chore(release): bump package version(s) [skip ci]

* init adapter folder

* add schema

* run migration

* run `npx @edgedb/generate edgeql-js`

* fix `generate` script

* add `EdgeDBAdapter`

* add tests

* add README

* docs

* dev app

* lockfile

* remove generated files

* ignore `dbschema/edgeql-js`

* add `postinstall` generate script

* update docs

* move `nonrecursive_access_policies` to default schema

* newlines

* remove js generation

* rewrite in edgeql

* make `userId` computed

* fix `createUser` image param

* code review comments

* update lockfile

* code review

* comments

* delete

* types

* revert settings.json

* delete migrations

* deps

* clean up

* Restore packages/adapter-test/index.ts

* chore: formatting & fix logic of useVerificationToken

* chore: delete .md file

* fix: test

* chore: logo

* chore: formatting

* chore: add edgedb to doc

---------

Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Thang Vu <hi@thvu.dev>

.github/ISSUE_TEMPLATE/1_bug_framework.yml

@@ -11,7 +11,7 @@ body:
 
         ### Important :exclamation:
 
-        _Providing incorrect/insufficient information or skipping steps to reproduce the issue may result in closing the issue or converting to a discussion without further explanation._
+        _Providing incorrect/insufficient information or skipping steps to reproduce the issue will result in closing the issue and/or converting to a discussion without further explanation._
 
         If you have a generic question specific to your project, it is best asked in Discussions under the [Questions category](https://github.com/nextauthjs/next-auth/discussions/new?category=Questions)
   # Let's wait with this until adoption in other frameworks.

.github/ISSUE_TEMPLATE/2_bug_provider.yml

@@ -31,13 +31,17 @@ body:
         - "Authentik"
         - "Azure Active Directory"
         - "Azure Active Directory B2C"
+        - "Azure DevOps"
         - "Battlenet"
         - "Beyond Identity"
         - "Box"
         - "Bungie"
+        - "ClickUp"
         - "Cognito"
         - "Coinbase"
+        - "Descope"
         - "Discord"
+        - "Dribbble"
         - "Dropbox"
         - "EVE Online"
         - "Facebook"
@@ -56,6 +60,7 @@ body:
         - "LinkedIn"
         - "Mailchimp"
         - "Mail.ru"
+        - "Mastodon"
         - "Medium"
         - "Naver"
         - "Netlify"
@@ -71,6 +76,7 @@ body:
         - "Slack"
         - "Spotify"
         - "Strava"
+        - "Tiktok"
         - "Todoist"
         - "Trakt"
         - "Twitch"

.github/ISSUE_TEMPLATE/3_bug_adapter.yml

@@ -22,9 +22,11 @@ body:
       options:
         - "Custom adapter"
         - "@auth/dgraph-adapter"
+        - "@auth/drizzle-adapter"
         - "@auth/dynamodb-adapter"
         - "@auth/fauna-adapter"
         - "@auth/firebase-adapter"
+        - "@auth/kysely-adapter"
         - "@auth/mikro-orm-adapter"
         - "@auth/mongodb-adapter"
         - "@auth/neo4j-adapter"

.github/issue-labeler.yml

@@ -3,6 +3,9 @@
 dgraph:
   - "@auth/dgraph-adapter"
 
+drizzle:
+  - "@auth/drizzle-adapter"
+
 dynamodb:
   - "@auth/dynamodb-adapter"
 
@@ -12,6 +15,9 @@ fauna:
 firebase:
   - "@auth/firebase-adapter"
 
+kysely:
+  - "@auth/kysely-adapter"
+
 mikro-orm:
   - "@auth/mikro-orm-adapter"
 

.github/pr-labeler.yml

@@ -15,6 +15,7 @@ neo4j: ["packages/adapter-neo4j/**/*"]
 playgrounds: ["apps/playgrounds/**/*"]
 pouchdb: ["packages/adapter-pouchdb/**/*"]
 prisma: ["packages/adapter-prisma/**/*"]
+kysely: ["packages/adapter-kysely/**/*"]
 providers: ["packages/core/src/providers/**/*"]
 sequelize: ["packages/adapter-sequelize/**/*"]
 solidjs: ["packages/frameworks-solid-start/**/*"]

