong/typedoc/issues/2006
+*/
+/* h3.anchor + p:has(code, strong), */ /** hack did not work as it hides property types elsewhere */
+#classes {
+  display: none;
+}
--- a/docs/static/img/providers/asgardeo-dark.svg
+++ b/docs/static/img/providers/asgardeo-dark.svg
@@ -1,7 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 99.881 86.449">
-  <g id="asgardeo-trifactor-logo-dark-16x40" transform="translate(-553.024 -388.98)">
-    <path id="Path_264" data-name="Path 264" d="M743.533,388.98l9.161,15.892-10.153,17.6h20.306l9.209,15.892H714.97Z" transform="translate(-119.151 0)" fill="#ff7300"/>
-    <path id="Path_265" data-name="Path 265" d="M705.95,438.364l9.209-15.892h20.306l-10.153-17.6,9.162-15.892,28.6,49.393Z" transform="translate(-152.926 0.009)" fill="#ff7300"/>
-    <path id="Path_266" data-name="Path 266" d="M749.175,446.183l-10.153-17.6-10.2,17.6H710.46l28.6-49.393,28.515,49.393Z" transform="translate(-136.043 29.246)"/>
-  </g>
-</svg>
--- a/docs/static/img/providers/asgardeo.svg
+++ b/docs/static/img/providers/asgardeo.svg
@@ -1,7 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 99.881 86.449">
-  <g id="asgardeo-trifactor-logo-light-16x40" transform="translate(-553.024 -388.98)">
-    <path id="Path_264" data-name="Path 264" d="M743.533,388.98l9.161,15.892-10.153,17.6h20.306l9.209,15.892H714.97Z" transform="translate(-119.151)" fill="#ff7300"/>
-    <path id="Path_265" data-name="Path 265" d="M705.95,438.364l9.209-15.892h20.306l-10.153-17.6,9.162-15.892,28.6,49.393Z" transform="translate(-152.926 0.009)" fill="#ff7300"/>
-    <path id="Path_266" data-name="Path 266" d="M749.175,446.183l-10.153-17.6-10.2,17.6H710.46l28.6-49.393,28.515,49.393Z" transform="translate(-136.043 29.246)" fill="#fff"/>
-  </g>
-</svg>
--- a/docs/static/img/providers/notion.svg
+++ b/docs/static/img/providers/notion.svg
@@ -1,5 +0,0 @@
-<svg width="32" height="32" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
-  <title>Notion icon</title>
-  <path d="M6.017 4.313l55.333 -4.087c6.797 -0.583 8.543 -0.19 12.817 2.917l17.663 12.443c2.913 2.14 3.883 2.723 3.883 5.053v68.243c0 4.277 -1.553 6.807 -6.99 7.193L24.467 99.967c-4.08 0.193 -6.023 -0.39 -8.16 -3.113L3.3 79.94c-2.333 -3.113 -3.3 -5.443 -3.3 -8.167V11.113c0 -3.497 1.553 -6.413 6.017 -6.8z" fill="#fff"/>
-  <path fill-rule="evenodd" clip-rule="evenodd" d="M61.35 0.227l-55.333 4.087C1.553 4.7 0 7.617 0 11.113v60.66c0 2.723 0.967 5.053 3.3 8.167l13.007 16.913c2.137 2.723 4.08 3.307 8.16 3.113l64.257 -3.89c5.433 -0.387 6.99 -2.917 6.99 -7.193V20.64c0 -2.21 -0.873 -2.847 -3.443 -4.733L74.167 3.143c-4.273 -3.107 -6.02 -3.5 -12.817 -2.917zM25.92 19.523c-5.247 0.353 -6.437 0.433 -9.417 -1.99L8.927 11.507c-0.77 -0.78 -0.383 -1.753 1.557 -1.947l53.193 -3.887c4.467 -0.39 6.793 1.167 8.54 2.527l9.123 6.61c0.39 0.197 1.36 1.36 0.193 1.36l-54.933 3.307 -0.68 0.047zM19.803 88.3V30.367c0 -2.53 0.777 -3.697 3.103 -3.893L86 22.78c2.14 -0.193 3.107 1.167 3.107 3.693v57.547c0 2.53 -0.39 4.67 -3.883 4.863l-60.377 3.5c-3.493 0.193 -5.043 -0.97 -5.043 -4.083zm59.6 -54.827c0.387 1.75 0 3.5 -1.75 3.7l-2.91 0.577v42.773c-2.527 1.36 -4.853 2.137 -6.797 2.137 -3.107 0 -3.883 -0.973 -6.21 -3.887l-19.03 -29.94v28.967l6.02 1.363s0 3.5 -4.857 3.5l-13.39 0.777c-0.39 -0.78 0 -2.723 1.357 -3.11l3.497 -0.97v-38.3L30.48 40.667c-0.39 -1.75 0.58 -4.277 3.3 -4.473l14.367 -0.967 19.8 30.327v-26.83l-5.047 -0.58c-0.39 -2.143 1.163 -3.7 3.103 -3.89l13.4 -0.78z" fill="#000"/>
-</svg>
--- a/docs/typedoc-mdn-links.js
+++ b/docs/typedoc-mdn-links.js
--- a/docs/typedoc.json
+++ b/docs/typedoc.json
@@ -1,16 +1,23 @@
 {
+  "excludeNotDocumented": true,
  "$schema": "https://typedoc.org/schema.json",
-  "cleanOutputDir": true,
+  "allReflectionsHaveOwnDocument": true,
  "disableSources": true,
+  "hideBreadcrumbs": true,
  "excludeExternals": true,
  "excludeInternal": true,
-  "excludeNotDocumented": true,
  "excludePrivate": true,
+  "cleanOutputDir": true,
  "excludeProtected": true,
-  "hideHierarchy": true,
  "gitRevision": "main",
-  "hideBreadcrumbs": true,
  "hideGenerator": true,
+  "intentionallyNotExported": [
+    "ReturnTypes",
+    "CallbackParameters",
+    "JsonValue"
+  ],
+  "readme": "none",
+  "sort": ["kind", "static-first", "required-first", "alphabetical"],
  "kindSortOrder": [
    "Function",
    "TypeAlias",
@@ -34,13 +41,5 @@
    "IndexSignature",
    "GetSignature",
    "SetSignature"
-  ],
-  "readme": "none",
-  "sort": [
-    "kind",
-    "static-first",
-    "required-first",
-    "alphabetical"
-  ],
-  "symbolsWithOwnFile": "none"
-}
+  ]
+}
--- a/package.json
+++ b/package.json
@@ -41,6 +41,8 @@
    "prettier": "2.8.1",
    "prettier-plugin-svelte": "^2.8.1",
    "turbo": "1.6.3",
+    "typedoc": "^0.23.22",
+    "typedoc-plugin-markdown": "^3.14.0",
    "typescript": "4.9.4"
  },
  "engines": {
@@ -62,6 +64,7 @@
      "undici": "5.11.0"
    },
    "patchedDependencies": {
+      "typedoc-plugin-markdown@3.14.0": "patches/typedoc-plugin-markdown@3.14.0.patch",
      "@balazsorban/monorepo-release@0.1.8": "patches/@balazsorban__monorepo-release@0.1.8.patch"
    }
  }
--- a/packages/adapter-dynamodb/package.json
+++ b/packages/adapter-dynamodb/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@next-auth/dynamodb-adapter",
  "repository": "https://github.com/nextauthjs/next-auth",
-  "version": "3.0.0",
+  "version": "1.0.6",
  "description": "AWS DynamoDB adapter for next-auth.",
  "keywords": [
    "next-auth",
@@ -9,18 +9,11 @@
    "oauth",
    "dynamodb"
  ],
-  "type": "module",
-  "types": "./index.d.ts",
  "homepage": "https://authjs.dev",
  "bugs": {
    "url": "https://github.com/nextauthjs/next-auth/issues"
  },
-  "exports": {
-    ".": {
-      "types": "./index.d.ts",
-      "import": "./index.js"
-    }
-  },
+  "main": "dist/index.js",
  "private": false,
  "publishConfig": {
    "access": "public"
@@ -33,10 +26,7 @@
  },
  "files": [
    "README.md",
-    "index.js",
-    "index.d.ts",
-    "index.d.ts.map",
-    "src"
+    "dist"
  ],
  "author": "Pol Marnette",
  "license": "ISC",
@@ -51,11 +41,7 @@
    "@next-auth/adapter-test": "workspace:*",
    "@next-auth/tsconfig": "workspace:*",
    "@shelf/jest-dynamodb": "^2.1.0",
-    "@types/uuid": "^9.0.0",
    "jest": "^27.4.3",
    "next-auth": "workspace:*"
-  },
-  "dependencies": {
-    "uuid": "^9.0.0"
  }
 }
--- a/packages/adapter-dynamodb/src/index.ts
+++ b/packages/adapter-dynamodb/src/index.ts
@@ -1,4 +1,4 @@
-import { v4 as uuid } from "uuid"
+import { randomBytes } from "crypto"

 import type {
  BatchWriteCommandInput,
@@ -12,12 +12,16 @@ import type {
  VerificationToken,
 } from "next-auth/adapters"

+import { format, generateUpdateExpression } from "./utils"
+
+export { format, generateUpdateExpression }
+
 export interface DynamoDBAdapterOptions {
-  tableName?: string
-  partitionKey?: string
-  sortKey?: string
-  indexName?: string
-  indexPartitionKey?: string
+  tableName?: string,
+  partitionKey?: string,
+  sortKey?: string,
+  indexName?: string,
+  indexPartitionKey?: string,
  indexSortKey?: string
 }

@@ -26,17 +30,17 @@ export function DynamoDBAdapter(
  options?: DynamoDBAdapterOptions
 ): Adapter {
  const TableName = options?.tableName ?? "next-auth"
-  const pk = options?.partitionKey ?? "pk"
-  const sk = options?.sortKey ?? "sk"
-  const IndexName = options?.indexName ?? "GSI1"
-  const GSI1PK = options?.indexPartitionKey ?? "GSI1PK"
-  const GSI1SK = options?.indexSortKey ?? "GSI1SK"
+  const pk = options?.partitionKey ?? 'pk'
+  const sk = options?.sortKey ?? 'sk'
+  const IndexName = options?.indexName ?? 'GSI1'
+  const GSI1PK = options?.indexPartitionKey ?? 'GSI1PK'
+  const GSI1SK = options?.indexSortKey ?? 'GSI1SK'

  return {
    async createUser(data) {
      const user: AdapterUser = {
        ...(data as any),
-        id: uuid(),
+        id: randomBytes(16).toString("hex"),
      }

      await client.put({
@@ -46,8 +50,8 @@ export function DynamoDBAdapter(
          [pk]: `USER#${user.id}`,
          [sk]: `USER#${user.id}`,
          type: "USER",
-          [GSI1PK]: `USER#${user.email}`,
-          [GSI1SK]: `USER#${user.email}`,
+          [GSI1PK]: `USER#${user.email as string}`,
+          [GSI1SK]: `USER#${user.email as string}`,
        }),
      })

