apply suggestion

* fix: docs build

* chore: move next-auth output to dist

* chore: add next-auth as deps for doc

* Revert "chore: move next-auth output to dist"

This reverts commit 9596a9134e6de4f4bd8dcfaa6d3002e98863d8f8.

* remove dist prefix

apps/examples/solid-start/src/routes/index.tsx

@@ -29,7 +29,7 @@ const Home: ParentComponent = () => {
           </A>{" "}
           with{" "}
           <A
-            href="https://authjs.dev/reference/solid-start/modules/main"
+            href="https://authjs.dev/reference/solidstart"
             class="text-blue-500 underline font-bold"
           >
             SolidStart Auth

docs/docs/reference/06-adapters/dynamodb.md

@@ -3,7 +3,7 @@ id: dynamodb
 title: DynamoDB
 ---
 
-This is the AWS DynamoDB Adapter for next-auth. This package can only be used in conjunction with the primary next-auth package. It is not a standalone package.
+This is the AWS DynamoDB Adapter for `next-auth`. This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
 
 By default, the adapter expects a table with a partition key `pk` and a sort key `sk`, as well as a global secondary index named `GSI1` with `GSI1PK` as partition key and `GSI1SK` as sorting key. To automatically delete sessions and verification requests after they expire using [dynamodb TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) you should [enable the TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-how-to.html) with attribute name 'expires'. You can set whatever you want as the table name and the billing method.
 
@@ -11,10 +11,10 @@ You can find the full schema in the table structure section below.
 
 ## Getting Started
 
-1. Install `next-auth` and `@next-auth/dynamodb-adapter`
+1. Install `next-auth`, `@next-auth/dynamodb-adapter`, `@aws-sdk/client-dynamodb` and `@aws-sdk/lib-dynamodb`
 
-```bash npm2yarn
+```bash npm2yarn2pnpm
-npm install next-auth @next-auth/dynamodb-adapter
+npm install next-auth @next-auth/dynamodb-adapter @aws-sdk/client-dynamodb @aws-sdk/lib-dynamodb
 ```
 
 2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
@@ -23,7 +23,7 @@ You need to pass `DynamoDBDocument` client from the modular [`aws-sdk`](https://
 The default table name is `next-auth`, but you can customise that by passing `{ tableName: 'your-table-name' }` as the second parameter in the adapter.
 
 ```javascript title="pages/api/auth/[...nextauth].js"
-import { DynamoDB } from "@aws-sdk/client-dynamodb"
+import { DynamoDB, DynamoDBClientConfig } from "@aws-sdk/client-dynamodb"
 import { DynamoDBDocument } from "@aws-sdk/lib-dynamodb"
 import NextAuth from "next-auth";
 import Providers from "next-auth/providers";
@@ -73,7 +73,7 @@ The table respects the single table design pattern. This has many advantages:
 
 - Only one table to manage, monitor and provision.
 - Querying relations is faster than with multi-table schemas (for eg. retrieving all sessions for a user).
-- Only one table needs to be replicated, if you want to go multi-region.
+- Only one table needs to be replicated if you want to go multi-region.
 
 > This schema is adapted for use in DynamoDB and based upon our main [schema](/reference/adapters/models)
 
@@ -94,7 +94,7 @@ new dynamodb.Table(this, `NextAuthTable`, {
 })
 ```
 
-Alternatively you can use this cloudformation template:
+Alternatively, you can use this cloudformation template:
 
 ```yaml title=cloudformation.yaml
 NextAuthTable:

docs/docusaurus.config.js

@@ -46,7 +46,7 @@ const docusaurusConfig = {
       title: "Auth.js",
       logo: {
         alt: "Auth.js Logo",
-        src: "img/logo/logo-xs.png",
+        src: "img/logo/logo-xs.webp",
       },
       items: [
         {
@@ -101,7 +101,7 @@ const docusaurusConfig = {
     announcementBar: {
       id: "new-major-announcement",
       content:
-        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out the docs <a  href='/reference/sveltekit'>here</a>.",
+        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out <a href='/reference/sveltekit'>the docs</a>.",
       backgroundColor: "#000",
       textColor: "#fff",
     },
@@ -121,6 +121,7 @@ const docusaurusConfig = {
                 alt="Powered by Vercel"
                 style="margin-top: 8px"
                 height="32"
+                width="167"
                 src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg"
               />
             </a>`,
@@ -181,7 +182,10 @@ const docusaurusConfig = {
           lastVersion: "current",
           showLastUpdateAuthor: true,
           showLastUpdateTime: true,
-          remarkPlugins: [require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm, require("remark-github")],
+          remarkPlugins: [
+            require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm,
+            require("remark-github"),
+          ],
           versions: {
             current: {
               label: "experimental",
@@ -201,7 +205,15 @@ const docusaurusConfig = {
         ...typedocConfig,
         id: "core",
         plugin: ["./tyepdoc"],
-        entryPoints: ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"].map((e) => `${coreSrc}/${e}`).concat(providers),
+        entryPoints: [
+          "index.ts",
+          "adapters.ts",
+          "errors.ts",
+          "jwt.ts",
+          "types.ts",
+        ]
+          .map((e) => `${coreSrc}/${e}`)
+          .concat(providers),
         tsconfig: "../packages/core/tsconfig.json",
         out: "reference/03-core",
         watch: process.env.TYPEDOC_WATCH,
@@ -214,7 +226,9 @@ const docusaurusConfig = {
         ...typedocConfig,
         id: "sveltekit",
         plugin: ["./tyepdoc"],
-        entryPoints: ["index.ts", "client.ts"].map((e) => `../packages/frameworks-sveltekit/src/lib/${e}`),
+        entryPoints: ["index.ts", "client.ts"].map(
+          (e) => `../packages/frameworks-sveltekit/src/lib/${e}`
+        ),
         tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
         out: "reference/04-sveltekit",
         watch: process.env.TYPEDOC_WATCH,

docs/package.json

@@ -22,6 +22,7 @@
     "classnames": "^2.3.2",
     "mdx-mermaid": "1.2.2",
     "mermaid": "9.0.1",
+    "next-auth": "workspace:*",
     "prism-react-renderer": "1.3.5",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",

docs/sidebars.js

@@ -58,9 +58,9 @@ module.exports = {
       label: "@auth/solid-start",
       link: {
         type: "doc",
-        id: "reference/solid-start/index",
+        id: "reference/solidstart/index",
       },
-      items: ["reference/solid-start/client", "reference/solid-start/protected"],
+      items: ["reference/solidstart/client", "reference/solidstart/protected"],
     },
     {
       type: "category",

docs/src/css/index.css

@@ -140,19 +140,19 @@ html[data-theme="dark"] hr {
   border-radius: 10rem;
   overflow: visible;
   box-shadow: 0 0 2rem rgba(0, 0, 0, 0.1);
-  background-image: url("/img/mesh-1.jpg");
+  background-image: url("/img/mesh-1.webp");
   background-size: cover;
   background-origin: center;
 }
 
 .home-main .section-features .row .col:nth-child(2) .feature-image-wrapper {
-  background-image: url("/img/mesh-2.jpg");
+  background-image: url("/img/mesh-2.webp");
   background-size: cover;
   background-origin: center;
 }
 
 .home-main .section-features .row .col:nth-child(3) .feature-image-wrapper {
-  background-image: url("/img/mesh-3.jpg");
+  background-image: url("/img/mesh-3.webp");
   background-size: cover;
   background-origin: center;
 }

docs/src/css/navbar.css

@@ -6,6 +6,11 @@
   margin-right: 1rem !important;
 }
 
+.navbar__logo {
+  width: 29px;
+  height: 32px;
+}
+
 .navbar__title {
   font-size: 1.2rem;
   margin-left: 0.2rem;

docs/src/pages/index.js

@@ -117,9 +117,11 @@ export default function Home() {
           <div className="container">
             <div className="hero-inner">
               <img
-                src="/img/logo/logo-sm.png"
+                src="/img/logo/logo-sm.webp"
                 alt="Shield with key icon"
                 className={styles.heroLogo}
+                height="142"
+                width="128"
               />
               <div className={styles.heroText}>
                 <h1 className="hero__title">{siteConfig.title}</h1>
@@ -214,9 +216,9 @@ export default function Home() {
               <div className="row">
                 <div className="col col--6">
                   <div className="code">
-                    <h4 className="code-heading">
+                    <div className="code-heading">
                       Next.js <span>/pages/api/auth/[...nextauth].ts</span>
-                    </h4>
+                    </div>
                     <CodeBlock className="prism-code language-js">
                       {nextJsCode}
                     </CodeBlock>
@@ -224,9 +226,9 @@ export default function Home() {
                 </div>
                 <div className="col col--6">
                   <div className="code">
-                    <h4 className="code-heading">
+                    <div className="code-heading">
                       SvelteKit <span>/hooks.server.ts</span>
-                    </h4>
+                    </div>
                     <CodeBlock className="prism-code language-js">
                       {svelteKitCode}
                     </CodeBlock>
@@ -234,9 +236,9 @@ export default function Home() {
                 </div>
                 <div className="col col--6">
                   <div className="code">
-                    <h4 className="code-heading">
+                    <div className="code-heading">
                       SolidStart <span>/routes/api/auth/[...solidauth].ts</span>
-                    </h4>
+                    </div>
                     <CodeBlock className="prism-code language-js">
                       {solidStartCode}
                     </CodeBlock>