.github/workflows/release.yml

@@ -11,51 +11,54 @@ on:
   # TODO: Support latest releases
   workflow_dispatch:
     inputs:
-      name: 
+      name:
         type: choice
         description: Package name (npm)
         options:
-        - "@auth/core"
-        - "@auth/nextjs"
-        - "@auth/dgraph-adapter"
-        - "@auth/drizzle-adapter"
-        - "@auth/dynamodb-adapter"
-        - "@auth/fauna-adapter"
-        - "@auth/firebase-adapter"
-        - "@auth/mikro-orm-adapter"
-        - "@auth/mongodb-adapter"
-        - "@auth/neo4j-adapter"
-        - "@auth/pouchdb-adapter"
-        - "@auth/prisma-adapter"
-        - "@auth/sequelize-adapter"
-        - "@auth/supabase-adapter"
-        - "@auth/typeorm-adapter"
-        - "@auth/upstash-redis-adapter"
-        - "@auth/xata-adapter"
-        - "next-auth"
+          - "@auth/core"
+          - "@auth/dgraph-adapter"
+          - "@auth/drizzle-adapter"
+          - "@auth/dynamodb-adapter"
+          - "@auth/fauna-adapter"
+          - "@auth/firebase-adapter"
+          - "@auth/mikro-orm-adapter"
+          - "@auth/mongodb-adapter"
+          - "@auth/neo4j-adapter"
+          - "@auth/pouchdb-adapter"
+          - "@auth/prisma-adapter"
+          - "@auth/sequelize-adapter"
+          - "@auth/supabase-adapter"
+          - "@auth/typeorm-adapter"
+          - "@auth/upstash-redis-adapter"
+          - "@auth/xata-adapter"
+          - "next-auth"
       # TODO: Infer from package name
       path:
         type: choice
         description: Directory name (packages/*)
         options:
-        - "core"
-        - "frameworks-nextjs"
-        - "adapter-dgraph"
-        - "adapter-drizzle"
-        - "adapter-dynamodb"
-        - "adapter-fauna"
-        - "adapter-firebase"
-        - "adapter-mikro-orm"
-        - "adapter-mongodb"
-        - "adapter-neo4j"
-        - "adapter-pouchdb"
-        - "adapter-prisma"
-        - "adapter-sequelize"
-        - "adapter-supabase"
-        - "adapter-typeorm"
-        - "adapter-upstash-redis"
-        - "adapter-xata"
-        - "next-auth"
+          - "core"
+          - "frameworks-nextjs"
+          - "adapter-dgraph"
+          - "adapter-drizzle"
+          - "adapter-dynamodb"
+          - "adapter-fauna"
+          - "adapter-firebase"
+          - "adapter-mikro-orm"
+          - "adapter-mongodb"
+          - "adapter-neo4j"
+          - "adapter-pouchdb"
+          - "adapter-prisma"
+          - "adapter-sequelize"
+          - "adapter-supabase"
+          - "adapter-typeorm"
+          - "adapter-upstash-redis"
+          - "adapter-xata"
+          - "next-auth"
+env:
+  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
+  FORCE_COLOR: true
 
 jobs:
   test:
@@ -75,14 +78,14 @@ jobs:
           cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
+      - name: Build
+        run: pnpm build
       - name: Run tests
         run: pnpm test
         timeout-minutes: 15
         env:
           UPSTASH_REDIS_URL: ${{ secrets.UPSTASH_REDIS_URL }}
           UPSTASH_REDIS_KEY: ${{ secrets.UPSTASH_REDIS_KEY }}
-          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
       # - name: Run E2E tests
       #   if: github.repository == 'nextauthjs/next-auth'
       #   run: pnpm e2e
@@ -91,7 +94,7 @@ jobs:
       #     AUTH0_USERNAME: ${{ secrets.AUTH0_USERNAME }}
       #     AUTH0_PASSWORD: ${{ secrets.AUTH0_PASSWORD }}
       #     TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-      #     TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+      #     TURBO_TEAM: ${{ vars.TURBO_TEAM }}
       # - name: Upload E2E artifacts
       #   if: github.repository == 'nextauthjs/next-auth'
       #   uses: actions/upload-artifact@v3

.gitignore

@@ -6,6 +6,8 @@
 .env.development.local
 .env.test.local
 .env.production.local
+packages/*/.npmrc
+
 
 npm-debug.log*
 yarn-debug.log*
@@ -65,6 +67,7 @@ packages/adapter-prisma/prisma/dev.db
 packages/adapter-prisma/prisma/migrations
 db.sqlite
 packages/adapter-supabase/supabase/.branches
+packages/adapter-drizzle/.drizzle
 
