chore(release): bump package version(s) [skip ci]

You added svelte-kit@^1.0.0  instead of @sveltejs/kit": "^1.0.0

Co-authored-by: Balázs Orbán <info@balazsorban.com>

.github/actions/issue-validator/src/index.mjs

@@ -4,11 +4,8 @@ import * as github from "@actions/github"
 // @ts-expect-error
 import * as core from "@actions/core"
 import { readFileSync } from "node:fs"
-import { join } from "node:path"
 
 const addReproductionLabel = "incomplete"
-const __dirname =
-  "/home/runner/work/nextauthjs/next-auth/.github/actions/issue-validator"
 
 /**
  * @typedef {{
@@ -73,7 +70,7 @@ async function run() {
         }),
         client.issues.createComment({
           ...issueCommon,
-          body: readFileSync(join(__dirname, "repro.md"), "utf8"),
+          body: readFileSync("repro.md", "utf8"),
         }),
       ])
       return core.info(

.github/sync.yml

@@ -5,8 +5,15 @@ nextauthjs/next-auth-example:
   - .github/FUNDING.yml
   - LICENSE
 
-nextauthjs/next-auth-gatsby-example:
-  - source: apps/example-gatsby
+nextauthjs/sveltekit-auth-example:
+  - source: apps/example-sveltekit
+    dest: .
+    deleteOrphaned: true
+  - .github/FUNDING.yml
+  - LICENSE
+
+nextauthjs/next-auth-gatsby-example:
+  - source: apps/playground-gatsby
     dest: .
     deleteOrphaned: true
   - .github/FUNDING.yml

apps/dev/pages/supabase-client-rls.js

@@ -9,7 +9,6 @@ export default function Page() {
 
   useEffect(() => {
     if (session) {
-      console.log(session)
       // User is logged in, let's fetch their data.
       const { supabaseAccessToken } = session
       const supabase = createClient(

apps/example-nextjs/README.md

@@ -9,16 +9,16 @@
    </p>
    <p align="center" style="align: center;">
       <a href="https://npm.im/next-auth">
-        <img alt="npm" src="https://img.shields.io/npm/v/next-auth?color=green&label=next-auth">
+        <img alt="npm" src="https://img.shields.io/npm/v/next-auth?color=green&label=next-auth&style=flat-square">
       </a>
       <a href="https://bundlephobia.com/result?p=next-auth-example">
-        <img src="https://img.shields.io/bundlephobia/minzip/next-auth?label=next-auth" alt="Bundle Size"/>
+        <img src="https://img.shields.io/bundlephobia/minzip/next-auth?label=size&style=flat-square" alt="Bundle Size"/>
       </a>
       <a href="https://www.npmtrends.com/next-auth">
-        <img src="https://img.shields.io/npm/dm/next-auth?label=next-auth%20downloads" alt="Downloads" />
+        <img src="https://img.shields.io/npm/dm/next-auth?label=downloads&style=flat-square" alt="Downloads" />
       </a>
       <a href="https://npm.im/next-auth">
-        <img src="https://img.shields.io/badge/npm-TypeScript-blue" alt="TypeScript" />
+        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
       </a>
    </p>
 </p>

apps/example-sveltekit/README.md

@@ -0,0 +1,28 @@
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+
+<p align="center">
+   <br/>
+   <a href="https://next-auth.js.org" target="_blank"><img width="150px" src="https://next-auth.js.org/img/logo/logo-sm.png" /></a>
+   <h3 align="center">Auth.js Example App with <a href="https://kit.svelte.dev">SvelteKit</a></h3>
+   <p align="center">
+   Open Source. Full Stack. Own Your Data.
+   </p>
+   <p align="center" style="align: center;">
+      <a href="https://npm.im/@auth/sveltekit">
+        <img alt="npm" src="https://img.shields.io/npm/v/@auth/sveltekit?color=green&label=@auth/sveltekit&style=flat-square">
+      </a>
+      <a href="https://bundlephobia.com/result?p=sveltekit-auth-example">
+        <img src="https://img.shields.io/bundlephobia/minzip/@auth/sveltekit?label=size&style=flat-square" alt="Bundle Size"/>
+      </a>
+      <a href="https://www.npmtrends.com/@auth/sveltekit">
+        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=%20downloads&style=flat-square" alt="Downloads" />
+      </a>
+      <a href="https://npm.im/next-auth">
+        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+      </a>
+   </p>
+</p>
+
+# Documentation
+
+- [sveltekit.authjs.dev](https://sveltekit.authjs.dev)

apps/example-sveltekit/package.json

@@ -15,9 +15,8 @@
     "vite": "4.0.1"
   },
   "dependencies": {
-    "cookie": "0.5.0",
-    "@auth/core": "workspace:*",
-    "@auth/sveltekit": "workspace:*"
+    "@auth/core": "latest",
+    "@auth/sveltekit": "latest"
   },
   "type": "module"
 }

apps/example-sveltekit/src/routes/+page.svelte

@@ -0,0 +1,7 @@
+<h1>SvelteKit Auth Example</h1>
+<p>
+  This is an example site to demonstrate how to use <a
+    href="https://kit.svelte.dev/">SvelteKit</a
+  >
+  with <a href="https://sveltekit.authjs.dev">SvelteKit Auth</a> for authentication.
+</p>

apps/playground-gatsby/README.md

@@ -9,13 +9,13 @@
    </p>
    <p align="center" style="align: center;">
       <a href="https://npm.im/next-auth">
-        <img alt="npm" src="https://img.shields.io/npm/v/next-auth?color=green&label=next-auth">
+        <img alt="npm" src="https://img.shields.io/npm/v/next-auth?color=green&label=next-auth&style=flat-square">
       </a>
       <a href="https://bundlephobia.com/result?p=next-auth-example">
-        <img src="https://img.shields.io/bundlephobia/minzip/next-auth?label=next-auth" alt="Bundle Size"/>
+        <img src="https://img.shields.io/bundlephobia/minzip/next-auth?label=bundle&style=flat-square" alt="Bundle Size"/>
       </a>
       <a href="https://www.npmtrends.com/next-auth">
-        <img src="https://img.shields.io/npm/dm/next-auth?label=next-auth%20downloads" alt="Downloads" />
+        <img src="https://img.shields.io/npm/dm/next-auth?label=20downloads&style=flat-square" alt="Downloads" />
       </a>
    </p>
 </p>

apps/playground-sveltekit/README.md

@@ -1,76 +0,0 @@
-# SvelteKit + NextAuth.js Playground
-
-NextAuth.js is committed to bringing easy authentication to other frameworks. https://github.com/nextauthjs/next-auth/issues/2294
-
-SvelteKit support with NextAuth.js is currently experimental. This directory contains a minimal, proof-of-concept application. Parts of this is expected to be abstracted away into a package like `@next-auth/sveltekit`
-
-## Running this Demo
-
-- Copy `.env.example` to `.env`
-- In `.env`, set `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET`
-  - See [https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app))
-  - When creating the OAuth app, set "Homepage URL" to `http://localhost:5173` and Authorization callack URL to `http://localhost:5173/api/auth/callback/github`
-- In `.env`, set `NEXTAUTH_SECRET` to any random string
-- Build and run the application: `yarn build && yarn start`
-
-## Existing Project
-
-### Add API Route
-
-To add NextAuth.js to a project create a file called `[...nextauth]/+server.js` in routes/api/auth. This contains the dynamic route handler for NextAuth.js which will also contain all of your global NextAuth.js configurations.
-
-```ts
-import { NextAuth, options } from "$lib/next-auth"
-
-export const { GET, POST } = NextAuth(options)
-```
-
-### Add [hook](https://kit.svelte.dev/docs/hooks)
-
-```ts
-import type { Handle } from "@sveltejs/kit"
-import { getServerSession, options as nextAuthOptions } from "$lib/next-auth"
-
-export const handle: Handle = async function handle({
-  event,
-  resolve,
-}): Promise<Response> {
-  const session = await getServerSession(event.request, nextAuthOptions)
-  event.locals.session = session
-
-  return resolve(event)
-}
-```
-
-### Load Session from Primary Layout
-
-```ts
-// src/lib/routes/+layout.server.ts
-import type { LayoutServerLoad } from "./$types"
-
-export const load: LayoutServerLoad = ({ locals }) => {
-  return {
-    session: locals.session,
-  }
-}
-```
-
-### Protecting a Route
-
-```ts
-// src/lib/routes/protected/+page.ts
-import { redirect } from "@sveltejs/kit"
-import type { PageLoad } from "./$types"
-
-export const load: PageLoad = async ({ parent }) => {
-  const { session } = await parent()
-  if (!session?.user) {
-    throw redirect(302, "/")
-  }
-  return {}
-}
-```
-
-## Packaging lib
-
-Refer to https://kit.svelte.dev/docs/packaging

apps/playground-sveltekit/src/routes/+page.svelte

@@ -1,33 +0,0 @@
-<script>
-  import { signIn, signOut } from "@auth/sveltekit/client"
-  import { page } from "$app/stores"
-</script>
-
-<h1>SvelteKit Auth Example</h1>
-<p>
-  This is an example site to demonstrate how to use <a
-    href="https://kit.svelte.dev/">SvelteKit</a
-  >
-  with <a href="https://sveltekit.authjs.dev">SvelteKit Auth</a> for
-  authentication.
-
-  {#if $page.data.session}
-    {#if $page.data.session.user?.image}
-      <span
-        style="background-image: url('{$page.data.session.user.image}')"
-        class="avatar"
-      />
-    {/if}
-    <span class="signedInText">
-      <small>Signed in as</small><br />
-      <strong
-        >{$page.data.session.user?.email ??
-          $page.data.session.user?.name}</strong
-      >
-    </span>
-    <button on:click={() => signOut()} class="button">Sign out</button>
-  {:else}
-    <span class="notSignedInText">You are not signed in</span>
-    <button on:click={() => signIn("github")}>Sign In with GitHub</button>
-  {/if}
-</p>

docs/docs/adapters/dynamodb.md

@@ -1,147 +0,0 @@
----
-id: dynamodb
-title: DynamoDB
----
-
-# DynamoDB
-
-This is the AWS DynamoDB Adapter for next-auth. This package can only be used in conjunction with the primary next-auth package. It is not a standalone package.
-
-By default, the adapter expects a table with a partition key `pk` and a sort key `sk`, as well as a global secondary index named `GSI1` with `GSI1PK` as partition key and `GSI1SK` as sorting key. To automatically delete sessions and verification requests after they expire using [dynamodb TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) you should [enable the TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-how-to.html) with attribute name 'expires'. You can set whatever you want as the table name and the billing method.
-
-You can find the full schema in the table structure section below.
-
-## Getting Started
-
-1. Install `next-auth` and `@next-auth/dynamodb-adapter`
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/dynamodb-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-You need to pass `DynamoDBDocument` client from the modular [`aws-sdk`](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/dynamodb-example-dynamodb-utilities.html) v3 to the adapter.
-The default table name is `next-auth`, but you can customise that by passing `{ tableName: 'your-table-name' }` as the second parameter in the adapter.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import { DynamoDB } from "@aws-sdk/client-dynamodb"
-import { DynamoDBDocument } from "@aws-sdk/lib-dynamodb"
-import NextAuth from "next-auth";
-import Providers from "next-auth/providers";
-import { DynamoDBAdapter } from "@next-auth/dynamodb-adapter"
-
-const config: DynamoDBClientConfig = {
-  credentials: {
-    accessKeyId: process.env.NEXT_AUTH_AWS_ACCESS_KEY as string,
-    secretAccessKey: process.env.NEXT_AUTH_AWS_SECRET_KEY as string,
-  },
-  region: process.env.NEXT_AUTH_AWS_REGION,
-};
-
-const client = DynamoDBDocument.from(new DynamoDB(config), {
-  marshallOptions: {
-    convertEmptyValues: true,
-    removeUndefinedValues: true,
-    convertClassInstanceToMap: true,
-  },
-})
-
-export default NextAuth({
-  // Configure one or more authentication providers
-  providers: [
-    Providers.GitHub({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    Providers.Email({
-      server: process.env.EMAIL_SERVER,
-      from: process.env.EMAIL_FROM,
-    }),
-    // ...add more providers here
-  ],
-  adapter: DynamoDBAdapter(
-    client
-  ),
-  ...
-});
-```
-
-(AWS secrets start with `NEXT_AUTH_` in order to not conflict with [Vercel's reserved environment variables](https://vercel.com/docs/environment-variables#reserved-environment-variables).)
-
-## Schema
-
-The table respects the single table design pattern. This has many advantages:
-
-- Only one table to manage, monitor and provision.
-- Querying relations is faster than with multi-table schemas (for eg. retrieving all sessions for a user).
-- Only one table needs to be replicated, if you want to go multi-region.
-
-> This schema is adapted for use in DynamoDB and based upon our main [schema](/adapters/models)
-
-![DynamoDB Table](https://i.imgur.com/hGZtWDq.png)
-
-You can create this table with infrastructure as code using [`aws-cdk`](https://github.com/aws/aws-cdk) with the following table definition:
-
-```javascript title=stack.ts
-new dynamodb.Table(this, `NextAuthTable`, {
-  tableName: "next-auth",
-  partitionKey: { name: "pk", type: dynamodb.AttributeType.STRING },
-  sortKey: { name: "sk", type: dynamodb.AttributeType.STRING },
-  timeToLiveAttribute: "expires",
-}).addGlobalSecondaryIndex({
-  indexName: "GSI1",
-  partitionKey: { name: "GSI1PK", type: dynamodb.AttributeType.STRING },
-  sortKey: { name: "GSI1SK", type: dynamodb.AttributeType.STRING },
-})
-```
-
-Alternatively you can use this cloudformation template:
-
-```yaml title=cloudformation.yaml
-NextAuthTable:
-  Type: "AWS::DynamoDB::Table"
-  Properties:
-    TableName: next-auth
-    AttributeDefinitions:
-      - AttributeName: pk
-        AttributeType: S
-      - AttributeName: sk
-        AttributeType: S
-      - AttributeName: GSI1PK
-        AttributeType: S
-      - AttributeName: GSI1SK
-        AttributeType: S
-    KeySchema:
-      - AttributeName: pk
-        KeyType: HASH
-      - AttributeName: sk
-        KeyType: RANGE
-    GlobalSecondaryIndexes:
-      - IndexName: GSI1
-        Projection:
-          ProjectionType: ALL
-        KeySchema:
-          - AttributeName: GSI1PK
-            KeyType: HASH
-          - AttributeName: GSI1SK
-            KeyType: RANGE
-    TimeToLiveSpecification:
-      AttributeName: expires
-      Enabled: true
-```
-
-## Custom Schema
-
-You can configure your custom table schema by passing the `options` key to the adapter constructor:
-
-```
-const adapter = DynamoDBAdapter(client, {
-  tableName: "custom-table-name",
-  partitionKey: "custom-pk",
-  sortKey: "custom-sk",
-  indexName: "custom-index-name",
-  indexPartitionKey: "custom-index-pk",
-  indexSortKey: "custom-index-sk",
-})
-```

docs/docs/adapters/fauna.md

@@ -1,85 +0,0 @@
----
-id: fauna
-title: FaunaDB
----
-
-# FaunaDB
-
-This is the Fauna Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-You can find the Fauna schema and seed information in the docs at [next-auth.js.org/adapters/fauna](https://next-auth.js.org/adapters/fauna).
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/fauna-adapter faunadb
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { Client as FaunaClient } from "faunadb"
-import { FaunaAdapter } from "@next-auth/fauna-adapter"
-
-const client = new FaunaClient({
-  secret: "secret",
-  scheme: "http",
-  domain: "localhost",
-  port: 8443,
-})
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: FaunaAdapter(client)
-  ...
-})
-```
-
-## Schema
-
-Run the following commands inside of the `Shell` tab in the Fauna dashboard to setup the appropriate collections and indexes.
-
-```javascript
-CreateCollection({ name: "accounts" })
-CreateCollection({ name: "sessions" })
-CreateCollection({ name: "users" })
-CreateCollection({ name: "verification_tokens" })
-```
-
-```javascript
-CreateIndex({
-  name: "account_by_provider_and_provider_account_id",
-  source: Collection("accounts"),
-  unique: true,
-  terms: [
-    { field: ["data", "provider"] },
-    { field: ["data", "providerAccountId"] },
-  ],
-})
-CreateIndex({
-  name: "session_by_session_token",
-  source: Collection("sessions"),
-  unique: true,
-  terms: [{ field: ["data", "sessionToken"] }],
-})
-CreateIndex({
-  name: "user_by_email",
-  source: Collection("users"),
-  unique: true,
-  terms: [{ field: ["data", "email"] }],
-})
-CreateIndex({
-  name: "verification_token_by_identifier_and_token",
-  source: Collection("verification_tokens"),
-  unique: true,
-  terms: [{ field: ["data", "identifier"] }, { field: ["data", "token"] }],
-})
-```
-
-> This schema is adapted for use in Fauna and based upon our main [schema](/adapters/models)

docs/docs/adapters/firebase.md

@@ -1,91 +0,0 @@
----
-id: firebase
-title: Firebase
----
-
-# Firebase
-
-This is the Firebase (Firestore) Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/firebase-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { FirestoreAdapter } from "@next-auth/firebase-adapter"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-  ],
-  adapter: FirestoreAdapter({
-    apiKey: process.env.FIREBASE_API_KEY,
-    appId: process.env.FIREBASE_APP_ID,
-    authDomain: process.env.FIREBASE_AUTH_DOMAIN,
-    databaseURL: process.env.FIREBASE_DATABASE_URL,
-    projectId: process.env.FIREBASE_PROJECT_ID,
-    storageBucket: process.env.FIREBASE_STORAGE_BUCKET,
-    messagingSenderId: process.env.FIREBASE_MESSAGING_SENDER_ID,
-    // Optional emulator config (see below for options)
-    emulator: {},
-  }),
-  // ...
-});
-```
-
-## Options
-
-When initializing the firestore adapter, you must pass in the firebase config object with the details from your project. More details on how to obtain that config object can be found [here](https://support.google.com/firebase/answer/7015592).
-
-An example firebase config looks like this:
-
-```js
-const firebaseConfig = {
-  apiKey: "AIzaSyDOCAbC123dEf456GhI789jKl01-MnO",
-  authDomain: "myapp-project-123.firebaseapp.com",
-  databaseURL: "https://myapp-project-123.firebaseio.com",
-  projectId: "myapp-project-123",
-  storageBucket: "myapp-project-123.appspot.com",
-  messagingSenderId: "65211879809",
-  appId: "1:65211879909:web:3ae38ef1cdcb2e01fe5f0c",
-  measurementId: "G-8GSGZQ44ST",
-}
-```
-
-See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
-
-You can optionally pass in emulator options to automatically connect to your local Firebase emulator.
-
-```js
-FirestoreAdapter({
-  // ...
-  // Passing in an enable object will enable the emulator
-  emulator: {
-    // Optional host, defaults to `localhost`
-    host: 'localhost',
-  // Optional port, defaults to `3001`
-    port: 3001,
-  },
-}),
-```
-
-:::tip **From Firebase**
-
-**Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.
-
-For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object).
-:::

docs/docs/adapters/mikro-orm.md

@@ -1,113 +0,0 @@
----
-id: mikro-orm
-title: MikroORM
----
-
-To use this Adapter, you need to install Mikro ORM, the driver that suits your database, and the separate `@next-auth/mikro-orm-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/mikro-orm-adapter @mikro-orm/core @mikro-orm/[YOUR DRIVER]
-```
-
-Configure NextAuth.js to use the MikroORM Adapter:
-
-```typescript title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import { MikroOrmAdapter } from "@next-auth/mikro-orm-adapter"
-
-export default NextAuth({
-  adapter: MikroOrmAdapter({
-    // MikroORM options object. Ref: https://mikro-orm.io/docs/next/configuration#driver
-    dbName: "./db.sqlite",
-    type: "sqlite",
-    debug: process.env.DEBUG === "true" || process.env.DEBUG?.includes("db"),
-  }),
-  providers: [],
-})
-```
-
-## Setup
-
-### Passing custom entities
-
-The MikroORM adapter ships with its own set of entities. If you'd like to extend them, you can optionally pass them to the adapter.
-
-> This schema is adapted for use in MikroORM and based upon our main [schema](/adapters/models)
-
-```typescript title="pages/api/auth/[...nextauth].ts"
-import config from "config/mikro-orm.ts"
-import {
-  Cascade,
-  Collection,
-  Entity,
-  OneToMany,
-  PrimaryKey,
-  Property,
-  Unique,
-} from "@mikro-orm/core"
-import { defaultEntities } from "@next-auth/mikro-orm-adapter"
-
-const { Account, Session } = defaultEntities
-
-@Entity()
-export class User implements defaultEntities.User {
-  @PrimaryKey()
-  id: string = randomUUID()
-
-  @Property({ nullable: true })
-  name?: string
-
-  @Property({ nullable: true })
-  @Unique()
-  email?: string
-
-  @Property({ type: "Date", nullable: true })
-  emailVerified: Date | null = null
-
-  @Property({ nullable: true })
-  image?: string
-
-  @OneToMany({
-    entity: () => Session,
-    mappedBy: (session) => session.user,
-    hidden: true,
-    orphanRemoval: true,
-    cascade: [Cascade.ALL],
-  })
-  sessions = new Collection<Session>(this)
-
-  @OneToMany({
-    entity: () => Account,
-    mappedBy: (account) => account.user,
-    hidden: true,
-    orphanRemoval: true,
-    cascade: [Cascade.ALL],
-  })
-  accounts = new Collection<Account>(this)
-
-  @Enum({ hidden: true })
-  role = "ADMIN"
-}
-
-export default NextAuth({
-  adapter: MikroOrmAdapter(config, { entities: { User } }),
-})
-```
-
-### Including the default entities in your MikroORM config
-
-You may want to include the defaultEntities in your MikroORM configuration to include them in Migrations etc.
-
-To achieve that include them in your "entities" array:
-
-```typescript title="config/mikro-orm.ts"
-import { Options } from "@mikro-orm/core";
-import { defaultEntities } from "@next-auth/mikro-orm-adapter"
-
-const config: Options = {
-  ...
-  entities: [VeryImportantEntity, ...Object.values(defaultEntities)],
-};
-
-export default config;
-```

docs/docs/adapters/models.md

@@ -1,118 +0,0 @@
----
-id: models
-title: Models
----
-
-NextAuth.js can be used with any database. Models tell you what structures NextAuth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this. Each adapter's model/schema will be slightly adapted for its needs, but will look very much like this schema below:
-
-```mermaid
-erDiagram
-  User ||--|{ Account : ""
-  User {
-  string id
-  string name
-  string email
-  timestamp emailVerified
-  string image
-  }
-  User ||--|{ Session : ""
-  Session {
-  string id
-  timestamp expires
-  string sessionToken
-  string userId
-  }
-  Account {
-  string id
-  string userId
-  string type
-  string provider
-  string providerAccountId
-  string refresh_token
-  string access_token
-  int expires_at
-  string token_type
-  string scope
-  string id_token
-  string session_state
-  string oauth_token_secret
-  string oauth_token
-  }
-  VerificationToken {
-  string identifier
-  string token
-  timestamp expires
-  }
-```
-
-More information about each Model / Table can be found below.
-
-:::note
-You can [create your own adapter](/tutorials/creating-a-database-adapter) if you want to use NextAuth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
-:::
-
----
-
-## User
-
-The User model is for information such as the user's name and email address.
-
-Email address is optional, but if one is specified for a User then it must be unique.
-
-:::note
-If a user first signs in with OAuth then their email address is automatically populated using the one from their OAuth profile, if the OAuth provider returns one.
-
-This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in future (if the [Email Provider](/providers/email) is configured).
-:::
-
-User creation in the database is automatic, and happens when the user is logging in for the first time with a provider. The default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider's `profile()`](/configuration/providers/oauth#options) callback.
-
-## Account
-
-The Account model is for information about OAuth accounts associated with a User. It will usually contain `access_token`, `id_token` and other OAuth specific data. [`TokenSet`](https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-tokensetinput) from `openid-client` might give you an idea of all the fields.
-
-:::note
-In case of an OAuth 1.0 provider (like Twitter), you will have to look for `oauth_token` and `oauth_token_secret` string fields. GitHub also has an extra `refresh_token_expires_in` integer field. You have to make sure that your database schema includes these fields.
-:::
-
-A single User can have multiple Accounts, but each Account can only have one User.
-
-Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/faq#security) for more information why this is a requirement.
-
-:::tip
-You can manually unlink accounts, if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
-:::
-
-:::note
-Linking and unlinking accounts through an API is a planned feature: https://github.com/nextauthjs/next-auth/issues/230
-:::
-
-## Session
-
-The Session model is used for database sessions. It is not used if JSON Web Tokens are enabled. Keep in mind, that you can use a database to persist Users and Accounts, and still use JWT for sessions. See the [`session.strategy`](/configuration/options#session) option.
-
-A single User can have multiple Sessions, each Session can only have one User.
-
-:::tip
-When a Session is read, we check if it's `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
-:::
-
-## Verification Token
-
-The Verification Token model is used to store tokens for passwordless sign in.
-
-A single User can have multiple open Verification Tokens (e.g. to sign in to different devices).
-
-It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / short codes).
-
-:::note
-NextAuth.js makes sure that every token is usable only once, and by default has a short (1 day, can be configured by [`maxAge`](/configuration/providers/email#options)) lifetime. If your user did not manage to finish the sign-in flow in time, they will have to start the sign-in process again.
-:::
-
-:::tip
-Due to users forgetting or failing at the sign-in flow, you might end up with unwanted rows in your database, that you might have to periodically clean up to avoid filling the database up with unnecessary data.
-:::
-
-## RDBMS Naming Convention
-
-In the NextAuth.js v4 some schemas for the providers which support classic RDBMS type databases, like Prisma and TypeORM, have ended up with column names with mixed casing, i.e. snake_case and camelCase. If this is an issue for you or your underlying database system, please take a look at the "Naming Convention" section in the Prisma or TypeORM page.