@@ -161,7 +165,7 @@ export function DynamoDBAdapter(
    async linkAccount(data) {
      const item = {
        ...data,
-        id: uuid(),
+        id: randomBytes(16).toString("hex"),
        [pk]: `USER#${data.userId}`,
        [sk]: `ACCOUNT#${data.provider}#${data.providerAccountId}`,
        [GSI1PK]: `ACCOUNT#${data.provider}`,
@@ -225,7 +229,7 @@ export function DynamoDBAdapter(
    },
    async createSession(data) {
      const session = {
-        id: uuid(),
+        id: randomBytes(16).toString("hex"),
        ...data,
      }
      await client.put({
@@ -323,73 +327,3 @@ export function DynamoDBAdapter(
    },
  }
 }
-
-// https://github.com/honeinc/is-iso-date/blob/master/index.js
-const isoDateRE =
-  /(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))/
-function isDate(value: any) {
-  return value && isoDateRE.test(value) && !isNaN(Date.parse(value))
-}
-
-const format = {
-  /** Takes a plain old JavaScript object and turns it into a Dynamodb object */
-  to(object: Record<string, any>) {
-    const newObject: Record<string, unknown> = {}
-    for (const key in object) {
-      const value = object[key]
-      if (value instanceof Date) {
-        // DynamoDB requires the TTL attribute be a UNIX timestamp (in secs).
-        if (key === "expires") newObject[key] = value.getTime() / 1000
-        else newObject[key] = value.toISOString()
-      } else newObject[key] = value
-    }
-    return newObject
-  },
-  /** Takes a Dynamo object and returns a plain old JavaScript object */
-  from<T = Record<string, unknown>>(object?: Record<string, any>): T | null {
-    if (!object) return null
-    const newObject: Record<string, unknown> = {}
-    for (const key in object) {
-      // Filter DynamoDB specific attributes so it doesn't get passed to core,
-      // to avoid revealing the type of database
-      if (["pk", "sk", "GSI1PK", "GSI1SK"].includes(key)) continue
-
-      const value = object[key]
-
-      if (isDate(value)) newObject[key] = new Date(value)
-      // hack to keep type property in account
-      else if (key === "type" && ["SESSION", "VT", "USER"].includes(value))
-        continue
-      // The expires property is stored as a UNIX timestamp in seconds, but
-      // JavaScript needs it in milliseconds, so multiply by 1000.
-      else if (key === "expires" && typeof value === "number")
-        newObject[key] = new Date(value * 1000)
-      else newObject[key] = value
-    }
-    return newObject as T
-  },
-}
-
-function generateUpdateExpression(object: Record<string, any>): {
-  UpdateExpression: string
-  ExpressionAttributeNames: Record<string, string>
-  ExpressionAttributeValues: Record<string, unknown>
-} {
-  const formatedSession = format.to(object)
-  let UpdateExpression = "set"
-  const ExpressionAttributeNames: Record<string, string> = {}
-  const ExpressionAttributeValues: Record<string, unknown> = {}
-  for (const property in formatedSession) {
-    UpdateExpression += ` #${property} = :${property},`
-    ExpressionAttributeNames["#" + property] = property
-    ExpressionAttributeValues[":" + property] = formatedSession[property]
-  }
-  UpdateExpression = UpdateExpression.slice(0, -1)
-  return {
-    UpdateExpression,
-    ExpressionAttributeNames,
-    ExpressionAttributeValues,
-  }
-}
-
-export { format, generateUpdateExpression }
--- a/packages/adapter-dynamodb/src/utils.ts
+++ b/packages/adapter-dynamodb/src/utils.ts
@@ -0,0 +1,67 @@
+// https://github.com/honeinc/is-iso-date/blob/master/index.js
+const isoDateRE =
+  /(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))/
+function isDate(value: any) {
+  return value && isoDateRE.test(value) && !isNaN(Date.parse(value))
+}
+
+export const format = {
+  /** Takes a plain old JavaScript object and turns it into a Dynamodb object */
+  to(object: Record<string, any>) {
+    const newObject: Record<string, unknown> = {}
+    for (const key in object) {
+      const value = object[key]
+      if (value instanceof Date) {
+        // DynamoDB requires the TTL attribute be a UNIX timestamp (in secs).
+        if (key === "expires") newObject[key] = value.getTime() / 1000
+        else newObject[key] = value.toISOString()
+      } else newObject[key] = value
+    }
+    return newObject
+  },
+  /** Takes a Dynamo object and returns a plain old JavaScript object */
+  from<T = Record<string, unknown>>(object?: Record<string, any>): T | null {
+    if (!object) return null
+    const newObject: Record<string, unknown> = {}
+    for (const key in object) {
+      // Filter DynamoDB specific attributes so it doesn't get passed to core,
+      // to avoid revealing the type of database
+      if (["pk", "sk", "GSI1PK", "GSI1SK"].includes(key)) continue
+
+      const value = object[key]
+
+      if (isDate(value)) newObject[key] = new Date(value)
+      // hack to keep type property in account
+      else if (key === "type" && ["SESSION", "VT", "USER"].includes(value))
+        continue
+      // The expires property is stored as a UNIX timestamp in seconds, but
+      // JavaScript needs it in milliseconds, so multiply by 1000.
+      else if (key === "expires" && typeof value === "number")
+        newObject[key] = new Date(value * 1000)
+      else newObject[key] = value
+    }
+    return newObject as T
+  },
+}
+
+export function generateUpdateExpression(object: Record<string, any>): {
+  UpdateExpression: string
+  ExpressionAttributeNames: Record<string, string>
+  ExpressionAttributeValues: Record<string, unknown>
+} {
+  const formatedSession = format.to(object)
+  let UpdateExpression = "set"
+  const ExpressionAttributeNames: Record<string, string> = {}
+  const ExpressionAttributeValues: Record<string, unknown> = {}
+  for (const property in formatedSession) {
+    UpdateExpression += ` #${property} = :${property},`
+    ExpressionAttributeNames["#" + property] = property
+    ExpressionAttributeValues[":" + property] = formatedSession[property]
+  }
+  UpdateExpression = UpdateExpression.slice(0, -1)
+  return {
+    UpdateExpression,
+    ExpressionAttributeNames,
+    ExpressionAttributeValues,
+  }
+}
--- a/packages/adapter-dynamodb/tests/format.test.ts
+++ b/packages/adapter-dynamodb/tests/format.test.ts
@@ -1,4 +1,4 @@
-import { format } from "../src/"
+import { format } from "../src/utils"

 describe("dynamodb utils.format", () => {
  it("format.to() preserves non-Date non-expires properties", () => {
--- a/packages/adapter-dynamodb/tsconfig.json
+++ b/packages/adapter-dynamodb/tsconfig.json
@@ -2,15 +2,7 @@
  "extends": "@next-auth/tsconfig/tsconfig.adapters.json",
  "compilerOptions": {
    "rootDir": "src",
-    "outDir": ".",
-    "target": "ES2020",
-    "module": "ESNext",
-    "moduleResolution": "node",
-    "skipDefaultLibCheck": true,
-    "strictNullChecks": true,
-    "stripInternal": true,
-    "declarationMap": true,
-    "declaration": true
+    "outDir": "dist"
  },
  "exclude": ["tests", "dist", "jest.config.js", "jest-dynamodb-config.js"]
 }
--- a/packages/adapter-firebase/.firebaserc
+++ b/packages/adapter-firebase/.firebaserc
@@ -0,0 +1 @@
+{}
--- a/packages/adapter-firebase/CHANGELOG.md
+++ b/packages/adapter-firebase/CHANGELOG.md
@@ -0,0 +1,16 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [0.1.3](https://github.com/nextauthjs/adapters/compare/@next-auth/firebase-adapter@0.1.2...@next-auth/firebase-adapter@0.1.3) (2021-08-17)
+
+**Note:** Version bump only for package @next-auth/firebase-adapter
+
+## [0.1.2](https://github.com/nextauthjs/adapters/compare/@next-auth/firebase-adapter@0.1.1...@next-auth/firebase-adapter@0.1.2) (2021-07-02)
+
+**Note:** Version bump only for package @next-auth/firebase-adapter
+
+## [0.1.1](https://github.com/nextauthjs/adapters/compare/@next-auth/firebase-adapter@0.1.0...@next-auth/firebase-adapter@0.1.1) (2021-06-30)
+
+**Note:** Version bump only for package @next-auth/firebase-adapter
--- a/packages/adapter-firebase/README.md
+++ b/packages/adapter-firebase/README.md
@@ -1,8 +1,8 @@
 <p align="center">
   <br/>
   <a href="https://authjs.dev" target="_blank">
-    <img height="64px" src="https://authjs.dev/img/logo/logo-sm.png" /></a><img height="64px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/packages/adapter-firebase/logo.svg" />
-   <h3 align="center"><b>Firebase Adapter</b> - Auth.js</h3>
+    <img height="64px" src="https://authjs.dev/img/logo/logo-sm.png" /></a><img height="64px" src="https://raw.githubusercontent.com/nextauthjs/adapters/main/packages/firebase/logo.svg" />
+   <h3 align="center"><b>Firebase Adapter</b> - NextAuth.js</h3>
   <p align="center">
   Open Source. Full Stack. Own Your Data.
   </p>
@@ -13,12 +13,72 @@
   </p>
 </p>

+## Overview

-This is the official Firebase Adapter for [Auth.js](https://authjs.dev) / [NextAuth.js](https://next-auth.js.org/), using the [Firebase Admin SDK](https://firebase.google.com/docs/admin/setup) and [Firestore](https://firebase.google.com/docs/firestore).
+This is the Firebase Adapter for [`auth.js`](https://authjs.dev). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.

-## Documentation
+You can find more Firebase information in the docs at [authjs.dev/reference/adapters/firebase](https://authjs.dev/reference/adapters/firebase).

-Check out the [documentation](https://authjs.dev/reference/adapter/firebase) to learn how to use this adapter in your project.
+## Getting Started
+
+1. Install `next-auth` and `@next-auth/firebase-adapter`.
+
+```js
+npm install next-auth @next-auth/firebase-adapter
+```
+
+2. Add this adapter to your `pages/api/[...nextauth].js` next-auth configuration object.
+
+```js
+import NextAuth from "next-auth"
+import Providers from "next-auth/providers"
+import { FirestoreAdapter } from "@next-auth/firebase-adapter"
+
+import { initializeApp } from "firebase/app";
+import { getFirestore } from "firebase/firestore"
+
+const app = initializeApp({ projectId: "next-auth-test" });
+const firestore = getFirestore(app);
+
+// For more information on each option (and a full list of options) go to
+// https://authjs.dev/reference/configuration/auth-options
+export default NextAuth({
+  // https://authjs.dev/reference/providers/oauth-builtin
+  providers: [
+    Providers.Google({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+    }),
+  ],
+  adapter: FirestoreAdapter(firestore),
+  ...
+})
+```
+
+## Options
+
+When initializing the firestore adapter, you must pass in the firebase config object with the details from your project. More details on how to obtain that config object can be found [here](https://support.google.com/firebase/answer/7015592).
+
+An example firebase config looks like this:
+
+```js
+const firebaseConfig = {
+  apiKey: "AIzaSyDOCAbC123dEf456GhI789jKl01-MnO",
+  authDomain: "myapp-project-123.firebaseapp.com",
+  databaseURL: "https://myapp-project-123.firebaseio.com",
+  projectId: "myapp-project-123",
+  storageBucket: "myapp-project-123.appspot.com",
+  messagingSenderId: "65211879809",
+  appId: "1:65211879909:web:3ae38ef1cdcb2e01fe5f0c",
+  measurementId: "G-8GSGZQ44ST",
+}
+```
+
+See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
+
+> **From Firebase - Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.
+>
+> For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object).

 ## Contributing

--- a/packages/adapter-firebase/firebase.json
+++ b/packages/adapter-firebase/firebase.json
@@ -1,8 +1,5 @@
 {
-  "firestore": {
-    "rules": "firestore.rules"
-  },
-  "emulator": {
+  "emulators": {
    "firestore": {
      "port": 8080
    }
--- a/packages/adapter-firebase/firestore.rules
+++ b/packages/adapter-firebase/firestore.rules
@@ -1,10 +0,0 @@
-rules_version = '2';
-
-// Deny read/write access to all users under any conditions
-service cloud.firestore {
-  match /databases/{database}/documents {
-    match /{document=**} {
-      allow read, write: if false;
-    }
-  }
-}
--- a/packages/adapter-firebase/jest.config.js
+++ b/packages/adapter-firebase/jest.config.js
@@ -0,0 +1 @@
+module.exports = require("@next-auth/adapter-test/jest/jest-preset")
--- a/packages/adapter-firebase/logo.svg
+++ b/packages/adapter-firebase/logo.svg
@@ -33,4 +33,4 @@
    <circle cx="144" cy="144" r="40" fill="#757575"/>
    <path d="M144 146l-18 8v-8l18-8 18 8v7-1.5 2.5zm0-22l18 8v8l-18-8-18 8v-8zm6.75 29l9 4-15.75 7v-8z" fill="#fff" fill-rule="evenodd"/>
  </g>
-</svg>
+</svg>
--- a/packages/adapter-firebase/package.json
+++ b/packages/adapter-firebase/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@next-auth/firebase-adapter",
-  "version": "2.0.0",
+  "version": "1.0.3",
  "description": "Firebase adapter for next-auth.",
  "homepage": "https://authjs.dev",
  "repository": "https://github.com/nextauthjs/next-auth",
@@ -12,44 +12,35 @@
    "Nico Domino <yo@ndo.dev>",
    "Alex Meuer <github@alexmeuer.com>"
  ],
-  "type": "module",
-  "exports": {
-    ".": {
-      "types": "./index.d.ts",
-      "import": "./index.js"
-    }
-  },
+  "main": "dist/index.js",
  "files": [
-    "src",
-    "*.js",
-    "*.d.ts*"
+    "dist",
+    "index.d.ts"
  ],
  "license": "ISC",
  "keywords": [
    "next-auth",
    "next.js",
-    "firebase",
-    "firebase-admin"
+    "firebase"
  ],
  "private": false,
  "publishConfig": {
    "access": "public"
  },
  "scripts": {
-    "dev": "tsc -w",
    "build": "tsc",
-    "test": "firebase emulators:exec --only firestore --project next-auth-test 'jest -c tests/jest.config.js'"
+    "test": "FIRESTORE_EMULATOR_HOST=localhost:8080 firebase --token '$FIREBASE_TOKEN' emulators:exec --only firestore --project next-auth-test jest"
  },
  "peerDependencies": {
-    "firebase-admin": "^11.4.1",
+    "firebase": "^9.7.0",
    "next-auth": "^4"
  },
  "devDependencies": {
    "@next-auth/adapter-test": "workspace:*",
    "@next-auth/tsconfig": "workspace:*",
-    "firebase-admin": "^11.4.1",
+    "firebase": "^9.14.0",
    "firebase-tools": "^11.16.1",
-    "jest": "^29.3.1",
+    "jest": "^27.4.3",
    "next-auth": "workspace:*"
  }
-}
+}
--- a/packages/adapter-firebase/src/converter.ts
+++ b/packages/adapter-firebase/src/converter.ts
@@ -0,0 +1,58 @@
+import { Timestamp } from "firebase/firestore"
+import type {
+  FirestoreDataConverter,
+  QueryDocumentSnapshot,
+  WithFieldValue,
+} from "firebase/firestore"
+
+const isTimestamp = (value: unknown): value is Timestamp =>
+  typeof value === "object" && value !== null && value instanceof Timestamp
+
+interface GetConverterOptions {
+  excludeId?: boolean
+}
+
+export const getConverter = <Document extends Record<string, unknown>>(
+  options?: GetConverterOptions
+): FirestoreDataConverter<Document> => ({
+  // `PartialWithFieldValue` implicitly types `object` as `any`, so we want to explicitly type it
+  toFirestore(object: WithFieldValue<Document>) {
+    const document: Record<string, unknown> = {}
+
+    Object.keys(object).forEach((key) => {
+      if (object[key] !== undefined) {
+        document[key] = object[key]
+      }
+    })
+
+    return document
+  },
+  // We need to explicitly type `snapshot` since it uses `DocumentData` for generic type
+  fromFirestore(snapshot: QueryDocumentSnapshot<Document>) {
+    if (!snapshot.exists()) {
+      return snapshot
+    }
+
+    let document: Document = snapshot.data()
+
+    if (!options?.excludeId) {
+      document = {
+        ...document,
+        id: snapshot.id,
+      }
+    }
+
+    for (const key in document) {
+      const value = document[key]
+
+      if (isTimestamp(value)) {
+        document = {
+          ...document,
+          [key]: value.toDate(),
+        }
+      }
+    }
+
+    return document
+  },
+})
--- a/packages/adapter-firebase/src/index.ts
+++ b/packages/adapter-firebase/src/index.ts
@@ -1,302 +1,282 @@
-/**
- * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center", padding: 16}}>
- * <span>
- *  Official <b>Firebase</b> adapter for Auth.js / NextAuth.js,
- *  using the <a href="https://firebase.google.com/docs/admin/setup">Firebase Admin SDK</a>
- *  &nbsp;and <a href="https://firebase.google.com/docs/firestore">Firestore</a>.</span>
- * <a href="https://firebase.google.com/">
- *   <img style={{display: "block"}} src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/packages/adapter-firebase/logo.svg" height="48" width="48"/>
- * </a>
- * </div>
- *
- * ## Installation
- *
- * ```bash npm2yarn2pnpm
- * npm install next-auth @next-auth/firebase-admin-adapter firebase-admin
- * ```
- *
- * ## References
- * - [`GOOGLE_APPLICATION_CREDENTIALS` environment variable](https://cloud.google.com/docs/authentication/application-default-credentials#GAC)
- * - [Firebase Admin SDK setup](https://firebase.google.com/docs/admin/setup#initialize-sdk)
- *
- * @module @next-auth/firebase-adapter
- */
-
-import { type AppOptions } from "firebase-admin"
-import { Firestore } from "firebase-admin/firestore"
-
-import type { Adapter, AdapterUser } from "next-auth/adapters"
+import { initializeApp } from "firebase/app"
+import type { FirebaseOptions } from "firebase/app"
 import {
-  collestionsFactory,
-  deleteDocs,
-  initFirestore,
+  addDoc,
+  collection,
+  deleteDoc,
+  doc,
  getDoc,
-  getOneDoc,
-  mapFieldsFactory,
-} from "./utils"
+  getDocs,
+  getFirestore,
+  limit,
+  query,
+  runTransaction,
+  setDoc,
+  where,
+  connectFirestoreEmulator,
+} from "firebase/firestore"