 # Tests
 coverage
@@ -97,5 +100,7 @@ packages/frameworks-sveltekit/vite.config.js.timestamp-*
 packages/frameworks-sveltekit/vite.config.ts.timestamp-*
 
 # Adapters
+docs/docs/reference/adapter
 
-docs/docs/reference/adapter
+## Drizzle migration folder
+.drizzle

README.md

@@ -1 +0,0 @@
-packages/next-auth/README.md

README.md

@@ -0,0 +1,153 @@
+<p align="center">
+  <br/>
+  <a href="https://authjs.dev" target="_blank"><img width="96px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
+  <h3 align="center">Auth.js</h3>
+  <p align="center">Authentication for the Web.</p>
+  <p align="center">Open Source. Full Stack. Own Your Data.</p>
+  <p align="center" style="align: center;">
+    <a href="https://npm.im/@auth/prisma-adapter">
+      <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+    </a>
+    <a href="https://www.npmtrends.com/next-auth">
+      <img src="https://img.shields.io/npm/dm/next-auth?style=flat-square" alt="Downloads" />
+    </a>
+    <a href="https://github.com/nextauthjs/next-auth/stargazers">
+      <img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square" alt="Github Stars" />
+    </a>
+    <a href="https://www.npmjs.com/package/next-auth">
+      <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?label=latest&style=flat-square" alt="Github Stable Release" />
+    </a>
+  </p>
+</p>
+
+Auth.js is a set of open-source packages that are built on Web Standard APIs for authentication in modern applications with any framework on any platform in any JS runtime.
+
+See [authjs.dev](https://authjs.dev) for our framework-specific libraries, or check out [next-auth.js.org](https://next-auth.js.org) for `next-auth` (Next.js).
+
+## Features
+
+### Flexible and easy to use
+
+- Designed to work with any OAuth service, it supports 2.0+, OIDC
+- Built-in support for [many popular sign-in services](https://github.com/nextauthjs/next-auth/tree/main/packages/core/src/providers)
+- Email/Passwordless authentication
+- Bring Your Database - or none! - stateless authentication with any backend (Active Directory, LDAP, etc.)
+- Runtime-agnostic, runs anywhere! (Vercel Edge Functions, Node.js, Serverless, etc.)
+
+### Own your data
+
+Auth.js can be used with or without a database.
+
+- An open-source solution that allows you to keep control of your data
+- Built-in support for [MySQL, MariaDB, Postgres, Microsoft SQL Server, MongoDB, SQLite, etc.](https://adapters.authjs.dev)
+- Works great with databases from popular hosting providers
+
+### Secure by default
+
+- Promotes the use of passwordless sign-in mechanisms
+- Designed to be secure by default and encourage best practices for safeguarding user data
+- Uses Cross-Site Request Forgery (CSRF) Tokens on POST routes (sign in, sign out)
+- Default cookie policy aims for the most restrictive policy appropriate for each cookie
+- When JSON Web Tokens are used, they are encrypted by default (JWE) with A256GCM
+- Features tab/window syncing and session polling to support short-lived sessions
+- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org)
+
+Advanced configuration allows you to define your routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
+
+### TypeScript
+
+Auth.js libraries are written with type safety in mind. [Check out the docs](https://authjs.dev/getting-started/typescript) for more information.
+
+## Security
+
+If you think you have found a vulnerability (or are not sure) in Auth.js or any of the related packages (i.e. Adapters), we ask you to read our [Security Policy](https://authjs.dev/security) to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.
+
+## Acknowledgments
+
+[Auth.js is made possible thanks to all of its contributors.](https://authjs.dev/contributors)
+
+<a href="https://github.com/nextauthjs/next-auth/graphs/contributors">
+  <img width="500px" src="https://contrib.rocks/image?repo=nextauthjs/next-auth" />
+</a>
+<div>
+<a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss"></a>
+</div>
+
+### Support
+
+We have an [OpenCollective](https://opencollective.com/nextauth) for individuals and companies looking to contribute financially to the project!
+
+<!--sponsors start-->
+<table>
+  <tbody>
+    <tr>
+      <td align="center" valign="top">
+        <a href="https://vercel.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/14985020?v=4" alt="Vercel Logo" />
+        </a><br />
+        <div>Vercel</div><br />
+        <sub>🥉 Bronze Financial Sponsor <br /> ☁️ Infrastructure Support</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://prisma.io" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/17219288?v=4" alt="Prisma Logo" />
+        </a><br />
+        <div>Prisma</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://clerk.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/49538330?s=200&v=4" alt="Clerk Logo" />
+        </a><br />
+        <div>Clerk</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://lowdefy.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/47087496?s=200&v=4" alt="Lowdefy Logo" />
+        </a><br />
+        <div>Lowdefy</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://workos.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/47638084?s=200&v=4" alt="WorkOS Logo" />
+        </a><br />
+        <div>WorkOS</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://www.descope.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/97479186?v=4" alt="Descope Logo" />
+        </a><br />
+        <div>Descope</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://checklyhq.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/25982255?v=4" alt="Checkly Logo" />
+        </a><br />
+        <div>Checkly</div><br />
+        <sub>☁️ Infrastructure Support</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://superblog.ai/" target="_blank">
+          <img width="128px" src="https://d33wubrfki0l68.cloudfront.net/cdc4a3833bd878933fcc131655878dbf226ac1c5/10cd6/images/logo_bolt_small.png" alt="superblog Logo" />
+        </a><br />
+        <div>superblog</div><br />
+        <sub>☁️ Infrastructure Support</sub>
+      </td>
+    </tr><tr></tr>
+  </tbody>
+</table>
+<br />
+<!--sponsors end-->
+
+## Contributing
+
+We're open to all community contributions! If you'd like to contribute in any way, please first read
+our [Contributing Guide](https://github.com/nextauthjs/.github/blob/main/CONTRIBUTING.md).
+
+## License
+
+ISC