docs/docs/adapters/neo4j.md

@@ -1,117 +0,0 @@
----
-id: neo4j
-title: Neo4j
----
-
-# Neo4j
-
-This is the Neo4j Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/neo4j-adapter neo4j-driver
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import neo4j from "neo4j-driver"
-import { Neo4jAdapter } from "@next-auth/neo4j-adapter"
-
-const driver = neo4j.driver(
-  "bolt://localhost",
-  neo4j.auth.basic("neo4j", "password")
-)
-
-const neo4jSession = driver.session()
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [],
-  adapter: Neo4jAdapter(neo4jSession),
-  ...
-})
-```
-
-## Schema
-
-### Node labels
-
-The following node labels are used.
-
-- User
-- Account
-- Session
-- VerificationToken
-
-### Relationships
-
-The following relationships and relationship labels are used.
-
-- (:User)-[:HAS_ACCOUNT]->(:Account)
-- (:User)-[:HAS_SESSION]->(:Session)
-
-### Properties
-
-This schema is adapted for use in Neo4J and is based upon our main [models](/adapters/models). Please check there for the node properties. Relationships have no properties.
-
-### Indexes
-
-Optimum indexes will vary on your edition of Neo4j i.e. community or enterprise, and in case you have your own additional data on the nodes. Below are basic suggested indexes.
-
-1. For **both** Community Edition & Enterprise Edition create constraints and indexes
-
-```cypher
-
-CREATE CONSTRAINT user_id_constraint IF NOT EXISTS
-ON (u:User) ASSERT u.id IS UNIQUE;
-
-CREATE INDEX user_id_index IF NOT EXISTS
-FOR (u:User) ON (u.id);
-
-CREATE INDEX user_email_index IF NOT EXISTS
-FOR (u:User) ON (u.email);
-
-CREATE CONSTRAINT session_session_token_constraint IF NOT EXISTS
-ON (s:Session) ASSERT s.sessionToken IS UNIQUE;
-
-CREATE INDEX session_session_token_index IF NOT EXISTS
-FOR (s:Session) ON (s.sessionToken);
-```
-
-2.a. For Community Edition **only** create single-property indexes
-
-```cypher
-CREATE INDEX account_provider_index IF NOT EXISTS
-FOR (a:Account) ON (a.provider);
-
-CREATE INDEX account_provider_account_id_index IF NOT EXISTS
-FOR (a:Account) ON (a.providerAccountId);
-
-CREATE INDEX verification_token_identifier_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.identifier);
-
-CREATE INDEX verification_token_token_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.token);
-```
-
-2.b. For Enterprise Edition **only** create composite node key constraints and indexes
-
-```cypher
-CREATE CONSTRAINT account_provider_composite_constraint IF NOT EXISTS
-ON (a:Account) ASSERT (a.provider, a.providerAccountId) IS NODE KEY;
-
-CREATE INDEX account_provider_composite_index IF NOT EXISTS
-FOR (a:Account) ON (a.provider, a.providerAccountId);
-
-CREATE CONSTRAINT verification_token_composite_constraint IF NOT EXISTS
-ON (v:VerificationToken) ASSERT (v.identifier, v.token) IS NODE KEY;
-
-CREATE INDEX verification_token_composite_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.identifier, v.token);
-```

docs/docs/adapters/overview.md

@@ -1,54 +0,0 @@
----
-id: overview
-title: Overview
----
-
-An **Adapter** in NextAuth.js connects your application to whatever database or backend system you want to use to store data for users, their accounts, sessions, etc. Adapters are optional, unless you need to persist user information in your own database, or you want to implement certain flows. The [Email Provider](/providers/email) requires an adapter to be able to save [Verification Tokens](/adapters/models#verification-token).
-
-:::tip
-When using a database, you can still use JWT for session handling for fast access. See the [`session.strategy`](/configuration/options#session) option. Read about the trade-offs of JWT in the [FAQ](/faq#json-web-tokens).
-:::
-
-We have a list of official adapters that are distributed as their own packages under the `@next-auth/{name}-adapter` namespace. Their source code is available in their various adapters package directories at [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth/tree/main/packages).
-
-- [`xata`](./xata)
-- [`prisma`](./prisma)
-- [`fauna`](./fauna)
-- [`dynamodb`](./dynamodb)
-- [`firebase`](./firebase)
-- [`pouchdb`](./pouchdb)
-- [`mongodb`](./mongodb)
-- [`neo4j`](./neo4j)
-- [`typeorm-legacy`](./typeorm)
-- [`sequelize`](./sequelize)
-- [`supabase`](./supabase)
-- [`dgraph`](./dgraph)
-- [`upstash-redis`](./upstash-redis)
-
-## Custom Adapter
-
-If you have a database/backend that we don't officially support, you can create your own adapter.
-See the tutorial for [creating a database Adapter](/tutorials/creating-a-database-adapter) for more information.
-
-:::tip
-If you would like to see a new adapter in the official repository, please [open a PR](https://github.com/nextauthjs/next-auth/issues/new) and we will help you to get it merged. Tell us if you are interested in becoming one of the maintainers of any of the official adapters.
-:::
-
-### Editor integration
-
-Adapters are strongly typed, and they rely on the single `Adapter` interface imported from `next-auth/adapters`.
-
-When writing your own custom Adapter in plain JavaScript, note that you can use **JSDoc** to get helpful editor hints and auto-completion like so:
-
-```js
-/** @return { import("next-auth/adapters").Adapter } */
-function MyAdapter() {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-:::note
-This will work in code editors with a strong TypeScript integration like VSCode or WebStorm. It might not work if you're using more lightweight editors like VIM or Atom.
-:::

docs/docs/adapters/pouchdb.md

@@ -1,65 +0,0 @@
----
-id: pouchdb
-title: PouchDB
----
-
-# PouchDB
-
-:::warning
-This adapter is still experimental and does not work with NextAuth.js 4 or newer. If you would like to help out upgrading it, please [open a PR](https://github.com/nextauthjs/next-auth/tree/main/packages)
-:::
-
-This is the PouchDB Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-Depending on your architecture you can use PouchDB's http adapter to reach any database compliant with the CouchDB protocol (CouchDB, Cloudant, ...) or use any other PouchDB compatible adapter (leveldb, in-memory, ...)
-
-## Getting Started
-
-> **Prerequisites**: Your PouchDB instance MUST provide the `pouchdb-find` plugin since it is used internally by the adapter to build and manage indexes
-
-1. Install `next-auth` and `@next-auth/pouchdb-adapter`
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/pouchdb-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { PouchDBAdapter } from "@next-auth/pouchdb-adapter"
-import PouchDB from "pouchdb"
-
-// Setup your PouchDB instance and database
-PouchDB.plugin(require("pouchdb-adapter-leveldb")) // Any other adapter
-  .plugin(require("pouchdb-find")) // Don't forget the `pouchdb-find` plugin
-
-const pouchdb = new PouchDB("auth_db", { adapter: "leveldb" })
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-  ],
-  adapter: PouchDBAdapter(pouchdb),
-  // ...
-})
-```
-
-## Advanced
-
-### Memory-First Caching Strategy
-
-If you need to boost your authentication layer performance, you may use PouchDB's powerful sync features and various adapters, to build a memory-first caching strategy.
-
-Use an in-memory PouchDB as your main authentication database, and synchronize it with any other persisted PouchDB. You may do a one way, one-off replication at startup from the persisted PouchDB into the in-memory PouchDB, then two-way, continuous, retriable sync.
-
-This will most likely not increase performance much in a serverless environment due to various reasons such as concurrency, function startup time increases, etc.
-
-For more details, please see https://pouchdb.com/api.html#sync

docs/docs/adapters/prisma.md

@@ -1,226 +0,0 @@
----
-id: prisma
-title: Prisma
----
-
-# Prisma
-
-To use this Adapter, you need to install Prisma Client, Prisma CLI, and the separate `@next-auth/prisma-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install next-auth @prisma/client @next-auth/prisma-adapter
-npm install prisma --save-dev
-```
-
-Create a file with your Prisma Client:
-
-```typescript title="lib/prismadb.ts"
-import { PrismaClient } from "@prisma/client"
-
-declare global {
-  var prisma: PrismaClient | undefined
-}
-
-const client = globalThis.prisma || new PrismaClient()
-if (process.env.NODE_ENV !== "production") globalThis.prisma = client
-
-export default client
-```
-
-Configure your NextAuth.js to use the Prisma Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
-import prisma from "../../../lib/prismadb"
-
-export default NextAuth({
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-Schema for the Prisma Adapter (`@next-auth/prisma-adapter`)
-
-## Setup
-
-### Create the Prisma schema
-
-You need to use at least Prisma 2.26.0. Create a schema file in `prisma/schema.prisma` similar to this one:
-
-> This schema is adapted for use in Prisma and based upon our main [schema](/adapters/models)
-
-```json title="schema.prisma"
-datasource db {
-  provider = "postgresql"
-  url      = env("DATABASE_URL")
-  shadowDatabaseUrl = env("SHADOW_DATABASE_URL") // Only needed when using a cloud provider that doesn't support the creation of new databases, like Heroku. Learn more: https://pris.ly/migrate-shadow
-}
-
-generator client {
-  provider        = "prisma-client-js"
-  previewFeatures = ["referentialActions"] // You won't need this in Prisma 3.X or higher.
-}
-
-model Account {
-  id                 String  @id @default(cuid())
-  userId             String
-  type               String
-  provider           String
-  providerAccountId  String
-  refresh_token      String?  @db.Text
-  access_token       String?  @db.Text
-  expires_at         Int?
-  token_type         String?
-  scope              String?
-  id_token           String?  @db.Text
-  session_state      String?
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@unique([provider, providerAccountId])
-}
-
-model Session {
-  id           String   @id @default(cuid())
-  sessionToken String   @unique
-  userId       String
-  expires      DateTime
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-}
-
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  accounts      Account[]
-  sessions      Session[]
-}
-
-model VerificationToken {
-  identifier String
-  token      String   @unique
-  expires    DateTime
-
-  @@unique([identifier, token])
-}
-```
-
-:::note
-When using the MySQL connector for Prisma, the [Prisma `String` type](https://www.prisma.io/docs/reference/api-reference/prisma-schema-reference#string) gets mapped to `varchar(191)` which may not be long enough to store fields such as `id_token` in the `Account` model. This can be avoided by explicitly using the `Text` type with `@db.Text`.
-:::
-
-### Create the database schema with Prisma Migrate
-
-**Warning:** Make sure to back up your database before running using Prisma Migrate.
-
-```
-npx prisma migrate dev
-```
-
-This will create an SQL migration file and execute it.
-
-Note that you will need to specify your database connection string in the environment variable `DATABASE_URL`. You can do this by setting it in a `.env` file at the root of your project.
-
-To learn more about [Prisma Migrate](https://www.prisma.io/migrate), check out the [Migrate docs](https://www.prisma.io/docs/concepts/components/prisma-migrate).
-
-### Generate Client
-
-Once you have saved your schema, use the Prisma CLI to generate the Prisma Client:
-
-```
-npx prisma generate
-```
-
-To configure your database to use the new schema (i.e. create tables and columns) use the `prisma migrate` command:
-
-```
-npx prisma migrate dev
-```
-
-### MongoDB
-
-Prisma supports MongoDB, and so does NextAuth.js. Following the instructions of the [Prisma documentation](https://www.prisma.io/docs/concepts/database-connectors/mongodb) on the MongoDB connector, things you have to change are:
-
-1. Make sure that the id fields are mapped correctly
-
-```prisma
-id  String  @id @default(auto()) @map("_id") @db.ObjectId
-```
-
-2. The Native database type attribute to `@db.String` from `@db.Text`.
-
-```prisma
-refresh_token      String?  @db.String
-access_token       String?  @db.String
-id_token           String?  @db.String
-```
-
-Everything else should be the same.
-
-## Naming Conventions
-
-If mixed snake_case and camelCase column names is an issue for you and/or your underlying database system, we recommend using Prisma's `@map()`([see the documentation here](https://www.prisma.io/docs/concepts/components/prisma-schema/names-in-underlying-database)) feature to change the field names. This won't affect NextAuth.js, but will allow you to customize the column names to whichever naming convention you wish.
-
-For example, moving to `snake_case` and plural table names.
-
-```json title="schema.prisma"
-model Account {
-  id                 String  @id @default(cuid())
-  userId             String  @map("user_id")
-  type               String
-  provider           String
-  providerAccountId  String  @map("provider_account_id")
-  refresh_token      String? @db.Text
-  access_token       String? @db.Text
-  expires_at         Int?
-  token_type         String?
-  scope              String?
-  id_token           String? @db.Text
-  session_state      String?
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@unique([provider, providerAccountId])
-  @@map("accounts")
-}
-
-model Session {
-  id           String   @id @default(cuid())
-  sessionToken String   @unique @map("session_token")
-  userId       String   @map("user_id")
-  expires      DateTime
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@map("sessions")
-}
-
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime? @map("email_verified")
-  image         String?
-  accounts      Account[]
-  sessions      Session[]
-
-  @@map("users")
-}
-
-model VerificationToken {
-  identifier String
-  token      String   @unique
-  expires    DateTime
-
-  @@unique([identifier, token])
-  @@map("verificationtokens")
-}
-```

docs/docs/adapters/sequelize.md

@@ -1,88 +0,0 @@
----
-id: sequelize
-title: Sequelize
----
-
-# Sequelize
-
-This is the Sequelize Adapter for [`next-auth`](https://next-auth.js.org).
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/sequelize-adapter sequelize
-```
-
-:::warning
-You'll also have to manually install [the driver for your database](https://sequelize.org/master/manual/getting-started.html) of choice.
-:::
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import SequelizeAdapter from "@next-auth/sequelize-adapter"
-import { Sequelize } from "sequelize"
-
-// https://sequelize.org/master/manual/getting-started.html#connecting-to-a-database
-const sequelize = new Sequelize("yourconnectionstring")
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: SequelizeAdapter(sequelize),
-})
-```
-
-## Updating the database schema
-
-By default, the sequelize adapter will not create tables in your database. In production, best practice is to create the [required tables](https://next-auth.js.org/adapters/models) in your database via [migrations](https://sequelize.org/master/manual/migrations.html). In development, you are able to call [`sequelize.sync()`](https://sequelize.org/master/manual/model-basics.html#model-synchronization) to have sequelize create the necessary tables, foreign keys and indexes:
-
-> This schema is adapted for use in Sequelize and based upon our main [schema](/adapters/models)
-
-```js
-import NextAuth from "next-auth"
-import SequelizeAdapter from "@next-auth/sequelize-adapter"
-import Sequelize from 'sequelize'
-
-const sequelize = new Sequelize("sqlite::memory:")
-const adapter = SequelizeAdapter(sequelize)
-
-// Calling sync() is not recommended in production
-sequelize.sync()
-
-export default NextAuth({
-  ...
-  adapter
-  ...
-})
-```
-
-## Using custom models
-
-Sequelize models are option to customization like so:
-
-```js
-import NextAuth from "next-auth"
-import SequelizeAdapter, { models } from "@next-auth/sequelize-adapter"
-import Sequelize, { DataTypes } from "sequelize"
-
-const sequelize = new Sequelize("sqlite::memory:")
-
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: SequelizeAdapter(sequelize, {
-    models: {
-      User: sequelize.define("user", {
-        ...models.User,
-        phoneNumber: DataTypes.STRING,
-      }),
-    },
-  }),
-})
-```

docs/docs/adapters/typeorm.md

@@ -1,237 +0,0 @@
----
-id: typeorm
-title: TypeORM
----
-
-# TypeORM
-
-This Adapter is used to support SQL-flavored databases (like SQLite, MySQL, MSSQL, MariaDB, CockroachDB, etc.) through [TypeORM](https://typeorm.io).
-
-:::note
-If you previously used this Adapter with MongoDB, check out the [MongoDB Adapter](/adapters/mongodb) instead.
-:::
-
-:::note
-In the future, we might split up this adapter to support single flavors of SQL for easier maintenance and reduced bundle size.
-:::
-
-## Usage
-
-:::warning
-[`typeorm`](https://github.com/typeorm/typeorm) is still in active development and has not yet published a stable release. Because of this, you can expect breaking changes in minor versions. This adapter expects `typeorm@0.3.7` and is not validated against previous or future releases.
-:::
-
-To use this Adapter, you need to install the following packages:
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/typeorm-legacy-adapter typeorm
-```
-
-Configure your NextAuth.js to use the TypeORM Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter("yourconnectionstring"),
-  ...
-})
-```
-
-`TypeORMLegacyAdapter` takes either a connection string, or a [`DataSourceOptions`](https://github.com/typeorm/typeorm/blob/master/docs/data-source-options.md) object as its first parameter.
-
-## Custom models
-
-The TypeORM adapter uses [`Entity` classes](https://github.com/typeorm/typeorm/blob/master/docs/entities.md) to define the shape of your data.
-
-If you want to override the default entities (for example to add a `role` field to your `UserEntity`), you will have to do the following:
-
-> This schema is adapted for use in TypeORM and based upon our main [schema](/adapters/models)
-
-1. Create a file containing your modified entities:
-
-(The file below is based on the [default entities](https://github.com/nextauthjs/next-auth/blob/main/packages/adapter-typeorm-legacy/src/entities.ts))
-
-```diff title="lib/entities.ts"
-import {
-  Entity,
-  PrimaryGeneratedColumn,
-  Column,
-  ManyToOne,
-  OneToMany,
-  ValueTransformer,
-} from "typeorm"
-
-const transformer: Record<"date" | "bigint", ValueTransformer> = {
-  date: {
-    from: (date: string | null) => date && new Date(parseInt(date, 10)),
-    to: (date?: Date) => date?.valueOf().toString(),
-  },
-  bigint: {
-    from: (bigInt: string | null) => bigInt && parseInt(bigInt, 10),
-    to: (bigInt?: number) => bigInt?.toString(),
-  },
-}
-
-@Entity({ name: "users" })
-export class UserEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ type: "varchar", nullable: true })
-  name!: string | null
-
-  @Column({ type: "varchar", nullable: true, unique: true })
-  email!: string | null
-
-  @Column({ type: "varchar", nullable: true, transformer: transformer.date })
-  emailVerified!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  image!: string | null
-
-+ @Column({ type: "varchar", nullable: true })
-+ role!: string | null
-
-  @OneToMany(() => SessionEntity, (session) => session.userId)
-  sessions!: SessionEntity[]
-
-  @OneToMany(() => AccountEntity, (account) => account.userId)
-  accounts!: AccountEntity[]
-}
-
-@Entity({ name: "accounts" })
-export class AccountEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ type: "uuid" })
-  userId!: string
-
-  @Column()
-  type!: string
-
-  @Column()
-  provider!: string
-
-  @Column()
-  providerAccountId!: string
-
-  @Column({ type: "varchar", nullable: true })
-  refresh_token!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  access_token!: string | null
-
-  @Column({
-    nullable: true,
-    type: "bigint",
-    transformer: transformer.bigint,
-  })
-  expires_at!: number | null
-
-  @Column({ type: "varchar", nullable: true })
-  token_type!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  scope!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  id_token!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  session_state!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  oauth_token_secret!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  oauth_token!: string | null
-
-  @ManyToOne(() => UserEntity, (user) => user.accounts, {
-    createForeignKeyConstraints: true,
-  })
-  user!: UserEntity
-}
-
-@Entity({ name: "sessions" })
-export class SessionEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ unique: true })
-  sessionToken!: string
-
-  @Column({ type: "uuid" })
-  userId!: string
-
-  @Column({ transformer: transformer.date })
-  expires!: string
-
-  @ManyToOne(() => UserEntity, (user) => user.sessions)
-  user!: UserEntity
-}
-
-@Entity({ name: "verification_tokens" })
-export class VerificationTokenEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column()
-  token!: string
-
-  @Column()
-  identifier!: string
-
-  @Column({ transformer: transformer.date })
-  expires!: string
-}
-```
-
-2. Pass them to `TypeORMLegacyAdapter`
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-import * as entities from "lib/entities"
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter("yourconnectionstring", { entities }),
-  ...
-})
-```
-
-:::tip Synchronize your database ♻
-The `synchronize: true` option in TypeORM will generate SQL that exactly matches the entities. This will automatically apply any changes it finds in the entity model. This is a useful option in development.
-:::
-
-:::warning Using synchronize in production
-`synchronize: true` should not be enabled against production databases as it may cause data loss if the configured schema does not match the expected schema! We recommend that you synchronize/migrate your production database at build-time.
-:::
-
-## Naming Conventions
-
-If mixed snake_case and camelCase column names are an issue for you and/or your underlying database system, we recommend using TypeORM's naming strategy feature to change the target field names. There is a package called `typeorm-naming-strategies` which includes a `snake_case` strategy which will translate the fields from how NextAuth.js expects them, to snake_case in the actual database.
-
-For example, you can add the naming convention option to the connection object in your NextAuth config.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-import { SnakeNamingStrategy } from 'typeorm-naming-strategies'
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter({
-    type: "mysql",
-    host: "localhost",
-    port: 3306,
-    username: "test",
-    password: "test",
-    database: "test",
-    namingStrategy: new SnakeNamingStrategy()
-  }),
-  ...
-})
-```

docs/docs/adapters/upstash-redis.md

@@ -1,69 +0,0 @@
----
-id: upstash-redis
-title: Upstash Redis
----
-
-# Upstash Redis
-
-To use this Adapter, you need to install `@upstash/redis` and `@next-auth/upstash-redis-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install @upstash/redis @next-auth/upstash-redis-adapter
-```
-
-Configure your NextAuth.js to use the Upstash Redis Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { UpstashRedisAdapter } from "@next-auth/upstash-redis-adapter"
-import { Redis } from "@upstash/redis"
-
-const redis = new Redis({
-  url: process.env.UPSTASH_REDIS_URL,
-  token: process.env.UPSTASH_REDIS_TOKEN
-})
-
-export default NextAuth({
-  adapter: UpstashRedisAdapter(redis),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-## Using Multiple Apps with a Single Upstash Redis Instance
-
-The Upstash free-tier allows for only one Redis instance. If you have multiple Next-Auth connected apps using this instance, you need different key prefixes for every app.
-
-You can change the prefixes by passing an `options` object as the second argument to the adapter factory function.
-
-The default values for this object are:
-
-```js
-const defaultOptions = {
-  baseKeyPrefix: "",
-  accountKeyPrefix: "user:account:",
-  accountByUserIdPrefix: "user:account:by-user-id:",
-  emailKeyPrefix: "user:email:",
-  sessionKeyPrefix: "user:session:",
-  sessionByUserIdKeyPrefix: "user:session:by-user-id:",
-  userKeyPrefix: "user:",
-  verificationTokenKeyPrefix: "user:token:",
-}
-```
-
-Usually changing the `baseKeyPrefix` should be enough for this scenario, but for more custom setups, you can also change the prefixes of every single key.
-
-Example:
-
-```js
-export default NextAuth({
-  ...
-  adapter: UpstashRedisAdapter(redis, {baseKeyPrefix: "app2:"})
-  ...
-})
-```

docs/docs/concepts/faq.md

@@ -21,7 +21,7 @@ It is not commercial software and is not associated with a commercial organizati
 </summary>
 <p>
 
-You can use NextAuth.js with MySQL, MariaDB, Postgres, MongoDB and SQLite or without a database. (See also: [Databases](/configuration/databases))
+You can use NextAuth.js with MySQL, MariaDB, Postgres, MongoDB and SQLite or without a database. (See our [using a database adapter guide](/guides/adapters/using-a-database-adapter)).
 
 You can use also NextAuth.js with any database using a custom database adapter, or by using a custom credentials authentication provider - e.g. to support signing in with a username and password stored in an existing database.
 
@@ -36,7 +36,7 @@ You can use also NextAuth.js with any database using a custom database adapter,
 
 <p>NextAuth.js includes built-in support for signing in with&nbsp;
 --------- DISPLAY PROVIDERS HERE ----------
-(See also: <a href="/configuration/providers/oauth">Providers</a>)
+(See also: <a href="/reference/providers/oauth-builtin">Providers</a>)
 </p>
 
 NextAuth.js also supports email for passwordless sign in, which is useful for account recovery or for people who are not able to use an account with the configured OAuth services (e.g. due to service outage, account suspension or otherwise becoming locked out of an account).
@@ -71,7 +71,7 @@ NextAuth.js is designed for use with Next.js and Serverless.
 
 If you are using a different framework for your website, you can create a website that handles sign in with Next.js and then access those sessions on a website that does not use Next.js as long as the websites are on the same domain.
 
-If you use NextAuth.js on a website with a different subdomain then the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/configuration/options#cookies))
+If you use NextAuth.js on a website with a different subdomain then the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/reference/configuration/auth-config#cookies))
 
 NextAuth.js does not currently support automatically signing into sites on different top level domains (e.g. `www.example.com` vs `www.example.org`) using a single session.
 
@@ -108,7 +108,7 @@ Yes! Check out the [TypeScript docs](/getting-started/typescript)
 </summary>
 <p>
 
-[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to the [this page](/configuration/nextjs#middleware)
+[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to the [this page](/reference/nextjs/#middleware)
 
 </p>
 </details>
@@ -175,7 +175,7 @@ If you are deploying directly to a particular cloud platform you may also want t
 
 ## Security
 
-Parts of this section has been moved to its [own page](/security).
+Parts of this section has been moved to its [own page](/getting-started/security).
 
 <details>
 <summary>
@@ -192,7 +192,7 @@ NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by
 
 You can then look them up from the database or persist them to the JSON Web Token.
 
-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.
+Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/guides/basics/refresh-token-rotation) if you want to implement it.
 
 We also have an [example repository](https://github.com/nextauthjs/next-auth-refresh-token-example) / project based upon NextAuth.js v4 where we demonstrate how to use a refresh token to refresh the provided access token.
 
@@ -270,7 +270,7 @@ Ultimately if your request is not accepted or is not actively in development, yo
 </summary>
 <p>
 
-NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/adapters/overview), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/configuration/options#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
+NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/guides/adapters/using-a-database-adapter), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/reference/configuration/auth-config#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
 
 </p>
 </details>
@@ -316,7 +316,6 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot
 
 - If you do not explicitly specify a secret for for NextAuth.js, existing sessions will be invalidated any time your NextAuth.js configuration changes, as NextAuth.js will default to an auto-generated secret. Since v4 this only impacts development and generating a secret is required in production.
 
-
 </p>
 </details>
 

docs/docs/concepts/oauth.md

@@ -1,6 +1,7 @@
 ---
 title: How OAuth works
 ---
+
 Authentication Providers in **NextAuth.js** are OAuth definitions that allow your users to sign in with their favorite preexisting logins. You can use any of our many predefined providers, or write your own custom OAuth configuration.
 