-export { initFirestore } from "./utils"
+import type {
+  Adapter,
+  AdapterUser,
+  AdapterAccount,
+  AdapterSession,
+  VerificationToken,
+} from "next-auth/adapters"

-/** Configure the Firebase Adapter. */
-export interface FirebaseAdapterConfig extends AppOptions {
-  /**
-   * The name of the app passed to {@link https://firebase.google.com/docs/reference/admin/node/firebase-admin.md#initializeapp `initializeApp()`}.
-   */
-  name?: string
-  firestore?: Firestore
-  /**
-   * Use this option if mixed `snake_case` and `camelCase` field names in the database is an issue for you.
-   * Passing `snake_case` will convert all field and collection names to `snake_case`.
-   * E.g. the collection `verificationTokens` will be `verification_tokens`,
-   * and fields like `emailVerified` will be `email_verified` instead.
-   *
-   *
-   * @example
-   * ```ts title="pages/api/auth/[...nextauth].ts"
-   * import NextAuth from "next-auth"
-   * import { FirestoreAdapter } from "@next-auth/firebase-adapter"
-   *
-   * export default NextAuth({
-   *  adapter: FirestoreAdapter({ namingStrategy: "snake_case" })
-   *  // ...
-   * })
-   * ```
-   */
-  namingStrategy?: "snake_case"
+import { getConverter } from "./converter"
+
+export type IndexableObject = Record<string, unknown>
+
+export interface FirestoreAdapterOptions {
+  emulator?: {
+    host?: string
+    port?: number
+  }
 }

-/**
- * #### Usage
- *
- * First, create a Firebase project and generate a service account key.
- * Visit: `https://console.firebase.google.com/u/0/project/{project-id}/settings/serviceaccounts/adminsdk` (replace `{project-id}` with your project's id)
- *
- * Now you have a few options to authenticate with the Firebase Admin SDK in your app:
- *
- * ##### 1. `GOOGLE_APPLICATION_CREDENTIALS` environment variable:
- *  - Download the service account key and save it in your project. (Make sure to add the file to your `.gitignore`!)
- *  - Add [`GOOGLE_APPLICATION_CREDENTIALS`](https://cloud.google.com/docs/authentication/application-default-credentials#GAC) to your environment variables and point it to the service account key file.
- *  - The adapter will automatically pick up the environment variable and use it to authenticate with the Firebase Admin SDK.
- *
- * @example
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import { FirestoreAdapter } from "@next-auth/firebase-adapter"
- *
- * export default NextAuth({
- *   adapter: FirestoreAdapter(),
- *   // ...
- * })
- * ```
- *
- * ##### 2. Service account values as environment variables
- *
- * - Download the service account key to a temporary location. (Make sure to not commit this file to your repository!)
- * - Add the following environment variables to your project: `FIREBASE_PROJECT_ID`, `FIREBASE_CLIENT_EMAIL`, `FIREBASE_PRIVATE_KEY`.
- * - Pass the config to the adapter, using the environment variables as shown in the example below.
- *
- * @example
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import { FirestoreAdapter } from "@next-auth/firebase-adapter"
- * import { cert } from "firebase-admin/app"
- *
- * export default NextAuth({
- *  adapter: FirestoreAdapter({
- *    credential: cert({
- *      projectId: process.env.FIREBASE_PROJECT_ID,
- *      clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
- *      privateKey: process.env.FIREBASE_PRIVATE_KEY,
- *    })
- *  })
- *  // ...
- * })
- * ```
- *
- * ##### 3. Use an existing Firestore instance
- *
- * If you already have a Firestore instance, you can pass that to the adapter directly instead.
- *
- * :::note
- * When passing an instance and in a serverless environment, remember to handle duplicate app initialization.
- * :::
- *
- * :::tip
- * You can use the {@link initFirestore} utility to initialize the app and get an instance safely.
- * :::
- *
- * @example
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import { FirestoreAdapter } from "@next-auth/firebase-adapter"
- * import { firestore } from "lib/firestore"
- *
- * export default NextAuth({
- *  adapter: FirestoreAdapter(firestore),
- *  // ...
- * })
- * ```
- */
-export function FirestoreAdapter(
-  config?: FirebaseAdapterConfig | Firestore
-): Adapter {
-  const { db, namingStrategy = "default" } =
-    config instanceof Firestore
-      ? { db: config }
-      : { ...config, db: config?.firestore ?? initFirestore(config) }
+export function FirestoreAdapter({
+  emulator,
+  ...firebaseOptions
+}: FirebaseOptions & FirestoreAdapterOptions): Adapter {
+  const firebaseApp = initializeApp(firebaseOptions)
+  const db = getFirestore(firebaseApp)

-  const preferSnakeCase = namingStrategy === "snake_case"
-  const C = collestionsFactory(db, preferSnakeCase)
-  const mapper = mapFieldsFactory(preferSnakeCase)
+  if (emulator) {
+    connectFirestoreEmulator(
+      db,
+      emulator?.host ?? "localhost",
+      emulator?.port ?? 3001
+    )
+  }
+
+  const Users = collection(db, "users").withConverter(
+    getConverter<AdapterUser & IndexableObject>()
+  )
+  const Sessions = collection(db, "sessions").withConverter(
+    getConverter<AdapterSession & IndexableObject>()
+  )
+  const Accounts = collection(db, "accounts").withConverter(
+    getConverter<AdapterAccount>()
+  )
+  const VerificationTokens = collection(db, "verificationTokens").withConverter(
+    getConverter<VerificationToken & IndexableObject>({ excludeId: true })
+  )

  return {
-    async createUser(userInit) {
-      const { id: userId } = await C.users.add(userInit as AdapterUser)
+    async createUser(newUser) {
+      const userRef = await addDoc(Users, newUser)
+      const userSnapshot = await getDoc(userRef)

-      const user = await getDoc(C.users.doc(userId))
-      if (!user) throw new Error("[createUser] Failed to fetch created user")
+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }

-      return user
+      throw new Error("[createUser] Failed to create user")
    },
-
    async getUser(id) {
-      return await getDoc(C.users.doc(id))
-    },
+      const userSnapshot = await getDoc(doc(Users, id))

+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }
+
+      return null
+    },
    async getUserByEmail(email) {
-      return await getOneDoc(C.users.where("email", "==", email))
+      const userQuery = query(Users, where("email", "==", email), limit(1))
+      const userSnapshots = await getDocs(userQuery)
+      const userSnapshot = userSnapshots.docs[0]
+
+      if (userSnapshot?.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }
+
+      return null
    },
-
    async getUserByAccount({ provider, providerAccountId }) {
-      const account = await getOneDoc(
-        C.accounts
-          .where("provider", "==", provider)
-          .where(mapper.toDb("providerAccountId"), "==", providerAccountId)
+      const accountQuery = query(
+        Accounts,
+        where("provider", "==", provider),
+        where("providerAccountId", "==", providerAccountId),
+        limit(1)
      )
-      if (!account) return null
+      const accountSnapshots = await getDocs(accountQuery)
+      const accountSnapshot = accountSnapshots.docs[0]

-      return await getDoc(C.users.doc(account.userId))
+      if (accountSnapshot?.exists()) {
+        const { userId } = accountSnapshot.data()
+        const userDoc = await getDoc(doc(Users, userId))
+
+        if (userDoc.exists() && Users.converter) {
+          return Users.converter.fromFirestore(userDoc)
+        }
+      }
+
+      return null
    },

    async updateUser(partialUser) {
-      if (!partialUser.id) throw new Error("[updateUser] Missing id")
+      const userRef = doc(Users, partialUser.id)

-      const userRef = C.users.doc(partialUser.id)
+      await setDoc(userRef, partialUser, { merge: true })

-      await userRef.set(partialUser, { merge: true })
+      const userSnapshot = await getDoc(userRef)

-      const user = await getDoc(userRef)
-      if (!user) throw new Error("[updateUser] Failed to fetch updated user")
+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }

-      return user
+      throw new Error("[updateUser] Failed to update user")
    },

    async deleteUser(userId) {
-      await db.runTransaction(async (transaction) => {
-        const accounts = await C.accounts
-          .where(mapper.toDb("userId"), "==", userId)
-          .get()
-        const sessions = await C.sessions
-          .where(mapper.toDb("userId"), "==", userId)
-          .get()
+      const userRef = doc(Users, userId)
+      const accountsQuery = query(Accounts, where("userId", "==", userId))
+      const sessionsQuery = query(Sessions, where("userId", "==", userId))

-        transaction.delete(C.users.doc(userId))
+      // TODO: May be better to use events instead of transactions?
+      await runTransaction(db, async (transaction) => {
+        const accounts = await getDocs(accountsQuery)
+        const sessions = await getDocs(sessionsQuery)

+        transaction.delete(userRef)
        accounts.forEach((account) => transaction.delete(account.ref))
        sessions.forEach((session) => transaction.delete(session.ref))
      })
    },

-    async linkAccount(accountInit) {
-      const ref = await C.accounts.add(accountInit)
-      const account = await ref.get().then((doc) => doc.data())
-      return account ?? null
+    async linkAccount(account) {
+      const accountRef = await addDoc(Accounts, account)
+      const accountSnapshot = await getDoc(accountRef)
+
+      if (accountSnapshot.exists() && Accounts.converter) {
+        return Accounts.converter.fromFirestore(accountSnapshot)
+      }
    },

    async unlinkAccount({ provider, providerAccountId }) {
-      await deleteDocs(
-        C.accounts
-          .where("provider", "==", provider)
-          .where(mapper.toDb("providerAccountId"), "==", providerAccountId)
-          .limit(1)
+      const accountQuery = query(
+        Accounts,
+        where("provider", "==", provider),
+        where("providerAccountId", "==", providerAccountId),
+        limit(1)
      )
+      const accountSnapshots = await getDocs(accountQuery)
+      const accountSnapshot = accountSnapshots.docs[0]
+
+      if (accountSnapshot?.exists()) {
+        await deleteDoc(accountSnapshot.ref)
+      }
    },

-    async createSession(sessionInit) {
-      const ref = await C.sessions.add(sessionInit)
-      const session = await ref.get().then((doc) => doc.data())
+    async createSession(session) {
+      const sessionRef = await addDoc(Sessions, session)
+      const sessionSnapshot = await getDoc(sessionRef)

-      if (session) return session ?? null
+      if (sessionSnapshot.exists() && Sessions.converter) {
+        return Sessions.converter.fromFirestore(sessionSnapshot)
+      }

-      throw new Error("[createSession] Failed to fetch created session")
+      throw new Error("[createSession] Failed to create session")
    },

    async getSessionAndUser(sessionToken) {
-      const session = await getOneDoc(
-        C.sessions.where(mapper.toDb("sessionToken"), "==", sessionToken)
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", sessionToken),
+        limit(1)
      )
-      if (!session) return null
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]