apps/dev/nextjs-v4/.env.local.example

@@ -13,6 +13,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 KEYCLOAK_ID=
 KEYCLOAK_SECRET=
 KEYCLOAK_ISSUER=

apps/dev/nextjs-v4/README.md

@@ -3,4 +3,4 @@
 This folder contains a Next.js app using NextAuth.js for local development. See the following section on how to start:
 
 [Setting up local environment
-](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md#setting-up-local-environment)
+](https://github.com/nextauthjs/.github/blob/main/CONTRIBUTING.md#setting-up-local-environment)

apps/dev/nextjs/.env.local.example

@@ -22,6 +22,9 @@ BEYOND_IDENTITY_CLIENT_ID=
 BEYOND_IDENTITY_CLIENT_SECRET=
 BEYOND_IDENTITY_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 GITHUB_ID=
 GITHUB_SECRET=
 
@@ -56,6 +59,10 @@ WIKIMEDIA_SECRET=
 YANDEX_ID=
 YANDEX_SECRET=
 
+# ClickUp OAuth. https://clickup.com/api/
+CLICK_UP_ID=
+CLICK_UP_SECRET=
+
 # Example configuration for a Gmail account (will need SMTP enabled)
 EMAIL_SERVER=smtps://user@gmail.com:password@smtp.gmail.com:465
 EMAIL_FROM=user@gmail.com

apps/dev/nextjs/.gitignore

@@ -2,3 +2,4 @@ node_modules/
 /test-results/
 /playwright-report/
 /playwright/.cache/
+dbschema/edgeql-js

apps/dev/nextjs/dbschema/default.esdl

@@ -0,0 +1,71 @@
+module default {
+    type User {
+        property name -> str;
+        required property email -> str {
+            constraint exclusive;
+        }
+        property emailVerified -> datetime;
+        property image -> str;
+        multi link accounts := .<user[is Account];
+        multi link sessions := .<user[is Session]; 
+        property createdAt -> datetime {
+            default := datetime_current();
+        };
+    }
+
+    type Account {
+       required property userId := .user.id;
+       required property type -> str;
+       required property provider -> str;
+       required property providerAccountId -> str {
+        constraint exclusive;
+       };
+       property refresh_token -> str;
+       property access_token -> str;
+       property expires_at -> int64;
+       property token_type -> str;
+       property scope -> str;
+       property id_token -> str;
+       property session_state -> str;
+       required link user -> User {
+            on target delete delete source;
+       };
+       property createdAt -> datetime {
+            default := datetime_current();
+        };
+
+       constraint exclusive on ((.provider, .providerAccountId))
+    }
+
+    type Session {
+        required property sessionToken -> str {
+            constraint exclusive;
+        }
+        required property userId := .user.id;
+        required property expires -> datetime;
+        required link user -> User {
+            on target delete delete source;
+        };
+        property createdAt -> datetime {
+            default := datetime_current();
+        };
+    }
+
+    type VerificationToken {
+        required property identifier -> str;
+        required property token -> str {
+            constraint exclusive;
+        }
+        required property expires -> datetime;
+        property createdAt -> datetime {
+            default := datetime_current();
+        };
+
+        constraint exclusive on ((.identifier, .token))
+    }
+}
+
+# Disable the application of access policies within access policies
+# themselves. This behavior will become the default in EdgeDB 3.0.
+# See: https://www.edgedb.com/docs/reference/ddl/access_policies#nonrecursive
+using future nonrecursive_access_policies;