 - [Using a built-in OAuth Provider](#built-in-providers) (e.g Github, Twitter, Google, etc...)
@@ -47,4 +48,4 @@ sequenceDiagram
     App Server->>Browser: You're now logged in!
 ```
 
-For more details, check out Aaron Parecki's blog post [OAuth2 Simplified](https://aaronparecki.com/oauth-2-simplified/) or Postman's blog post [OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead](https://blog.postman.com/pkce-oauth-how-to/).
+For more details, check out Aaron Parecki's blog post [OAuth2 Simplified](https://aaronparecki.com/oauth-2-simplified/) or Postman's blog post [OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead](https://blog.postman.com/pkce-oauth-how-to/).

docs/docs/configuration/callbacks.md

@@ -1,170 +0,0 @@
----
-id: callbacks
-title: Callbacks
----
-
-Callbacks are **asynchronous** functions you can use to control what happens when an action is performed.
-
-Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as they allow you to implement access controls without a database and to integrate with external databases or APIs.
-
-:::tip
-If you want to pass data such as an Access Token or User ID to the browser when using JSON Web Tokens, you can persist the data in the token when the `jwt` callback is called, then pass the data through to the browser in the `session` callback.
-:::
-
-You can specify a handler for any of the callbacks below.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-  callbacks: {
-    async signIn({ user, account, profile, email, credentials }) {
-      return true
-    },
-    async redirect({ url, baseUrl }) {
-      return baseUrl
-    },
-    async session({ session, user, token }) {
-      return session
-    },
-    async jwt({ token, user, account, profile, isNewUser }) {
-      return token
-    }
-...
-}
-```
-
-The documentation below shows how to implement each callback, their default behaviour and an example of what the response for each callback should be. Note that configuration options and authentication providers you are using can impact the values passed to the callbacks.
-
-## Sign in callback
-
-Use the `signIn()` callback to control if a user is allowed to sign in.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async signIn({ user, account, profile, email, credentials }) {
-    const isAllowedToSignIn = true
-    if (isAllowedToSignIn) {
-      return true
-    } else {
-      // Return false to display a default error message
-      return false
-      // Or you can return a URL to redirect to:
-      // return '/unauthorized'
-    }
-  }
-}
-...
-```
-
-- When using the **Email Provider** the `signIn()` callback is triggered both when the user makes a **Verification Request** (before they are sent an email with a link that will allow them to sign in) and again _after_ they activate the link in the sign-in email.
-
-  Email accounts do not have profiles in the same way OAuth accounts do. On the first call during email sign in the `email` object will include a property `verificationRequest: true` to indicate it is being triggered in the verification request flow. When the callback is invoked _after_ a user has clicked on a sign-in link, this property will not be present.
-
-  You can check for the `verificationRequest` property to avoid sending emails to addresses or domains on a blocklist (or to only explicitly generate them for email address in an allow list).
-
-* When using the **Credentials Provider** the `user` object is the response returned from the `authorize` callback and the `profile` object is the raw body of the `HTTP POST` submission.
-
-:::note
-When using NextAuth.js with a database, the User object will be either a user object from the database (including the User ID) if the user has signed in before or a simpler prototype user object (i.e. name, email, image) for users who have not signed in before.
-
-When using NextAuth.js without a database, the user object will always be a prototype user object, with information extracted from the profile.
-:::
-
-:::note
-Redirects returned by this callback cancel the authentication flow. Only redirect to error pages that, for example, tell the user why they're not allowed to sign in.
-
-To redirect to a page after a successful sign in, please use [the `callbackUrl` option](/getting-started/client#specifying-a-callbackurl) or [the redirect callback](/configuration/callbacks#redirect-callback).
-:::
-
-## Redirect callback
-
-The redirect callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout).
-
-By default only URLs on the same URL as the site are allowed, you can use the redirect callback to customise that behaviour.
-
-The default redirect callback looks like this:
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async redirect({ url, baseUrl }) {
-    // Allows relative callback URLs
-    if (url.startsWith("/")) return `${baseUrl}${url}`
-    // Allows callback URLs on the same origin
-    else if (new URL(url).origin === baseUrl) return url
-    return baseUrl
-  }
-}
-...
-```
-
-:::note
-The redirect callback may be invoked more than once in the same flow.
-:::
-
-## JWT callback
-
-This callback is called whenever a JSON Web Token is created (i.e. at sign
-in) or updated (i.e whenever a session is accessed in the client). The returned value will be [encrypted](/configuration/options#jwt), and it is stored in a cookie.
-
-Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`, `unstable_getServerSession()`, `useSession()` will invoke this function, but only if you are using a [JWT session](/configuration/options#session). This method is not invoked when you persist sessions in a database.
-
-- As with database persisted session expiry times, token expiry time is extended whenever a session is active.
-- The arguments _user_, _account_, _profile_ and _isNewUser_ are only passed the first time this callback is called on a new session, after the user signs in. In subsequent calls, only `token` will be available.
-
-The contents _user_, _account_, _profile_ and _isNewUser_ will vary depending on the provider and if you are using a database. You can persist data such as User ID, OAuth Access Token in this token, see the example below for `access_token` and `user.id`. To expose it on the client side, check out the [`session()` callback](#session-callback) as well.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async jwt({ token, account, profile }) {
-    // Persist the OAuth access_token and or the user id to the token right after signin
-    if (account) {
-      token.accessToken = account.access_token
-      token.id = profile.id
-    }
-    return token
-  }
-}
-...
-```
-
-:::tip
-Use an if branch to check for the existence of parameters (apart from `token`). If they exist, this means that the callback is being invoked for the first time (i.e. the user is being signed in). This is a good place to persist additional data like an `access_token` in the JWT. Subsequent invocations will only contain the `token` parameter.
-:::
-
-## Session callback
-
-The session callback is called whenever a session is checked. By default, **only a subset of the token is returned for increased security**. If you want to make something available you added to the token (like `access_token` and `user.id` from above) via the `jwt()` callback, you have to explicitly forward it here to make it available to the client.
-
-e.g. `getSession()`, `useSession()`, `/api/auth/session`
-
-- When using database sessions, the User object is passed as an argument.
-- When using JSON Web Tokens for sessions, the JWT payload is provided instead.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async session({ session, token, user }) {
-    // Send properties to the client, like an access_token and user id from a provider.
-    session.accessToken = token.accessToken
-    session.user.id = token.id
-    
-    return session
-  }
-}
-...
-```
-
-:::tip
-When using JSON Web Tokens the `jwt()` callback is invoked before the `session()` callback, so anything you add to the
-JSON Web Token will be immediately available in the session callback, like for example an `access_token` or `id` from a provider.
-:::
-
-:::warning
-The session object is not persisted server side, even when using database sessions - only data such as the session token, the user, and the expiry time is stored in the session table.
-
-If you need to persist session data server side, you can use the `accessToken` returned for the session as a key - and connect to the database in the `session()` callback to access it. Session `accessToken` values do not rotate and are valid as long as the session is valid.
-
-If using JSON Web Tokens instead of database sessions, you should use the User ID or a unique key stored in the token (you will need to generate a key for this yourself on sign in, as access tokens for sessions are not generated when using JSON Web Tokens).
-:::

docs/docs/configuration/databases.md

@@ -1,16 +0,0 @@
----
-id: databases
-title: Databases
----
-
-NextAuth.js offers multiple database adapters. Check out [the overview](/adapters/overview).
-
-> As of **v4** NextAuth.js no longer ships with an adapter included by default. If you would like to persist any information, you need to install one of the many available adapters yourself. See the individual adapter documentation pages for more details.
-
-To learn more about databases in NextAuth.js and how they are used, check out [databases in the FAQ](/faq#databases).
-
----
-
-## How to use a database
-
-See the [documentation for adapters](/adapters/overview) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).

docs/docs/configuration/initialization.md

@@ -1,123 +0,0 @@
----
-id: initialization
-title: Initialization
----
-
-In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).
-
-When you define a `/pages/api/auth/[...nextauth]` JS/TS file, you instruct NextAuth.js that every API request beginning with `/api/auth/*` should be handled by the code written in the `[...nextauth]` file.
-
-Depending on your use case, you can initialize NextAuth.js in two different ways:
-
-## Simple initialization
-
-In most cases, you won't need to worry about what `NextAuth.js` does, and you will get by just fine with the following initialization:
-
-```ts title="/pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-
-export default NextAuth({
-  ...
-})
-```
-
-Here, you only need to pass your [options](/configuration/options) to `NextAuth`, and `NextAuth` does the rest.
-
-This is the preferred initialization in tutorials/other parts of the documentation, as it simplifies the code and reduces potential errors in the authentication flow.
-
-## Advanced initialization
-
-If you have a specific use case and need to make NextAuth.js do something slightly different than what it is designed for, keep in mind, the `[...nextauth].js` config file is still just **a regular [API Route](https://nextjs.org/docs/api-routes/introduction)** at the end of the day.
-
-That said, you can initialize NextAuth.js like this:
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import type { NextApiRequest, NextApiResponse } from "next"
-import NextAuth from "next-auth"
-
-export default async function auth(req: NextApiRequest, res: NextApiResponse) {
-  // Do whatever you want here, before the request is passed down to `NextAuth`
-  return await NextAuth(req, res, {
-    ...
-  })
-}
-```
-
-The `...` section will still be your [options](/configuration/options), but you now have the possibility to execute/modify certain things on the request.
-
-You could for example log the request, add headers, read `query` or `body` parameters, whatever you would do in an API route.
-
-:::tip
-Since this is a catch-all route, remember to check what kind of NextAuth.js "action" is running. Compare the REST API with the `req.query.nextauth` parameter.
-
-For example to execute something on the "callback" action when the request is a POST method, you can check for `req.query.nextauth.includes("callback") && req.method === "POST"`
-:::
-
-:::note
-`NextAuth` will implicitly close the response (by calling `res.end`, `res.send` or similar), so you should not run code **after** `NextAuth` in the function body. Using `return NextAuth` makes sure you don't forget that.
-:::
-
-Any variable you create this way will be available in the `NextAuth` options as well, since they are in the same scope.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import type { NextApiRequest, NextApiResponse } from "next"
-import NextAuth from "next-auth"
-
-export default async function auth(req: NextApiRequest, res: NextApiResponse) {
-
-  if(req.query.nextauth.includes("callback") && req.method === "POST") {
-    console.log(
-      "Handling callback request from my Identity Provider",
-      req.body
-    )
-  }
-
-  // Get a custom cookie value from the request
-  const someCookie = req.cookies["some-custom-cookie"]
-
-  return await NextAuth(req, res, {
-    ...
-    callbacks: {
-      session({ session, token }) {
-        // Return a cookie value as part of the session
-        // This is read when `req.query.nextauth.includes("session") && req.method === "GET"`
-        session.someCookie = someCookie
-        return session
-      }
-    }
-  })
-}
-```
-
-A practical example could be to not show a certain provider on the default sign-in page, but still be able to sign in with it. (The idea is taken from [this discussion](https://github.com/nextauthjs/next-auth/discussions/3133)):
-
-```js title="/pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import CredentialsProvider from "next-auth/providers/credentials"
-import GoogleProvider from "next-auth/providers/google"
-
-export default async function auth(req, res) {
-  const providers = [
-    CredentialsProvider(...),
-    GoogleProvider(...),
-  ]
-
-  const isDefaultSigninPage = req.method === "GET" && req.query.nextauth.includes("signin")
-
-  // Will hide the `GoogleProvider` when you visit `/api/auth/signin`
-  if (isDefaultSigninPage) providers.pop()
-
-  return await NextAuth(req, res, {
-    providers,
-    ...
-  })
-}
-```
-
-For more details on all available actions and which methods are supported, please check out the [REST API documentation](/getting-started/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/index.ts)
-
-This way of initializing `NextAuth` is very powerful, but should be used sparingly.
-
-:::warning
-Changing parts of the request that is essential to `NextAuth` to do it's job - like messing with the [default cookies](/configuration/options#cookies) - can have unforeseen consequences, and have the potential to introduce security holes if done incorrectly. Only change those if you understand consequences.
-:::

docs/docs/configuration/options.md

@@ -1,531 +0,0 @@
----
-id: options
-title: Options
----
-
-## Environment Variables
-
-### NEXTAUTH_URL
-
-When deploying to production, set the `NEXTAUTH_URL` environment variable to the canonical URL of your site.
-
-```
-NEXTAUTH_URL=https://example.com
-```
-
-If your Next.js application uses a custom base path, specify the route to the API endpoint in full. More information about the usage of custom base path [here](/getting-started/client#custom-base-path).
-
-_e.g. `NEXTAUTH_URL=https://example.com/custom-route/api/auth`_
-
-:::tip
-When you're using a custom base path, you will need to pass the `basePath` page prop to the `<SessionProvider>`. More information [here](/getting-started/client#custom-base-path).
-:::
-
-:::note
-Using [System Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) we automatically detect when you deploy to [Vercel](https://vercel.com) so you don't have to define this variable. Make sure **Automatically expose System Environment Variables** is checked in your Project Settings.
-:::
-
-### NEXTAUTH_SECRET
-
-Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](/adapters/models#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).
-
-
-### NEXTAUTH_URL_INTERNAL
-
-If provided, server-side calls will use this instead of `NEXTAUTH_URL`. Useful in environments when the server doesn't have access to the canonical URL of your site. Defaults to `NEXTAUTH_URL`.
-
-```
-NEXTAUTH_URL_INTERNAL=http://10.240.8.16
-```
-
----
-
-## Options
-
-Options are passed to NextAuth.js when initializing it in an API route.
-
-### providers
-
-- **Default value**: `[]`
-- **Required**: _Yes_
-
-#### Description
-
-An array of authentication providers for signing in (e.g. Google, Facebook, Twitter, GitHub, Email, etc) in any order. This can be one of the built-in providers or an object with a custom provider.
-
-See the [providers documentation](/configuration/providers/oauth) for a list of supported providers and how to use them.
-
----
-
-### secret
-
-- **Default value**: `string` (_SHA hash of the "options" object_) in development, no default in production.
-- **Required**: _Yes, in production!_
-
-#### Description
-
-A random string is used to hash tokens, sign/encrypt cookies and generate cryptographic keys.
-
-If you set [`NEXTAUTH_SECRET`](#nextauth_secret) as an environment variable, you don't have to define this option.
-
-If no value is specified in development (and there is no `NEXTAUTH_SECRET` variable either), it uses a hash for all configuration options, including OAuth Client ID / Secrets for entropy.
-
-:::warning
-Not providing any `secret` or `NEXTAUTH_SECRET` will throw [an error](/errors#no_secret) in production.
-:::
-
-You can quickly create a good value on the command line via this `openssl` command.
-
-```bash
-$ openssl rand -base64 32
-```
-
-:::tip
-If you rely on the default secret generation in development, you might notice JWT decryption errors, since the secret changes whenever you change your configuration. Defining an explicit secret will make this problem go away. We will likely make this option mandatory, even in development, in the future.
-:::
-
----
-
-### session
-
-- **Default value**: `object`
-- **Required**: _No_
-
-#### Description
-
-The `session` object and all properties on it are optional.
-
-Default values for this option are shown below:
-
-```js
-session: {
-  // Choose how you want to save the user session.
-  // The default is `"jwt"`, an encrypted JWT (JWE) stored in the session cookie.
-  // If you use an `adapter` however, we default it to `"database"` instead.
-  // You can still force a JWT session by explicitly defining `"jwt"`.
-  // When using `"database"`, the session cookie will only contain a `sessionToken` value,
-  // which is used to look up the session in the database.
-  strategy: "database",
-
-  // Seconds - How long until an idle session expires and is no longer valid.
-  maxAge: 30 * 24 * 60 * 60, // 30 days
-
-  // Seconds - Throttle how frequently to write to database to extend a session.
-  // Use it to limit write operations. Set to 0 to always update the database.
-  // Note: This option is ignored if using JSON Web Tokens
-  updateAge: 24 * 60 * 60, // 24 hours
-  
-  // The session token is usually either a random UUID or string, however if you
-  // need a more customized session token string, you can define your own generate function.
-  generateSessionToken: () => {
-    return randomUUID?.() ?? randomBytes(32).toString("hex")
-  }
-}
-```
-
----
-
-### jwt
-
-- **Default value**: `object`
-- **Required**: _No_
-
-#### Description
-
-JSON Web Tokens can be used for session tokens if enabled with `session: { strategy: "jwt" }` option. JSON Web Tokens are enabled by default if you have not specified an adapter. JSON Web Tokens are encrypted (JWE) by default. We recommend you keep this behaviour. See the [Override JWT `encode` and `decode` methods](#override-jwt-encode-and-decode-methods) advanced option.
-
-#### JSON Web Token Options
-
-```js
-jwt: {
-  // The maximum age of the NextAuth.js issued JWT in seconds.
-  // Defaults to `session.maxAge`.
-  maxAge: 60 * 60 * 24 * 30,
-  // You can define your own encode/decode functions for signing and encryption
-  async encode() {},
-  async decode() {},
-}
-```
-
-An example JSON Web Token contains a payload like this:
-
-```js
-{
-  name: 'Iain Collins',
-  email: 'me@iaincollins.com',
-  picture: 'https://example.com/image.jpg',
-  iat: 1594601838,
-  exp: 1597193838
-}
-```
-
-#### JWT Helper
-
-You can use the built-in `getToken()` helper method to verify and decrypt the token, like this:
-
-```js
-import { getToken } from "next-auth/jwt"
-
-const secret = process.env.NEXTAUTH_SECRET
-
-export default async function handler(req, res) {
-  // if using `NEXTAUTH_SECRET` env variable, we detect it, and you won't actually need to `secret`
-  // const token = await getToken({ req })
-  const token = await getToken({ req, secret })
-  console.log("JSON Web Token", token)
-  res.end()
-}
-```
-
-_For convenience, this helper function is also able to read and decode tokens passed from the `Authorization: 'Bearer token'` HTTP header._
-
-**Required**
-
-The getToken() helper requires the following options:
-
-- `req` - (object) Request object
-- `secret` - (string) JWT Secret. Use `NEXTAUTH_SECRET` instead.
-
-You must also pass _any options configured on the `jwt` option_ to the helper.
-
-e.g. Including custom session `maxAge` and custom signing and/or encryption keys or options
-
-**Optional**
-
-It also supports the following options:
-
-- `secureCookie` - (boolean) Use secure prefixed cookie name
-
-  By default, the helper function will attempt to determine if it should use the secure prefixed cookie (e.g. `true` in production and `false` in development, unless NEXTAUTH_URL contains an HTTPS URL).
-
-- `cookieName` - (string) Session token cookie name
-
-  The `secureCookie` option is ignored if `cookieName` is explicitly specified.
-
-- `raw` - (boolean) Get raw token (not decoded)
-
-  If set to `true` returns the raw token without decrypting or verifying it.
-
-:::note
-The JWT is stored in the Session Token cookie, the same cookie used for tokens with database sessions.
-:::
-
----
-
-### pages
-
-- **Default value**: `{}`
-- **Required**: _No_
-
-#### Description
-
-Specify URLs to be used if you want to create custom sign in, sign out and error pages.
-
-Pages specified will override the corresponding built-in page.
-
-_For example:_
-
-```js
-pages: {
-  signIn: '/auth/signin',
-  signOut: '/auth/signout',
-  error: '/auth/error', // Error code passed in query string as ?error=
-  verifyRequest: '/auth/verify-request', // (used for check email message)
-  newUser: '/auth/new-user' // New users will be directed here on first sign in (leave the property out if not of interest)
-}
-```
-
-:::note
-When using this configuration, ensure that these pages actually exist. For example `error: '/auth/error'` refers to a page file at `pages/auth/error.js`.
-:::
-
-See the documentation for the [pages option](/configuration/pages) for more information.
-
----
-
-### callbacks
-
-- **Default value**: `object`
-- **Required**: _No_
-
-#### Description
-
-Callbacks are asynchronous functions you can use to control what happens when an action is performed.
-
-Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as they allow you to implement access controls without a database and to integrate with external databases or APIs.
-
-You can specify a handler for any of the callbacks below.
-
-```js
-callbacks: {
-  async signIn({ user, account, profile, email, credentials }) {
-    return true
-  },
-  async redirect({ url, baseUrl }) {
-    return baseUrl
-  },
-  async session({ session, token, user }) {
-    return session
-  },
-  async jwt({ token, user, account, profile, isNewUser }) {
-    return token
-  }
-}
-```
-
-See the [callbacks documentation](/configuration/callbacks) for more information on how to use the callback functions.
-
----
-
-### events
-
-- **Default value**: `object`
-- **Required**: _No_
-
-#### Description
-
-Events are asynchronous functions that do not return a response, they are useful for audit logging.
-
-You can specify a handler for any of these events below - e.g. for debugging or to create an audit log.
-
-The content of the message object varies depending on the flow (e.g. OAuth or Email authentication flow, JWT or database sessions, etc). See the [events documentation](/configuration/events) for more information on the form of each message object and how to use the events functions.
-
-```js
-events: {
-  async signIn(message) { /* on successful sign in */ },
-  async signOut(message) { /* on signout */ },
-  async createUser(message) { /* user created */ },
-  async updateUser(message) { /* user updated - e.g. their email was verified */ },
-  async linkAccount(message) { /* account (e.g. Twitter) linked to a user */ },
-  async session(message) { /* session is active */ },
-}
-```
-
----
-
-### adapter
-
-- **Default value**: none
-- **Required**: _No_
-
-#### Description
-
-By default NextAuth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](/adapters/overview).
-
----
-
-### debug
-
-- **Default value**: `false`
-- **Required**: _No_
-
-#### Description
-
-Set debug to `true` to enable debug messages for authentication and database operations.
-
----
-
-### logger
-
-- **Default value**: `console`
-- **Required**: _No_
-
-#### Description
-
-Override any of the logger levels (`undefined` levels will use the built-in logger), and intercept logs in NextAuth.js. You can use this to send NextAuth.js logs to a third-party logging service.
-
-The `code` parameter for `error` and `warn` are explained in the [Warnings](/warnings) and [Errors](/errors) pages respectively.
-
-Example:
-
-```js title="/pages/api/auth/[...nextauth].js"
-import log from "logging-service"
-
-export default NextAuth({
-  ...
-  logger: {
-    error(code, metadata) {
-      log.error(code, metadata)
-    },
-    warn(code) {
-      log.warn(code)
-    },
-    debug(code, metadata) {
-      log.debug(code, metadata)
-    }
-  }
-  ...
-})
-```
-
-:::note
-If the `debug` level is defined by the user, it will be called regardless of the `debug: false` [option](#debug).
-:::
-
----
-
-### theme
-
-- **Default value**: `object`
-- **Required**: _No_
-
-#### Description
-
-Changes the color scheme theme of [pages](/configuration/pages) as well as allows some minor customization. Set `theme.colorScheme` to `"light"`, if you want to force pages to always be light. Set to `"dark"`, if you want to force pages to always be dark. Set to `"auto"`, (or leave this option out) if you want the pages to follow the preferred system theme. (Uses the [prefers-color-scheme](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) media query.)
-
-In addition, you can define a logo URL in `theme.logo` which will be rendered above the main card in the default signin/signout/error/verify-request pages, as well as a `theme.brandColor` which will affect the accent color of these pages.
-
-The sign-in button's background color will match the `brandColor` and defaults to `"#346df1"`. The text color is `#fff` by default, but if your brand color gives a weak contrast, correct it with the `buttonText` color option.
-
-```js
-theme: {
-  colorScheme: "auto", // "auto" | "dark" | "light"
-  brandColor: "", // Hex color code
-  logo: "", // Absolute URL to image
-  buttonText: "" // Hex color code
-}
-```
-
----
-
-## Advanced Options
-
-Advanced options are passed the same way as basic options, but may have complex implications or side effects. You should try to avoid using advanced options unless you are very comfortable using them.
-
----
-
-### useSecureCookies
-
-- **Default value**: `true` for HTTPS sites / `false` for HTTP sites
-- **Required**: _No_
-
-#### Description
-
-When set to `true` (the default for all site URLs that start with `https://`) then all cookies set by NextAuth.js will only be accessible from HTTPS URLs.
-
-This option defaults to `false` on URLs that start with `http://` (e.g. `http://localhost:3000`) for developer convenience.
-
-:::note
-Properties on any custom `cookies` that are specified override this option.
-:::
-
-:::warning
-Setting this option to _false_ in production is a security risk and may allow sessions to be hijacked if used in production. It is intended to support development and testing. Using this option is not recommended.
-:::
-
----
-
-### cookies
-
-- **Default value**: `{}`
-- **Required**: _No_
-
-#### Description
-
-Cookies in NextAuth.js are chunked by default, meaning that once they reach the 4kb limit, we will create a new cookie with the `.{number}` suffix and reassemble the cookies in the correct order when parsing / reading them. This was introduced to avoid size constraints which can occur when users want to store additional data in their sessionToken, for example.
-
-You can override the default cookie names and options for any of the cookies used by NextAuth.js.
-
-This is an advanced option and using it is not recommended as you may break authentication or introduce security flaws into your application.
-
-You can specify one or more cookies with custom properties, but if you specify custom options for a cookie you must provide all the options for that cookie.
-
-If you use this feature, you will likely want to create conditional behaviour to support setting different cookies policies in development and production builds, as you will be opting out of the built-in dynamic policy.
-
-:::tip
-An example of a use case for this option is to support sharing session tokens across subdomains.
-:::
-
-#### Example
-
-```js
-cookies: {
-  sessionToken: {
-    name: `__Secure-next-auth.session-token`,
-    options: {
-      httpOnly: true,
-      sameSite: 'lax',
-      path: '/',
-      secure: true
-    }
-  },
-  callbackUrl: {
-    name: `__Secure-next-auth.callback-url`,
-    options: {
-      sameSite: 'lax',
-      path: '/',
-      secure: true
-    }
-  },
-  csrfToken: {
-    name: `__Host-next-auth.csrf-token`,
-    options: {
-      httpOnly: true,
-      sameSite: 'lax',
-      path: '/',
-      secure: true
-    }
-  },
-  pkceCodeVerifier: {
-    name: `${cookiePrefix}next-auth.pkce.code_verifier`,
-    options: {
-      httpOnly: true,
-      sameSite: 'lax',
-      path: '/',
-      secure: useSecureCookies,
-      maxAge: 900
-    }
-  },
-  state: {
-    name: `${cookiePrefix}next-auth.state`,
-    options: {
-      httpOnly: true,
-      sameSite: "lax",
-      path: "/",
-      secure: useSecureCookies,
-      maxAge: 900
-    },
-  },
-  nonce: {
-    name: `${cookiePrefix}next-auth.nonce`,
-    options: {
-      httpOnly: true,
-      sameSite: "lax",
-      path: "/",
-      secure: useSecureCookies,
-    },
-  },
-}
-```
-
-:::warning
-Using a custom cookie policy may introduce security flaws into your application and is intended as an option for advanced users who understand the implications. Using this option is not recommended.
-:::
-
----
-
-### Override JWT `encode` and `decode` methods
-
-NextAuth.js uses encrypted JSON Web Tokens ([JWE](https://datatracker.ietf.org/doc/html/rfc7516)) by default. Unless you have a good reason, we recommend keeping this behaviour. Although you can override this using the `encode` and `decode` methods. Both methods must be defined at the same time.
-
-**IMPORTANT: If you use middleware to protect routes, make sure the same method is also set in the [`_middleware.ts` options](/configuration/nextjs#custom-jwt-decode-method)**
-
-```js
-jwt: {
-  async encode(params: {
-    token: JWT
-    secret: string
-    maxAge: number
-  }): Promise<string> {
-    // return a custom encoded JWT string
-    return "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
-  },
-  async decode(params: {
-    token: string
-    secret: string
-  }): Promise<JWT | null> {
-    // return a `JWT` object, or `null` if decoding failed
-    return {}
-  },
-}
-```

docs/docs/configuration/providers/credentials.md

@@ -1,67 +0,0 @@
----
-id: credentials
-title: Credentials
----
-
-### How to
-
-The Credentials provider allows you to handle signing in with arbitrary credentials, such as a username and password, two-factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
-
-It is intended to support use cases where you have an existing system you need to authenticate users against.
-
-```js title="pages/api/auth/[...nextauth].js"
-import CredentialsProvider from "next-auth/providers/credentials"
-...
-providers: [
-  CredentialsProvider({
-    // The name to display on the sign in form (e.g. 'Sign in with...')
-    name: 'Credentials',
-    // The credentials is used to generate a suitable form on the sign in page.
-    // You can specify whatever fields you are expecting to be submitted.
-    // e.g. domain, username, password, 2FA token, etc.
-    // You can pass any HTML attribute to the <input> tag through the object.
-    credentials: {
-      username: { label: "Username", type: "text", placeholder: "jsmith" },
-      password: {  label: "Password", type: "password" }
-    },
-    async authorize(credentials, req) {
-      // You need to provide your own logic here that takes the credentials
-      // submitted and returns either a object representing a user or value
-      // that is false/null if the credentials are invalid.
-      // e.g. return { id: 1, name: 'J Smith', email: 'jsmith@example.com' }
-      // You can also use the `req` object to obtain additional parameters
-      // (i.e., the request IP address)
-      const res = await fetch("/your/endpoint", {
-        method: 'POST',
-        body: JSON.stringify(credentials),
-        headers: { "Content-Type": "application/json" }
-      })
-      const user = await res.json()
-
-      // If no error and we have user data, return it
-      if (res.ok && user) {
-        return user
-      }
-      // Return null if user data could not be retrieved
-      return null
-    }
-  })
-]
-...
-```
-
-See the [Credentials provider documentation](/providers/credentials) for more information.
-
-:::note
-The Credentials provider can only be used if JSON Web Tokens are enabled for sessions. Users authenticated with the Credentials provider are not persisted in the database.
-:::
-
-### Options
-
-|    Name     |                    Description                    |                 Type                  | Required |
-| :---------: | :-----------------------------------------------: | :-----------------------------------: | :------: |
-|     id      |            Unique ID for the provider             |               `string`                |   Yes    |
-|    name     |         Descriptive name for the provider         |               `string`                |   Yes    |
-|    type     |   Type of provider, in this case `credentials`    |            `"credentials"`            |   Yes    |
-| credentials |          The credentials to sign-in with          |               `Object`                |   Yes    |
-|  authorize  | Callback to execute once user is to be authorized | `(credentials, req) => Promise<User>` |   Yes    |

docs/docs/configuration/providers/email.md

@@ -1,44 +0,0 @@
----
-id: email
-title: Email
----
-
-### How to
-
-The Email provider sends "magic links" via email that the user can click on to sign in.
-You have likely seen them before if you have used software like Slack.
-
-Adding support for signing in via email in addition to one or more OAuth services provides a way for users to sign in if they lose access to their OAuth account (e.g. if it is locked or deleted).
-
-Configuration is similar to other providers, but the options are different:
-
-```js title="pages/api/auth/[...nextauth].js"
-import EmailProvider from "next-auth/providers/email"
-...
-providers: [
-  EmailProvider({
-    server: process.env.EMAIL_SERVER,
-    from: process.env.EMAIL_FROM,
-    // maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
-  }),
-],
-...
-```
-
-See the [Email provider documentation](/providers/email) for more information on how to configure email sign in.
-
-:::note
-The email provider requires a database, it cannot be used without one.
-:::
-
-### Options
-
-|          Name           |                                     Description                                     |               Type               | Required |
-| :---------------------: | :---------------------------------------------------------------------------------: | :------------------------------: | :------: |
-|           id            |                             Unique ID for the provider                              |             `string`             |   Yes    |
-|          name           |                          Descriptive name for the provider                          |             `string`             |   Yes    |
-|          type           |                       Type of provider, in this case `email`                        |            `"email"`             |   Yes    |
-|         server          |                     Path or object pointing to the email server                     |       `string` or `Object`       |   Yes    |
-| sendVerificationRequest |               Callback to execute when a verification request is sent               | `(params) => Promise<undefined>` |   Yes    |
-|          from           |   The email address from which emails are sent, default: "<no-reply@example.com>"   |             `string`             |    No    |
-|         maxAge          | How long until the e-mail can be used to log the user in seconds. Defaults to 1 day |             `number`             |    No    |

docs/docs/configuration/providers/oauth.md

@@ -1,440 +0,0 @@
----
-id: oauth
-title: OAuth
----
-
-Authentication Providers in **NextAuth.js** are OAuth definitions that allow your users to sign in with their favorite preexisting logins. You can use any of our many predefined providers, or write your own custom OAuth configuration.
-
-- [Using a built-in OAuth Provider](#built-in-providers) (e.g Github, Twitter, Google, etc...)
-- [Using a custom OAuth Provider](#using-a-custom-provider)
-
-:::note
-NextAuth.js is designed to work with any OAuth service, it supports **OAuth 1.0**, **1.0A**, **2.0** and **OpenID Connect** and has built-in support for most popular sign-in services.
-:::
-
-Without going into too much detail, the OAuth flow generally has 6 parts:
-
-1. The application requests authorization to access service resources from the user
-2. If the user authorized the request, the application receives an authorization grant
-3. The application requests an access token from the authorization server (API) by presenting authentication of its own identity, and the authorization grant
-4. If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.
-5. The application requests the resource from the resource server (API) and presents the access token for authentication
-6. If the access token is valid, the resource server (API) serves the resource to the application
-
-```mermaid
-sequenceDiagram
-    participant Browser
-    participant App Server
-    participant Auth Server (Github)
-    Note left of Browser: User clicks on "Sign in"
-    Browser->>App Server: GET<br/>"api/auth/signin"
-    App Server->>App Server: Computes the available<br/>sign in providers<br/>from the "providers" option
-    App Server->>Browser: Redirects to Sign in page
-    Note left of Browser: Sign in options<br/>are shown the user<br/>(Github, Twitter, etc...)
-    Note left of Browser: User clicks on<br/>"Sign in with Github"
-    Browser->>App Server: POST<br/>"api/auth/signin/github"
-    App Server->>App Server: Computes sign in<br/>options for Github<br/>(scopes, callback URL, etc...)
-    App Server->>Auth Server (Github): GET<br/>"github.com/login/oauth/authorize"
-    Note left of Auth Server (Github): Sign in options<br> are supplied as<br/>query params<br/>(clientId, <br/>scope, etc...)
-    Auth Server (Github)->>Browser: Shows sign in page<br/>in Github.com<br/>to the user
-    Note left of Browser: User inserts their<br/>credentials in Github
-    Browser->>Auth Server (Github): Github validates the inserted credentials
-    Auth Server (Github)->>Auth Server (Github): Generates one time access code<br/>and calls callback<br>URL defined in<br/>App settings
-    Auth Server (Github)->>App Server: GET<br/>"api/auth/github/callback?code=123"
-    App Server->>App Server: Grabs code<br/>to exchange it for<br/>access token
-    App Server->>Auth Server (Github): POST<br/>"github.com/login/oauth/access_token"<br/>{code: 123}
-    Auth Server (Github)->>Auth Server (Github): Verifies code is<br/>valid and generates<br/>access token
-    Auth Server (Github)->>App Server: { access_token: 16C7x... }
-    App Server->>App Server: Generates session token<br/>and stores session
-    App Server->>Browser: You're now logged in!
-```
-
-For more details, check out Aaron Parecki's blog post [OAuth2 Simplified](https://aaronparecki.com/oauth-2-simplified/) or Postman's blog post [OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead](https://blog.postman.com/pkce-oauth-how-to/).
-
-## How to
-
-1. Register your application at the developer portal of your provider. There are usually links to the portals included in the aforementioned documentation pages for each supported provider with details on how to register your application.
-
-2. The redirect URI (sometimes called Callback URL) should follow this format:
-
-```
-[origin]/api/auth/callback/[provider]
-```
-
-`[provider]` refers to the `id` of your provider (see [options](#options)). For example, Twitter on `localhost` this would be:
-
-```
-http://localhost:3000/api/auth/callback/twitter
-```
-
-Using Google in our example application would look like this:
-
-```
-https://next-auth-example.vercel.app/api/auth/callback/google
-```
-
-3. Create a `.env` file at the root of your project and add the client ID and client secret. For Twitter this would be:
-
-```
-TWITTER_ID=YOUR_TWITTER_CLIENT_ID
-TWITTER_SECRET=YOUR_TWITTER_CLIENT_SECRET
-```
-
-4. Now you can add the provider settings to the NextAuth.js options object. You can add as many OAuth providers as you like, as you can see `providers` is an array.
-
-```js title="pages/api/auth/[...nextauth].js"
-import TwitterProvider from "next-auth/providers/twitter"
-...
-providers: [
-  TwitterProvider({
-    clientId: process.env.TWITTER_ID,
-    clientSecret: process.env.TWITTER_SECRET
-  })
-],
-...
-```
-
-5. Once a provider has been setup, you can sign in at the following URL: `[origin]/api/auth/signin`. This is an unbranded auto-generated page with all the configured providers.
-
-<img src="/img/signin.png" alt="Signin Screenshot" />
-
-## Options
-
-Whenever you configure a custom or a built-in OAuth provider, you have the following options available:
-
-```ts
-interface OAuthConfig {
-  /**
-   * OpenID Connect (OIDC) compliant providers can configure
-   * this instead of `authorize`/`token`/`userinfo` options