-      const user = await getDoc(C.users.doc(session.userId))
-      if (!user) return null
+      if (sessionSnapshot?.exists() && Sessions.converter) {
+        const session = Sessions.converter.fromFirestore(sessionSnapshot)
+        const userDoc = await getDoc(doc(Users, session.userId))

-      return { session, user }
+        if (userDoc.exists() && Users.converter) {
+          const user = Users.converter.fromFirestore(userDoc)
+
+          return { session, user }
+        }
+      }
+
+      return null
    },

    async updateSession(partialSession) {
-      const sessionId = await db.runTransaction(async (transaction) => {
-        const sessionSnapshot = (
-          await transaction.get(
-            C.sessions
-              .where(
-                mapper.toDb("sessionToken"),
-                "==",
-                partialSession.sessionToken
-              )
-              .limit(1)
-          )
-        ).docs[0]
-        if (!sessionSnapshot?.exists) return null
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", partialSession.sessionToken),
+        limit(1)
+      )
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]

-        transaction.set(sessionSnapshot.ref, partialSession, { merge: true })
+      if (sessionSnapshot?.exists()) {
+        await setDoc(sessionSnapshot.ref, partialSession, { merge: true })

-        return sessionSnapshot.id
-      })
+        const sessionDoc = await getDoc(sessionSnapshot.ref)

-      if (!sessionId) return null
+        if (sessionDoc?.exists() && Sessions.converter) {
+          const session = Sessions.converter.fromFirestore(sessionDoc)

-      const session = await getDoc(C.sessions.doc(sessionId))
-      if (session) return session
-      throw new Error("[updateSession] Failed to fetch updated session")
+          return session
+        }
+      }
+
+      return null
    },

    async deleteSession(sessionToken) {
-      await deleteDocs(
-        C.sessions
-          .where(mapper.toDb("sessionToken"), "==", sessionToken)
-          .limit(1)
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", sessionToken),
+        limit(1)
      )
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]
+
+      if (sessionSnapshot?.exists()) {
+        await deleteDoc(sessionSnapshot.ref)
+      }
    },

    async createVerificationToken(verificationToken) {
-      await C.verification_tokens.add(verificationToken)
-      return verificationToken
+      const verificationTokenRef = await addDoc(
+        VerificationTokens,
+        verificationToken
+      )
+      const verificationTokenSnapshot = await getDoc(verificationTokenRef)
+
+      if (verificationTokenSnapshot.exists() && VerificationTokens.converter) {
+        const { id, ...verificationToken } =
+          VerificationTokens.converter.fromFirestore(verificationTokenSnapshot)
+
+        return verificationToken
+      }
    },

    async useVerificationToken({ identifier, token }) {
-      const verificationTokenSnapshot = (
-        await C.verification_tokens
-          .where("identifier", "==", identifier)
-          .where("token", "==", token)
-          .limit(1)
-          .get()
-      ).docs[0]
+      const verificationTokensQuery = query(
+        VerificationTokens,
+        where("identifier", "==", identifier),
+        where("token", "==", token),
+        limit(1)
+      )
+      const verificationTokenSnapshots = await getDocs(verificationTokensQuery)
+      const verificationTokenSnapshot = verificationTokenSnapshots.docs[0]

-      if (!verificationTokenSnapshot) return null
+      if (verificationTokenSnapshot?.exists() && VerificationTokens.converter) {
+        await deleteDoc(verificationTokenSnapshot.ref)

-      const data = verificationTokenSnapshot.data()
-      await verificationTokenSnapshot.ref.delete()
-      return data
+        const { id, ...verificationToken } =
+          VerificationTokens.converter.fromFirestore(verificationTokenSnapshot)
+
+        return verificationToken
+      }
+
+      return null
    },
  }
 }
--- a/packages/adapter-firebase/src/utils.ts
+++ b/packages/adapter-firebase/src/utils.ts
@@ -1,168 +0,0 @@
-import { AppOptions, getApps, initializeApp } from "firebase-admin/app"
-
-import {
-  getFirestore,
-  initializeFirestore,
-  Timestamp,
-} from "firebase-admin/firestore"
-
-import type {
-  AdapterUser,
-  AdapterAccount,
-  AdapterSession,
-  VerificationToken,
-} from "next-auth/adapters"
-import { FirebaseAdapterConfig } from "."
-
-// for consistency, store all fields as snake_case in the database
-const MAP_TO_FIRESTORE: Record<string, string | undefined> = {
-  userId: "user_id",
-  sessionToken: "session_token",
-  providerAccountId: "provider_account_id",
-  emailVerified: "email_verified",
-}
-const MAP_FROM_FIRESTORE: Record<string, string | undefined> = {}
-
-for (const key in MAP_TO_FIRESTORE) {
-  MAP_FROM_FIRESTORE[MAP_TO_FIRESTORE[key]!] = key
-}
-
-const identity = <T>(x: T) => x
-
-/** @internal */
-export function mapFieldsFactory(preferSnakeCase?: boolean) {
-  if (preferSnakeCase) {
-    return {
-      toDb: (field: string) => MAP_TO_FIRESTORE[field] ?? field,
-      fromDb: (field: string) => MAP_FROM_FIRESTORE[field] ?? field,
-    }
-  }
-  return { toDb: identity, fromDb: identity }
-}
-
-/** @internal */
-export function getConverter<Document extends Record<string, any>>(options: {
-  excludeId?: boolean
-  preferSnakeCase?: boolean
-}): FirebaseFirestore.FirestoreDataConverter<Document> {
-  const mapper = mapFieldsFactory(options?.preferSnakeCase ?? false)
-
-  return {
-    toFirestore(object) {
-      const document: Record<string, unknown> = {}
-
-      for (const key in object) {
-        if (key === "id") continue
-        const value = object[key]
-        if (value !== undefined) {
-          document[mapper.toDb(key)] = value
-        } else {
-          console.warn(`FirebaseAdapter: value for key "${key}" is undefined`)
-        }
-      }
-
-      return document
-    },
-
-    fromFirestore(
-      snapshot: FirebaseFirestore.QueryDocumentSnapshot<Document>
-    ): Document {
-      const document = snapshot.data()! // we can guarentee it exists
-
-      const object: Record<string, unknown> = {}
-
-      if (!options?.excludeId) {
-        object.id = snapshot.id
-      }
-
-      for (const key in document) {
-        let value: any = document[key]
-        if (value instanceof Timestamp) value = value.toDate()
-
-        object[mapper.fromDb(key)] = value
-      }
-
-      return object as Document
-    },
-  }
-}
-
-/** @internal */
-export async function getOneDoc<T>(
-  querySnapshot: FirebaseFirestore.Query<T>
-): Promise<T | null> {
-  const querySnap = await querySnapshot.limit(1).get()
-  return querySnap.docs[0]?.data() ?? null
-}
-
-/** @internal */
-export async function deleteDocs<T>(
-  querySnapshot: FirebaseFirestore.Query<T>
-): Promise<void> {
-  const querySnap = await querySnapshot.get()
-  for (const doc of querySnap.docs) {
-    await doc.ref.delete()
-  }
-}
-
-/** @internal */
-export async function getDoc<T>(
-  docRef: FirebaseFirestore.DocumentReference<T>
-): Promise<T | null> {
-  const docSnap = await docRef.get()
-  return docSnap.data() ?? null
-}
-
-/** @internal */
-export function collestionsFactory(
-  db: FirebaseFirestore.Firestore,
-  preferSnakeCase = false
-) {
-  return {
-    users: db
-      .collection("users")
-      .withConverter(getConverter<AdapterUser>({ preferSnakeCase })),
-    sessions: db
-      .collection("sessions")
-      .withConverter(getConverter<AdapterSession>({ preferSnakeCase })),
-    accounts: db
-      .collection("accounts")
-      .withConverter(getConverter<AdapterAccount>({ preferSnakeCase })),
-    verification_tokens: db
-      .collection(
-        preferSnakeCase ? "verification_tokens" : "verificationTokens"
-      )
-      .withConverter(
-        getConverter<VerificationToken>({ preferSnakeCase, excludeId: true })
-      ),
-  }
-}
-
-/**
- * Utility function that helps making sure that there is no duplicate app initialization issues in serverless environments.
- * If no parameter is passed, it will use the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to initialize a Firestore instance.
- *
- * @example
- * ```ts title="lib/firestore.ts"
- * import { initFirestore } from "@next-auth/firebase-adapter"
- * import { cert } from "firebase-admin/app"
- *
- * export const firestore = initFirestore({
- *  credential: cert({
- *    projectId: process.env.FIREBASE_PROJECT_ID,
- *    clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
- *    privateKey: process.env.FIREBASE_PRIVATE_KEY,
- *  })
- * })
- * ```
- */
-export function initFirestore(
-  options: AppOptions & { name?: FirebaseAdapterConfig["name"] } = {}
-) {
-  const apps = getApps()
-  const app = options.name ? apps.find((a) => a.name === options.name) : apps[0]
-
-  if (app) return getFirestore(app)
-
-  return initializeFirestore(initializeApp(options, options.name))
-}
--- a/packages/adapter-firebase/tests/index.test.ts
+++ b/packages/adapter-firebase/tests/index.test.ts
@@ -1,57 +1,118 @@
 import { runBasicTests } from "@next-auth/adapter-test"
+import { FirestoreAdapter } from "../src"

-import { FirestoreAdapter, type FirebaseAdapterConfig } from "../src"
 import {
-  collestionsFactory,
-  initFirestore,
+  getFirestore,
+  connectFirestoreEmulator,
+  terminate,
+  collection,
+  query,
+  where,
+  limit,
+  getDocs,
  getDoc,
-  getOneDoc,
-  mapFieldsFactory,
-} from "../src/utils"
+  doc,
+} from "firebase/firestore"
+import { initializeApp } from "firebase/app"
+import { getConverter } from "../src/converter"
+import type {
+  AdapterSession,
+  AdapterUser,
+  VerificationToken,
+} from "next-auth/adapters"
+import type { Account } from "next-auth"

-describe.each([
-  { namingStrategy: "snake_case" },
-  { namingStrategy: "default" },
-] as Partial<FirebaseAdapterConfig>[])(
-  "FirebaseAdapter with config: %s",
-  (config) => {
-    config.name = `next-auth-test-${config.namingStrategy}`
-    config.projectId = "next-auth-test"
-    config.databaseURL = "http://localhost:8080"
+const app = initializeApp({ projectId: "next-auth-test" })
+const firestore = getFirestore(app)

-    const db = initFirestore(config)
-    const preferSnakeCase = config.namingStrategy === "snake_case"
-    const mapper = mapFieldsFactory(preferSnakeCase)
-    const C = collestionsFactory(db, preferSnakeCase)
+connectFirestoreEmulator(firestore, "localhost", 8080)

-    for (const [name, collection] of Object.entries(C)) {
-      test(`collection "${name}" should be empty`, async () => {
-        expect((await collection.count().get()).data().count).toBe(0)
-      })
-    }
+type IndexableObject = Record<string, unknown>