apps/dev/nextjs/edgedb.toml

@@ -0,0 +1,2 @@
+[edgedb]
+server-version = "2.6"

apps/dev/nextjs/package.json

@@ -15,20 +15,23 @@
   "license": "ISC",
   "dependencies": {
     "@auth/core": "workspace:*",
+    "@auth/edgedb-adapter": "workspace:*",
     "@auth/fauna-adapter": "workspace:*",
     "@auth/prisma-adapter": "workspace:*",
     "@auth/supabase-adapter": "workspace:*",
     "@auth/typeorm-adapter": "workspace:*",
     "@prisma/client": "^3",
+    "edgedb": "^1.0.1",
     "@supabase/supabase-js": "^2.0.5",
     "faunadb": "^4",
-    "next": "13.3.0",
+    "next": "13.4.0",
     "next-auth": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",
     "react-dom": "^18"
   },
   "devDependencies": {
+    "@edgedb/generate": "^0.0.4",
     "@playwright/test": "1.29.2",
     "@types/jsonwebtoken": "^8.5.5",
     "@types/react": "18.0.37",

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -2,14 +2,15 @@ import { Auth, type AuthConfig } from "@auth/core"
 
 // Providers
 import Apple from "@auth/core/providers/apple"
-import Asgardeo from "@auth/core/providers/asgardeo"
+// import Asgardeo from "@auth/core/providers/asgardeo"
 import Auth0 from "@auth/core/providers/auth0"
 import AzureAD from "@auth/core/providers/azure-ad"
 import AzureB2C from "@auth/core/providers/azure-ad-b2c"
-import BeyondIdentity from "@auth/core/providers/beyondidentity"
+// import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
+import Descope from "@auth/core/providers/descope"
 import Discord from "@auth/core/providers/discord"
 import DuendeIDS6 from "@auth/core/providers/duende-identity-server6"
 // import Email from "@auth/core/providers/email"
@@ -38,7 +39,7 @@ import Yandex from "@auth/core/providers/yandex"
 import Vk from "@auth/core/providers/vk"
 import Wikimedia from "@auth/core/providers/wikimedia"
 import WorkOS from "@auth/core/providers/workos"
-
+import ClickUp from '@auth/core/providers/click-up'
 // // Prisma
 // import { PrismaClient } from "@prisma/client"
 // import { PrismaAdapter } from "@auth/prisma-adapter"
@@ -70,6 +71,12 @@ import WorkOS from "@auth/core/providers/workos"
 //   secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
 // })
 