-   * without further configuration needed in most cases.
-   * You can still use the `authorize`/`token`/`userinfo`
-   * options for advanced control.
-   *
-   * [Authorization Server Metadata](https://datatracker.ietf.org/doc/html/rfc8414#section-3)
-   */
-  wellKnown?: string
-  /**
-   * The login process will be initiated by sending the user to this URL.
-   *
-   * [Authorization endpoint](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1)
-   */
-  authorization: EndpointHandler<AuthorizationParameters>
-  /**
-   * Endpoint that returns OAuth 2/OIDC tokens and information about them.
-   * This includes `access_token`, `id_token`, `refresh_token`, etc.
-   *
-   * [Token endpoint](https://datatracker.ietf.org/doc/html/rfc6749#section-3.2)
-   */
-  token: EndpointHandler<
-    UrlParams,
-    {
-      /**
-       * Parameters extracted from the request to the `/api/auth/callback/:providerId` endpoint.
-       * Contains params like `state`.
-       */
-      params: CallbackParamsType
-      /**
-       * When using this custom flow, make sure to do all the necessary security checks.
-       * This object contains parameters you have to match against the request to make sure it is valid.
-       */
-      checks: OAuthChecks
-    },
-    { tokens: TokenSet }
-  >
-  /**
-   * When using an OAuth 2 provider, the user information must be requested
-   * through an additional request from the userinfo endpoint.
-   *
-   * [Userinfo endpoint](https://www.oauth.com/oauth2-servers/signing-in-with-google/verifying-the-user-info)
-   */
-  userinfo?: EndpointHandler<UrlParams, { tokens: TokenSet }, Profile>
-  type: "oauth"
-  /**
-   * Used in URLs to refer to a certain provider.
-   * @example /api/auth/callback/twitter // where the `id` is "twitter"
-   */
-  id: string
-  version: string
-  profile(profile: P, tokens: TokenSet): Awaitable<User>
-  checks?: ChecksType | ChecksType[]
-  clientId: string
-  clientSecret: string
-  /**
-   * If set to `true`, the user information will be extracted
-   * from the `id_token` claims, instead of
-   * making a request to the `userinfo` endpoint.
-   *
-   * `id_token` is usually present in OpenID Connect (OIDC) compliant providers.
-   *
-   * [`id_token` explanation](https://www.oauth.com/oauth2-servers/openid-connect/id-tokens)
-   */
-  idToken?: boolean
-  region?: string
-  issuer?: string
-  client?: Partial<ClientMetadata>
-  allowDangerousEmailAccountLinking?: boolean
-  /**
-   * Object containing the settings for the styling of the providers sign-in buttons
-   */
-  style: ProviderStyleType
-}
-```
-
-### `authorization` option
-
-Configure how to construct the request to the [_Authorization endpoint_](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1).
-
-There are two ways to use this option:
-
-1. You can either set `authorization` to be a full URL, like `"https://example.com/oauth/authorization?scope=email"`.
-2. Use an object with `url` and `params` like so
-   ```js
-   authorization: {
-     url: "https://example.com/oauth/authorization",
-     params: { scope: "email" }
-   }
-   ```
-
-:::tip
-If your Provider is OpenID Connect (OIDC) compliant, we recommend using the `wellKnown` option instead.
-:::
-
-### `token` option
-
-Configure how to construct the request to the [_Token endpoint_](https://datatracker.ietf.org/doc/html/rfc6749#section-3.2).
-
-There are three ways to use this option:
-
-1. You can either set `token` to be a full URL, like `"https://example.com/oauth/token?some=param"`.
-2. Use an object with `url` and `params` like so
-   ```js
-   token: {
-     url: "https://example.com/oauth/token",
-     params: { some: "param" }
-   }
-   ```
-3. Completely take control of the request:
-   ```js
-   token: {
-     url: "https://example.com/oauth/token",
-     async request(context) {
-       // context contains useful properties to help you make the request.
-       const tokens = await makeTokenRequest(context)
-       return { tokens }
-     }
-   }
-   ```
-
-:::warning
-Option 3. should not be necessary in most cases, but if your provider does not follow the spec, or you have some very unique constraints it can be useful. Try to avoid it, if possible.
-:::
-
-:::tip
-If your Provider is OpenID Connect (OIDC) compliant, we recommend using the `wellKnown` option instead.
-:::
-
-### `userinfo` option
-
-A `userinfo` endpoint returns information about the logged-in user. It is not part of the OAuth specification, but usually available for most providers.
-
-There are three ways to use this option:
-
-1. You can either set `userinfo` to be a full URL, like `"https://example.com/oauth/userinfo?some=param"`.
-2. Use an object with `url` and `params` like so
-   ```js
-   userinfo: {
-     url: "https://example.com/oauth/userinfo",
-     params: { some: "param" }
-   }
-   ```
-3. Completely take control of the request:
-   ```js
-   userinfo: {
-     url: "https://example.com/oauth/userinfo",
-     // The result of this method will be the input to the `profile` callback.
-     async request(context) {
-       // context contains useful properties to help you make the request.
-       return await makeUserinfoRequest(context)
-     }
-   }
-   ```
-
-:::warning
-Option 3. should not be necessary in most cases, but if your provider does not follow the spec, or you have some very unique constraints it can be useful. Try to avoid it, if possible.
-:::
-
-:::tip
-In the rare case you don't care about what this endpoint returns, or your provider does not have one, you could create a noop function:
-
-```js
-userinfo: {
-  request: () => {}
-}
-```
-
-:::
-
-:::tip
-If your Provider is OpenID Connect (OIDC) compliant, we recommend using the `wellKnown` option instead. OIDC usually returns an `id_token` from the `token` endpoint. `next-auth` can decode the `id_token` to get the user information, instead of making an additional request to the `userinfo` endpoint. Just set `idToken: true` at the top-level of your provider configuration. If not set, `next-auth` will still try to contact this endpoint.
-:::
-
-### `client` option
-
-An advanced option, hopefully you won't need it in most cases. `next-auth` uses `openid-client` under the hood, see the docs on this option [here](https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-clientmetadata-jwks-options).
-
-### `allowDangerousEmailAccountLinking` option
-
-Normally, when you sign in with an OAuth provider and another account with the same email address already exists, the accounts are not linked automatically. Automatic account linking on sign in is not secure between arbitrary providers and is disabled by default (see our [Security FAQ](https://next-auth.js.org/faq#security)). However, it may be desirable to allow automatic account linking if you trust that the provider involved has securely verified the email address associated with the account. Just set `allowDangerousEmailAccountLinking: true` in your provider configuration to enable automatic account linking.
-
-## Using a custom provider
-
-You can use an OAuth provider that isn't built-in by using a custom object.
-
-As an example of what this looks like, this is the provider object returned for the Google provider:
-
-```js
-{
-  id: "google",
-  name: "Google",
-  type: "oauth",
-  wellKnown: "https://accounts.google.com/.well-known/openid-configuration",
-  authorization: { params: { scope: "openid email profile" } },
-  idToken: true,
-  checks: ["pkce", "state"],
-  profile(profile) {
-    return {
-      id: profile.sub,
-      name: profile.name,
-      email: profile.email,
-      image: profile.picture,
-    }
-  },
-}
-```
-
-As you can see, if your provider supports OpenID Connect and the `/.well-known/openid-configuration` endpoint contains support for the `grant_type`: `authorization_code`, you only need to pass the URL to that configuration file and define some basic fields like `name` and `type`.
-
-Otherwise, you can pass a more full set of URLs for each OAuth2.0 flow step, for example:
-
-```js
-{
-  id: "kakao",
-  name: "Kakao",
-  type: "oauth",
-  authorization: "https://kauth.kakao.com/oauth/authorize",
-  token: "https://kauth.kakao.com/oauth/token",
-  userinfo: "https://kapi.kakao.com/v2/user/me",
-  profile(profile) {
-    return {
-      id: profile.id,
-      name: profile.kakao_account?.profile.nickname,
-      email: profile.kakao_account?.email,
-      image: profile.kakao_account?.profile.profile_image_url,
-    }
-  },
-}
-```
-
-Replace all the options in this JSON object with the ones from your custom provider - be sure to give it a unique ID and specify the required URLs, and finally add it to the providers array when initializing the library:
-
-```js title="pages/api/auth/[...nextauth].js"
-import TwitterProvider from "next-auth/providers/twitter"
-...
-providers: [
-  TwitterProvider({
-    clientId: process.env.TWITTER_ID,
-    clientSecret: process.env.TWITTER_SECRET,
-  }),
-  {
-    id: 'customProvider',
-    name: 'CustomProvider',
-    type: 'oauth',
-    scope: ''  // Make sure to request the users email address
-    ...
-  }
-]
-...
-```
-
-## Built-in providers
-
-NextAuth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers). Each built-in provider has its own documentation page:
-
-<div className="provider-name-list">
-{Object.entries(require("../../../providers.json"))
-  .filter(([key]) => !["email", "credentials"].includes(key))
-  .sort(([, a], [, b]) => a.localeCompare(b))
-  .map(([key, name]) => (
-    <span key={key}>
-      <a href={`/providers/${key}`}>{name}</a>
-      <span className="provider-name-list__comma">,</span>
-    </span>
-  )
-)}
-</div>
-
-### Override default options
-
-For built-in providers, in most cases you will only need to specify the `clientId` and `clientSecret`. If you need to override any of the defaults, add your own [options](#options).
-
-Even if you are using a built-in provider, you can override any of these options to tweak the default configuration.
-
-:::note
-The user provided options are deeply merged with the default options. That means you only have to override part of the options that you need to be different. For example if you want different scopes, overriding `authorization.params.scope` is enough, instead of the whole `authorization` option.
-:::
-
-```js title=/api/auth/[...nextauth].js
-import Auth0Provider from "next-auth/providers/auth0"
-
-Auth0Provider({
-  clientId: process.env.CLIENT_ID,
-  clientSecret: process.env.CLIENT_SECRET,
-  issuer: process.env.ISSUER,
-  authorization: { params: { scope: "openid your_custom_scope" } },
-})
-```
-
-Another example, the `profile` callback will return `id`, `name`, `email` and `picture` by default, but you might need more information from the provider. After setting the correct scopes, you can then do something like this:
-
-```js title=/api/auth/[...nextauth].js
-import GoogleProvider from "next-auth/providers/google"
-
-GoogleProvider({
-  clientId: process.env.GOOGLE_CLIENT_ID,
-  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-  profile(profile) {
-    return {
-      // Return all the profile information you need.
-      // The only truly required field is `id`
-      // to be able identify the account when added to a database
-    }
-  },
-})
-```
-
-An example of how to enable automatic account linking:
-
-```js title=/api/auth/[...nextauth].js
-import GoogleProvider from "next-auth/providers/google"
-
-GoogleProvider({
-  clientId: process.env.GOOGLE_CLIENT_ID,
-  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-  allowDangerousEmailAccountLinking: true,
-})
-```
-
-### Adding a new built-in provider
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily!
-
-You only need to add three changes:
-
-1. Add your config: [`src/providers/{provider}.ts`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
-    - Make sure you use a named default export, like this: `export default function YourProvider`
-    - Add two SVG's of the provider logo, like `google-dark.svg` (dark mode) and `google.svg` (light mode), to the `/packages/next-auth/provider-logos/` directory as well as the styling config to the provider config object. See existing provider for example
-2. Add provider documentation: [`/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/docs/docs/providers)
-3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](<[http](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)>)
-
-That's it! 🎉 Others will be able to discover and use this provider much more easily now!

docs/docs/contributors.md

@@ -1,5 +1,4 @@
 ---
-id: contributors
 title: Contributors
 ---
 
@@ -7,11 +6,10 @@ title: Contributors
 
 Without these people, the project could not have become one of the most used authentication library in its category.
 
-- [Iain Collins](https://github.com/iaincollins) - Author
 - [Balázs Orbán](https://github.com/balazsorban44) - **Lead Maintainer**
-- [Nico Domino](https://github.com/ndom91) - Maintainer (Documentation, Core)
+- [Thang Vu](https://github.com/ThangHuuVu) - Maintainer (Core)
+- [Nico Domino](https://github.com/ndom91) - Maintainer (Core, Documentation)
 - [Lluis Agusti](https://github.com/lluia) - Maintainer (Documentation, Testing, TypeScript)
-- [Thang Huu Vu](https://github.com/ThangHuuVu) - Maintainer (Core, TypeScript)
 
 ## Special thanks
 

docs/docs/errors.md

@@ -1,185 +0,0 @@
----
-id: errors
-title: Errors
----
-
-This is a list of errors output from NextAuth.js.
-
-All errors indicate an unexpected problem, you should not expect to see errors.
-
-If you are seeing any of these errors in the console, something is wrong.
-
----
-
-## Client
-
-These errors are returned from the client. As the client is [Universal JavaScript (or "Isomorphic JavaScript")](https://en.wikipedia.org/wiki/Isomorphic_JavaScript) it can be run on the client or server, so these errors can occur both in the terminal and in the browser console.
-
-#### CLIENT_SESSION_ERROR
-
-This error occurs when the `SessionProvider` Context has a problem fetching session data.
-
-#### CLIENT_FETCH_ERROR
-
-If you see `CLIENT_FETCH_ERROR` make sure you have configured the `NEXTAUTH_URL` environment variable.
-
----
-
-## Server
-
-These errors are displayed on the terminal.
-
-### OAuth
-
-#### OAUTH_GET_ACCESS_TOKEN_ERROR
-
-This occurs when there was an error in the POST request to the OAuth provider and we were not able to retrieve the access token.
-
-Please double check your provider settings.
-
-#### OAUTH_V1_GET_ACCESS_TOKEN_ERROR
-
-This error is explicitly related to older OAuth v1.x providers, if you are using one of these, please double check all available settings.
-
-#### OAUTH_GET_PROFILE_ERROR
-
-N/A
-
-#### OAUTH_PARSE_PROFILE_ERROR
-
-This error is a result of either a problem with the provider response or the user canceling the action with the provider, unfortunately, we can't discern which with the information we have.
-
-This error should also log the exception and available `profileData` to further aid debugging.
-
-#### OAUTH_CALLBACK_HANDLER_ERROR
-
-This error will occur when there was an issue parsing the JSON request body, for example.
-
-There should also be further details logged when this occurs, such as the error is thrown, and the request body itself to aid in debugging.
-
----
-
-### Signin / Callback
-
-#### SIGNIN_OAUTH_ERROR
-
-This error occurs during the redirection to the authorization URL of the OAuth provider. Possible causes:
-
-1. Cookie handling
-Either PKCE code verifier or the generation of the CSRF token hash in the internal state failed.
-
-If set, check your [`cookies` configuration](/configuration/options#cookies), and make sure the browser is not blocking/restricting cookies.
-
-2. OAuth misconfiguration
-
-Please check your OAuth provider and make sure your URLs  and other options are correctly set.
-
-If you are using an OAuth v1 provider, check your OAuth v1 provider settings, especially the OAuth token and OAuth token secret.
-
-3. `openid-client` version mismatch
-
-If you are seeing `expected 200 OK with body but no body was returned`, it might have happened due to `openid-client` (which is peer dependency) node version mismatch. For instance, `openid-client` requires `>=14.2.0` for `lts/fermium` and has similar limits for the other versions. For the full list of the compatible node versions please see [package.json](https://github.com/panva/node-openid-client/blob/2a84e46992e1ebeaf685c3f87b65663d126e81aa/package.json#L78).
-
-#### OAUTH_CALLBACK_ERROR
-
-This can occur during the handling of the callback if the `code_verifier` cookie was not found or an invalid state was returned from the OAuth provider.
-
-#### SIGNIN_EMAIL_ERROR
-
-This error can occur when a user tries to sign in via an email link; for example, if the email token could not be generated or the verification request failed.
-
-Please double check your email settings.
-
-#### CALLBACK_EMAIL_ERROR
-
-This can occur during the email callback process. Specifically, if there was an error signing the user in via email, encoding the jwt, etc.
-
-Please double check your Email settings.
-
-#### EMAIL_REQUIRES_ADAPTER_ERROR
-
-The Email authentication provider can only be used if a database is configured.
-
-This is required to store the verification token. Please see the [email provider](/providers/email#configuration) for more details.
-
-#### CALLBACK_CREDENTIALS_JWT_ERROR
-
-The Credentials Provider can only be used if JSON Web Tokens are used for sessions.
-
-JSON Web Tokens are used for Sessions by default if you have not specified a database. However, if you are using a database, then Database Sessions are enabled by default and you need to [explicitly enable JWT Sessions](/configuration/options#session) to use the Credentials Provider.
-
-If you are using a Credentials Provider, NextAuth.js will not persist users or sessions in a database - user accounts used with the Credentials Provider must be created and managed outside of NextAuth.js.
-
-In _most cases_ it does not make sense to specify a database in NextAuth.js options and support a Credentials Provider.
-
-#### CALLBACK_CREDENTIALS_HANDLER_ERROR
-
-This error occurs when there was no `authorize()` handler defined on the credential authentication provider.
-
-#### PKCE_ERROR
-
-The provider you tried to use failed when setting [PKCE or Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636#section-4).
-The `code_verifier` is saved in a cookie called (by default) `__Secure-next-auth.pkce.code_verifier` which expires after 15 minutes.
-Check if `cookies.pkceCodeVerifier` is configured correctly.
-
-The default `code_challenge_method` is `"S256"`. This is currently not configurable to `"plain"`, [as per RFC7636](https://datatracker.ietf.org/doc/html/rfc7636#section-4.2): 
-> If the client is capable of using "S256", it MUST use "S256", as
-  S256" is Mandatory To Implement (MTI) on the server.
-
-#### INVALID_CALLBACK_URL_ERROR
-
-The `callbackUrl` provided was either invalid or not defined. See [specifying a `callbackUrl`](/getting-started/client#specifying-a-callbackurl) for more information.
-
----
-
-### Session Handling
-
-#### JWT_SESSION_ERROR
-
-JWTKeySupport: the key does not support HS512 verify algorithm
-
-The algorithm used for generating your key isn't listed as supported. You can generate a HS512 key using
-
-```
-  jose newkey -s 512 -t oct -a HS512
-```
-
-#### SESSION_ERROR
-
----
-
-### Signout
-
-#### SIGNOUT_ERROR
-
-This error occurs when there was an issue deleting the session from the database, for example.
-
----
-
-### Configuration
-
-#### MISSING_NEXTAUTH_API_ROUTE_ERROR
-
-This error happens when `[...nextauth].js` file is not found inside `pages/api/auth`.
-
-Make sure the file is there and the filename is written correctly.
-
-#### NO_SECRET
-
-In production, we expect you to define a `secret` property in your configuration. In development, this is shown as a warning for convenience. [Read more](/configuration/options#secret)
-
-
-#### AUTH_ON_ERROR_PAGE_ERROR
-
-You have a custom error page defined that was rendered due to an error, but the page also required authentication. To avoid an infinite redirect loop, NextAuth.js bailed out and rendered its default error page instead.
-
-If you are using a Middleware, make sure you include the same `pages` configuration in your `middleware.ts` and `[...nextauth].ts` files. Or use the `matcher` option to only require authentication for certain sites (and exclude your custom error page).
-
-If you do not use a Middleware, make sure you don't try redirecting the user to the sign-in page when hitting your custom error page.
-
-Useful links:
-
-- https://next-auth.js.org/configuration/nextjs#pages
-- https://next-auth.js.org/configuration/pages
-- https://nextjs.org/docs/advanced-features/middleware#matcher
-  

docs/docs/faq.md

@@ -1,380 +0,0 @@
----
-id: faq
-title: Frequently Asked Questions
----
-
-## About NextAuth.js
-
-### Is NextAuth.js commercial software?
-
-NextAuth.js is an open source project built by individual contributors.
-
-It is not commercial software and is not associated with a commercial organization.
-
----
-
-## Compatibility
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What databases does NextAuth.js support?</h3>
-</summary>
-<p>
-
-You can use NextAuth.js with MySQL, MariaDB, Postgres, MongoDB and SQLite or without a database. (See also: [Databases](/configuration/databases))
-
-You can use also NextAuth.js with any database using a custom database adapter, or by using a custom credentials authentication provider - e.g. to support signing in with a username and password stored in an existing database.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What authentication services does NextAuth.js support?</h3>
-</summary>
-<p>
-
-<p>NextAuth.js includes built-in support for signing in with&nbsp;
-{Object.values(require("../providers.json")).sort().join(", ")}.
-(See also: <a href="/configuration/providers/oauth">Providers</a>)
-</p>
-
-NextAuth.js also supports email for passwordless sign in, which is useful for account recovery or for people who are not able to use an account with the configured OAuth services (e.g. due to service outage, account suspension or otherwise becoming locked out of an account).
-
-You can also use a custom based provider to support signing in with a username and password stored in an external database and/or using two factor authentication.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Does NextAuth.js support signing in with a username and password?</h3>
-</summary>
-<p>
-
-NextAuth.js is designed to avoid the need to store passwords for user accounts.
-
-If you have an existing database of usernames and passwords, you can use a custom credentials provider to allow signing in with a username and password stored in an existing database.
-
-_If you use a custom credentials provider user accounts will not be persisted in a database by NextAuth.js (even if one is configured). The option to use JSON Web Tokens for session tokens (which allow sign in without using a session database) must be enabled to use a custom credentials provider._
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with a framework different than Next.js?</h3>
-</summary>
-<p>
-
-NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/example-gatsby" target="_blank">Gatsby</a> and <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-sveltekit" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before open a new issue.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Can session generated by NextAuth.js be used by another website?</h3>
-</summary>
-<p>
-
-**Same domain**: you can create a website that handles sign-in with NextAuth.js and then access those sessions on a website that does not use NextAuth.js as long as the websites are on the same domain.
-
-**Same root domain, different subdomains**: If you use NextAuth.js on a website with a different subdomain than the rest of your website (e.g. `auth.example.com` vs. `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/configuration/options#cookies)).
-
-:::warning
-Changing the default cookies domain policy can lead to security issues if done incorrectly. Make sure you're aware of the implications before proceeding.
-:::
-
-A working example can be found at <a href="https://github.com/vercel/examples/tree/main/solutions/subdomain-auth" target="_blank">this example repo</a>.
-
-**Different root domains**: NextAuth.js does not currently support automatically signing into sites on different top-level domains (e.g. `www.example.com` vs. `www.example.org`) using a single session.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with React Native?</h3>
-</summary>
-<p>
-
-NextAuth.js is designed as a secure, confidential client and implements a server side authentication flow.
-
-It is not intended to be used in native applications on desktop or mobile applications, which typically implement public clients (e.g. with client / secrets embedded in the application).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Is NextAuth.js supporting TypeScript?</h3>
-</summary>
-<p>
-
-Yes! Check out the [TypeScript docs](/getting-started/typescript)
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Is NextAuth.js compatible with Next.js 12 Middleware?</h3>
-</summary>
-<p>
-
-[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to the [this page](/configuration/nextjs#middleware)
-
-</p>
-</details>
-
----
-
-## Databases
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What databases are supported by NextAuth.js?</h3>
-</summary>
-<p>
-
-NextAuth.js can be used with MySQL, Postgres, MongoDB, SQLite and compatible databases (e.g. MariaDB, Amazon Aurora, Amazon DocumentDB…) or with no database.
-
-It also provides an Adapter API which allows you to connect it to any database.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What does NextAuth.js use databases for?</h3>
-</summary>
-<p>
-
-Databases in NextAuth.js are used for persisting users, OAuth accounts, email sign in tokens and sessions.
-
-Specifying a database is optional if you don't need to persist user data or support email sign in. If you don't specify a database then JSON Web Tokens will be enabled for session storage and used to store session data.
-
-If you are using a database with NextAuth.js, you can still explicitly enable JSON Web Tokens for sessions (instead of using database sessions).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Should I use a database?</h3>
-</summary>
-<p>
-
-- Using NextAuth.js without a database works well for internal tools - where you need to control who is able to sign in, but when you do not need to create user accounts for them in your application.
-
-- Using NextAuth.js with a database is usually a better approach for a consumer facing application where you need to persist accounts (e.g. for billing, to contact customers, etc).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What database should I use?</h3>
-</summary>
-<p>
-
-Managed database solutions for MySQL, Postgres and MongoDB (and compatible databases) are well supported from cloud providers such as Amazon, Google, Microsoft and Atlas.
-
-If you are deploying directly to a particular cloud platform you may also want to consider serverless database offerings they have (e.g. [Amazon Aurora Serverless on AWS](https://aws.amazon.com/rds/aurora/serverless/)).
-
-</p>
-</details>
-
----
-
-## Security
-
-Parts of this section has been moved to its [own page](/security).
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>How do I get Refresh Tokens and Access Tokens for an OAuth account?</h3>
-</summary>
-<p>
-
-NextAuth.js provides a solution for authentication, session management and user account creation.
-
-NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by the provider) and it will pass them, along with the User ID, Provider and Provider Account ID, to either:
-
-1. A database - if a database connection string is provided
-2. The JSON Web Token callback - if JWT sessions are enabled (e.g. if no database specified)
-
-You can then look them up from the database or persist them to the JSON Web Token.
-
-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.
-
-We also have an [example repository](https://github.com/nextauthjs/next-auth-refresh-token-example) / project based upon NextAuth.js v4 where we demonstrate how to use a refresh token to refresh the provided access token.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>When I sign in with another account with the same email address, why are accounts not linked automatically?</h3>
-</summary>
-<p>
-
-Automatic account linking on sign in is not secure between arbitrary providers - with the exception of allowing users to sign in via an email addresses as a fallback (as they must verify their email address as part of the flow).
-
-When an email address is associated with an OAuth account it does not necessarily mean that it has been verified as belonging to account holder — how email address verification is handled is not part of the OAuth specification and varies between providers (e.g. some do not verify first, some do verify first, others return metadata indicating the verification status).
-
-With automatic account linking on sign in, this can be exploited by bad actors to hijack accounts by creating an OAuth account associated with the email address of another user.
-
-For this reason it is not secure to automatically link accounts between arbitrary providers on sign in, which is why this feature is generally not provided by authentication service and is not provided by NextAuth.js.
-
-Automatic account linking is seen on some sites, sometimes insecurely. It can be technically possible to do automatic account linking securely if you trust all the providers involved to ensure they have securely verified the email address associated with the account, but requires placing trust (and transferring the risk) to those providers to handle the process securely.
-
-Examples of scenarios where this is secure include with an OAuth provider you control (e.g. that only authorizes users internal to your organization) or with a provider you explicitly trust to have verified the users email address.
-
-Automatic account linking is not a planned feature of NextAuth.js, however there is scope to improve the user experience of account linking and of handling this flow, in a secure way. Typically this involves providing a fallback option to sign in via email, which is already possible (and recommended), but the current implementation of this flow could be improved on.
-
-Providing support for secure account linking and unlinking of additional providers - which can only be done if a user is already signed in already - was originally a feature in v1.x but has not been present since v2.0, is planned to return in a future release.
-
-:::note
-If the user first signs in using Email and then tries to sign in again using an OAuth provider, NextAuth.js default behavior is to allow account linking even if the OAuth account's email address does not match the previous email address of the user.
-:::
-
-</p>
-</details>
-
----
-
-## Feature Requests
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Why doesn't NextAuth.js support [a particular feature]?</h3>
-</summary>
-<p>
-
-NextAuth.js is an open source project built by individual contributors who are volunteers writing code and providing support in their spare time.
-
-If you would like NextAuth.js to support a particular feature, the best way to help make it happen is to raise a feature request describing the feature and offer to work with other contributors to develop and test it.
-
-If you are not able to develop a feature yourself, you can offer to sponsor someone to work on it.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>I disagree with a design decision, how can I change your mind?</h3>
-</summary>
-<p>
-
-Product design decisions on NextAuth.js are made by core team members.
-
-You can raise suggestions as feature requests / requests for enhancement.
-
-Requests that provide the detail requested in the template and follow the format requested may be more likely to be supported, as additional detail prompted in the templates often provides important context.
-
-Ultimately if your request is not accepted or is not actively in development, you are always free to fork the project under the terms of the ISC License.
-
-</p>
-</details>
-
----
-
-## JSON Web Tokens
-
-<details>
-<summary>
-  <h3>Does NextAuth.js use JSON Web Tokens?</h3>
-</summary>
-<p>
-
-NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/adapters/overview), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/configuration/options#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What are the advantages of JSON Web Tokens?</h3>
-</summary>
-<p>
-
-JSON Web Tokens can be used for session tokens, but are also used for lots of other things, such as sending signed objects between services in authentication flows.
-
-- Advantages of using a JWT as a session token include that they do not require a database to store sessions, this can be faster and cheaper to run and easier to scale.
-
-- JSON Web Tokens in NextAuth.js are secured using cryptographic encryption (JWE) to store the included information directly in a JWT session token. You may then use the token to pass information between services and APIs on the same domain without having to contact a database to verify the included information.
-
-- You can use JWT to securely store information you do not mind the client knowing even without encryption, as the JWT is stored in a server-readable-only cookie so data in the JWT is not accessible to third party JavaScript running on your site.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What are the disadvantages of JSON Web Tokens?</h3>
-</summary>
-<p>
-
-- You cannot as easily expire a JSON Web Token - doing so requires maintaining a server side blocklist of invalid tokens (at least until they expire) and checking every token against the list every time a token is presented.
-
-  Shorter session expiry times are used when using JSON Web Tokens as session tokens to allow sessions to be invalidated sooner and simplify this problem.
-
-  NextAuth.js client includes advanced features to mitigate the downsides of using shorter session expiry times on the user experience, including automatic session token rotation, optionally sending keep alive messages to prevent short lived sessions from expiring if there is an window or tab open, background re-validation, and automatic tab/window syncing that keeps sessions in sync across windows any time session state changes or a window or tab gains or loses focus.
-
-- As with database session tokens, JSON Web Tokens are limited in the amount of data you can store in them. There is typically a limit of around 4096 bytes per cookie, though the exact limit varies between browsers, proxies and hosting services. If you want to support most browsers, then do not exceed 4096 bytes per cookie. If you want to save more data, you will need to persist your sessions in a database (Source: [browsercookielimits.iain.guru](http://browsercookielimits.iain.guru/))
-
-  The more data you try to store in a token and the more other cookies you set, the closer you will come to this limit. Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing. However since this data needs to be transmitted on every request, if you wish to store more than ~4 KB of data you're probably at the point where you want to store a unique ID in the token and persist the data elsewhere (e.g. in a server-side key/value store).
-
-- Data stored in an encrypted JSON Web Token (JWE) may be compromised at some point.
-
-  Even if appropriately configured, information stored in an encrypted JWT should not be assumed to be impossible to decrypt at some point - e.g. due to the discovery of a defect or advances in technology.
-
-  Avoid storing any data in a token that might be problematic if it were to be decrypted in the future.
-
-- If you do not explicitly specify a secret for NextAuth.js, existing sessions will be invalidated any time your NextAuth.js configuration changes, as NextAuth.js will default to an auto-generated secret. Since v4 this only impacts development and generating a secret is required in production.
-
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>Are JSON Web Tokens secure?</h3>
-</summary>
-<p>
-
-By default tokens are not signed (JWS) but are encrypted (JWE). Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing.
-
-You can specify other valid algorithms - [as specified in RFC 7518](https://tools.ietf.org/html/rfc7517) - with either a secret (for symmetric encryption) or a public/private key pair (for asymmetric encryption).
-
-NextAuth.js will generate keys for you, but this will generate a warning at start up.
-
-Using explicit public/private keys for signing is strongly recommended.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What signing and encryption standards does NextAuth.js support?</h3>
-</summary>
-<p>
-
-NextAuth.js includes a largely complete implementation of JSON Object Signing and Encryption (JOSE):
-
-- [RFC 7515 - JSON Web Signature (JWS)](https://tools.ietf.org/html/rfc7515)
-- [RFC 7516 - JSON Web Encryption (JWE)](https://tools.ietf.org/html/rfc7516)
-- [RFC 7517 - JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517)
-- [RFC 7518 - JSON Web Algorithms (JWA)](https://tools.ietf.org/html/rfc7518)
-- [RFC 7519 - JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519)
-
-This incorporates support for:
-
-- [RFC 7638 - JSON Web Key Thumbprint](https://tools.ietf.org/html/rfc7638)
-- [RFC 7787 - JSON JWS Unencoded Payload Option](https://tools.ietf.org/html/rfc7797)
-- [RFC 8037 - CFRG Elliptic Curve ECDH and Signatures](https://tools.ietf.org/html/rfc8037)
-
-</p>
-</details>

docs/docs/getting-started/01-introduction.md

@@ -8,14 +8,18 @@ NextAuth.js is a complete open-source authentication solution for [Next.js](http
 
 It is designed from the ground up to support Next.js and Serverless.
 
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.
+Check our tutorials to see how easy it is to use Auth.js for authentication:
+
+- [Setup with OAuth](/getting-started/oauth-tutorial)
+- [Setup with magic links](/getting-started/email-tutorial)
+- [Integrating with external auth](/getting-started/credentials-tutorial)
 
 ### Flexible and easy to use
 
-- Designed to work with any [OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect](/providers)
-- Built-in support for [many popular sign-in services](/configuration/providers/oauth)
-- Supports [email / passwordless authentication](/providers/email)
-- Supports stateless authentication with [any backend](/adapters/overview) (Active Directory, LDAP, etc)
+- Designed to work with any OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect
+- Built-in support for [many popular sign-in services](/reference/providers/oauth-builtin)
+- Supports [email / passwordless authentication](/getting-started/email-tutorial)
+- Supports stateless authentication with [any backend](/getting-started/credentials-tutorial) (Active Directory, LDAP, etc)
 - Supports both JSON Web Tokens and database sessions
 - Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
 
@@ -25,7 +29,7 @@ NextAuth.js can be used with or without a database.
 
 - An open-source solution that allows you to keep control of your data
 - Supports Bring Your Own Database (BYOD) and can be used with any database
-- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/configuration/databases)
+- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/getting-started/databases)
 - Works great with databases from popular hosting providers
 - Can also be used _without a database_ (e.g. OAuth + JWT)
 
@@ -49,7 +53,3 @@ Advanced options allow you to define your own routines to handle controlling wha
 NextAuth.js is an open-source project that is only possible [thanks to contributors](/contributors).
 
 If you would like to financially support the development of NextAuth.js, you can find more information on our [OpenCollective](https://opencollective.com/nextauth) page.
-
-## Getting Started
-
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.

docs/docs/getting-started/02-oauth-tutorial.mdx

@@ -1,6 +1,7 @@
 ---
 title: OAuth authentication
 ---
+
 import creatingOauthAppImg from "./img/getting-started-creating-oauth-app.png"
 import addingCallbackUrlImg from "./img/getting-started-oauth-callback-url.png"
 import gettingClientIdSecretImg from "./img/getting-started-oauth-clientid-secret.png"
@@ -8,13 +9,12 @@ import startAppAndSignInImg from "./img/getting-started-app-start.png"
 import githubAuthCredentials from "./img/getting-started-github-auth.png"
 import nextAuthUserLoggedIn from "./img/getting-started-nextauth-success.png"
 
-
 We know, authentication is hard. Is a rabbit hole and it's easy to get lost on it. The goal of making NextAuth.js is that you can add authentication easily to your project with just a few lines of code.
 
 The easiest way is to setup NextAuth.js with an [OAuth](https://en.wikipedia.org/wiki/OAuth) provider. In this tutorial we'll be setting NextAuth.js in a **Next.js app** to be able to login with **Github**.
 
 :::info
-NextAuth.js comes with a long list of [built-in providers](/reference/Providers/) (Google, Facebook, Twitter, etc...) you can also integrate it with your own OAuth service easily by [building a custom provider](/beta/guides/oauth/custom-provider). NextAuth.js can integrate as well with other frameworks like SvelteKit and Gatsby.
+NextAuth.js comes with a long list of [built-in providers](/reference/providers/oauth-builtin) (Google, Facebook, Twitter, etc...) you can also integrate it with your own OAuth service easily by [building a custom provider](/guides/providers/custom-provider). NextAuth.js can integrate as well with other frameworks like SvelteKit and Gatsby.
 :::
 
 ## 1. Configuring NextAuth.js
@@ -63,12 +63,12 @@ $ openssl rand -base64 32
 or https://generate-secret.vercel.app/32 to generate a random value for it.
 
 :::info
-NextAuth.js is extremely customizable, [our guides section](/beta/guides/overview) will teach you how you can set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/server/configuration).
+NextAuth.js is extremely customizable, [our guides section](/guides/overview) will teach you how you can set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
 :::
 
 ### Exposing the session via provider
 
-To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/getting-started/client#sessionprovider), at the top level of your application:
+To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/reference/react/#sessionprovider), at the top level of your application:
 