-    runBasicTests({
-      adapter: FirestoreAdapter(config),
-      db: {
-        disconnect: async () => await db.terminate(),
-        session: (sessionToken) =>
-          getOneDoc(
-            C.sessions.where(mapper.toDb("sessionToken"), "==", sessionToken)
-          ),
-        user: (userId) => getDoc(C.users.doc(userId)),
-        account: ({ provider, providerAccountId }) =>
-          getOneDoc(
-            C.accounts
-              .where("provider", "==", provider)
-              .where(mapper.toDb("providerAccountId"), "==", providerAccountId)
-          ),
-        verificationToken: ({ identifier, token }) =>
-          getOneDoc(
-            C.verification_tokens
-              .where("identifier", "==", identifier)
-              .where("token", "==", token)
-          ),
-      },
-    })
-  }
+const Users = collection(firestore, "users").withConverter(
+  getConverter<AdapterUser & IndexableObject>()
 )
+const Sessions = collection(firestore, "sessions").withConverter(
+  getConverter<AdapterSession & IndexableObject>()
+)
+const Accounts = collection(firestore, "accounts").withConverter(
+  getConverter<Account>()
+)
+const VerificationTokens = collection(
+  firestore,
+  "verificationTokens"
+).withConverter(
+  getConverter<VerificationToken & IndexableObject>({ excludeId: true })
+)
+
+runBasicTests({
+  adapter: FirestoreAdapter({ projectId: "next-auth-test" }),
+  db: {
+    async disconnect() {
+      await terminate(firestore)
+    },
+    async session(sessionToken) {
+      const snapshotQuery = query(
+        Sessions,
+        where("sessionToken", "==", sessionToken),
+        limit(1)
+      )
+      const snapshots = await getDocs(snapshotQuery)
+      const snapshot = snapshots.docs[0]
+
+      if (snapshot?.exists() && Sessions.converter) {
+        const session = Sessions.converter.fromFirestore(snapshot)
+
+        return session
+      }
+
+      return null
+    },
+    async user(id) {
+      const snapshot = await getDoc(doc(Users, id))
+
+      if (snapshot?.exists() && Users.converter) {
+        const user = Users.converter.fromFirestore(snapshot)
+
+        return user
+      }
+
+      return null
+    },
+    async account({ provider, providerAccountId }) {
+      const snapshotQuery = query(
+        Accounts,
+        where("provider", "==", provider),
+        where("providerAccountId", "==", providerAccountId),
+        limit(1)
+      )
+      const snapshots = await getDocs(snapshotQuery)
+      const snapshot = snapshots.docs[0]
+
+      if (snapshot?.exists() && Accounts.converter) {
+        const account = Accounts.converter.fromFirestore(snapshot)
+
+        return account
+      }
+
+      return null
+    },
+    async verificationToken({ identifier, token }) {
+      const snapshotQuery = query(
+        VerificationTokens,
+        where("identifier", "==", identifier),
+        where("token", "==", token),
+        limit(1)
+      )
+      const snapshots = await getDocs(snapshotQuery)
+      const snapshot = snapshots.docs[0]
+
+      if (snapshot?.exists() && VerificationTokens.converter) {
+        const verificationToken =
+          VerificationTokens.converter.fromFirestore(snapshot)
+
+        return verificationToken
+      }
+    },
+  },
+})
--- a/packages/adapter-firebase/tests/jest.config.js
+++ b/packages/adapter-firebase/tests/jest.config.js
@@ -1,11 +0,0 @@
-import config from "@next-auth/adapter-test/jest/jest-preset.js"
-
-//TODO: update rest of the packages to Jest 29+
-const {testURL, ...rest} = config
-export default {
-  ...rest,
-  testEnvironmentOptions: {
-    url: testURL
-  },
-  rootDir: ".."
-}
--- a/packages/adapter-firebase/tsconfig.json
+++ b/packages/adapter-firebase/tsconfig.json
@@ -1,23 +1,11 @@
 {
  "extends": "@next-auth/tsconfig/tsconfig.adapters.json",
  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist",
    "strict": true,
    "noUncheckedIndexedAccess": true,
-    "target": "ES2020",
-    "module": "ESNext",
-    "moduleResolution": "node",
-    "outDir": ".",
-    "rootDir": "src",
-    "skipDefaultLibCheck": true,
-    "strictNullChecks": true,
-    "stripInternal": true,
-    "declarationMap": true,
-    "declaration": true
+    "moduleResolution": "node"
  },
-  "include": [
-    "src/**/*"
-  ],
-  "exclude": [
-    "tests"
-  ]
-}
+  "exclude": ["tests", "dist", "jest.config.js"]
+}
--- a/packages/adapter-xata/package.json
+++ b/packages/adapter-xata/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@next-auth/xata-adapter",
-  "version": "0.2.2",
+  "version": "0.2.0",
  "description": "Xata adapter for next-auth.",
  "homepage": "https://authjs.dev",
  "repository": "https://github.com/nextauthjs/next-auth",
@@ -43,4 +43,4 @@
  "jest": {
    "preset": "@next-auth/adapter-test/jest"
  }
-}
+}
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@auth/core",
-  "version": "0.4.0",
+  "version": "0.2.5",
  "description": "Authentication for the Web.",
  "keywords": [
    "authentication",
@@ -27,7 +27,7 @@
  "types": "./index.d.ts",
  "files": [
    "*.js",
-    "*.d.ts*",
+    "*.d.ts",
    "lib",
    "providers",
    "src"
@@ -69,7 +69,7 @@
    "preact-render-to-string": "5.2.3"
  },
  "peerDependencies": {
-    "nodemailer": "^6.8.0"
+    "nodemailer": "6.8.0"
  },
  "peerDependenciesMeta": {
    "nodemailer": {
@@ -77,11 +77,10 @@
    }
  },
  "scripts": {
-    "build": "pnpm css && pnpm providers && tsc",
+    "build": "pnpm css && tsc",
    "clean": "rm -rf *.js *.d.ts* lib providers",
    "css": "node scripts/generate-css",
-    "dev": "pnpm css && pnpm providers && tsc -w",
-    "providers": "node scripts/generate-providers"
+    "dev": "pnpm css && tsc -w"
  },
  "devDependencies": {
    "@next-auth/tsconfig": "workspace:*",
@@ -93,4 +92,4 @@
    "postcss": "8.4.19",
    "postcss-nested": "6.0.0"
  }
-}
+}
--- a/packages/core/scripts/generate-providers.js
+++ b/packages/core/scripts/generate-providers.js
@@ -1,18 +0,0 @@
-import { join } from "path"
-import { readdirSync, writeFileSync } from "fs"
-
-const providersPath = join(process.cwd(), "src/providers")
-
-const files = readdirSync(providersPath, "utf8")
-
-const providers = files.map((file) => {
-  const strippedProviderName = file.substring(0, file.indexOf("."))
-  return `"${strippedProviderName}"`
-}).filter((provider) => provider !== '"oauth-types"' && provider !== '"index"')
-
-const result = `
-// THIS FILE IS AUTOGENERATED. DO NOT EDIT.
-export type OAuthProviderType = 
-  | ${providers.join("\n  | ")}`
-
-writeFileSync(join(providersPath, "oauth-types.ts"), result)
--- a/packages/core/src/index.ts
+++ b/packages/core/src/index.ts
@@ -1,8 +1,4 @@
 /**
- *
- * :::warning Experimental
- * `@auth/core` is under active development.
- * :::
 *
 * This is the main entry point to the Auth.js library.
 *
@@ -31,14 +27,14 @@
 * ## Resources
 *
 * - [Getting started](https://authjs.dev/getting-started/introduction)
- * - [Most common use case guides](https://authjs.dev/guides)
+ * - [Most common use case guides](https://authjs.dev/guides/overview)
 *
- * @module index
+ * @module main
 */

 import { assertConfig } from "./lib/assert.js"
 import { ErrorPageLoop } from "./errors.js"
-import { AuthInternal, skipCSRFCheck } from "./lib/index.js"
+import { AuthInternal } from "./lib/index.js"
 import renderPage from "./lib/pages/index.js"
 import { logger, setLogger, type LoggerInstance } from "./lib/utils/logger.js"
 import { toInternalRequest, toResponse } from "./lib/web.js"
@@ -55,8 +51,6 @@ import type {
 import type { Provider } from "./providers/index.js"
 import { JWTOptions } from "./jwt.js"

-export { skipCSRFCheck }
-
 /**
 * Core functionality provided by Auth.js.
 *
@@ -304,3 +298,14 @@ export interface AuthConfig {
  trustHost?: boolean
  skipCSRFCheck?: typeof skipCSRFCheck
 }
+
+/**
+ * :::danger
+ * This option is inteded for framework authors.
+ * :::
+ *
+ * Auth.js comes with built-in {@link https://authjs.dev/concepts/security#csrf CSRF} protection, but
+ * if you are implementing a framework that is already protected against CSRF attacks, you can skip this check by
+ * passing this value to {@link AuthConfig.skipCSRFCheck}.
+ */
+export const skipCSRFCheck = Symbol("skip-csrf-check")
--- a/packages/core/src/lib/index.ts
+++ b/packages/core/src/lib/index.ts
@@ -1,4 +1,5 @@
 import { UnknownAction } from "../errors.js"
+import { skipCSRFCheck } from "../index.js"
 import { SessionStore } from "./cookie.js"
 import { init } from "./init.js"
 import renderPage from "./pages/index.js"
@@ -71,9 +72,9 @@ export async function AuthInternal<
        if (pages.signIn) {
          let signinUrl = `${pages.signIn}${
            pages.signIn.includes("?") ? "&" : "?"
-          }${new URLSearchParams({ callbackUrl: options.callbackUrl })}`
+          }callbackUrl=${encodeURIComponent(options.callbackUrl)}`
          if (error)
-            signinUrl = `${signinUrl}&${new URLSearchParams({ error })}`
+            signinUrl = `${signinUrl}&error=${encodeURIComponent(error)}`
          return { redirect: signinUrl, cookies }
        }

@@ -185,14 +186,3 @@ export async function AuthInternal<
  }
  throw new UnknownAction(`Cannot handle action: ${action}`)
 }
-
-/**
- * :::danger
- * This option is intended for framework authors.
- * :::
- *
- * Auth.js comes with built-in {@link https://authjs.dev/concepts/security#csrf CSRF} protection, but
- * if you are implementing a framework that is already protected against CSRF attacks, you can skip this check by
- * passing this value to {@link AuthConfig.skipCSRFCheck}.
- */
-export const skipCSRFCheck = Symbol("skip-csrf-check")
--- a/packages/core/src/lib/oauth/authorization-url.ts
+++ b/packages/core/src/lib/oauth/authorization-url.ts
@@ -1,7 +1,7 @@
-import * as checks from "./checks.js"
 import * as o from "oauth4webapi"

 import type {
+  CookiesOptions,
  InternalOptions,
  RequestInternal,
  ResponseInternal,
@@ -58,10 +58,10 @@ export async function getAuthorizationUrl(

  const cookies: Cookie[] = []

-  const state = await checks.state.create(options)
-  if (state) {
-    authParams.set("state", state.value)
-    cookies.push(state.cookie)
+  if (provider.checks?.includes("state")) {
+    const { value, raw } = await createState(options)
+    authParams.set("state", raw)
+    cookies.push(value)
  }

  if (provider.checks?.includes("pkce")) {
@@ -70,17 +70,17 @@ export async function getAuthorizationUrl(
      // a random `nonce` must be used for CSRF protection.
      provider.checks = ["nonce"]
    } else {
-      const { value, cookie } = await checks.pkce.create(options)
-      authParams.set("code_challenge", value)
+      const { code_challenge, pkce } = await createPKCE(options)
+      authParams.set("code_challenge", code_challenge)
      authParams.set("code_challenge_method", "S256")
-      cookies.push(cookie)
+      cookies.push(pkce)
    }
  }

-  const nonce = await checks.nonce.create(options)
-  if (nonce) {
+  if (provider.checks?.includes("nonce")) {
+    const nonce = await createNonce(options)
    authParams.set("nonce", nonce.value)
-    cookies.push(nonce.cookie)
+    cookies.push(nonce)
  }

  // TODO: This does not work in normalizeOAuth because authorization endpoint can come from discovery
@@ -90,5 +90,54 @@ export async function getAuthorizationUrl(
  }

  logger.debug("authorization url is ready", { url, cookies, provider })
-  return { redirect: url.toString(), cookies }
+  return { redirect: url, cookies }
+}
+
+/** Returns a signed cookie. */
+export async function signCookie(
+  type: keyof CookiesOptions,
+  value: string,
+  maxAge: number,
+  options: InternalOptions<"oauth">
+): Promise<Cookie> {
+  const { cookies, jwt, logger } = options
+
+  logger.debug(`CREATE_${type.toUpperCase()}`, { value, maxAge })
+
+  const expires = new Date()
+  expires.setTime(expires.getTime() + maxAge * 1000)
+  return {
+    name: cookies[type].name,
+    value: await jwt.encode({ ...jwt, maxAge, token: { value } }),
+    options: { ...cookies[type].options, expires },
+  }
+}
+
+const STATE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+async function createState(options: InternalOptions<"oauth">) {
+  const raw = o.generateRandomState()
+  const maxAge = STATE_MAX_AGE
+  const value = await signCookie("state", raw, maxAge, options)
+  return { value, raw }
+}
+
+const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+async function createPKCE(options: InternalOptions<"oauth">) {
+  const code_verifier = o.generateRandomCodeVerifier()
+  const code_challenge = await o.calculatePKCECodeChallenge(code_verifier)
+  const maxAge = PKCE_MAX_AGE
+  const pkce = await signCookie(
+    "pkceCodeVerifier",
+    code_verifier,
+    maxAge,
+    options
+  )
+  return { code_challenge, pkce }
+}
+
+const NONCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+async function createNonce(options: InternalOptions<"oauth">) {
+  const raw = o.generateRandomNonce()
+  const maxAge = NONCE_MAX_AGE
+  return await signCookie("nonce", raw, maxAge, options)
 }
--- a/packages/core/src/lib/oauth/callback.ts
+++ b/packages/core/src/lib/oauth/callback.ts
@@ -1,6 +1,8 @@
-import * as checks from "./checks.js"
 import * as o from "oauth4webapi"
 import { OAuthCallbackError, OAuthProfileParseError } from "../../errors.js"
+import { useNonce } from "./nonce-handler.js"
+import { usePKCECodeVerifier } from "./pkce-handler.js"
+import { useState } from "./state-handler.js"

 import type {
  InternalOptions,
@@ -71,7 +73,7 @@ export async function handleOAuth(

  const resCookies: Cookie[] = []

-  const state = await checks.state.use(cookies, resCookies, options)
+  const state = await useState(cookies, resCookies, options)

  const parameters = o.validateAuthResponse(
    as,
@@ -89,7 +91,7 @@ export async function handleOAuth(
    throw new OAuthCallbackError(parameters.error)
  }

-  const codeVerifier = await checks.pkce.use(
+  const codeVerifier = await usePKCECodeVerifier(
    cookies?.[options.cookies.pkceCodeVerifier.name],
    options
  )
@@ -97,10 +99,7 @@ export async function handleOAuth(
  if (codeVerifier) resCookies.push(codeVerifier.cookie)