+// // EdgeDB
+// import { EdgeDBAdapter } from "@auth/edgedb-adapter"
+// import { createHttpClient } from "edgedb"
+// const client = createHttpClient()
+// const adapter = EdgeDBAdapter(client)
+
 export const authConfig: AuthConfig = {
   // adapter,
   debug: process.env.NODE_ENV !== "production",
@@ -85,8 +92,8 @@ export const authConfig: AuthConfig = {
         return { name: "Fill Murray", email: "bill@fillmurray.com", image: "https://www.fillmurray.com/64/64", id: "1", foo: "" }
       },
     }),
-    Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
-    Asgardeo({ clientId: process.env.ASGARDEO_CLIENT_ID, clientSecret: process.env.ASGARDEO_CLIENT_SECRET, issuer: process.env.ASGARDEO_ISSUER }),
+    Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET as string }),
+    // Asgardeo({ clientId: process.env.ASGARDEO_CLIENT_ID, clientSecret: process.env.ASGARDEO_CLIENT_SECRET, issuer: process.env.ASGARDEO_ISSUER }),
     Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
     AzureAD({
       clientId: process.env.AZURE_AD_CLIENT_ID,
@@ -94,19 +101,20 @@ export const authConfig: AuthConfig = {
       tenantId: process.env.AZURE_AD_TENANT_ID,
     }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
-    BeyondIdentity({
-      clientId: process.env.BEYOND_IDENTITY_CLIENT_ID,
-      clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET,
-      issuer: process.env.BEYOND_IDENTITY_ISSUER,
-    }),
+    // BeyondIdentity({
+    //   clientId: process.env.BEYOND_IDENTITY_CLIENT_ID,
+    //   clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET,
+    //   issuer: process.env.BEYOND_IDENTITY_ISSUER,
+    // }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
+    Descope({ clientId: process.env.DESCOPE_ID, clientSecret: process.env.DESCOPE_SECRET }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
     DuendeIDS6({ clientId: "interactive.confidential", clientSecret: "secret", issuer: "https://demo.duendesoftware.com" }),
     Facebook({ clientId: process.env.FACEBOOK_ID, clientSecret: process.env.FACEBOOK_SECRET }),
     Foursquare({ clientId: process.env.FOURSQUARE_ID, clientSecret: process.env.FOURSQUARE_SECRET }),
     Freshbooks({ clientId: process.env.FRESHBOOKS_ID, clientSecret: process.env.FRESHBOOKS_SECRET }),
-    GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET, redirectProxy: process.env.AUTH_REDIRECT_PROXY_URL }),
+    GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET, redirectProxyUrl: process.env.AUTH_REDIRECT_PROXY_URL }),
     Gitlab({ clientId: process.env.GITLAB_ID, clientSecret: process.env.GITLAB_SECRET }),
     Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
     // IDS4({ clientId: process.env.IDS4_ID, clientSecret: process.env.IDS4_SECRET, issuer: process.env.IDS4_ISSUER }),
@@ -115,7 +123,7 @@ export const authConfig: AuthConfig = {
     Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
     LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
     Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
-    Notion({ clientId: process.env.NOTION_ID, clientSecret: process.env.NOTION_SECRET, redirectUri: process.env.NOTION_REDIRECT_URI }),
+    Notion({ clientId: process.env.NOTION_ID, clientSecret: process.env.NOTION_SECRET, redirectUri: process.env.NOTION_REDIRECT_URI as string }),
     // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
     Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
     Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),
@@ -129,6 +137,7 @@ export const authConfig: AuthConfig = {
     Vk({ clientId: process.env.VK_ID, clientSecret: process.env.VK_SECRET }),
     Wikimedia({ clientId: process.env.WIKIMEDIA_ID, clientSecret: process.env.WIKIMEDIA_SECRET }),
     WorkOS({ clientId: process.env.WORKOS_ID, clientSecret: process.env.WORKOS_SECRET }),
+    ClickUp({ clientId: process.env.CLICK_UP_ID, clientSecret: process.env.CLICK_UP_SECRET })
   ],
   // debug: process.env.NODE_ENV !== "production",
 }
@@ -160,4 +169,4 @@ function AuthHandler(...args: any[]) {
 
 export default AuthHandler(authConfig)
 
-export const config = { runtime: "experimental-edge" }
+export const config = { runtime: "edge" }

apps/dev/sveltekit/package.json

@@ -15,8 +15,8 @@
     "@sveltejs/kit": "next",
     "svelte": "3.55.0",
     "svelte-check": "2.10.2",
-    "typescript": "4.9.4",
-    "vite": "4.0.1"
+    "typescript": "5.2.2",
+    "vite": "4.0.5"
   },
   "dependencies": {
     "@auth/core": "workspace:*",

apps/examples/nextjs/.env.local.example

@@ -6,6 +6,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 FACEBOOK_ID=
 FACEBOOK_SECRET=
 

apps/examples/nextjs/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,5 @@
+import NextAuth from "next-auth/next"
+import { config } from "auth"
+
+const handler = NextAuth(config)
+export { handler as GET, handler as POST }