 ```ts title="pages/_app.ts"
 import { SessionProvider } from "next-auth/react"
@@ -88,12 +88,12 @@ export default function App({
 Instances of `useSession` (more on it in the next section) will then have access to the session data and status. The `<SessionProvider />` also takes care of keeping the session updated and synced between browser tabs and windows. 💪🏽
 
 :::tip
-Check our [client docs](/reference/client/introduction) to learn all the available options for handling sessions on the browser.
+Check our [client docs](/reference/react/) to learn all the available options for handling sessions on the browser.
 :::
 
 ### Consuming the session via hooks
 
-NextAuth.js exposes a [`useSession()`](/getting-started/client#usesession) React Hook so that you can easily check if someone is signed in:
+NextAuth.js exposes a [`useSession()`](/reference/react/#usesession) React Hook so that you can easily check if someone is signed in:
 
 ```ts title="pages/overview.tsx"
 import { useSession, signIn, signOut } from "next-auth/react"
@@ -129,7 +129,7 @@ You can use the `useSession` hook from anywhere in your application (e.g. in a h
 
 ### Protecting API Routes
 
-Protecting your custom API Routes (.i.e not allowing a resource to be accessed in case the user is not logged in) is easy! You can use [`getSession()`](/getting-started/client#getsession) to know whether a session exists or not:
+Protecting your custom API Routes (.i.e not allowing a resource to be accessed in case the user is not logged in) is easy! You can use [`getSession()`](/reference/utilities/#getsession) to know whether a session exists or not:
 
 ```ts title="pages/api/movies/list.ts"
 import { getSession } from "next-auth/react"
@@ -171,10 +171,13 @@ Next you'll be presented with a screen to add details about your new application
 <img src={addingCallbackUrlImg} />
 
 The callback URL we insert should have the following pattern:
+
 ```
 [origin]/api/auth/callback/[provider]
 ```
+
 In this case, given we want to try our authentication working locally on our machine and we're using **Github** as our OAuth provider, it'll be:
+
 ```
 http://localhost:3000/api/auth/callback/github
 ```
@@ -194,6 +197,7 @@ The Client ID is always there, a public identifier of your OAuth application wit
 :::
 
 Now let's copy both the Client ID and Client Secret and paste them in an environment file in the root of your project like so:
+
 ```title=".env.local"
 GITHUB_ID=12345
 GITHUB_SECRET=67890
@@ -205,11 +209,12 @@ Cool! We have finished the configuring our OAuth provider, now let's wire all to
 As noted previously, NextAuth.js has built-in support for multiple OAuth providers, <a href="">here the full list</a>. You can also easily build your own in case the provider you need is not on the list.
 
 Note that, for each provider, the configuration process will be similar to what we just did:
+
 1. Log in to the provider
 2. Create create your OAuth application within it
 3. Set the callback URL
 4. Get the Client ID and Generate a Client Secret
-:::
+   :::
 
 ## 3. Wiring all together
 
@@ -230,9 +235,11 @@ export default NextAuth({
 ```
 
 Great! We're now ready to run our application locally. Start the Next.js app by running on your terminal the following command and navigating to [`http://localhost:3000`](http://localhost:3000):
+
 ```
 $ npm run next dev
 ```
+
 You should see the following page:
 
 <img src={startAppAndSignInImg} />
@@ -257,20 +264,23 @@ You can create your own Sign In page instead of using the default one from NextA
 
 It's normal to test your application under different environments. Usually you'll have a development environment (when you run the application locally in your machine), a staging environment (for teams members to try the application) and a production environment.
 
-For each environment, you're going to need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it. 
+For each environment, you're going to need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it.
 
 For instance in the previous section, we pointed the callback URL to:
+
 ```
 http://localhost:3000/api/auth/callback/github
-``` 
+```
+
 as we wanted to test our application in the development environment.
 
 If we were to deploy our app to production, we would need to create again a new **OAuth App** in Github (calling it something like "Van life – prod") and point the **callback URL** to our production domain:
+
 ```
 https://example.com/api/auth/callback/github
 ```
 
-Finally, we would need just to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run against. 
+Finally, we would need just to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run against.
 
 ### Setting up `NEXTAUTH_URL`
 
@@ -286,6 +296,4 @@ In production, this needs to be set as an environment variable on the service yo
 To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `vercel env pull` [command](https://vercel.com/docs/build-step#development-environment-variables).
 :::
 
-For more information please check out our [deployment page](/deployment).
-
-
+For more information please check out our [deployment page](/guides/basics/deployment).

docs/docs/getting-started/03-email-tutorial.mdx

@@ -19,7 +19,7 @@ The Email provider can be used in conjunction with (or instead of) one or more O
 On initial sign in, a **Verification Token** is sent to the email address provided. By default this token **is valid for 24 hours**. If the Verification Token is used within that time (i.e. by clicking on the link in the email) an account is created for the user and they are signed in.
 
 :::tip
-The Email Provider can be used with both JSON Web Tokens and database sessions, but you [must configure a database adapter](/beta/guides/adapters/setting-up-a-database-adapter) to use it. It is not possible to enable email sign in without using a database.
+The Email Provider can be used with both JSON Web Tokens and database sessions, but you [must configure a database adapter](/guides/adapters/using-a-database-adapter) to use it. It is not possible to enable email sign in without using a database.
 :::
 
 ## 1. Installing `nodemailer`
@@ -45,6 +45,7 @@ First create an account in and then login to the dashboard, then navigate to "Se
 <img src={smtpConfig} />
 
 Next paste the API in your terminal as so, and run the command:
+
 ```bash
 echo -n '<YOUR_API_KEY>' | openssl base64
 ```
@@ -75,10 +76,10 @@ export default NextAuth({
         port: Number(process.env.EMAIL_SERVER_PORT),
         auth: {
           user: process.env.EMAIL_SERVER_USER,
-          pass: process.env.EMAIL_SERVER_PASSWORD
-        }
+          pass: process.env.EMAIL_SERVER_PASSWORD,
+        },
       },
-      from: process.env.EMAIL_FROM
+      from: process.env.EMAIL_FROM,
     }),
   ],
 })
@@ -135,6 +136,7 @@ if (process.env.NODE_ENV === "development") {
 // separate module, the client can be shared across functions.
 export default clientPromise
 ```
+
 And now let's reference this new adapter from our NextAuth.js configuration file:
 
 ```diff title="pages/api/auth/[...nextauth].ts"
@@ -166,14 +168,14 @@ export default NextAuth({
 
 Now that everything is properly configured, let's try to sign in via email on our application.
 
-Let's start by running a Next.js application with NextAuth, making sure the **EmailProvider** and a Database Adapter are properly configured as per the instructions above. 
+Let's start by running a Next.js application with NextAuth, making sure the **EmailProvider** and a Database Adapter are properly configured as per the instructions above.
 
 For this tutorial we're gonna be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
 
 <img src={startPageImg} alt="Screenshot of sign in page" />
 
 :::info
-You can customize the look and feel of your Sign in page pretty easily with NextAuth. Refer to our [pages guide](/beta/guides/basics/pages) for that!
+You can customize the look and feel of your Sign in page pretty easily with NextAuth. Refer to our [pages guide](/guides/basics/pages) for that!
 :::
 
 Then we insert the email address we want to log-in with in the Email credentials section and click on "Sign in with Email".
@@ -197,8 +199,3 @@ Easy right? We had to configure Sendgrid and install a database adapter so the u
 :::info
 A user account (i.e. an entry in the Users table) will not be created for the user until the first time they verify their email address. If an email address is already associated with an account, the user will be signed in to that account when they use the link in the email.
 :::
-
-
-
-
-

docs/docs/getting-started/04-credentials-tutorial.mdx

@@ -24,12 +24,12 @@ export default NextAuth({
   providers: [
     CredentialsProvider({
       async authorize(credentials) {
-        const authResponse = await fetch('/users/login', {
-          method: 'POST',
+        const authResponse = await fetch("/users/login", {
+          method: "POST",
           headers: {
-            'Content-Type': 'application/json'
+            "Content-Type": "application/json",
           },
-          body: JSON.stringify(credentials)
+          body: JSON.stringify(credentials),
         })
 
         if (!authResponse.ok) {
@@ -45,11 +45,12 @@ export default NextAuth({
 })
 ```
 
-Note that we only need to define an `authorize` method that is in charge of receiving the credentials inserted by the user and call the authorization service.  
+:::note
+Check the [Credentials Provider options](/reference/providers/credentials) for further customization
+:::
+
+Note that we only need to define an `authorize` method that is in charge of receiving the credentials inserted by the user and call the authorization service.
 