docs/vercel.json

@@ -60,6 +60,11 @@
       "destination": "https://github.com/nextauthjs/next-auth/discussions/categories/questions",
       "permanent": true
     },
+    {
+      "source": "/reference/solid-start/:path*",
+      "destination": "/reference/solidstart/:path*",
+      "permanent": true
+    },
     {
       "source": "/",
       "has": [

package.json

@@ -5,6 +5,7 @@
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "scripts": {
     "build:app": "turbo run build --filter=next-auth-app",
+    "build:docs": "turbo run build --filter=docs",
     "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
     "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!*pouchdb-* --filter=!@*upstash* --filter=!*dynamodb-*",
     "clean": "turbo run clean --no-cache",

packages/adapter-dynamodb/package.json

@@ -31,6 +31,7 @@
   "author": "Pol Marnette",
   "license": "ISC",
   "peerDependencies": {
+    "@aws-sdk/client-dynamodb": "^3.36.1",
     "@aws-sdk/lib-dynamodb": "^3.36.1",
     "next-auth": "^4"
   },

packages/core/package.json

@@ -20,7 +20,7 @@
     "Balázs Orbán <info@balazsorban.com>",
     "Nico Domino <yo@ndo.dev>",
     "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>",
+    "Thang Huu Vu <hi@thvu.dev>",
     "Iain Collins <me@iaincollins.com"
   ],
   "type": "module",

packages/core/src/errors.ts

@@ -1,14 +1,23 @@
+interface ErrorCause extends Record<string, unknown> {}
+
 /** @internal */
 export class AuthError extends Error {
-  metadata?: Record<string, unknown>
+  constructor(message: string | Error | ErrorCause, cause?: ErrorCause) {
-  constructor(message: Error | string, metadata?: Record<string, unknown>) {
     if (message instanceof Error) {
-      super(message.message)
+      super(undefined, {
-      this.stack = message.stack
+        cause: { err: message, ...(message.cause as any), ...cause },
-    } else super(message)
+      })
-    this.name = this.constructor.name
+    } else if (typeof message === "string") {
-    this.metadata = metadata
+      if (cause instanceof Error) {
+        cause = { err: cause, ...(cause.cause as any) }
+      }
+      super(message, cause)
+    } else {
+      super(undefined, message)
+    }
     Error.captureStackTrace?.(this, this.constructor)
+    this.name =
+      message instanceof AuthError ? message.name : this.constructor.name
   }
 }
 
@@ -28,7 +37,45 @@ export class AdapterError extends AuthError {}
 /** @todo */
 export class AuthorizedCallbackError extends AuthError {}
 
-/** @todo */
+/**
+ * There was an error while trying to finish up authenticating the user.
+ * Depending on the type of provider, this could be for multiple reasons.
+ *
+ * :::tip
+ * Check out `[auth][details]` in the error message to know which provider failed.
+ * @example
+ * ```sh
+ * [auth][details]: { "provider": "github" }
+ * ```
+ * :::
+ *
+ * For an **OAuth provider**, possible causes are:
+ * - The user denied access to the application
+ * - There was an error parsing the OAuth Profile:
+ *   Check out the provider's `profile` or `userinfo.request` method to make sure
+ *   it correctly fetches the user's profile.
+ * - The `signIn` or `jwt` callback methods threw an uncaught error:
+ *   Check the callback method implementations.
+ *
+ * For an **Email provider**, possible causes are:
+ * - The provided email/token combination was invalid/missing:
+ *   Check if the provider's `sendVerificationRequest` method correctly sends the email.
+ * - The provided email/token combination has expired:
+ *   Ask the user to log in again.
+ * - There was an error with the database:
+ *   Check the database logs.
+ *
+ * For a **Credentials provider**, possible causes are:
+ * - The `authorize` method threw an uncaught error:
+ *   Check the provider's `authorize` method.
+ * - The `signIn` or `jwt` callback methods threw an uncaught error:
+ *   Check the callback method implementations.
+ *
+ * :::tip
+ * Check out `[auth][cause]` in the error message for more details.
+ * It will show the original stack trace.
+ * :::
+ */
 export class CallbackRouteError extends AuthError {}
 