  // TODO:
-  const nonce = await checks.nonce.use(
-    cookies?.[options.cookies.nonce.name],
-    options
-  )
+  const nonce = await useNonce(cookies?.[options.cookies.nonce.name], options)
  if (nonce && provider.type === "oidc") {
    resCookies.push(nonce.cookie)
  }
@@ -203,7 +202,7 @@ async function getProfile(
    // If we didn't get a response either there was a problem with the provider
    // response *or* the user cancelled the action with the provider.
    //
-    // Unfortunately, we can't tell which - at least not in a way that works for
+    // Unfortuately, we can't tell which - at least not in a way that works for
    // all providers, so we return an empty object; the user should then be
    // redirected back to the sign up page. We log the error to help developers
    // who might be trying to debug this when configuring a new provider.
--- a/packages/core/src/lib/oauth/checks.ts
+++ b/packages/core/src/lib/oauth/checks.ts
@@ -1,155 +0,0 @@
-import * as o from "oauth4webapi"
-import * as jwt from "../../jwt.js"
-
-import type {
-  InternalOptions,
-  RequestInternal,
-  CookiesOptions,
-} from "../../types.js"
-import type { Cookie } from "../cookie.js"
-
-import { InvalidState } from "../../errors.js"
-
-/** Returns a signed cookie. */
-export async function signCookie(
-  type: keyof CookiesOptions,
-  value: string,
-  maxAge: number,
-  options: InternalOptions<"oauth">
-): Promise<Cookie> {
-  const { cookies, logger } = options
-
-  logger.debug(`CREATE_${type.toUpperCase()}`, { value, maxAge })
-
-  const expires = new Date()
-  expires.setTime(expires.getTime() + maxAge * 1000)
-  return {
-    name: cookies[type].name,
-    value: await jwt.encode({ ...options.jwt, maxAge, token: { value } }),
-    options: { ...cookies[type].options, expires },
-  }
-}
-
-const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
-export const pkce = {
-  async create(options: InternalOptions<"oauth">) {
-    const code_verifier = o.generateRandomCodeVerifier()
-    const value = await o.calculatePKCECodeChallenge(code_verifier)
-    const maxAge = PKCE_MAX_AGE
-    const cookie = await signCookie(
-      "pkceCodeVerifier",
-      code_verifier,
-      maxAge,
-      options
-    )
-    return { cookie, value }
-  },
-
-  /**
-   * Returns code_verifier if provider uses PKCE,
-   * and clears the container cookie afterwards.
-   */
-  async use(
-    codeVerifier: string | undefined,
-    options: InternalOptions<"oauth">
-  ): Promise<{ codeVerifier: string; cookie: Cookie } | undefined> {
-    const { cookies, provider } = options
-
-    if (!provider?.checks?.includes("pkce") || !codeVerifier) {
-      return
-    }
-
-    const pkce = (await jwt.decode({
-      ...options.jwt,
-      token: codeVerifier,
-    })) as any
-
-    return {
-      codeVerifier: pkce?.value ?? undefined,
-      cookie: {
-        name: cookies.pkceCodeVerifier.name,
-        value: "",
-        options: { ...cookies.pkceCodeVerifier.options, maxAge: 0 },
-      },
-    }
-  },
-}
-
-const STATE_MAX_AGE = 60 * 15 // 15 minutes in seconds
-export const state = {
-  async create(options: InternalOptions<"oauth">) {
-    if (!options.provider.checks.includes("state")) return
-    // TODO: support customizing the state
-    const value = o.generateRandomState()
-    const maxAge = STATE_MAX_AGE
-    const cookie = await signCookie("state", value, maxAge, options)
-    return { cookie, value }
-  },
-  /**
-   * Returns state from the saved cookie
-   * if the provider supports states,
-   * and clears the container cookie afterwards.
-   */
-  async use(
-    cookies: RequestInternal["cookies"],
-    resCookies: Cookie[],
-    options: InternalOptions<"oauth">
-  ): Promise<string | undefined> {
-    const { provider, jwt } = options
-    if (!provider.checks.includes("state")) return
-
-    const state = cookies?.[options.cookies.state.name]
-
-    if (!state) throw new InvalidState("State was missing from the cookies.")
-
-    // IDEA: Let the user do something with the returned state
-    const value = (await jwt.decode({ ...options.jwt, token: state })) as any
-
-    if (!value?.value) throw new InvalidState("Could not parse state cookie.")
-
-    // Clear the state cookie after use
-    resCookies.push({
-      name: options.cookies.state.name,
-      value: "",
-      options: { ...options.cookies.state.options, maxAge: 0 },
-    })
-
-    return value.value
-  },
-}
-
-const NONCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
-export const nonce = {
-  async create(options: InternalOptions<"oauth">) {
-    if (!options.provider.checks.includes("nonce")) return
-    const value = o.generateRandomNonce()
-    const maxAge = NONCE_MAX_AGE
-    const cookie = await signCookie("nonce", value, maxAge, options)
-    return { cookie, value }
-  },
-  /**
-   * Returns nonce from if the provider supports nonce,
-   * and clears the container cookie afterwards.
-   */
-  async use(
-    nonce: string | undefined,
-    options: InternalOptions<"oauth">
-  ): Promise<{ value: string; cookie: Cookie } | undefined> {
-    const { cookies, provider } = options
-
-    if (!provider?.checks?.includes("nonce") || !nonce) {
-      return
-    }
-
-    const value = (await jwt.decode({ ...options.jwt, token: nonce })) as any
-
-    return {
-      value: value?.value ?? undefined,
-      cookie: {
-        name: cookies.nonce.name,
-        value: "",
-        options: { ...cookies.nonce.options, maxAge: 0 },
-      },
-    }
-  },
-}
--- a/packages/core/src/lib/oauth/nonce-handler.ts
+++ b/packages/core/src/lib/oauth/nonce-handler.ts
@@ -0,0 +1,77 @@
+import * as o from "oauth4webapi"
+import * as jwt from "../../jwt.js"
+
+import type { InternalOptions } from "../../types.js"
+import type { Cookie } from "../cookie.js"
+
+const NONCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+
+/**
+ * Returns nonce if the provider supports it
+ * and saves it in a cookie
+ */
+export async function createNonce(options: InternalOptions<"oauth">): Promise<
+  | undefined
+  | {
+      value: string
+      cookie: Cookie
+    }
+> {
+  const { cookies, logger, provider } = options
+  if (!provider.checks?.includes("nonce")) {
+    // Provider does not support nonce, return nothing.
+    return
+  }
+
+  const nonce = o.generateRandomNonce()
+
+  const expires = new Date()
+  expires.setTime(expires.getTime() + NONCE_MAX_AGE * 1000)
+
+  // Encrypt nonce and save it to an encrypted cookie
+  const encryptedNonce = await jwt.encode({
+    ...options.jwt,
+    maxAge: NONCE_MAX_AGE,
+    token: { nonce },
+  })
+
+  logger.debug("CREATE_ENCRYPTED_NONCE", {
+    nonce,
+    maxAge: NONCE_MAX_AGE,
+  })
+
+  return {
+    cookie: {
+      name: cookies.nonce.name,
+      value: encryptedNonce,
+      options: { ...cookies.nonce.options, expires },
+    },
+    value: nonce,
+  }
+}
+
+/**
+ * Returns nonce from if the provider supports nonce,
+ * and clears the container cookie afterwards.
+ */
+export async function useNonce(
+  nonce: string | undefined,
+  options: InternalOptions<"oauth">
+): Promise<{ value: string; cookie: Cookie } | undefined> {
+  const { cookies, provider } = options
+
+  if (!provider?.checks?.includes("nonce") || !nonce) {
+    return
+  }
+
+  const value = (await jwt.decode({ ...options.jwt, token: nonce })) as any
+
+  return {
+    value: value?.value ?? undefined,
+    cookie: {
+      name: cookies.nonce.name,
+      value: "",
+      options: { ...cookies.nonce.options, maxAge: 0 },
+    },
+  }
+}
--- a/packages/core/src/lib/oauth/pkce-handler.ts
+++ b/packages/core/src/lib/oauth/pkce-handler.ts
@@ -0,0 +1,87 @@
+import * as o from "oauth4webapi"
+import * as jwt from "../../jwt.js"
+
+import type { InternalOptions } from "../../types.js"
+import type { Cookie } from "../cookie.js"
+
+const PKCE_CODE_CHALLENGE_METHOD = "S256"
+const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+
+/**
+ * Returns `code_challenge` and `code_challenge_method`
+ * and saves them in a cookie.
+ */
+export async function createPKCE(options: InternalOptions<"oauth">): Promise<
+  | undefined
+  | {
+      code_challenge: string
+      code_challenge_method: "S256"
+      cookie: Cookie
+    }
+> {
+  const { cookies, logger, provider } = options
+  if (!provider.checks?.includes("pkce")) {
+    // Provider does not support PKCE, return nothing.
+    return
+  }
+  const code_verifier = o.generateRandomCodeVerifier()
+  const code_challenge = await o.calculatePKCECodeChallenge(code_verifier)
+
+  const maxAge = cookies.pkceCodeVerifier.options.maxAge ?? PKCE_MAX_AGE
+
+  const expires = new Date()
+  expires.setTime(expires.getTime() + maxAge * 1000)
+
+  // Encrypt code_verifier and save it to an encrypted cookie
+  const encryptedCodeVerifier = await jwt.encode({
+    ...options.jwt,
+    maxAge,
+    token: { code_verifier },
+  })
+
+  logger.debug("CREATE_PKCE_CHALLENGE_VERIFIER", {
+    code_challenge,
+    code_challenge_method: PKCE_CODE_CHALLENGE_METHOD,
+    code_verifier,
+    maxAge,
+  })
+
+  return {
+    code_challenge,
+    code_challenge_method: PKCE_CODE_CHALLENGE_METHOD,
+    cookie: {
+      name: cookies.pkceCodeVerifier.name,
+      value: encryptedCodeVerifier,
+      options: { ...cookies.pkceCodeVerifier.options, expires },
+    },
+  }
+}
+
+/**
+ * Returns code_verifier if provider uses PKCE,
+ * and clears the container cookie afterwards.
+ */
+export async function usePKCECodeVerifier(
+  codeVerifier: string | undefined,
+  options: InternalOptions<"oauth">
+): Promise<{ codeVerifier: string; cookie: Cookie } | undefined> {
+  const { cookies, provider } = options
+
+  if (!provider?.checks?.includes("pkce") || !codeVerifier) {
+    return
+  }
+
+  const pkce = (await jwt.decode({
+    ...options.jwt,
+    token: codeVerifier,
+  })) as any
+
+  return {
+    codeVerifier: pkce?.value ?? undefined,
+    cookie: {
+      name: cookies.pkceCodeVerifier.name,
+      value: "",
+      options: { ...cookies.pkceCodeVerifier.options, maxAge: 0 },
+    },
+  }
+}
--- a/packages/core/src/lib/oauth/state-handler.ts
+++ b/packages/core/src/lib/oauth/state-handler.ts
@@ -0,0 +1,72 @@
+import * as o from "oauth4webapi"
+import type { InternalOptions, RequestInternal } from "../../types.js"
+import type { Cookie } from "../cookie.js"
+import { InvalidState } from "../../errors.js"
+
+const STATE_MAX_AGE = 60 * 15 // 15 minutes in seconds
+
+/** Returns state if the provider supports it */
+export async function createState(
+  options: InternalOptions<"oauth">
+): Promise<{ cookie: Cookie; value: string } | undefined> {
+  const { logger, provider, jwt, cookies } = options
+
+  if (!provider.checks?.includes("state")) {
+    // Provider does not support state, return nothing
+    return
+  }
+
+  const state = o.generateRandomState()
+  const maxAge = cookies.state.options.maxAge ?? STATE_MAX_AGE
+
+  const encodedState = await jwt.encode({
+    ...jwt,
+    maxAge,
+    token: { state },
+  })
+
+  logger.debug("CREATE_STATE", { state, maxAge })
+
+  const expires = new Date()
+  expires.setTime(expires.getTime() + maxAge * 1000)
+  return {
+    value: state,
+    cookie: {
+      name: cookies.state.name,
+      value: encodedState,
+      options: { ...cookies.state.options, expires },
+    },
+  }
+}
+
+/**
+ * Returns state from the saved cookie
+ * if the provider supports states,
+ * and clears the container cookie afterwards.
+ */
+export async function useState(
+  cookies: RequestInternal["cookies"],
+  resCookies: Cookie[],
+  options: InternalOptions<"oauth">
+): Promise<string | undefined> {
+  const { provider, jwt } = options
+  if (!provider.checks.includes("state")) return
+
+  const state = cookies?.[options.cookies.state.name]
+
+  if (!state) throw new InvalidState("State was missing from the cookies.")
+
+  // IDEA: Let the user do something with the returned state
+  const value = (await jwt.decode({ ...options.jwt, token: state })) as any
+
+  if (!value?.value) throw new InvalidState("Could not parse state cookie.")
+
+  // Clear the state cookie after use
+  resCookies.push({
+    name: options.cookies.state.name,
+    value: "",
+    options: { ...options.cookies.state.options, maxAge: 0 },
+  })
+
+  return value.value
+}
--- a/packages/core/src/lib/routes/callback.ts
+++ b/packages/core/src/lib/routes/callback.ts
@@ -53,7 +53,7 @@ export async function callback(params: {
        cookies.push(...authorizationResult.cookies)
      }