 :::info
 If you're using TypeScript, you can [augment the `User` interface](/getting-started/typescript#module-augmentation) to match the response of your `authorize` callback, so whenever you read the user in other callbacks (like the `jwt`) the type will match correctly.
 :::
-
-
-

docs/docs/getting-started/06-databases.md

@@ -0,0 +1,18 @@
+---
+title: Databases
+---
+
+NextAuth.js offers multiple database adapters. Check our guides on:
+
+- [using a database adapter](/guides/adapters/using-a-database-adapter)
+- [creating your own](/guides/adapters/creating-a-database-adapter)
+
+> As of **v4** NextAuth.js no longer ships with an adapter included by default. If you would like to persist any information, you need to install one of the many available adapters yourself. See the individual adapter documentation pages for more details.
+
+To learn more about databases in NextAuth.js and how they are used, check out [databases in the FAQ](/concepts/faq#databases).
+
+---
+
+## How to use a database
+
+See the [documentation for adapters](/reference/adapters/overview) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/guides/adapters/creating-a-database-adapter).

docs/docs/getting-started/07-security.md

@@ -1,4 +1,6 @@
-# Security
+---
+title: Security
+---
 
 ## Reporting a Vulnerability
 

docs/docs/getting-started/08-upgrade-to-v4.md

@@ -39,8 +39,8 @@ For example:
 
 We've also made the following changes to the names of the exports:
 
-- `setOptions`: Not exposed anymore, use [`SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
-- `options`: Not exposed anymore, [use `SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
+- `setOptions`: Not exposed anymore, use [`SessionProvider` props](/reference/react/#sessionprovider)
+- `options`: Not exposed anymore, [use `SessionProvider` props](/reference/react/#sessionprovider)
 - `session`: Renamed to `getSession`
 - `providers`: Renamed to `getProviders`
 - `csrfToken`: Renamed to `getCsrfToken`
@@ -107,7 +107,7 @@ The following new options are available when defining your Providers in the conf
 3. `userinfo` (replaces `profileUrl`)
 4. `issuer`(replaces `domain`)
 
-For more details on their usage, please see [options](/configuration/providers/oauth#options) section of the OAuth Provider documentation.
+For more details on their usage, please see [options](/reference/providers/oauth) section of the OAuth Provider documentation.
 
 When submitting a new OAuth provider to the repository, the `profile` callback is expected to only return these fields from now on: `id`, `name`, `email`, and `image`. If any of these are missing values, they should be set to `null`.
 
@@ -126,7 +126,7 @@ The `useSession` hook has been updated to return an object. This allows you to t
 + const loading = status === "loading"
 ```
 
-[Check the docs](https://next-auth.js.org/getting-started/client#usesession) for the possible values of both `session.status` and `session.data`.
+[Check the docs](/reference/react/#usesession) for the possible values of both `session.status` and `session.data`.
 
 Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.18
 
@@ -179,7 +179,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.2
 
 ## JWT configuration
 
-We have removed some of the [configuration options](/configuration/options) when using JSON Web Tokens, [here's the PR](https://github.com/nextauthjs/next-auth/pull/3039) for more context.
+We have removed some of the [configuration options](/reference/configuration/auth-config) when using JSON Web Tokens, [here's the PR](https://github.com/nextauthjs/next-auth/pull/3039) for more context.
 
 ```diff
 export default NextAuth({
@@ -239,7 +239,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.1
 
 ## `nodemailer`
 
-Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/configuration/providers/email#options-1#:~:text=sendVerificationRequest) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
+Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/reference/providers/email) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
 
 Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.2
 
@@ -259,7 +259,7 @@ theme: {
 
 The hope is that with some minimal configuration / customization options, users won't immediately feel the need to replace the built-in pages with their own.
 
-More details and screenshots of the new theme options can be found under [configuration/pages](https://next-auth.js.org/configuration/pages#theming).
+More details and screenshots of the new theme options can be found under [custom pages tutorial](/guides/basics/pages).
 
 Introduced in https://github.com/nextauthjs/next-auth/pull/2788
 
@@ -286,7 +286,7 @@ Introduced in https://github.com/nextauthjs/next-auth/pull/3144
 
 Most importantly, the core `next-auth` package no longer ships with `typeorm` or any other database adapter by default. This brings the default bundle size down significantly for those not needing to persist user data to a database.
 
-You can find the official Adapters in the `packages` directory in the primary monorepo ([nextauthjs/next-auth](https://github.com/nextauthjs/next-auth)). Although you can still [create your own](/tutorials/creating-a-database-adapter) with a new, [simplified Adapter API](https://github.com/nextauthjs/next-auth/pull/2361).
+You can find the official Adapters in the `packages` directory in the primary monorepo ([nextauthjs/next-auth](https://github.com/nextauthjs/next-auth)). Although you can still [create your own](/guides/adapters/creating-a-database-adapter) with a new, [simplified Adapter API](https://github.com/nextauthjs/next-auth/pull/2361).
 
 If you have a database that was created with a `3.x.x` or earlier version of NextAuth.js, you will need to run a migration to update the schema to the new version 4 database model. See the bottom of this migration guide for database specific migration examples.
 
@@ -310,7 +310,7 @@ export default NextAuth({
 
 3. The `typeorm-legacy` adapter has been upgraded to use the newer adapter API, but has retained the `typeorm-legacy` name. We aim to migrate this to individual lighter weight adapters for each database type in the future, or switch out `typeorm`.
 
-4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](/adapters/mongodb).
+4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](/reference/adapters/mongodb).
 
 Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8 and https://github.com/nextauthjs/next-auth/pull/2361
 
@@ -318,7 +318,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8
 
 **This does not require any changes from the user - these are adapter specific changes only**
 
-The Adapter API has been rewritten and significantly simplified in NextAuth v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](/adapters/models/#verification-token).
+The Adapter API has been rewritten and significantly simplified in NextAuth v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](/reference/adapters/models/#verification-token).
 
 If you are an adapter maintainer or are interested in writing your own adapter, you can find more information about this change in https://github.com/nextauthjs/next-auth/pull/2361 and release https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.22.
 
@@ -404,7 +404,7 @@ VerificationToken {
 </pre>
 </details>
 
-For more info, see the [Models page](/adapters/models).
+For more info, see the [Models page](/reference/adapters/models).
 
 ### Database migration
 
@@ -575,7 +575,7 @@ db.getCollection('sessions').updateMany({}, {
 
 ## Missing `secret`
 
-NextAuth.js used to generate a secret for convenience, when the user did not define one. This might have been useful in development, but can be a concern in production. We have always been clear about that in the docs, but from now on, if you forget to define a `secret` property in production, we will show the user an error page. Read more about this option [here](https://next-auth.js.org/configuration/options#secret)
+NextAuth.js used to generate a secret for convenience, when the user did not define one. This might have been useful in development, but can be a concern in production. We have always been clear about that in the docs, but from now on, if you forget to define a `secret` property in production, we will show the user an error page. Read more about this option [here](/reference/configuration/auth-config#secret)
 
 You can generate a secret to be placed in the `secret` configuration option via the following command:
 
@@ -599,11 +599,11 @@ Introduced in https://github.com/nextauthjs/next-auth/issues/3143
 
 ## Session `strategy`
 
-We have always supported two different session strategies. The first being our most popular and default strategy - the JWT based one. The second is the database adapter persisted session strategy. Both have their advantages/disadvantages, you can learn more about them on the [FAQ](https://next-auth.js.org/faq) page.
+We have always supported two different session strategies. The first being our most popular and default strategy - the JWT based one. The second is the database adapter persisted session strategy. Both have their advantages/disadvantages, you can learn more about them on the [FAQ](/concepts/faq) page.
 
 Previously, the way you configured this was through the `jwt: boolean` flag in the `session` option. The names `session` and `jwt` might have been a bit overused in the options, and so for a clearer message, we renamed this option to `strategy: "jwt" | "database"`, it is still in the `session` object. This will hopefully better indicate the purpose of this option as well as make very explicit which type of session you are going to use.
 
-See the [`session` option docs](https://next-auth.js.org/configuration/options#session) for more details.
+See the [`session` option docs](/reference/configuration/auth-config#session) for more details.
 
 Introduced in https://github.com/nextauthjs/next-auth/pull/3144
 

docs/docs/getting-started/client.md

@@ -1,532 +0,0 @@
----
-id: client
-title: Client API
----
-
-The NextAuth.js client library makes it easy to interact with sessions from React applications.
-
-#### Example Session Object
-
-```ts
-{
-  user: {
-    name: string
-    email: string
-    image: string
-  },
-  expires: Date // This is the expiry of the session, not any of the tokens within the session
-}
-```
-
-:::tip
-The session data returned to the client does not contain sensitive information such as the Session Token or OAuth tokens. It contains a minimal payload that includes enough data needed to display information on a page about the user who is signed in for presentation purposes (e.g name, email, image).
-
-You can use the [session callback](/configuration/callbacks#session-callback) to customize the session object returned to the client if you need to return additional data in the session object.
-:::
-
-:::note
-The `expires` value is rotated, meaning whenever the session is retrieved from the [REST API](/getting-started/rest-api), this value will be updated as well, to avoid session expiry.
-:::
-
----
-
-## useSession()
-
-- Client Side: **Yes**
-- Server Side: No
-
-The `useSession()` React Hook in the NextAuth.js client is the easiest way to check if someone is signed in.
-
-Make sure that [`<SessionProvider>`](#sessionprovider) is added to `pages/_app.js`.
-
-#### Example
-
-```jsx
-import { useSession } from "next-auth/react"
-
-export default function Component() {
-  const { data: session, status } = useSession()
-
-  if (status === "authenticated") {
-    return <p>Signed in as {session.user.email}</p>
-  }
-
-  return <a href="/api/auth/signin">Sign in</a>
-}
-```
-
-`useSession()` returns an object containing two values: `data` and `status`:
-
-- **`data`**: This can be three values: [`Session`](https://github.com/nextauthjs/next-auth/blob/8ff4b260143458c5d8a16b80b11d1b93baa0690f/types/index.d.ts#L437-L444) / `undefined` / `null`.
-  - when the session hasn't been fetched yet, `data` will be `undefined`
-  - in case it failed to retrieve the session, `data` will be `null`
-  - in case of success, `data` will be [`Session`](https://github.com/nextauthjs/next-auth/blob/8ff4b260143458c5d8a16b80b11d1b93baa0690f/types/index.d.ts#L437-L444).
-- **`status`**: enum mapping to three possible session states: `"loading" | "authenticated" | "unauthenticated"`
-
-### Require session
-
-Due to the way how Next.js handles `getServerSideProps` and `getInitialProps`, every protected page load has to make a server-side request to check if the session is valid and then generate the requested page (SSR). This increases server load, and if you are good with making the requests from the client, there is an alternative. You can use `useSession` in a way that makes sure you always have a valid session. If after the initial loading state there was no session found, you can define the appropriate action to respond.
-
-The default behavior is to redirect the user to the sign-in page, from where - after a successful login - they will be sent back to the page they started on. You can also define an `onUnauthenticated()` callback, if you would like to do something else:
-
-#### Example
-
-```jsx title="pages/protected.jsx"
-import { useSession } from "next-auth/react"
-
-export default function Admin() {
-  const { status } = useSession({
-    required: true,
-    onUnauthenticated() {
-      // The user is not authenticated, handle it here.
-    },
-  })
-
-  if (status === "loading") {
-    return "Loading or not authenticated..."
-  }
-
-  return "User is logged in"
-}
-```
-
-### Custom Client Session Handling
-
-Due to the way Next.js handles `getServerSideProps` / `getInitialProps`, every protected page load has to make a server-side request to check if the session is valid and then generate the requested page. This alternative solution allows for showing a loading state on the initial check and every page transition afterward will be client-side, without having to check with the server and regenerate pages.
-
-```js title="pages/admin.jsx"
-export default function AdminDashboard() {
-  const { data: session } = useSession()
-  // session is always non-null inside this page, all the way down the React tree.
-  return "Some super secret dashboard"
-}
-
-AdminDashboard.auth = true
-```
-
-```jsx title="pages/_app.jsx"
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session}>
-      {Component.auth ? (
-        <Auth>
-          <Component {...pageProps} />
-        </Auth>
-      ) : (
-        <Component {...pageProps} />
-      )}
-    </SessionProvider>
-  )
-}
-
-function Auth({ children }) {
-  // if `{ required: true }` is supplied, `status` can only be "loading" or "authenticated"
-  const { status } = useSession({ required: true })
-
-  if (status === "loading") {
-    return <div>Loading...</div>
-  }
-
-  return children
-}
-```
-
-It can be easily extended/modified to support something like an options object for role based authentication on pages. An example:
-
-```jsx title="pages/admin.jsx"
-AdminDashboard.auth = {
-  role: "admin",
-  loading: <AdminLoadingSkeleton />,
-  unauthorized: "/login-with-different-user", // redirect to this url
-}
-```
-
-Because of how `_app` is written, it won't unnecessarily contact the `/api/auth/session` endpoint for pages that do not require authentication.
-
-More information can be found in the following [GitHub Issue](https://github.com/nextauthjs/next-auth/issues/1210).
-
-### NextAuth.js + React Query
-
-You can create your own session management solution using data fetching libraries like [React Query](https://tanstack.com/query/v4/docs/adapters/react-query) or [SWR](https://swr.vercel.app). You can use the [original implementation of `@next-auth/react-query`](https://github.com/nextauthjs/react-query) and look at the [`next-auth/react` source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/react/index.tsx) as a starting point.
-
----
-
-## getSession()
-
-- Client Side: **Yes**
-- Server Side: **No** (See: [`unstable_getServerSession()`](/configuration/nextjs#unstable_getserversession)
-
-NextAuth.js provides a `getSession()` helper which should be called **client side only** to return the current active session.
-
-On the server side, **this is still available to use**, however, we recommend using `unstable_getServerSession` going forward. The idea behind this is to avoid an additional unnecessary `fetch` call on the server side. For more information, please check out [this issue](https://github.com/nextauthjs/next-auth/issues/1535).
-
-:::note
-The `unstable_getServerSession` only has the prefix `unstable_` at the moment, because the API may change in the future. There are no known bugs at the moment and it is safe to use. If you discover any issues, please do report them as a [GitHub Issue](https://github.com/nextauthjs/next-auth/issues) and we will patch them as soon as possible.
-:::
-
-This helper is helpful in case you want to read the session outside of the context of React.
-
-When called, `getSession()` will send a request to `/api/auth/session` and returns a promise with a [session object](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/types.ts#L407-L425), or `null` if no session exists.
-
-```js
-async function myFunction() {
-  const session = await getSession()
-  /* ... */
-}
-```
-
-Read the tutorial [securing pages and API routes](/tutorials/securing-pages-and-api-routes) to know how to fetch the session in server side calls using `unstable_getServerSession()`.
-
----
-
-## getCsrfToken()
-
-- Client Side: **Yes**
-- Server Side: **Yes**
-
-The `getCsrfToken()` method returns the current Cross Site Request Forgery Token (CSRF Token) required to make POST requests (e.g. for signing in and signing out).
-
-You likely only need to use this if you are not using the built-in `signIn()` and `signOut()` methods.
-
-#### Client Side Example
-
-```js
-async function myFunction() {
-  const csrfToken = await getCsrfToken()
-  /* ... */
-}
-```
-
-#### Server Side Example
-
-```js
-import { getCsrfToken } from "next-auth/react"
-
-export default async (req, res) => {
-  const csrfToken = await getCsrfToken({ req })
-  /* ... */
-  res.end()
-}
-```
-
----
-
-## getProviders()
-
-- Client Side: **Yes**
-- Server Side: **Yes**
-
-The `getProviders()` method returns the list of providers currently configured for sign in.
-
-It calls `/api/auth/providers` and returns a list of the currently configured authentication providers.
-
-It can be useful if you are creating a dynamic custom sign in page.
-
----
-
-#### API Route
-
-```jsx title="pages/api/example.js"
-import { getProviders } from "next-auth/react"
-
-export default async (req, res) => {
-  const providers = await getProviders()
-  console.log("Providers", providers)
-  res.end()
-}
-```
-
-:::note
-Unlike and `getCsrfToken()`, when calling `getProviders()` server side, you don't need to pass anything, just as calling it client side.
-:::
-
----
-
-## signIn()
-
-- Client Side: **Yes**
-- Server Side: No
-
-Using the `signIn()` method ensures the user ends back on the page they started on after completing a sign in flow. It will also handle CSRF Tokens for you automatically when signing in with email.
-
-The `signIn()` method can be called from the client in different ways, as shown below.
-
-### Redirects to sign in page when clicked
-
-```js
-import { signIn } from "next-auth/react"
-
-export default () => <button onClick={() => signIn()}>Sign in</button>
-```
-
-### Starts OAuth sign-in flow when clicked
-
-By default, when calling the `signIn()` method with no arguments, you will be redirected to the NextAuth.js sign-in page. If you want to skip that and get redirected to your provider's page immediately, call the `signIn()` method with the provider's `id`.
-
-For example to sign in with Google:
-
-```js
-import { signIn } from "next-auth/react"
-
-export default () => (
-  <button onClick={() => signIn("google")}>Sign in with Google</button>
-)
-```
-
-### Starts Email sign-in flow when clicked
-
-When using it with the email flow, pass the target `email` as an option.
-
-```js
-import { signIn } from "next-auth/react"
-
-export default ({ email }) => (
-  <button onClick={() => signIn("email", { email })}>Sign in with Email</button>
-)
-```
-
-### Specifying a `callbackUrl`
-
-The `callbackUrl` specifies to which URL the user will be redirected after signing in. Defaults to the page URL the sign-in is initiated from.
-
-You can specify a different `callbackUrl` by specifying it as the second argument of `signIn()`. This works for all providers.
-
-e.g.
-
-- `signIn(undefined, { callbackUrl: '/foo' })`
-- `signIn('google', { callbackUrl: 'http://localhost:3000/bar' })`
-- `signIn('email', { email, callbackUrl: 'http://localhost:3000/foo' })`
-
-The URL must be considered valid by the [redirect callback handler](/configuration/callbacks#redirect-callback). By default it requires the URL to be an absolute URL at the same host name, or a relative url starting with a slash. If it does not match it will redirect to the homepage. You can define your own [redirect callback](/configuration/callbacks#redirect-callback) to allow other URLs.
-
-### Using the `redirect: false` option
-
-:::note
-The redirect option is only available for `credentials` and `email` providers.
-:::
-
-In some cases, you might want to deal with the sign in response on the same page and disable the default redirection. For example, if an error occurs (like wrong credentials given by the user), you might want to handle the error on the same page. For that, you can pass `redirect: false` in the second parameter object.
-
-e.g.
-
-- `signIn('credentials', { redirect: false, password: 'password' })`
-- `signIn('email', { redirect: false, email: 'bill@fillmurray.com' })`
-
-`signIn` will then return a Promise, that resolves to the following:
-
-```ts
-{
-  /**
-   * Will be different error codes,
-   * depending on the type of error.
-   */
-  error: string | undefined
-  /**
-   * HTTP status code,
-   * hints the kind of error that happened.
-   */
-  status: number
-  /**
-   * `true` if the signin was successful
-   */
-  ok: boolean
-  /**
-   * `null` if there was an error,
-   * otherwise the url the user
-   * should have been redirected to.
-   */
-  url: string | null
-}
-```
-
-### Additional parameters
-
-It is also possible to pass additional parameters to the `/authorize` endpoint through the third argument of `signIn()`.
-
-See the [Authorization Request OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) for some ideas. (These are not the only possible ones, all parameters will be forwarded)
-
-e.g.
-
-- `signIn("identity-server4", null, { prompt: "login" })` _always ask the user to re-authenticate_
-- `signIn("auth0", null, { login_hint: "info@example.com" })` _hints the e-mail address to the provider_
-
-:::note
-You can also set these parameters through [`provider.authorizationParams`](/configuration/providers/oauth#options).
-:::
-
-:::note
-The following parameters are always overridden server-side: `redirect_uri`, `state`
-:::
-
----
-
-## signOut()
-
-- Client Side: **Yes**
-- Server Side: No
-
-In order to logout, use the `signOut()` method to ensure the user ends back on the page they started on after completing the sign out flow. It also handles CSRF tokens for you automatically.
-
-It reloads the page in the browser when complete.
-
-```js
-import { signOut } from "next-auth/react"
-
-export default () => <button onClick={() => signOut()}>Sign out</button>
-```
-
-### Specifying a `callbackUrl`
-
-As with the `signIn()` function, you can specify a `callbackUrl` parameter by passing it as an option.
-
-e.g. `signOut({ callbackUrl: 'http://localhost:3000/foo' })`
-
-The URL must be considered valid by the [redirect callback handler](/configuration/callbacks#redirect-callback). By default, it requires the URL to be an absolute URL at the same host name, or you can also supply a relative URL starting with a slash. If it does not match it will redirect to the homepage. You can define your own [redirect callback](/configuration/callbacks#redirect-callback) to allow other URLs.
-
-### Using the `redirect: false` option
-
-If you pass `redirect: false` to `signOut`, the page will not reload. The session will be deleted, and the `useSession` hook is notified, so any indication about the user will be shown as logged out automatically. It can give a very nice experience for the user.
-
-:::tip
-If you need to redirect to another page but you want to avoid a page reload, you can try:
-`const data = await signOut({redirect: false, callbackUrl: "/foo"})`
-where `data.url` is the validated URL you can redirect the user to without any flicker by using Next.js's `useRouter().push(data.url)`
-:::
-
----
-
-## SessionProvider
-
-Using the supplied `<SessionProvider>` allows instances of `useSession()` to share the session object across components, by using [React Context](https://reactjs.org/docs/context.html) under the hood. It also takes care of keeping the session updated and synced between tabs/windows.
-
-```jsx title="pages/_app.js"
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-If you pass the `session` page prop to the `<SessionProvider>` – as in the example above – you can avoid checking the session twice on pages that support both server and client side rendering.
-
-This only works on pages where you provide the correct `pageProps`, however. This is normally done in `getInitialProps` or `getServerSideProps` on an individual page basis like so:
-
-```js title="pages/index.js"
-import { unstable_getServerSession } from "next-auth/next"
-import { authOptions } from './api/auth/[...nextauth]'
-
-...
-
-export async function getServerSideProps({ req, res }) {
-  return {
-    props: {
-      session: await unstable_getServerSession(req, res, authOptions)
-    }
-  }
-}
-```
-
-If every one of your pages needs to be protected, you can do this in `getInitialProps` in `_app`, otherwise you can do it on a page-by-page basis. Alternatively, you can do per page authentication checks client side, instead of having each authentication check be blocking (SSR) by using the method described below in [alternative client session handling](#custom-client-session-handling).
-
-### Options
-
-The session state is automatically synchronized across all open tabs/windows and they are all updated whenever they gain or lose focus or the state changes (e.g. a user signs in or out) when `refetchOnWindowFocus` is `true`.
-
-If you have session expiry times of 30 days (the default) or more then you probably don't need to change any of the default options in the Provider. If you need to, you can trigger an update of the session object across all tabs/windows by calling [`getSession()`](/getting-started/client#getsession) from a client side function.
-
-However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the `useSession()` hook.
-
-```jsx title="pages/_app.js"
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider
-      session={session}
-      // In case you use a custom path and your app lives at "/cool-app" rather than at the root "/"
-      basePath="cool-app"
-      // Re-fetch session every 5 minutes
-      refetchInterval={5 * 60}
-      // Re-fetches session when window is focused
-      refetchOnWindowFocus={true}
-    >
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-:::note
-**These options have no effect on clients that are not signed in.**
-
-Every tab/window maintains its own copy of the local session state; the session is not stored in shared storage like localStorage or sessionStorage. Any update in one tab/window triggers a message to other tabs/windows to update their own session state.
-
-Using low values for `refetchInterval` will increase network traffic and load on authenticated clients and may impact hosting costs and performance.
-:::
-
-#### Base path
-
-If you are using a custom base path, and your application entry point is not at the root of the domain "/" but something else, for example "/my-app/" you can use the `basePath` prop to make NextAuth.js aware of that so that all redirects and session handling work as expected.
-
-#### Refetch interval
-
-The `refetchInterval` option can be used to contact the server to avoid a session expiring.
-
-When `refetchInterval` is set to `0` (the default) there will be no session polling.
-
-If set to any value other than zero, it specifies in seconds how often the client should contact the server to update the session state. If the session state has expired when it is triggered, all open tabs/windows will be updated to reflect this.
-
-The value for `refetchInterval` should always be lower than the value of the session `maxAge` [session option](/configuration/options#session).
-
-By default, session polling will keep trying, even when the device has no internet access. To circumvent this, you can also set `refetchWhenOffline` to `false`. This will use [`navigator.onLine`](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/onLine) to only poll when the device is online.
-
-#### Refetch On Window Focus
-
-The `refetchOnWindowFocus` option can be used to control whether it automatically updates the session state when you switch a focus on tabs/windows.
-
-When `refetchOnWindowFocus` is set to `true` (the default) tabs/windows will be updated and initialize the components' state when they gain or lose focus.
-
-However, if it was set to `false`, it stops re-fetching the session and the components will stay as it is.
-
-:::note
-See [**the Next.js documentation**](https://nextjs.org/docs/advanced-features/custom-app) for more information on **\_app.js** in Next.js applications.
-:::
-
-### Custom base path
-When your Next.js application uses a custom base path, set the `NEXTAUTH_URL` environment variable to the route to the API endpoint in full - as in the example below and as explained [here](/configuration/options#nextauth_url).
-
-Also, make sure to pass the `basePath` page prop to the `<SessionProvider>` – as in the example below – so your custom base path is fully configured and used by NextAuth.js.
-
-#### Example
-In this example, the custom base path used is `/custom-route`.
-
-```
-NEXTAUTH_URL=https://example.com/custom-route/api/auth
-```
-
-```jsx title="pages/_app.js"
-import { SessionProvider } from "next-auth/react"
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session} basePath="/custom-route/api/auth">
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```

