chore(release): bump package version(s) [skip ci]

* added optional dynamic sveltekit options

* changed dynamicOptions function to async

* converted dynamicOptions to a named type

* updated inline docs to show async capabilities

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* refined to a simpler function signature

* removed redundant return statement

* Apply suggestions from code review

---------

Co-authored-by: Thang Vu <hi@thvu.dev>

.github/actions/issue-validator/repro.md

@@ -14,9 +14,9 @@ Ensure the link is pointing to a codebase that is accessible (e.g. not a private
 
 ### **What happens if I don't provide a sufficient minimal reproduction?**
 
-Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.
+Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are closed after 7 days.
 
-If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.
+If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction. (It's less likely that we check back on already closed issues.)
 
 ### **I did not open this issue, but it is relevant to me, what can I do to help?**
 

docs/docs/guides/03-basics/role-based-access-control.md

@@ -1,8 +1,8 @@
 ---
-title: Role-based authentication
+title: Role-based access control
 ---
 
-There are two ways to add role-based authentication (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
+There are two ways to add role-based access control (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
 
 ## Getting the role
 

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/core",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "Authentication for the Web.",
   "keywords": [
     "authentication",

packages/core/src/lib/init.ts

@@ -101,7 +101,7 @@ export async function init({
       // Asserted in assert.ts
       // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
       secret: authOptions.secret!,
-      maxAge, // same as session maxAge,
+      maxAge: authOptions.session?.maxAge ?? maxAge, // default to same as `session.maxAge`
       encode: jwt.encode,
       decode: jwt.decode,
       ...authOptions.jwt,

packages/core/src/lib/routes/session.ts

@@ -60,7 +60,6 @@ export async function session(
         const newToken = await jwt.encode({
           ...jwt,
           token,
-          maxAge: options.session.maxAge,
         })
 
         // Set cookie, to also update expiry date on cookie

packages/core/src/providers/github.ts

@@ -129,14 +129,14 @@ export default function GitHub(
       url: "https://api.github.com/user",
       async request({ tokens, provider }) {
         const profile = await fetch(provider.userinfo?.url as URL, {
-          headers: { Authorization: `Bearer ${tokens.access_token}` },
+          headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
         }).then(async (res) => await res.json())
 
         if (!profile.email) {
           // If the user does not have a public email, get another via the GitHub API
           // See https://docs.github.com/en/rest/users/emails#list-public-email-addresses-for-the-authenticated-user
           const res = await fetch("https://api.github.com/user/emails", {
-            headers: { Authorization: `Bearer ${tokens.access_token}` },
+            headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
           })
 
           if (res.ok) {

packages/frameworks-sveltekit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/sveltekit",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "description": "Authentication for SvelteKit.",
   "keywords": [
     "authentication",

packages/frameworks-sveltekit/src/lib/index.ts

@@ -27,6 +27,23 @@
  * })
  * ```
  * 
+ * or to use sveltekit platform environment variables for platforms like Cloudflare
+ * 
+ * ```ts title="src/hooks.server.ts"
+ * import { SvelteKitAuth } from "@auth/sveltekit"
+ * import GitHub from "@auth/core/providers/github"
+ * import type { Handle } from "@sveltejs/kit";
+ *
+ * export const handle = SvelteKitAuth(async (event) => {
+ *   const authOptions = {
+ *     providers: [GitHub({ clientId: event.platform.env.GITHUB_ID, clientSecret: event.platform.env.GITHUB_SECRET })]
+ *     secret: event.platform.env.AUTH_SECRET,
+ *     trustHost: true
+ *   }
+ *   return authOptions
+ * }) satisfies Handle;
+ * ```
+ *
  * Don't forget to set the `AUTH_SECRET` [environment variable](https://kit.svelte.dev/docs/modules#$env-dynamic-private). This should be a minimum of 32 characters, random string. On UNIX systems you can use `openssl rand -hex 32` or check out `https://generate-secret.vercel.app/32`.
  *
  * When deploying your app outside Vercel, set the `AUTH_TRUST_HOST` variable to `true` for other hosting providers like Cloudflare Pages or Netlify.
@@ -71,7 +88,7 @@
  * ## Managing the session
  *
  * The above example checks for a session available in `$page.data.session`, however that needs to be set by us somewhere.
- * If you want this data to be available to all your routes you can add this to your root `+layout.server.ts` file.
+ * If you want this data to be available to all your routes you can add this to `src/routes/+layout.server.ts`.
  * The following code sets the session data in the `$page` store to be available to all routes.
  *
  * ```ts
@@ -187,7 +204,7 @@
  */
 
 /// <reference types="@sveltejs/kit" />
-import type { Handle } from "@sveltejs/kit"
+import type { Handle, RequestEvent } from "@sveltejs/kit"
 
 import { dev } from "$app/environment"
 import { env } from "$env/dynamic/private"
@@ -237,8 +254,15 @@ const actions: AuthAction[] = [
   "error",
 ]
 
-function AuthHandle(prefix: string, authOptions: AuthConfig): Handle {
+type DynamicSvelteKitAuthConfig = (event: RequestEvent) => PromiseLike<SvelteKitAuthConfig>
-  return function ({ event, resolve }) {
+
+function AuthHandle(svelteKitAuthOptions: SvelteKitAuthConfig | DynamicSvelteKitAuthConfig): Handle {
+  return async function ({ event, resolve }) {
+    const authOptions =
+      typeof svelteKitAuthOptions === "object"
+        ? svelteKitAuthOptions
+        : await svelteKitAuthOptions(event)
+    const { prefix = "/auth" } = authOptions
     const { url, request } = event
 
     event.locals.getSession ??= () => getSession(request, authOptions)
@@ -259,11 +283,12 @@ function AuthHandle(prefix: string, authOptions: AuthConfig): Handle {
  * The main entry point to `@auth/sveltekit`
  * @see https://sveltekit.authjs.dev
  */
-export function SvelteKitAuth(options: SvelteKitAuthConfig): Handle {
+export function SvelteKitAuth(options: SvelteKitAuthConfig | DynamicSvelteKitAuthConfig): Handle {
-  const { prefix = "/auth", ...authOptions } = options
+  if (typeof options === "object") {
-  authOptions.secret ??= env.AUTH_SECRET
+    options.secret ??= env.AUTH_SECRET
-  authOptions.trustHost ??= !!(env.AUTH_TRUST_HOST ?? env.VERCEL ?? dev)
+    options.trustHost ??= !!(env.AUTH_TRUST_HOST ?? env.VERCEL ?? dev)
-  return AuthHandle(prefix, authOptions)
+  }
+  return AuthHandle(options)
 }
 
 declare global {