-      logger.debug("authorization result", authorizationResult)
+      logger.debug("authroization result", authorizationResult)

      const { profile, account, OAuthProfile } = authorizationResult

@@ -149,7 +149,7 @@ export async function callback(params: {
        return {
          redirect: `${pages.newUser}${
            pages.newUser.includes("?") ? "&" : "?"
-          }${new URLSearchParams({ callbackUrl })}`,
+          }callbackUrl=${encodeURIComponent(callbackUrl)}`,
          cookies,
        }
      }
@@ -256,7 +256,7 @@ export async function callback(params: {
        return {
          redirect: `${pages.newUser}${
            pages.newUser.includes("?") ? "&" : "?"
-          }${new URLSearchParams({ callbackUrl })}`,
+          }callbackUrl=${encodeURIComponent(callbackUrl)}`,
          cookies,
        }
      }
@@ -350,6 +350,6 @@ export async function callback(params: {
    logger.error(error)
    url.searchParams.set("error", CallbackRouteError.name)
    url.pathname += "/error"
-    return { redirect: url.toString(), cookies }
+    return { redirect: url, cookies }
  }
 }
--- a/packages/core/src/lib/routes/shared.ts
+++ b/packages/core/src/lib/routes/shared.ts
@@ -7,20 +7,19 @@ export async function handleAuthorized(
  params: any,
  { url, logger, callbacks: { signIn } }: InternalOptions
 ) {
+  url.pathname += "/error"
  try {
    const authorized = await signIn(params)
    if (!authorized) {
-      url.pathname += "/error"
      logger.debug("User not authorized", params)
      url.searchParams.set("error", "AccessDenied")
-      return { status: 403 as const, redirect: url.toString() }
+      return { status: 403 as const, redirect: url }
    }
  } catch (e) {
-    url.pathname += "/error"
    const error = new AuthorizedCallbackError(e as Error)
    logger.error(error)
    url.searchParams.set("error", "Configuration")
-    return { status: 500 as const, redirect: url.toString() }
+    return { status: 500 as const, redirect: url }
  }
 }

--- a/packages/core/src/lib/routes/signin.ts
+++ b/packages/core/src/lib/routes/signin.ts
@@ -54,7 +54,7 @@ export async function signin(
    logger.error(error)
    url.searchParams.set("error", error.name)
    url.pathname += "/error"
-    return { redirect: url.toString() }
+    return { redirect: url }
  }
 }

--- a/packages/core/src/lib/routes/signout.ts
+++ b/packages/core/src/lib/routes/signout.ts
@@ -8,7 +8,7 @@ import type { SessionStore } from "../cookie.js"
 * If the session strategy is database,
 * The session is also deleted from the database.
 * In any case, the session cookie is cleared and
- * {@link EventCallbacks.signOut} is emitted.
+ * an `events.signOut` is emitted.
 */
 export async function signout(
  sessionStore: SessionStore,
--- a/packages/core/src/lib/web.ts
+++ b/packages/core/src/lib/web.ts
@@ -76,22 +76,27 @@ export function toResponse(res: ResponseInternal): Response {
  res.cookies?.forEach((cookie) => {
    const { name, value, options } = cookie
    const cookieHeader = serialize(name, value, options)
-    if (headers.has("Set-Cookie")) headers.append("Set-Cookie", cookieHeader)
-    else headers.set("Set-Cookie", cookieHeader)
+    if (headers.has("Set-Cookie")) {
+      headers.append("Set-Cookie", cookieHeader)
+    } else {
+      headers.set("Set-Cookie", cookieHeader)
+    }
    // headers.set("Set-Cookie", cookieHeader) // TODO: Remove. Seems to be a bug with Headers in the runtime
  })

-  let body = res.body
+  const body =
+    headers.get("content-type") === "application/json"
+      ? JSON.stringify(res.body)
+      : res.body

-  if (headers.get("content-type") === "application/json")
-    body = JSON.stringify(res.body)
-  else if (headers.get("content-type") === "application/x-www-form-urlencoded")
-    body = new URLSearchParams(res.body).toString()
+  const response = new Response(body, {
+    headers,
+    status: res.redirect ? 302 : res.status ?? 200,
+  })

-  const status = res.redirect ? 302 : res.status ?? 200
-  const response = new Response(body, { headers, status })
-
-  if (res.redirect) response.headers.set("Location", res.redirect)
+  if (res.redirect) {
+    response.headers.set("Location", res.redirect.toString())
+  }

  return response
 }
--- a/packages/core/src/providers/asgardeo.ts
+++ b/packages/core/src/providers/asgardeo.ts
@@ -1,112 +0,0 @@
-/**
- * <div style={{backgroundColor: "#24292f", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
- * <span>Built-in <b>Asgardeo</b> integration.</span>
- * <a href="https://wso2.com/asgardeo/">
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/asgardeo-dark.svg" height="48" width="48"/>
- * </a>
- * </div>
- *
- * ---
- * @module providers/asgardeo
- */
-
-import type { OIDCConfig, OIDCUserConfig } from "./index.js"
-
-export interface AsgardeoProfile {
-  sub: string
-  given_name: string
-  email: string
-  picture: string
-}
-
-/**
- * Add Asgardeo login to your page.
- * ## Documentation
- *
- * https://wso2.com/asgardeo/docs/guides/authentication
- *
- *
- * ## Instructions
- *
- * - Log into https://console.asgardeo.io.
- * - Next, go to "Application" tab (More info: https://wso2.com/asgardeo/docs/guides/applications/register-oidc-web-app/).
- * - Register standard based - Open id connect, application.
- * - Add callback URL: http://localhost:3000/api/auth/callback/asgardeo and https://your-domain.com/api/auth/callback/asgardeo
- * - After registering the application, go to protocol tab.
- * - Check `code` grant type.
- * - Add Authorized redirect URLs & Allowed origins fields.
- * - Make Email, First Name, Photo URL user attributes mandatory from the console.
- *
- * Create a `.env` file in the project root add the following entries:
- *
- * These values can be collected from the application created.
- *
- * ```
- * ASGARDEO_CLIENT_ID=<Copy client ID from protocol tab here>
- * ASGARDEO_CLIENT_SECRET=<Copy client from protocol tab here>
- * ASGARDEO_ISSUER=<Copy the issuer url from the info tab here>
- * ```
- *
- * In `pages/api/auth/[...nextauth].js` find or add the `Asgardeo` entries:
- *
- * ```js
- * import Asgardeo from "next-auth/providers/asgardeo";
- * ...
- * providers: [
- *   Asgardeo({
- *     clientId: process.env.ASGARDEO_CLIENT_ID,
- *     clientSecret: process.env.ASGARDEO_CLIENT_SECRET,
- *     issuer: process.env.ASGARDEO_ISSUER
- *   }),
- * ],
- *
- * ...
- * ```
- *
- * ## Resources
- *
- * @see [Asgardeo - Authentication Guide](https://wso2.com/asgardeo/docs/guides/authentication)
- * @see [Learn more about OAuth](https://authjs.dev/concepts/oauth)
- * @see [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts)
- *
- * ## Notes
- *
- * By default, Auth.js assumes that the Asgardeo provider is
- * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
- *
- * :::tip
- *
- * The Asgardeo provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts).
- * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
- *
- * :::
- *
- * :::info **Disclaimer**
- *
- * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
- *
- * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
- * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
- * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
- *
- * :::
- */
-export default function Asgardeo(
-  config: OIDCUserConfig<AsgardeoProfile>
-): OIDCConfig<AsgardeoProfile> {
-  return {
-    id: "asgardeo",
-    name: "Asgardeo",
-    type: "oidc",
-    wellKnown: `${config?.issuer}/oauth2/token/.well-known/openid-configuration`,
-    style: {
-      logo: "/asgardeo.svg",
-      logoDark: "/asgardeo-dark.svg",
-      bg: "#fff",
-      text: "#000",
-      bgDark: "#000",
-      textDark: "#fff",
-    },
-    options: config,
-  }
-}
--- a/packages/core/src/providers/azure-ad.ts
+++ b/packages/core/src/providers/azure-ad.ts
@@ -34,21 +34,22 @@ export default function AzureAD<P extends AzureADProfile>(
      )

      // Confirm that profile photo was returned
-      let image
-      // TODO: Do this without Buffer
-      if (response.ok && typeof Buffer !== "undefined") {
-        try {
-          const pictureBuffer = await response.arrayBuffer()
-          const pictureBase64 = Buffer.from(pictureBuffer).toString("base64")
-          image = `data:image/jpeg;base64, ${pictureBase64}`
-        } catch {}
-      }
-
-      return {
-        id: profile.sub,
-        name: profile.name,
-        email: profile.email,
-        image: image ?? null,
+      if (response.ok) {
+        const pictureBuffer = await response.arrayBuffer()
+        const pictureBase64 = Buffer.from(pictureBuffer).toString("base64")
+        return {
+          id: profile.sub,
+          name: profile.name,
+          email: profile.email,
+          image: `data:image/jpeg;base64, ${pictureBase64}`,
+        }
+      } else {
+        return {
+          id: profile.sub,
+          name: profile.name,
+          email: profile.email,
+          image: null,
+        }
      }
    },
    style: {
--- a/packages/core/src/providers/credentials.ts
+++ b/packages/core/src/providers/credentials.ts
@@ -49,6 +49,10 @@ export interface CredentialsConfig<

 export type CredentialsProviderType = "Credentials"

+export type CredentialsConfigInternal<
+  C extends Record<string, CredentialInput> = Record<string, CredentialInput>
+> = CredentialsConfig<C> & { options: CredentialsConfig<C> }
+
 /**
 * The Credentials provider allows you to handle signing in with arbitrary credentials,
 * such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
--- a/packages/core/src/providers/discord.ts
+++ b/packages/core/src/providers/discord.ts
@@ -1,77 +1,21 @@
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"

-/**
- * Corresponds to the user structure documented here:
- * https://discord.com/developers/docs/resources/user#user-object-user-structure
- */
 export interface DiscordProfile extends Record<string, any> {
-  /** the user's id (i.e. the numerical snowflake) */
-  id: string
-  /** the user's username, not unique across the platform */
-  username: string
-  /** the user's 4-digit discord-tag */
+  accent_color: number
+  avatar: string
+  banner: string
+  banner_color: string
  discriminator: string
-  /**
-   * the user's avatar hash:
-   * https://discord.com/developers/docs/reference#image-formatting
-   */
-  avatar: string | null
-  /** whether the user belongs to an OAuth2 application */
-  bot?: boolean
-  /**
-   * whether the user is an Official Discord System user (part of the urgent
-   * message system)
-   */
-  system?: boolean
-  /** whether the user has two factor enabled on their account */
-  mfa_enabled: boolean
-  /**
-   * the user's banner hash:
-   * https://discord.com/developers/docs/reference#image-formatting
-   */
-  banner: string | null
-
-  /** the user's banner color encoded as an integer representation of hexadecimal color code */
-  accent_color: number | null
-
-  /**
-   * the user's chosen language option:
-   * https://discord.com/developers/docs/reference#locales
-   */
-  locale: string
-  /** whether the email on this account has been verified */
-  verified: boolean
-  /** the user's email */
-  email: string | null
-  /**
-   * the flags on a user's account:
-   * https://discord.com/developers/docs/resources/user#user-object-user-flags
-   */
+  email: string
  flags: number
-  /**
-   * the type of Nitro subscription on a user's account:
-   * https://discord.com/developers/docs/resources/user#user-object-premium-types
-   */
-  premium_type: number
-  /**
-   * the public flags on a user's account:
-   * https://discord.com/developers/docs/resources/user#user-object-user-flags
-   */
-  public_flags: number
-  /** undocumented field; corresponds to the user's custom nickname */
-  display_name: string | null
-  /**
-   * undocumented field; corresponds to the Discord feature where you can e.g.
-   * put your avatar inside of an ice cube
-   */
-  avatar_decoration: string | null
-  /**
-   * undocumented field; corresponds to the premium feature where you can
-   * select a custom banner color
-   */
-  banner_color: string | null
-  /** undocumented field; the CDN URL of their profile picture */
+  id: string
  image_url: string
+  locale: string
+  mfa_enabled: boolean
+  premium_type: number
+  public_flags: number
+  username: string
+  verified: boolean
 }

 export default function Discord<P extends DiscordProfile>(
--- a/packages/core/src/providers/index.ts
+++ b/packages/core/src/providers/index.ts
@@ -65,16 +65,12 @@ export type Provider<P extends Profile = Profile> = (
  | EmailConfig
  | CredentialsConfig
 ) & {
-  /**
-   * Used to deep merge user-provided config with the default config
-   * @internal
-   */
  options: Record<string, unknown>
 }