docs/docs/getting-started/example.md

@@ -1,196 +0,0 @@
----
-id: example
-title: Getting Started
----
-
-The example code below describes how to add authentication to a Next.js app.
-
-## New Project
-
-The easiest way to get started is to clone the [example app](https://github.com/nextauthjs/next-auth-example) and follow the instructions in README.md. You can try out a live demo at [https://next-auth-example.vercel.app/](https://next-auth-example.vercel.app/)
-
-## Existing Project
-
-### Install NextAuth
-
-```bash npm2yarn2pnpm
-npm install next-auth
-```
-
-:::info
-If you are using TypeScript, NextAuth.js comes with its types definitions within the package. To learn more about TypeScript for `next-auth`, check out the [TypeScript documentation](/getting-started/typescript)
-:::
-
-
-### Add API route
-
-To add NextAuth.js to a project create a file called `[...nextauth].js` in `pages/api/auth`. This contains the dynamic route handler for NextAuth.js which will also contain all of your global NextAuth.js configurations.
-
-```javascript title="pages/api/auth/[...nextauth].js" showLineNumbers
-import NextAuth from "next-auth"
-import GithubProvider from "next-auth/providers/github"
-
-export const authOptions = {
-  // Configure one or more authentication providers
-  providers: [
-    GithubProvider({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    // ...add more providers here
-  ],
-}
-
-export default NextAuth(authOptions)
-```
-
-All requests to `/api/auth/*` (`signIn`, `callback`, `signOut`, etc.) will automatically be handled by NextAuth.js.
-
-**Further Reading**:
-
-- See the [options documentation](/configuration/options) for more details on how to configure providers, databases and other options.
-- Read more about how to add authentication providers [here](/providers).
-
-#### Configure Shared session state
-
-To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/getting-started/client#sessionprovider), at the top level of your application:
-
-```jsx title="pages/_app.jsx" showLineNumbers
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-Instances of `useSession` will then have access to the session data and status. The `<SessionProvider />` also takes care of keeping the session updated and synced between browser tabs and windows.
-
-:::tip
-Check out the [client documentation](/getting-started/client) to see how you can improve the user experience and page performance by using the NextAuth.js client.
-:::
-
-### Frontend - Add React Hook
-
-The [`useSession()`](/getting-started/client#usesession) React Hook in the NextAuth.js client is the easiest way to check if someone is signed in.
-
-```jsx title="components/login-btn.jsx" showLineNumbers
-import { useSession, signIn, signOut } from "next-auth/react"
-
-export default function Component() {
-  const { data: session } = useSession()
-  if (session) {
-    return (
-      <>
-        Signed in as {session.user.email} <br />
-        <button onClick={() => signOut()}>Sign out</button>
-      </>
-    )
-  }
-  return (
-    <>
-      Not signed in <br />
-      <button onClick={() => signIn()}>Sign in</button>
-    </>
-  )
-}
-```
-
-You can use the `useSession` hook from anywhere in your application (e.g. in a header component).
-
-### Backend - API Route
-
-To protect an API Route, you can use the [`unstable_getServerSession()`](/configuration/nextjs#unstable_getserversession) method.
-
-```javascript title="pages/api/restricted.js" showLineNumbers
-import { unstable_getServerSession } from "next-auth/next"
-import { authOptions } from "./auth/[...nextauth]"
-
-export default async (req, res) => {
-  const session = await unstable_getServerSession(req, res, authOptions)
-
-  if (session) {
-    res.send({
-      content:
-        "This is protected content. You can access this content because you are signed in.",
-    })
-  } else {
-    res.send({
-      error: "You must be signed in to view the protected content on this page.",
-    })
-  }
-}
-```
-
-### Extensibility
-
-#### Using NextAuth.js Callbacks
-
-NextAuth.js allows you to hook into various parts of the authentication flow via our [built-in callbacks](/configuration/callbacks).
-
-For example, to pass a value from the sign-in to the frontend, client-side, you can use a combination of the [`session`](/configuration/callbacks#session-callback) and [`jwt`](/configuration/callbacks#jwt-callback) callback like so:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async jwt({ token, account }) {
-    // Persist the OAuth access_token to the token right after signin
-    if (account) {
-    // highlight-next-line
-      token.accessToken = account.access_token
-    }
-    return token
-  },
-  async session({ session, token, user }) {
-    // Send properties to the client, like an access_token from a provider.
-    // highlight-next-line
-    session.accessToken = token.accessToken
-    return session
-  }
-}
-...
-```
-
-Now whenever you call [`getSession`](/getting-started/client#getsession) or [`useSession`](/getting-started/client#usesession), the data object which is returned will include the `accessToken` value.
-
-```jsx title="components/accessToken.jsx" showLineNumbers
-import { useSession, signIn, signOut } from "next-auth/react"
-
-export default function Component() {
-  // highlight-next-line
-  const { data } = useSession()
-  const { accessToken } = data
-
-  return <div>Access Token: {accessToken}</div>
-}
-```
-
-## Configuring callback URL (OAuth only)
-
-If you are using an OAuth provider either through one of our [built-in providers](/configuration/providers/oauth)
-or through a [custom provider](/configuration/providers/oauth#using-a-custom-provider), you'll need to configure
-a callback URL in your provider's settings. Each provider has a "Configuration" section that should give you pointers on how to do that.
-
-Follow [these steps](/configuration/providers/oauth#how-to) to learn how to integrate with an OAuth provider.
-
-## Deploying to production
-
-When deploying your site set the `NEXTAUTH_URL` environment variable to the canonical URL of the website.
-
-```
-NEXTAUTH_URL=https://example.com
-```
-
-:::tip
-In production, this needs to be set as an environment variable on the service you use to deploy your app.
-
-To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `vercel env pull` [command](https://vercel.com/docs/build-step#development-environment-variables).
-:::
-
-For more information please check out our [deployment page](/deployment).

docs/docs/getting-started/introduction.md

@@ -1,56 +0,0 @@
----
-id: introduction
-title: Introduction
----
-
-## About NextAuth.js
-
-NextAuth.js is a complete open-source authentication solution for [Next.js](http://nextjs.org/) applications.
-
-It is designed from the ground up to support Next.js and Serverless.
-
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.
-
-### Flexible and easy to use
-
-- Designed to work with any [OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect](/providers)
-- Built-in support for [many popular sign-in services](/configuration/providers/oauth)
-- Supports [email / passwordless authentication](/providers/email)
-- Supports stateless authentication with [any backend](/adapters/overview) (Active Directory, LDAP, etc)
-- Supports both JSON Web Tokens and database sessions
-- Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
-
-### Own your own data
-
-NextAuth.js can be used with or without a database.
-
-- An open-source solution that allows you to keep control of your data
-- Supports Bring Your Own Database (BYOD) and can be used with any database
-- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/configuration/databases)
-- Works great with databases from popular hosting providers
-- Can also be used _without a database_ (e.g. OAuth + JWT)
-
-_Note: Email sign-in requires a database to be configured to store single-use verification tokens._
-
-### Secure by default
-
-- Promotes the use of passwordless sign-in mechanisms
-- Designed to be secure by default and encourage best practices for safeguarding user data
-- Uses Cross-Site Request Forgery Tokens on POST routes (sign in, sign out)
-- Default cookie policy aims for the most restrictive policy appropriate for each cookie
-- When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM
-- Auto-generates symmetric signing and encryption keys for developer convenience
-- Features tab/window syncing and keepalive messages to support short-lived sessions
-- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org/)
-
-Advanced options allow you to define your own routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
-
-## Credits
-
-NextAuth.js is an open-source project that is only possible [thanks to contributors](/contributors).
-
-If you would like to financially support the development of NextAuth.js, you can find more information on our [OpenCollective](https://opencollective.com/nextauth) page.
-
-## Getting Started
-
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.

docs/docs/getting-started/typescript.md

@@ -1,163 +0,0 @@
----
-id: typescript
-title: TypeScript
----
-
-NextAuth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.
-
-Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-typescript-example
-
----
-
-## Adapters
-
-If you're writing your own custom Adapter, you can take advantage of the types to make sure your implementation conforms to what's expected:
-
-```ts
-import type { Adapter } from "next-auth/adapters"
-
-function MyAdapter(): Adapter {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-When writing your own custom Adapter in plain JavaScript, note that you can use **JSDoc** to get helpful editor hints and auto-completion like so:
-
-```js
-/** @return { import("next-auth/adapters").Adapter } */
-function MyAdapter() {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-:::note
-This will work in code editors with a strong TypeScript integration like VSCode or WebStorm. It might not work if you're using more lightweight editors like VIM or Atom.
-:::
-
-## Module Augmentation
-
-`next-auth` comes with certain types/interfaces that are shared across submodules. Good examples are `Session` and `JWT`. Ideally, you should only need to create these types at a single place, and TS should pick them up in every location where they are referenced. Luckily, Module Augmentation is exactly that, which can do this for us. Define your shared interfaces in a single place, and get type-safety across your application when using `next-auth` (or one of its submodules).
-
-### Main module
-
-Let's look at `Session`:
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-
-export default NextAuth({
-  callbacks: {
-    session({ session, token, user }) {
-      return session // The return type will match the one returned in `useSession()`
-    },
-  },
-})
-```
-
-```ts title="pages/index.ts"
-import { useSession } from "next-auth/react"
-
-export default function IndexPage() {
-  // `session` will match the returned value of `callbacks.session()` from `NextAuth()`
-  const { data: session } = useSession()
-
-  return (
-    // Your component
-  )
-}
-```
-
-To extend/augment this type, create a `types/next-auth.d.ts` file in your project:
-
-```ts title="types/next-auth.d.ts"
-import NextAuth from "next-auth"
-
-declare module "next-auth" {
-  /**
-   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
-   */
-  interface Session {
-    user: {
-      /** The user's postal address. */
-      address: string
-    }
-  }
-}
-```
-
-#### Extend default interface properties
-
-By default, TypeScript will merge new interface properties and overwrite existing ones. In this case, the default session user properties will be overwritten, with the new one defined above.
-
-If you want to keep the default session user properties, you need to add them back into the newly declared interface:
-
-```ts title="types/next-auth.d.ts"
-import NextAuth, { DefaultSession } from "next-auth"
-
-declare module "next-auth" {
-  /**
-   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
-   */
-  interface Session {
-    user: {
-      /** The user's postal address. */
-      address: string
-    } & DefaultSession["user"]
-  }
-}
-```
-
-#### Popular interfaces to augment
-
-Although you can augment almost anything, here are some of the more common interfaces that you might want to override in the `next-auth` module:
-
-```ts
-/**
- * The shape of the user object returned in the OAuth providers' `profile` callback,
- * or the second parameter of the `session` callback, when using a database.
- */
-interface User {}
-/**
- * Usually contains information about the provider being used
- * and also extends `TokenSet`, which is different tokens returned by OAuth Providers.
- */
-interface Account {}
-/** The OAuth profile returned from your provider */
-interface Profile {}
-```
-
-Make sure that the `types` folder is added to [`typeRoots`](https://www.typescriptlang.org/tsconfig/#typeRoots) in your project's `tsconfig.json` file.
-
-### Submodules
-
-The `JWT` interface can be found in the `next-auth/jwt` submodule:
-
-```ts title="types/next-auth.d.ts"
-import { JWT } from "next-auth/jwt"
-
-declare module "next-auth/jwt" {
-  /** Returned by the `jwt` callback and `getToken`, when using JWT sessions */
-  interface JWT {
-    /** OpenID ID Token */
-    idToken?: string
-  }
-}
-```
-
-### Useful links
-
-1. [TypeScript documentation: Module Augmentation](https://www.typescriptlang.org/docs/handbook/declaration-merging.html#module-augmentation)
-2. [Digital Ocean: Module Augmentation in TypeScript](https://www.digitalocean.com/community/tutorials/typescript-module-augmentation)
-
-## Contributing
-
-Contributions of any kind are always welcome, especially for TypeScript. Please keep in mind that we are a small team working on this project in our free time. We will try our best to give support, but if you think you have a solution for a problem, please open a PR!
-
-:::note
-When contributing to TypeScript, if the actual JavaScript user API does not change in a breaking manner, we reserve the right to push any TypeScript change in a minor release. This ensures that we can keep on a faster release cycle.
-:::

docs/docs/getting-started/upgrade-to-v4.md

@@ -1,613 +0,0 @@
----
-id: upgrade-v4
-title: Upgrade Guide (v4)
----
-
-NextAuth.js version 4 includes a few breaking changes from the last major version (3.x). So we're here to help you upgrade your applications as smoothly as possible. It should be possible to upgrade from any version of 3.x to the latest 4 release by following the next few migration steps.
-
-:::note
-Version 4 has been released to GA 🚨
-
-We encourage users to try it out and report any and all issues they come across.
-:::
-
-You can upgrade to the new version by running:
-
-```bash npm2yarn2pnpm
-npm install next-auth
-```
-
-## `next-auth/jwt`
-
-We no longer have a default export in `next-auth/jwt`.
-To comply with this, change the following:
-
-```diff
-- import jwt from "next-auth/jwt"
-+ import { getToken } from "next-auth/jwt"
-```
-
-## `next-auth/react`
-
-We've renamed the client-side import source to `next-auth/react`. To comply with this change, you will simply have to rename anywhere you were using `next-auth/client`.
-
-For example:
-
-```diff
-- import { useSession } from "next-auth/client"
-+ import { useSession } from "next-auth/react"
-```
-
-We've also made the following changes to the names of the exports:
-
-- `setOptions`: Not exposed anymore, use [`SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
-- `options`: Not exposed anymore, [use `SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
-- `session`: Renamed to `getSession`
-- `providers`: Renamed to `getProviders`
-- `csrfToken`: Renamed to `getCsrfToken`
-- `signin`: Renamed to `signIn`
-- `signout`: Renamed to `signOut`
-- `Provider`: Renamed to `SessionProvider`
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.12
-
-## `SessionProvider`
-
-Version 4 makes using the `SessionProvider` mandatory. This means that you will have to wrap any part of your application using `useSession` in this provider, if you were not doing so already. The `SessionProvider` has also undergone a few further changes:
-
-- `Provider` is renamed to `SessionProvider`
-- The options prop is now flattened as the props of SessionProvider.
-- `keepAlive` has been renamed to `refetchInterval`.
-- `clientMaxAge` has been removed in favor of `refetchInterval`, as they overlap in functionality, with the difference that `refetchInterval` will keep re-fetching the session periodically in the background.
-
-The best practice for wrapping your app in Providers is to do so in your `pages/_app.jsx` file.
-
-An example use-case with these new changes:
-
-```jsx
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    // `session` comes from `getServerSideProps` or `getInitialProps`.
-    // Avoids flickering/session loading on first load.
-    <SessionProvider session={session} refetchInterval={5 * 60}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.12
-
-## Providers
-
-Providers now need to be imported individually.
-
-```diff
-- import Provider from "next-auth/providers"
-- Providers.Auth0({...})
-- Providers.Google({...})
-+ import Auth0Provider from "next-auth/providers/auth0"
-+ import GoogleProvider from "next-auth/providers/google"
-+ Auth0Provider({...})
-+ GoogleProvider({...})
-```
-
-1. The `AzureADB2C` provider has been renamed `AzureAD`.
-2. The `Basecamp` provider has been removed, see explanation [here](https://github.com/basecamp/api/blob/master/sections/authentication.md#on-authenticating-users-via-oauth).
-3. The GitHub provider by default now will not request full write access to user profiles. If you need this scope, please add `user` to the scope option manually.
-
-The following new options are available when defining your Providers in the configuration:
-
-1. `authorization` (replaces `authorizationUrl`, `authorizationParams`, `scope`)
-2. `token` replaces (`accessTokenUrl`, `headers`, `params`)
-3. `userinfo` (replaces `profileUrl`)
-4. `issuer`(replaces `domain`)
-
-For more details on their usage, please see [options](/configuration/providers/oauth#options) section of the OAuth Provider documentation.
-
-When submitting a new OAuth provider to the repository, the `profile` callback is expected to only return these fields from now on: `id`, `name`, `email`, and `image`. If any of these are missing values, they should be set to `null`.
-
-Also worth noting is that `id` is expected to be returned as a `string` type (For example if your provider returns it as a number, you can cast it by using the `.toString()` method). This makes the returned profile object comply across all providers/accounts/adapters, and hopefully cause less confusion in the future.
-
-Implemented in: https://github.com/nextauthjs/next-auth/pull/2411
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.20
-
-## `useSession` Hook
-
-The `useSession` hook has been updated to return an object. This allows you to test states much more cleanly with the new `status` option.
-
-```diff
-- const [ session, loading ] = useSession()
-+ const { data: session, status } = useSession()
-+ const loading = status === "loading"
-```
-
-[Check the docs](https://next-auth.js.org/getting-started/client#usesession) for the possible values of both `session.status` and `session.data`.
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.18
-
-## Named Parameters
-
-We have changed the arguments to our callbacks to the named parameters pattern. This way you don't have to use dummy `_` placeholders or other tricks.
-
-### Callbacks
-
-The signatures for the callback methods now look like this:
-
-```diff
-- signIn(user, account, profileOrEmailOrCredentials)
-+ signIn({ user, account, profile, email, credentials })
-```
-
-```diff
-- redirect(url, baseUrl)
-+ redirect({ url, baseUrl })
-```
-
-```diff
-- session(session, tokenOrUser)
-+ session({ session, token, user })
-```
-
-```diff
-- jwt(token, user, account, OAuthProfile, isNewUser)
-+ jwt({ token, user, account, profile, isNewUser })
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.17
-
-### Events
-
-Two event signatures have changed to also use the named parameters pattern, `signOut` and `updateUser`.
-
-```diff
-// [...nextauth].js
-...
-events: {
-- signOut(tokenOrSession),
-+ signOut({ token, session }), // token if using JWT, session if DB persisted sessions.
-- updateUser(user)
-+ updateUser({ user })
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.20
-
-## JWT configuration
-
-We have removed some of the [configuration options](/configuration/options) when using JSON Web Tokens, [here's the PR](https://github.com/nextauthjs/next-auth/pull/3039) for more context.
-
-```diff
-export default NextAuth({
-  // ...
-  jwt: {
-    secret,
-    maxAge,
--   encryptionKey
--   signingKey
--   encryptionKey
--   verificationOptions
-    encode({
-        token
-        secret
-        maxAge
--       signingKey
--       signingOptions
--       encryptionKey
--       encryptionOptions
--       encryption
-    }) {},
-    decode({
-        token
-        secret
--       maxAge
--       signingKey
--       verificationKey
--       verificationOptions
--       encryptionKey
--       decryptionKey
--       decryptionOptions
--       encryption
-    }) {}
-  }
-})
-```
-
-## Logger API
-
-The logger API has been simplified to use at most two parameters, where the second is usually an object (`metadata`) containing an `error` object. If you are not using the logger settings you can ignore this change.
-
-```diff
-// [...nextauth.js]
-import log from "some-logger-service"
-...
-logger: {
-- error(code, ...message) {},
-+ error(code, metadata) {},
-- warn(code, ...message) {},
-+ warn(code) {}
-- debug(code, ...message) {}
-+ debug(code, metadata) {}
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.19
-
-## `nodemailer`
-
-Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/configuration/providers/email#options-1#:~:text=sendVerificationRequest) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.2
-
-## Theme
-
-We have added some basic customization options to our built-in pages like `signin`, `signout`, etc.
-
-These can be set under the `theme` configuration key. This used to be a string which only controlled the color scheme option. Now it is an object with the following options:
-
-```js
-theme: {
-  colorScheme: "auto", // "auto" | "dark" | "light"
-  brandColor: "", // Hex color value
-  logo: "" // Absolute URL to logo image
-}
-```
-
-The hope is that with some minimal configuration / customization options, users won't immediately feel the need to replace the built-in pages with their own.
-
-More details and screenshots of the new theme options can be found under [configuration/pages](https://next-auth.js.org/configuration/pages#theming).
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/2788
-
-## Session
-
-The `session.jwt: boolean` option has been renamed to `session.strategy: "jwt" | "database"`. The goal is to make the user's options more intuitive:
-
-1. No adapter, `strategy: "jwt"`: This is the default. The session is saved in a cookie and never persisted anywhere.
-2. With Adapter, `strategy: "database"`: If an Adapter is defined, this will be the implicit setting. No user config is needed.
-3. With Adapter, `strategy: "jwt"`: The user can explicitly instruct `next-auth` to use JWT even if a database is available. This can result in faster lookups in compromise of lowered security. Read more about: https://next-auth.js.org/faq#json-web-tokens
-
-Example:
-
-```diff
-session: {
-- jwt: true,
-+ strategy: "jwt",
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/3144
-
-## Adapters
-
-Most importantly, the core `next-auth` package no longer ships with `typeorm` or any other database adapter by default. This brings the default bundle size down significantly for those not needing to persist user data to a database.
-
-You can find the official Adapters in the `packages` directory in the primary monorepo ([nextauthjs/next-auth](https://github.com/nextauthjs/next-auth)). Although you can still [create your own](/tutorials/creating-a-database-adapter) with a new, [simplified Adapter API](https://github.com/nextauthjs/next-auth/pull/2361).
-
-If you have a database that was created with a `3.x.x` or earlier version of NextAuth.js, you will need to run a migration to update the schema to the new version 4 database model. See the bottom of this migration guide for database specific migration examples.
-
-1. If you use the built-in TypeORM or Prisma adapters, these have been removed from the core `next-auth` package. Thankfully the migration is easy; you just need to install the external packages for your database and change the import in your `[...nextauth].js`.
-
-The `database` option has been removed, you must now do the following instead:
-
-```diff
-// [...nextauth].js
-import NextAuth from "next-auth"
-+ import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-
-...
-export default NextAuth({
--  database: "yourconnectionstring",
-+  adapter: TypeORMLegacyAdapter("yourconnectionstring")
-})
-```
-
-2. The `prisma-legacy` adapter has been removed, please use the [`@next-auth/prisma-adapter`](https://npmjs.com/package/@next-auth/prisma-adapter) instead.
-
-3. The `typeorm-legacy` adapter has been upgraded to use the newer adapter API, but has retained the `typeorm-legacy` name. We aim to migrate this to individual lighter weight adapters for each database type in the future, or switch out `typeorm`.
-
-4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](/adapters/mongodb).
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8 and https://github.com/nextauthjs/next-auth/pull/2361
-
-### Adapter API
-
-**This does not require any changes from the user - these are adapter specific changes only**
-
-The Adapter API has been rewritten and significantly simplified in NextAuth.js v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](/adapters/models/#verification-token).
-
-If you are an adapter maintainer or are interested in writing your own adapter, you can find more information about this change in https://github.com/nextauthjs/next-auth/pull/2361 and release https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.22.
-
-### Schema changes
-
-The way we save data with adapters have slightly changed. With the new Adapter API, we wanted to make it easier to extend your database with additional fields. For example if your User needs an extra `phone` field, it should be enough to add that to your database's schema, and no changes will be necessary in your adapter.
-
-- `created_at`/`createdAt` and `updated_at`/`updatedAt` fields are removed from all Models.
-- `user_id`/`userId` consistently named `userId`.
-- `compound_id`/`compoundId` is removed from Account.
-- `access_token`/`accessToken` is removed from Session.
-- `email_verified`/`emailVerified` on User is consistently named `emailVerified`.
-- `provider_id`/`providerId` renamed to `provider` on Account
-- `provider_type`/`providerType` renamed to `type` on Account
-- `provider_account_id`/`providerAccountId` on Account is consistently named `providerAccountId`
-- `access_token_expires`/`accessTokenExpires` on Account renamed to `expires_at`
-- New fields on Account: `token_type`, `scope`, `id_token`, `session_state`
-- `verification_requests` table has been renamed to `verification_tokens`
-
-<!-- REVIEW: Would something like this below be helpful? -->
-<details>
-<summary>
-See the changes
-</summary>
-<pre>
-
-```diff
-User {
-  id
-  name
-  email
-- emailVerified
-+ email_verified
-  image
--  created_at
--  updated_at
-}
-
-Account {
-  id
-- compound_id
-- user_id
-+ userId
--  provider_type
-+ type
-- provider_id
-+ provider
-- provider_account_id
-+ providerAccountId
-  refresh_token
-  access_token
-- access_token_expires
-+ expires_in
-+ expires_at
-+ token_type
-+ scope
-+ id_token
-+ session_state
-- created_at
-- updated_at
-}
-
-Session {
-  id
-  userId
-  expires
-  sessionToken
-- access_token
-- created_at
-- updated_at
-}
-
-VerificationToken {
-  id
-  token
-  expires
-  identifier
--  created_at
--  updated_at
-}
-```
-
-</pre>
-</details>
-
-For more info, see the [Models page](/adapters/models).
-
-### Database migration
-
-NextAuth.js v4 has a slightly different database schema compared to v3. If you're using any of our adapters and want to upgrade, you can use on of the below schemas.
-
-They are designed to be run directly against the database itself. So instead of having one in Prisma syntax, one in TypeORM syntax, etc. we've decided to just make one for each underlying database type. i.e. one for Postgres, one for MySQL, one for MongoDB, etc.
-
-#### MySQL
-
-```sql
-/* ACCOUNT */
-ALTER TABLE accounts
-CHANGE "access_token_expires" "expires_at" int
-CHANGE "user_id" "userId" varchar(255)
-ADD CONSTRAINT fk_user_id FOREIGN KEY (userId) REFERENCES users(id)
-RENAME COLUMN "provider_id" "provider"
-RENAME COLUMN "provider_account_id" "providerAccountId"
-DROP COLUMN "provider_type"
-DROP COLUMN "compound_id"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-ADD COLUMN "token_type" varchar(255) NULL
-ADD COLUMN "scope" varchar(255) NULL
-ADD COLUMN "id_token" varchar(255) NULL
-ADD COLUMN "session_state" varchar(255) NULL
-
-/* Note: These are only needed if you're going to be using the old Twitter OAuth 1.0 provider. */
-ADD COLUMN "oauth_token_secret" varchar(255) NULL
-ADD COLUMN "oauth_token" varchar(255) NULL
-
-/* USER */
-ALTER TABLE users
-RENAME COLUMN "email_verified" "emailVerified"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-/* SESSION */
-ALTER TABLE sessions
-RENAME COLUMN "session_token" "sessionToken"
-CHANGE "user_id" "userId" varchar(255)
-ADD CONSTRAINT fk_user_id FOREIGN KEY (userId) REFERENCES users(id)
-DROP COLUMN "access_token"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-/* VERIFICATION REQUESTS */
-ALTER TABLE verification_requests RENAME verification_tokens
-ALTER TABLE verification_tokens
-DROP COLUMN id
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-```
-
-#### Postgres
-
-```sql
-/* ACCOUNT */
-ALTER TABLE accounts RENAME COLUMN "user_id" TO "userId";
-ALTER TABLE accounts RENAME COLUMN "provider_id" TO "provider";
-ALTER TABLE accounts RENAME COLUMN "provider_account_id" TO "providerAccountId";
-ALTER TABLE accounts RENAME COLUMN "access_token_expires" TO "expires_at";
-ALTER TABLE accounts RENAME COLUMN "provider_type" TO "type";
-
-/* Do conversion of TIMESTAMPTZ to BIGINT */
-ALTER TABLE accounts ALTER COLUMN "expires_at" TYPE TEXT USING CAST(extract(epoch FROM "expires_at") AS BIGINT)*1000;
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE accounts ALTER COLUMN "id" TYPE TEXT; */
-/* ALTER TABLE accounts ALTER COLUMN "userId" TYPE TEXT; */
-ALTER TABLE accounts ALTER COLUMN "type" TYPE TEXT;
-ALTER TABLE accounts ALTER COLUMN "provider" TYPE TEXT;
-ALTER TABLE accounts ALTER COLUMN "providerAccountId" TYPE TEXT;
-
-ALTER TABLE accounts ADD CONSTRAINT fk_user_id FOREIGN KEY ("userId") REFERENCES users(id);
-ALTER TABLE accounts
-DROP COLUMN IF EXISTS "compound_id";
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE accounts
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-ALTER TABLE accounts
-ADD COLUMN IF NOT EXISTS "token_type" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "scope" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "id_token" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "session_state" TEXT NULL;
-/* Note: These are only needed if you're going to be using the old Twitter OAuth 1.0 provider. */
-/* ALTER TABLE accounts
-ADD COLUMN IF NOT EXISTS "oauth_token_secret" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "oauth_token" TEXT NULL; */
-
-/* USER */
-ALTER TABLE users RENAME COLUMN "email_verified" TO "emailVerified";
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE users ALTER COLUMN "id" TYPE TEXT; */
-ALTER TABLE users ALTER COLUMN "name" TYPE TEXT;
-ALTER TABLE users ALTER COLUMN "email" TYPE TEXT;
-ALTER TABLE users ALTER COLUMN "image" TYPE TEXT;
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE users ALTER COLUMN "emailVerified" TYPE TEXT USING CAST(CAST(extract(epoch FROM "emailVerified") AS BIGINT)*1000 AS TEXT);
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE users
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-/* SESSION */
-ALTER TABLE sessions RENAME COLUMN "session_token" TO "sessionToken";
-ALTER TABLE sessions RENAME COLUMN "user_id" TO "userId";
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE sessions ALTER COLUMN "id" TYPE TEXT; */
-/* ALTER TABLE sessions ALTER COLUMN "userId" TYPE TEXT; */
-ALTER TABLE sessions ALTER COLUMN "sessionToken" TYPE TEXT;
-ALTER TABLE sessions ADD CONSTRAINT fk_user_id FOREIGN KEY ("userId") REFERENCES users(id);
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE sessions ALTER COLUMN "expires" TYPE TEXT USING CAST(CAST(extract(epoch FROM "expires") AS BIGINT)*1000 AS TEXT);
-ALTER TABLE sessions DROP COLUMN IF EXISTS "access_token";
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE sessions
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-/* VERIFICATION REQUESTS */
-ALTER TABLE verification_requests RENAME TO verification_tokens;
-/* Keep id as ORM needs it */
-/* ALTER TABLE verification_tokens DROP COLUMN IF EXISTS id; */
-ALTER TABLE verification_tokens ALTER COLUMN "identifier" TYPE TEXT;
-ALTER TABLE verification_tokens ALTER COLUMN "token" TYPE TEXT;
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE verification_tokens ALTER COLUMN "expires" TYPE TEXT USING CAST(CAST(extract(epoch FROM "expires") AS BIGINT)*1000 AS TEXT);
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE verification_tokens
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-```
-
-#### MongoDB
-
-MongoDB is a document database and as such new fields will be automatically populated. You do, however, need to update the names of existing fields which are going to be reused.
-
-```mongo
-db.getCollection('accounts').updateMany({}, {
-  $rename: {
-    "provider_id": "provider",
-    "provider_account_id": "providerAccountId",
-    "user_id": "userId",
-    "access_token_expires": "expires_at"
-  }
-})
-db.getCollection('users').updateMany({}, {
-  $rename: {
-    "email_verified": "emailVerified"
-  }
-})
-db.getCollection('sessions').updateMany({}, {
-  $rename: {
-    "session_token": "sessionToken",
-    "user_id": "userId"
-  }
-})
-```
-
-## Missing `secret`
-
-NextAuth.js used to generate a secret for convenience, when the user did not define one. This might have been useful in development, but can be a concern in production. We have always been clear about that in the docs, but from now on, if you forget to define a `secret` property in production, we will show the user an error page. Read more about this option [here](https://next-auth.js.org/configuration/options#secret)
-
-You can generate a secret to be placed in the `secret` configuration option via the following command:
-
-```bash
-$ openssl rand -base64 32
-```
-
-Therefore, your NextAuth.js config should look something like this:
-
-```javascript title="/pages/api/auth/[...nextauth].js"
-...
-export default NextAuth({
-  ...
-  providers: [...],
-  secret: "LlKq6ZtYbr+hTC073mAmAh9/h2HwMfsFo4hrfCx5mLg=",
-  ...
-})
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/issues/3143
-
-## Session `strategy`
-
-We have always supported two different session strategies. The first being our most popular and default strategy - the JWT based one. The second is the database adapter persisted session strategy. Both have their advantages/disadvantages, you can learn more about them on the [FAQ](https://next-auth.js.org/faq) page.
-
-Previously, the way you configured this was through the `jwt: boolean` flag in the `session` option. The names `session` and `jwt` might have been a bit overused in the options, and so for a clearer message, we renamed this option to `strategy: "jwt" | "database"`, it is still in the `session` object. This will hopefully better indicate the purpose of this option as well as make very explicit which type of session you are going to use.
-
-See the [`session` option docs](https://next-auth.js.org/configuration/options#session) for more details.
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/3144
-
-## Summary
-
-We hope this migration goes smoothly for each and every one of you! If you have any questions or get stuck anywhere, feel free to create [a new issue](https://github.com/nextauthjs/next-auth/issues/new) on GitHub.