 /** @todo */
@@ -93,3 +140,10 @@ export class UnsupportedStrategy extends AuthError {}
 
 /** @todo */
 export class UntrustedHost extends AuthError {}
+
+/**
+ * The user's email/token combination was invalid.
+ * This could be because the email/token combination was not found in the database,
+ * or because it token has expired. Ask the user to log in again.
+ */
+export class Verification extends AuthError {}

packages/core/src/lib/callback-handler.ts

@@ -133,7 +133,8 @@ export async function handleLogin(
         // with is already associated with another user, then we cannot link them
         // and need to return an error.
         throw new AccountNotLinked(
-          "The account is already associated with another user"
+          "The account is already associated with another user",
+          { provider: account.provider }
         )
       }
       // If there is no active session, but the account being signed in with is already
@@ -193,7 +194,8 @@ export async function handleLogin(
           // want to link them in case it's not safe to do so, so instead we prompt the user
           // to sign in via email to verify their identity and then link the accounts.
           throw new AccountNotLinked(
-            "Another account already exists with the same e-mail address"
+            "Another account already exists with the same e-mail address",
+            { provider: account.provider }
           )
         }
       } else {

packages/core/src/lib/routes/callback.ts

@@ -1,5 +1,5 @@
 import { handleLogin } from "../callback-handler.js"
-import { CallbackRouteError } from "../../errors.js"
+import { CallbackRouteError, Verification } from "../../errors.js"
 import { handleOAuth } from "../oauth/callback.js"
 import { createHash } from "../web.js"
 import { handleAuthorized } from "./shared.js"
@@ -8,7 +8,6 @@ import type { AdapterSession } from "../../adapters.js"
 import type {
   RequestInternal,
   ResponseInternal,
-  User,
   InternalOptions,
 } from "../../types.js"
 import type { Cookie, SessionStore } from "../cookie.js"
@@ -154,9 +153,13 @@ export async function callback(params: {
       const token = query?.token as string | undefined
       const identifier = query?.email as string | undefined
 
-      // If these are missing, the sign-in URL was manually opened without these params or the `sendVerificationRequest` method did not send the link correctly in the email.
       if (!token || !identifier) {
-        return { redirect: `${url}/error?error=configuration`, cookies }
+        const e = new TypeError(
+          "Missing token or email. The sign-in URL was manually opened without token/identifier or the link was not sent correctly in the email.",
+          { cause: { hasToken: !!token, hasEmail: !!identifier } }
+        )
+        e.name = "Configuration"
+        throw e
       }
 
       const secret = provider.secret ?? options.secret
@@ -166,10 +169,10 @@ export async function callback(params: {
         token: await createHash(`${token}${secret}`),
       })
 
-      const invalidInvite = !invite || invite.expires.valueOf() < Date.now()
+      const hasInvite = !!invite
-      if (invalidInvite) {
+      const expired = invite ? invite.expires.valueOf() < Date.now() : undefined
-        return { redirect: `${url}/error?error=Verification`, cookies }
+      const invalidInvite = !hasInvite || expired
-      }
+      if (invalidInvite) throw new Verification({ hasInvite, expired })
 
       // @ts-expect-error -- Verified in `assertConfig`.
       const profile = await getAdapterUserFromEmail(identifier, adapter)
@@ -252,13 +255,11 @@ export async function callback(params: {
     } else if (provider.type === "credentials" && method === "POST") {
       const credentials = body
 
-      let user: User | null
-
-      try {
       // TODO: Forward the original request as is, instead of reconstructing it
-        // prettier-ignore
+      Object.entries(query ?? {}).forEach(([k, v]) =>
-        Object.entries(query ?? {}).forEach(([k, v]) => url.searchParams.set(k, v))
+        url.searchParams.set(k, v)
-        user = await provider.authorize(
+      )
+      const user = await provider.authorize(
         credentials,
         // prettier-ignore
         new Request(url, { headers, method, body: JSON.stringify(body) })
@@ -273,15 +274,6 @@ export async function callback(params: {
           cookies,
         }
       }
-      } catch (e) {
-        return {
-          status: 401,
-          redirect: `${url}/error?error=${encodeURIComponent(
-            (e as Error).message
-          )}`,
-          cookies,
-        }
-      }
 