 export type BuiltInProviders = Record<
  OAuthProviderType,
-  (config: Partial<OAuthConfig<any>>) => OAuthConfig<any>
+  (options: Partial<OAuthConfig<any>>) => OAuthConfig<any>
 > &
  Record<CredentialsProviderType, typeof CredentialsProvider> &
  Record<EmailProviderType, typeof EmailProvider>
--- a/packages/core/src/providers/notion.ts
+++ b/packages/core/src/providers/notion.ts
@@ -1,166 +0,0 @@
-/**
- * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
- * <span>Built-in <b>Notion</b> integration.</span>
- * <a href="https://notion.so">
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/notion.svg" height="48" width="48"/>
- * </a>
- * </div>
- *
- * ---
- * @module providers/notion
- */
-
-import type { OAuthConfig, OAuthUserConfig } from "."
-
-export interface Person extends Record<string, any> {
-  email: string
-}
-
-// https://developers.notion.com/reference/user
-export interface User extends Record<string, any> {
-  object: "user" | "bot"
-  id: string
-  type: string
-  name: string
-  avatar_url: null | string
-  person: Person
-  owner?: {
-    type: "workspace" | "user"
-    workspace: string
-  }
-  workspace_name?: string | null
-}
-
-export interface Owner {
-  type: string
-  user: User
-}
-
-// Notion responds with an access_token + some additional information, which we define here
-// More info -  https://developers.notion.com/docs/authorization#step-4-notion-responds-with-an-access_token-and-some-additional-information
-export interface NotionProfile extends Record<string, any> {
-  access_token: string
-  bot_id: string
-  duplicated_template_id: string
-  owner?: Owner
-  workspace_icon: string
-  workspace_id: number
-  workspace_name: string
-}
-
-// Any config required that isn't part of the `OAuthUserConfig` spec should belong here
-// For example, we must pass a `redirectUri` to the Notion API when requesting tokens, therefore we add it here
-interface AdditionalConfig {
-  redirectUri: string
-}
-
-const NOTION_HOST = "https://api.notion.com"
-const NOTION_API_VERSION = "2022-06-28"
-
-/**
- * Add Notion login to your page.
- *
- * ## Example
- *
- * ```ts
- * import { Auth } from "@auth/core"
- * import Notion from "@auth/core/providers/notion"
- *
- * const request = new Request("https://example.com")
- * const response = await Auth(request, {
- *   providers: [Notion({ clientId: "", clientSecret: "", redirectUri: "" })],
- * })
- * ```
- *
- * ---
- *
- * ## Resources
- * - [Notion Docs](https://developers.notion.com/docs)
- * - [Notion Authorization Docs](https://developers.notion.com/docs/authorization)
- * - [Notion Integrations](https://www.notion.so/my-integrations)
- *
- * ---
- *
- * ## Notes
- * You need to select "Public Integration" on the configuration page to get an `oauth_id` and `oauth_secret`. Private integrations do not provide these details. 
- * You must provide a `clientId` and `clientSecret` to use this provider, as-well as a redirect URI (due to this being required by Notion endpoint to fetch tokens).
- *
- * :::tip
- *
- * The Notion provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/notion.ts).
- * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
- *
- * :::
- *
- * :::info **Disclaimer**
- *
- * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
- *
- * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
- * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
- * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
- *
- * :::
- */
-export default function NotionProvider<P extends NotionProfile>(
-  options: OAuthUserConfig<P> & AdditionalConfig
-): OAuthConfig<P> {
-  return {
-    id: "notion",
-    name: "Notion",
-    type: "oauth",
-    token: {
-      url: `${NOTION_HOST}/v1/oauth/token`,
-    },
-    userinfo: {
-      url: `${NOTION_HOST}/v1/users`,
-
-      // The result of this method will be the input to the `profile` callback.
-      // We use a custom request handler, since we need to do things such as pass the "Notion-Version" header
-      // More info: https://next-auth.js.org/configuration/providers/oauth
-      async request(context) {
-        const profile = await fetch(`${NOTION_HOST}/v1/users/me`, {
-          headers: {
-            Authorization: `Bearer ${context.tokens.access_token}`,
-            "Notion-Version": NOTION_API_VERSION,
-          },
-        })
-
-        const {
-          bot: {
-            owner: { user },
-          },
-        } = await profile.json()
-
-        return user
-      },
-    },
-    authorization: {
-      params: {
-        client_id: options.clientId,
-        response_type: "code",
-        owner: "user",
-        redirect_uri: options.redirectUri,
-      },
-      url: `${NOTION_HOST}/v1/oauth/authorize`,
-    },
-
-    async profile(profile, tokens) {
-      return {
-        id: profile.id,
-        name: profile.name,
-        email: profile.person.email,
-        image: profile.avatar_url,
-      }
-    },
-    style: {
-      logo: "/notion.svg",
-      logoDark: "/notion.svg",
-      bg: "#fff",
-      text: "#000",
-      bgDark: "#fff",
-      textDark: "#000",
-    },
-    options,
-  }
-}
--- a/packages/core/src/providers/oauth-types.ts
+++ b/packages/core/src/providers/oauth-types.ts
@@ -0,0 +1,69 @@
+// THIS FILE IS AUTOGENERATED. DO NOT EDIT.
+export type OAuthProviderType =
+  | "42-school"
+  | "apple"
+  | "atlassian"
+  | "auth0"
+  | "authentik"
+  | "azure-ad-b2c"
+  | "azure-ad"
+  | "battlenet"
+  | "box"
+  | "boxyhq-saml"
+  | "bungie"
+  | "cognito"
+  | "coinbase"
+  | "credentials"
+  | "discord"
+  | "dropbox"
+  | "duende-identity-server6"
+  | "email"
+  | "eveonline"
+  | "facebook"
+  | "faceit"
+  | "foursquare"
+  | "freshbooks"
+  | "fusionauth"
+  | "github"
+  | "gitlab"
+  | "google"
+  | "hubspot"
+  | "identity-server4"
+  | "index"
+  | "instagram"
+  | "kakao"
+  | "keycloak"
+  | "line"
+  | "linkedin"
+  | "mailchimp"
+  | "mailru"
+  | "medium"
+  | "naver"
+  | "netlify"
+  | "oauth-types.js"
+  | "oauth"
+  | "okta"
+  | "onelogin"
+  | "osso"
+  | "osu"
+  | "patreon"
+  | "pinterest"
+  | "pipedrive"
+  | "reddit"
+  | "salesforce"
+  | "slack"
+  | "spotify"
+  | "strava"
+  | "todoist"
+  | "trakt"
+  | "twitch"
+  | "twitter"
+  | "united-effects"
+  | "vk"
+  | "wikimedia"
+  | "wordpress"
+  | "workos"
+  | "yandex"
+  | "zitadel"
+  | "zoho"
+  | "zoom"
--- a/packages/core/src/providers/oauth.ts
+++ b/packages/core/src/providers/oauth.ts
@@ -66,7 +66,7 @@ export type TokenEndpointHandler = EndpointHandler<
    params: CallbackParamsType
    /**
     * When using this custom flow, make sure to do all the necessary security checks.
-     * This object contains parameters you have to match against the request to make sure it is valid.
+     * Thist object contains parameters you have to match against the request to make sure it is valid.
     */
    checks: OAuthChecks
  },
--- a/packages/core/src/types.ts
+++ b/packages/core/src/types.ts
@@ -203,7 +203,7 @@ export interface CallbacksOptions<P = Profile, A = Account> {
   * Its content is forwarded to the `session` callback,
   * where you can control what should be returned to the client.
   * Anything else will be kept inaccessible from the client.
-   *
+   * 
   * Returning `null` will invalidate the JWT session by clearing
   * the user's cookies. You'll still have to monitor and invalidate
   * unexpired tokens from future requests yourself to prevent
@@ -220,7 +220,7 @@ export interface CallbacksOptions<P = Profile, A = Account> {
    account?: A | null
    profile?: P
    isNewUser?: boolean
-  }) => Awaitable<JWT | null>
+  }) => Awaitable<JWT|null>
 }

 /** [Documentation](https://authjs.dev/reference/configuration/auth-config#cookies) */
@@ -452,7 +452,7 @@ export interface ResponseInternal<
  status?: number
  headers?: Headers | HeadersInit
  body?: Body
-  redirect?: string
+  redirect?: URL | string
  cookies?: Cookie[]
 }

--- a/packages/frameworks-sveltekit/package.json
+++ b/packages/frameworks-sveltekit/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@auth/sveltekit",
-  "version": "0.2.1",
+  "version": "0.1.12",
  "description": "Authentication for SvelteKit.",
  "keywords": [
    "authentication",
@@ -69,4 +69,4 @@
    },
    "./package.json": "./package.json"
  }
-}
+}
--- a/packages/frameworks-sveltekit/scripts/postbuild.js
+++ b/packages/frameworks-sveltekit/scripts/postbuild.js
@@ -1,16 +1,8 @@
 // After build, copy the files in ./package to the root directory, excluding the package.json file.
-
 import fs from "fs/promises"
 import path from "path"

-let __dirname = path.dirname(new URL(import.meta.url).pathname)
-
-// The above hack to polyfill "__dirname" for ESM does not work on Windows computers,
-// so we might have to manually perform more steps.
-__dirname = __dirname.split(path.sep).join(path.posix.sep)
-if (__dirname.match(/^\/\w:\//)) {
-  __dirname = __dirname.slice(3) // Remove the drive prefix.
-}
+const __dirname = path.dirname(new URL(import.meta.url).pathname)

 const root = path.join(__dirname, "..")
 const pkgDir = path.join(root, "package")
--- a/packages/frameworks-sveltekit/src/lib/index.ts
+++ b/packages/frameworks-sveltekit/src/lib/index.ts
@@ -81,7 +81,7 @@
 *   return {
 *     session: await event.locals.getSession()
 *   };
- * };
+ * }; 
 * ```
 *
 * What you return in the function `LayoutServerLoad` will be available inside the `$page` store, in the `data` property: `$page.data`.
@@ -106,7 +106,7 @@
 *   return {};
 * };
 * ```
- *
+ * 
 * :::danger
 * Make sure to ALWAYS grab the session information from the parent instead of using the store in the case of a `PageLoad`.
 * Not doing so can lead to users being able to incorrectly access protected information in the case the `+layout.server.ts` does not run for that page load.
@@ -130,14 +130,14 @@
 * The handle hook, available in `hooks.server.ts`, is a function that receives ALL requests sent to your SvelteKit webapp.
 * You may intercept them inside the handle hook, add and modify things in the request, block requests, etc.
 * Some readers may notice we are already using this handle hook for SvelteKitAuth which returns a handle itself, so we are going to use SvelteKit's sequence to provide middleware-like functions that set the handle hook.
- *
+ * 
 * ```ts
 * import { SvelteKitAuth } from '@auth/sveltekit';
 * import GitHub from '@auth/core/providers/github';
 * import { GITHUB_ID, GITHUB_SECRET } from '$env/static/private';
 * import { redirect, type Handle } from '@sveltejs/kit';
 * import { sequence } from '@sveltejs/kit/hooks';
- *
+ * 
 * async function authorization({ event, resolve }) {
 * 	// Protect any routes under /authenticated
 * 	if (event.url.pathname.startsWith('/authenticated')) {
@@ -146,14 +146,14 @@
 * 			throw redirect(303, '/auth');
 * 		}
 * 	}
- *
+ * 
 * 	// If the request is still here, just proceed as normally
 * 	const result = await resolve(event, {
 * 		transformPageChunk: ({ html }) => html
 * 	});
 * 	return result;
 * }
- *
+ * 
 * // First handle authentication, then authorization
 * // Each function acts as a middleware, receiving the request handle
 * // And returning a handle which gets passed to the next function
@@ -183,7 +183,7 @@
 * PRs to improve this documentation are welcome! See [this file](https://github.com/nextauthjs/next-auth/blob/main/packages/frameworks-sveltekit/src/lib/index.ts).
 * :::
 *
- * @module index
+ * @module main
 */

 /// <reference types="@sveltejs/kit" />
--- a/packages/next-auth/package.json
+++ b/packages/next-auth/package.json
@@ -126,8 +126,5 @@
    "react": "^18",
    "react-dom": "^18",
    "whatwg-fetch": "^3.6.2"
-  },
-  "engines": {
-    "node": "^12.19.0 || ^14.15.0 || ^16.13.0 || ^18.12.0"
  }
 }
--- a/patches/typedoc-plugin-markdown@3.14.0.patch
+++ b/patches/typedoc-plugin-markdown@3.14.0.patch
@@ -0,0 +1,23 @@
+diff --git a/dist/theme.js b/dist/theme.js
+index 1483a4b4ec69583aa3086eac83b2b31ae8bb6777..c30e7a4f7785fc230099e8b904040dd4aa57c38e 100644
+--- a/dist/theme.js
+++ b/dist/theme.js
+@@ -221,12 +221,12 @@ class MarkdownTheme extends typedoc_1.Theme {
+                 directory: 'enums',
+                 template: this.getReflectionTemplate(),
+             },
+-            {
+-                kind: [typedoc_1.ReflectionKind.Class],
+-                isLeaf: false,
+-                directory: 'classes',
+-                template: this.getReflectionTemplate(),
+-            },
+            // {
+            //     kind: [typedoc_1.ReflectionKind.Class],
+            //     isLeaf: false,
+            //     directory: 'classes',
+            //     template: this.getReflectionTemplate(),
+            // },
+             {
+                 kind: [typedoc_1.ReflectionKind.Interface],
+                 isLeaf: false,
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/turbo.json
+++ b/turbo.json
@@ -25,10 +25,6 @@
      "dependsOn": ["^build"],
      "outputs": ["lib/**", "providers/**", "*.js", "*.d.ts", "*.d.ts.map"]
    },
-    "@auth/sveltekit#build": {
-      "dependsOn": ["^build"],
-      "outputs": ["client.*", "index.*"]
-    },
    "clean": {
      "cache": false
    },
@@ -43,10 +39,6 @@
    },
    "@next-auth/upstash-redis-adapter#test": {
      "env": ["UPSTASH_REDIS_KEY", "UPSTASH_REDIS_URL"]
-    },
-    "docs#dev": {
-      "dependsOn": ["^build"],
-      "cache": false
    }
  }
 }
Author	SHA1	Message	Date
Thang Vu	0dd29bcc17	remove engines restriction	2023-01-21 16:12:22 +07:00
Thang Vu	44c66b7406	Merge branch 'main' into fix/add-node-19	2023-01-21 15:57:09 +07:00
Richard Shin	d99f9b714a	fix: add node 19 as compatible engine	2023-01-17 21:43:15 -05:00
				`@@ -0,0 +1 @@`
				`module.exports = require("@next-auth/adapter-test/jest/jest-preset")`