docs/docs/guides/01-overview.mdx

@@ -0,0 +1,7 @@
+---
+title: Overview
+---
+
+We're creating internal guides to help understand how to use Auth.js and all the possible configurations and uses cases it supports.
+
+If you can't find what you're looking for, [raise an issue](https://github.com/nextauthjs/next-auth/issues/new/choose) then take a look at our third-party [community resources](/guides/resources).

docs/docs/guides/03-basics/_category_.json

@@ -1,5 +1,5 @@
 {
   "label": "Basics",
   "collapsible": true,
-  "collapsed": false
-}
+  "collapsed": true
+}

docs/docs/guides/03-basics/callbacks.md

@@ -1,4 +1,6 @@
-# Callbacks
+---
+title: Callbacks
+---
 
 Callbacks are **asynchronous** functions you can use to control what happens when an action is performed.
 
@@ -10,8 +12,7 @@ If you want to pass data such as an Access Token or User ID to the browser when
 
 You can specify a handler for any of the callbacks below.
 
-```js title="pages/api/auth/[...nextauth].js"
-...
+```js title="pages/api/auth/[...nextauth].js"s
   callbacks: {
     async signIn({ user, account, profile, email, credentials }) {
       return true
@@ -25,18 +26,16 @@ You can specify a handler for any of the callbacks below.
     async jwt({ token, user, account, profile, isNewUser }) {
       return token
     }
-...
-}
+  }
 ```
 
-The documentation below shows how to implement each callback, their default behaviour and an example of what the response for each callback should be. Note that configuration options and authentication providers you are using can impact the values passed to the callbacks.
+The documentation below shows how to implement each callback, their default behavior and an example of what the response for each callback should be. Note that configuration options and authentication providers you are using can impact the values passed to the callbacks.
 
 ## Sign in callback
 
 Use the `signIn()` callback to control if a user is allowed to sign in.
 
 ```js title="pages/api/auth/[...nextauth].js"
-...
 callbacks: {
   async signIn({ user, account, profile, email, credentials }) {
     const isAllowedToSignIn = true
@@ -50,7 +49,6 @@ callbacks: {
     }
   }
 }
-...
 ```
 
 - When using the **Email Provider** the `signIn()` callback is triggered both when the user makes a **Verification Request** (before they are sent an email with a link that will allow them to sign in) and again _after_ they activate the link in the sign-in email.
@@ -70,19 +68,18 @@ When using NextAuth.js without a database, the user object will always be a prot
 :::note
 Redirects returned by this callback cancel the authentication flow. Only redirect to error pages that, for example, tell the user why they're not allowed to sign in.
 
-To redirect to a page after a successful sign in, please use [the `callbackUrl` option](/getting-started/client#specifying-a-callbackurl) or [the redirect callback](/configuration/callbacks#redirect-callback).
+To redirect to a page after a successful sign in, please use [the `callbackUrl` option](/reference/utilities/#specifying-a-callbackurl) or [the redirect callback](/reference/configuration/auth-config#callbacks).
 :::
 
 ## Redirect callback
 
-The redirect callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout).
+The redirect callback is called anytime the user is redirected to a callback URL (e.g. on sign in or sign out).
 
-By default only URLs on the same URL as the site are allowed, you can use the redirect callback to customise that behaviour.
+By default only URLs on the same URL as the site are allowed, you can use the redirect callback to customize that behavior.
 
 The default redirect callback looks like this:
 
 ```js title="pages/api/auth/[...nextauth].js"
-...
 callbacks: {
   async redirect({ url, baseUrl }) {
     // Allows relative callback URLs
@@ -92,7 +89,6 @@ callbacks: {
     return baseUrl
   }
 }
-...
 ```
 
 :::note
@@ -102,9 +98,9 @@ The redirect callback may be invoked more than once in the same flow.
 ## JWT callback
 
 This callback is called whenever a JSON Web Token is created (i.e. at sign
-in) or updated (i.e whenever a session is accessed in the client). The returned value will be [encrypted](/configuration/options#jwt), and it is stored in a cookie.
+in) or updated (i.e whenever a session is accessed in the client). The returned value will be [encrypted](/reference/configuration/auth-config#jwt), and it is stored in a cookie.
 
-Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`, `unstable_getServerSession()`, `useSession()` will invoke this function, but only if you are using a [JWT session](/configuration/options#session). This method is not invoked when you persist sessions in a database.
+Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`, `unstable_getServerSession()`, `useSession()` will invoke this function, but only if you are using a [JWT session](/reference/configuration/auth-config#session). This method is not invoked when you persist sessions in a database.
 
 - As with database persisted session expiry times, token expiry time is extended whenever a session is active.
 - The arguments _user_, _account_, _profile_ and _isNewUser_ are only passed the first time this callback is called on a new session, after the user signs in. In subsequent calls, only `token` will be available.
@@ -112,7 +108,6 @@ Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`,
 The contents _user_, _account_, _profile_ and _isNewUser_ will vary depending on the provider and on if you are using a database or not. You can persist data such as User ID, OAuth Access Token in this token. To make it available in the browser, check out the [`session()` callback](#session-callback) as well.
 
 ```js title="pages/api/auth/[...nextauth].js"
-...
 callbacks: {
   async jwt({ token, account }) {
     // Persist the OAuth access_token to the token right after signin
@@ -122,7 +117,6 @@ callbacks: {
     return token
   }
 }
-...
 ```
 
 :::tip
@@ -139,7 +133,6 @@ e.g. `getSession()`, `useSession()`, `/api/auth/session`
 - When using JSON Web Tokens for sessions, the JWT payload is provided instead.
 
 ```js title="pages/api/auth/[...nextauth].js"
-...
 callbacks: {
   async session({ session, token, user }) {
     // Send properties to the client, like an access_token from a provider.
@@ -147,7 +140,6 @@ callbacks: {
     return session
   }
 }
-...
 ```
 
 :::tip

docs/docs/guides/03-basics/deployment.md

@@ -1,4 +1,6 @@
-# Deployment
+---
+title: Deployment
+---
 
 Deploying NextAuth.js only requires a few steps. It can be run anywhere a Next.js application can. Therefore, in a default configuration using only JWT session strategy, i.e. without a database, you will only need these few things in addition to your application:
 
@@ -20,7 +22,7 @@ See below for more detailed provider settings.
 2. Create a `NEXTAUTH_SECRET` environment variable for all environments.
    a. You can use `openssl rand -base64 32` or https://generate-secret.vercel.app/32 to generate a random value.
    b. You **do not** need the `NEXTAUTH_URL` environment variable in Vercel.
-3. Add your provider's client ID and client secret to environment variables. _(Skip this step if not using an [OAuth Provider](/configuration/providers/oauth))_
+3. Add your provider's client ID and client secret to environment variables. _(Skip this step if not using an [OAuth Provider](/reference/providers/index))_
 4. Deploy!
 
 Example repository: https://github.com/nextauthjs/next-auth-example
@@ -85,7 +87,7 @@ Preview deployments at Vercel are often available via multiple URLs. For example
 
 Netlify is very similar to Vercel in that you can deploy a Next.js project without almost any extra work.
 
-In order to setup NextAuth.js correctly here, you will want to make sure you add your `NEXTAUTH_SECRET` environment variable in the project settings. If you are using the [Essential Next.js Build Plugin](https://github.com/netlify/netlify-plugin-nextjs) within your project, you **do not** need to set the `NEXTAUTH_URL` environment variable as it is set automatically as part of the build process. 
+In order to setup NextAuth.js correctly here, you will want to make sure you add your `NEXTAUTH_SECRET` environment variable in the project settings. If you are using the [Essential Next.js Build Plugin](https://github.com/netlify/netlify-plugin-nextjs) within your project, you **do not** need to set the `NEXTAUTH_URL` environment variable as it is set automatically as part of the build process.
 
 Netlify also exposes some [system environment variables](https://docs.netlify.com/configure-builds/environment-variables/) from which you can check which `NODE_ENV` you are currently in and much more.
 

docs/docs/guides/03-basics/events.md

@@ -1,5 +1,4 @@
 ---
-id: events
 title: Events
 ---
 

docs/docs/guides/03-basics/initialization.md

@@ -1,5 +1,5 @@
 ---
-title: Custom Initialization 
+title: Custom Initialization
 ---
 
 In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).
@@ -20,7 +20,7 @@ export default NextAuth({
 })
 ```
 
-Here, you only need to pass your [options](/configuration/options) to `NextAuth`, and `NextAuth` does the rest.
+Here, you only need to pass your [options](/reference/configuration/auth-config) to `NextAuth`, and `NextAuth` does the rest.
 
 This is the preferred initialization in tutorials/other parts of the documentation, as it simplifies the code and reduces potential errors in the authentication flow.
 
@@ -42,7 +42,7 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
 }
 ```
 
-The `...` section will still be your [options](/configuration/options), but you now have the possibility to execute/modify certain things on the request.
+The `...` section will still be your [options](/reference/configuration/auth-config), but you now have the possibility to execute/modify certain things on the request.
 
 You could for example log the request, add headers, read `query` or `body` parameters, whatever you would do in an API route.
 
@@ -113,10 +113,10 @@ export default async function auth(req, res) {
 }
 ```
 
-For more details on all available actions and which methods are supported, please check out the [REST API documentation](/getting-started/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/index.ts)
+For more details on all available actions and which methods are supported, please check out the [REST API documentation](/reference/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/index.ts)
 
 This way of initializing `NextAuth` is very powerful, but should be used sparingly.
 
 :::warning
-Changing parts of the request that is essential to `NextAuth` to do it's job - like messing with the [default cookies](/configuration/options#cookies) - can have unforeseen consequences, and have the potential to introduce security holes if done incorrectly. Only change those if you understand consequences.
+Changing parts of the request that is essential to `NextAuth` to do it's job - like messing with the [default cookies](/reference/configuration/auth-config#cookies) - can have unforeseen consequences, and have the potential to introduce security holes if done incorrectly. Only change those if you understand consequences.
 :::

docs/docs/guides/03-basics/overriding-jwt.md

@@ -4,10 +4,9 @@ sidebar_label: Custom JWT encoding
 ---
 
 :::warning
-If you use middleware to protect routes, make sure the same method is also set in the [`_middleware.ts` options](/configuration/nextjs#custom-jwt-decode-method)
+If you use middleware to protect routes, make sure the same method is also set in the [`_middleware.ts` options](/reference/nextjs/#custom-jwt-decode-method)
 :::
 
-
 NextAuth.js uses encrypted JSON Web Tokens ([JWE](https://datatracker.ietf.org/doc/html/rfc7516)) by default. Unless you have a good reason, we recommend keeping this behaviour. Although you can override this using the `encode` and `decode` methods. Both methods must be defined at the same time.
 
 ```js
@@ -28,4 +27,4 @@ jwt: {
     return {}
   },
 }
-```
+```

docs/docs/guides/03-basics/pages.md

@@ -1,5 +1,4 @@
 ---
-id: pages
 title: Pages
 ---
 
@@ -33,8 +32,8 @@ We purposefully restrict the returned error codes for increased security.
 
 The following errors are passed as error query parameters to the default or overridden error page:
 
-- **Configuration**: There is a problem with the server configuration. Check if your [options](/configuration/options#options) are correct.
-- **AccessDenied**: Usually occurs, when you restricted access through the [`signIn` callback](/configuration/callbacks#sign-in-callback), or [`redirect` callback](/configuration/callbacks#redirect-callback)
+- **Configuration**: There is a problem with the server configuration. Check if your [options](/reference/configuration/auth-config) are correct.
+- **AccessDenied**: Usually occurs, when you restricted access through the [`signIn` callback](/guides/basics/callbacks#sign-in-callback), or [`redirect` callback](/guides/basics/callbacks#redirect-callback)
 - **Verification**: Related to the Email provider. The token has expired or has already been used
 - **Default**: Catch all, will apply, if none of the above matched
 
@@ -51,15 +50,15 @@ The following errors are passed as error query parameters to the default or over
 - **Callback**: Error in the [OAuth callback handler route](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/routes/callback.ts)
 - **OAuthAccountNotLinked**: If the email on the account is already linked, but not with this OAuth account
 - **EmailSignin**: Sending the e-mail with the verification token failed
-- **CredentialsSignin**: The `authorize` callback returned `null` in the [Credentials provider](/providers/credentials). We don't recommend providing information about which part of the credentials were wrong, as it might be abused by malicious hackers.
-- **SessionRequired**: The content of this page requires you to be signed in at all times. See [useSession](/getting-started/client#require-session) for configuration.
+- **CredentialsSignin**: The `authorize` callback returned `null` in the [Credentials provider](/getting-started/credentials-tutorial). We don't recommend providing information about which part of the credentials were wrong, as it might be abused by malicious hackers.
+- **SessionRequired**: The content of this page requires you to be signed in at all times. See [useSession](/reference/react/#usesession) for configuration.
 - **Default**: Catch all, will apply, if none of the above matched
 
 Example: `/auth/signin?error=Default`
 
 ## Theming
 
-By default, the built-in pages will follow the system theme, utilizing the [`prefer-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) Media Query. You can override this to always use a dark or light theme, through the [`theme.colorScheme` option](/configuration/options#theme).
+By default, the built-in pages will follow the system theme, utilizing the [`prefer-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) Media Query. You can override this to always use a dark or light theme, through the [`theme.colorScheme` option](/reference/configuration/auth-config#theme).
 
 In addition, you can define a `theme.brandColor` to define a custom accent color for these built-in pages. You can also define a URL to a logo in `theme.logo` which will be rendered above the primary card in these pages.
 
@@ -140,7 +139,7 @@ signIn("email", { email: "jsmith@example.com" })
 
 ### Credentials Sign in
 
-If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/callback/credentials**.
+If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a `POST` request to **/api/auth/callback/credentials**.
 
 ```jsx title="pages/auth/credentials-signin.js"
 import { getCsrfToken } from "next-auth/react"

docs/docs/guides/03-basics/refresh-token-rotation.md

@@ -1,9 +1,8 @@
 ---
-id: refresh-token-rotation
-title: Refresh Token Rotation
+title: Refresh token rotation
 ---
 
-While NextAuth.js doesn't automatically handle access token rotation for OAuth providers yet, this functionality can be implemented using [callbacks](https://next-auth.js.org/configuration/callbacks).
+While NextAuth.js doesn't automatically handle access token rotation for [OAuth providers](/reference/providers/oauth-builtin) yet, this functionality can be implemented using [callbacks](/guides/basics/callbacks).
 
 ## Source Code
 

docs/docs/guides/03-basics/role-based-login-strategy.md

@@ -1,4 +1,6 @@
-# Role based logins
+---
+title: Role based logins
+---
 
 To add role based authentication to your application, you must do three things.
 

docs/docs/guides/03-basics/securing-pages-and-api-routes.md

@@ -1,4 +1,6 @@
-# Securing Pages & API routes
+---
+title: Securing Pages & API routes
+---
 
 You can easily protect client and server side rendered pages and API routes with NextAuth.js.
 
@@ -47,9 +49,9 @@ export { default } from "next-auth/middleware"
 
 Otherwise, if you only want to protect a subset of pages, you could put it in a subdirectory as well, for example in `/pages/admin/_middleware.js` would protect all pages under `/admin`.
 
-For the time being, the `withAuth` middleware only supports `"jwt"` as [session strategy](https://next-auth.js.org/configuration/options#session).
+For the time being, the `withAuth` middleware only supports `"jwt"` as [session strategy](/reference/configuration/auth-config#session).
 
-More details can be found [here](https://next-auth.js.org/configuration/nextjs#middleware).
+More details can be found [here](/reference/nextjs/#middleware).
 
 ### Server Side
 
@@ -163,5 +165,5 @@ You can use the `getToken()` helper function in any application as long as you s
 :::note
 Pass `getToken` the same value for `secret` as specified in `pages/api/auth/[...nextauth].js`.
 
-See [the documentation for the JWT option](/configuration/options#jwt) for more information.
+See [the documentation for the JWT option](/reference/configuration/auth-config#jwt) for more information.
 :::

docs/docs/guides/04-providers/00-custom-provider.md

@@ -0,0 +1,136 @@
+---
+title: Using a custom Provider
+sidebar_label: Creating a Provider
+---
+
+You can use an OAuth provider that isn't built-in by using a custom object.
+
+As an example of what this looks like, this is the provider object returned for the Google provider:
+
+```js
+{
+  id: "google",
+  name: "Google",
+  type: "oauth",
+  wellKnown: "https://accounts.google.com/.well-known/openid-configuration",
+  authorization: { params: { scope: "openid email profile" } },
+  idToken: true,
+  checks: ["pkce", "state"],
+  profile(profile) {
+    return {
+      id: profile.sub,
+      name: profile.name,
+      email: profile.email,
+      image: profile.picture,
+    }
+  },
+}
+```
+
+As you can see, if your provider supports OpenID Connect and the `/.well-known/openid-configuration` endpoint contains support for the `grant_type`: `authorization_code`, you only need to pass the URL to that configuration file and define some basic fields like `name` and `type`.
+
+Otherwise, you can pass a more full set of URLs for each OAuth2.0 flow step, for example:
+
+```js
+{
+  id: "kakao",
+  name: "Kakao",
+  type: "oauth",
+  authorization: "https://kauth.kakao.com/oauth/authorize",
+  token: "https://kauth.kakao.com/oauth/token",
+  userinfo: "https://kapi.kakao.com/v2/user/me",
+  profile(profile) {
+    return {
+      id: profile.id,
+      name: profile.kakao_account?.profile.nickname,
+      email: profile.kakao_account?.email,
+      image: profile.kakao_account?.profile.profile_image_url,
+    }
+  },
+}
+```
+
+Replace all the options in this JSON object with the ones from your custom provider - be sure to give it a unique ID and specify the required URLs, and finally add it to the providers array when initializing the library:
+
+```js title="pages/api/auth/[...nextauth].js"
+import TwitterProvider from "next-auth/providers/twitter"
+...
+providers: [
+  TwitterProvider({
+    clientId: process.env.TWITTER_ID,
+    clientSecret: process.env.TWITTER_SECRET,
+  }),
+  {
+    id: 'customProvider',
+    name: 'CustomProvider',
+    type: 'oauth',
+    scope: ''  // Make sure to request the users email address
+    ...
+  }
+]
+...
+```
+
+### Override default options
+
+For built-in providers, in most cases you will only need to specify the `clientId` and `clientSecret`. If you need to override any of the defaults, add your own [options](#options).
+
+Even if you are using a built-in provider, you can override any of these options to tweak the default configuration.
+
+:::note
+The user provided options are deeply merged with the default options. That means you only have to override part of the options that you need to be different. For example if you want different scopes, overriding `authorization.params.scope` is enough, instead of the whole `authorization` option.
+:::
+
+```js title=/api/auth/[...nextauth].js
+import Auth0Provider from "next-auth/providers/auth0"
+
+Auth0Provider({
+  clientId: process.env.CLIENT_ID,
+  clientSecret: process.env.CLIENT_SECRET,
+  issuer: process.env.ISSUER,
+  authorization: { params: { scope: "openid your_custom_scope" } },
+})
+```
+
+Another example, the `profile` callback will return `id`, `name`, `email` and `picture` by default, but you might need more information from the provider. After setting the correct scopes, you can then do something like this:
+
+```js title=/api/auth/[...nextauth].js
+import GoogleProvider from "next-auth/providers/google"
+
+GoogleProvider({
+  clientId: process.env.GOOGLE_CLIENT_ID,
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+  profile(profile) {
+    return {
+      // Return all the profile information you need.
+      // The only truly required field is `id`
+      // to be able identify the account when added to a database
+    }
+  },
+})
+```
+
+An example of how to enable automatic account linking:
+
+```js title=/api/auth/[...nextauth].js
+import GoogleProvider from "next-auth/providers/google"
+GoogleProvider({
+  clientId: process.env.GOOGLE_CLIENT_ID,
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+  allowDangerousEmailAccountLinking: true,
+})
+```
+
+### Adding a new built-in provider
+
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily!
+
+You only need to add three changes:
+
+1. Add your config: [`src/providers/{provider}.ts`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
+   - Make sure you use a named default export, like this: `export default function YourProvider`
+   - Add two SVG's of the provider logo, like `google-dark.svg` (dark mode) and `google.svg` (light mode), to the `/packages/next-auth/provider-logos/` directory as well as the styling config to the provider config object. See existing provider for example
+2. Add provider documentation: [`/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/docs/docs/providers)
+3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)
+
+That's it! 🎉 Others will be able to discover and use this provider much more easily now!