       /** @type {import("src").Account} */
       const account = {

packages/core/src/lib/utils/logger.ts

@@ -21,11 +21,21 @@ const reset = "\x1b[0m"
 export const logger: LoggerInstance = {
   error(error: AuthError) {
     const url = `https://errors.authjs.dev#${error.name.toLowerCase()}`
-    console.error(error.stack)
     console.error(
-      `${red}[auth][error][${error.name}]${reset}: Read more at ${url}`
+      `${red}[auth][error][${error.name}]${reset}:${
+        error.message ? ` ${error.message}.` : ""
+      } Read more at ${url}`
     )
-    error.metadata && console.error(JSON.stringify(error.metadata, null, 2))
+    if (error.cause) {
+      const { err, ...data } = error.cause as any
+      console.error(`${red}[auth][cause]${reset}:`, (err as Error).stack)
+      console.error(
+        `${red}[auth][details]${reset}:`,
+        JSON.stringify(data, null, 2)
+      )
+    } else if (error.stack) {
+      console.error(error.stack.replace(/.*/, "").substring(1))
+    }
   },
   warn(code) {
     const url = `https://errors.authjs.dev#${code}`

packages/frameworks-sveltekit/src/lib/index.ts

@@ -18,7 +18,7 @@
  * ## Usage
  *
  * ```ts title="src/hooks.server.ts"
- * import SvelteKitAuth from "@auth/sveltekit"
+ * import { SvelteKitAuth } from "@auth/sveltekit"
  * import GitHub from "@auth/core/providers/github"
  * import { GITHUB_ID, GITHUB_SECRET } from "$env/static/private"
  *

packages/next-auth/package.json

@@ -9,7 +9,7 @@
     "Balázs Orbán <info@balazsorban.com>",
     "Nico Domino <yo@ndo.dev>",
     "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>"
+    "Thang Huu Vu <hi@thvu.dev>"
   ],
   "main": "index.js",
   "module": "index.js",

pnpm-lock.yaml

@@ -258,6 +258,7 @@ importers:
       docusaurus-plugin-typedoc: ^0.18.0
       mdx-mermaid: 1.2.2
       mermaid: 9.0.1
+      next-auth: workspace:*
       prism-react-renderer: 1.3.5
       react: ^18.2.0
       react-dom: ^18.2.0
@@ -272,6 +273,7 @@ importers:
       classnames: 2.3.2
       mdx-mermaid: 1.2.2_mermaid@9.0.1+react@18.2.0
       mermaid: 9.0.1
+      next-auth: link:../packages/next-auth
       prism-react-renderer: 1.3.5_react@18.2.0
       react: 18.2.0
       react-dom: 18.2.0_react@18.2.0
@@ -13604,7 +13606,7 @@ packages:
   /axios/0.21.4_debug@3.2.7:
     resolution: {integrity: sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==}
     dependencies:
-      follow-redirects: 1.15.1
+      follow-redirects: 1.15.1_debug@3.2.7
     transitivePeerDependencies:
       - debug
     dev: false
@@ -19295,6 +19297,18 @@ packages:
       debug:
         optional: true
 
+  /follow-redirects/1.15.1_debug@3.2.7:
+    resolution: {integrity: sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==}
+    engines: {node: '>=4.0'}
+    peerDependencies:
+      debug: '*'
+    peerDependenciesMeta:
+      debug:
+        optional: true
+    dependencies:
+      debug: 3.2.7
+    dev: false
+
   /follow-redirects/1.15.1_debug@4.3.4:
     resolution: {integrity: sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==}
     engines: {node: '>=4.0'}

turbo.json

@@ -1,19 +1,25 @@
 {
   "$schema": "https://turborepo.org/schema.json",
   "pipeline": {
-    "docs#build": {
-      "dependsOn": [
-        "^build",
-        "next-auth#build",
-        "@auth/core#build",
-        "@auth/sveltekit#build"
-      ]
-    },
     "build": {
       "dependsOn": ["^build"]
     },
     "next-auth#build": {
-      "dependsOn": ["^build"]
+      "dependsOn": ["^build"],
+      "outputs": [
+        "client/**",
+        "core/**",
+        "css/**",
+        "jwt/**",
+        "next/**",
+        "providers/**",
+        "react/**",
+        "index.d.ts",
+        "index.js",
+        "adapters.d.ts",
+        "middleware.d.ts",
+        "middleware.js"
+      ]
     },
     "clean": {
       "cache": false