apps/examples/nextjs/auth.ts

@@ -0,0 +1,294 @@
+import type { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from "next"
+import type { NextAuthOptions as NextAuthConfig } from "next-auth"
+import { getServerSession } from "next-auth"
+
+import Apple from "next-auth/providers/apple"
+import Atlassian from "next-auth/providers/atlassian"
+import Auth0 from "next-auth/providers/auth0"
+import Authentik from "next-auth/providers/authentik"
+import AzureAD from "next-auth/providers/azure-ad"
+import AzureB2C from "next-auth/providers/azure-ad-b2c"
+import Battlenet from "next-auth/providers/battlenet"
+import Box from "next-auth/providers/box"
+import BoxyHQSAML from "next-auth/providers/boxyhq-saml"
+import Bungie from "next-auth/providers/bungie"
+import Cognito from "next-auth/providers/cognito"
+import Coinbase from "next-auth/providers/coinbase"
+import Discord from "next-auth/providers/discord"
+import Dropbox from "next-auth/providers/dropbox"
+import DuendeIDS6 from "next-auth/providers/duende-identity-server6"
+import Eveonline from "next-auth/providers/eveonline"
+import Facebook from "next-auth/providers/facebook"
+import Faceit from "next-auth/providers/faceit"
+import FortyTwoSchool from "next-auth/providers/42-school"
+import Foursquare from "next-auth/providers/foursquare"
+import Freshbooks from "next-auth/providers/freshbooks"
+import Fusionauth from "next-auth/providers/fusionauth"
+import GitHub from "next-auth/providers/github"
+import Gitlab from "next-auth/providers/gitlab"
+import Google from "next-auth/providers/google"
+import Hubspot from "next-auth/providers/hubspot"
+import Instagram from "next-auth/providers/instagram"
+import Kakao from "next-auth/providers/kakao"
+import Keycloak from "next-auth/providers/keycloak"
+import Line from "next-auth/providers/line"
+import LinkedIn from "next-auth/providers/linkedin"
+import Mailchimp from "next-auth/providers/mailchimp"
+import Mailru from "next-auth/providers/mailru"
+import Medium from "next-auth/providers/medium"
+import Naver from "next-auth/providers/naver"
+import Netlify from "next-auth/providers/netlify"
+import Okta from "next-auth/providers/okta"
+import Onelogin from "next-auth/providers/onelogin"
+import Osso from "next-auth/providers/osso"
+import Osu from "next-auth/providers/osu"
+import Passage from "next-auth/providers/passage"
+import Patreon from "next-auth/providers/patreon"
+import Pinterest from "next-auth/providers/pinterest"
+import Pipedrive from "next-auth/providers/pipedrive"
+import Reddit from "next-auth/providers/reddit"
+import Salesforce from "next-auth/providers/salesforce"
+import Slack from "next-auth/providers/slack"
+import Spotify from "next-auth/providers/spotify"
+import Strava from "next-auth/providers/strava"
+import Todoist from "next-auth/providers/todoist"
+import Trakt from "next-auth/providers/trakt"
+import Twitch from "next-auth/providers/twitch"
+import Twitter from "next-auth/providers/twitter"
+import UnitedEffects from "next-auth/providers/united-effects"
+import Vk from "next-auth/providers/vk"
+import Wikimedia from "next-auth/providers/wikimedia"
+import Wordpress from "next-auth/providers/wordpress"
+import WorkOS from "next-auth/providers/workos"
+import Yandex from "next-auth/providers/yandex"
+import Zitadel from "next-auth/providers/zitadel"
+import Zoho from "next-auth/providers/zoho"
+import Zoom from "next-auth/providers/zoom"
+
+// Read more at: https://next-auth.js.org/getting-started/typescript#module-augmentation
+declare module "next-auth/jwt" {
+  interface JWT {
+    /** The user's role. */
+    userRole?: "admin"
+  }
+}
+
+export const config = {
+  // https://next-auth.js.org/configuration/providers/oauth
+  providers: [
+    Apple({ clientId: process.env.AUTH_APPLE_ID, clientSecret: process.env.AUTH_APPLE_SECRET }),
+    Atlassian({ clientId: process.env.AUTH_ATLASSIAN_ID, clientSecret: process.env.AUTH_ATLASSIAN_SECRET }),
+    Auth0({ clientId: process.env.AUTH_AUTH0_ID, clientSecret: process.env.AUTH_AUTH0_SECRET, issuer: process.env.AUTH_AUTH0_ISSUER }),
+    Authentik({ clientId: process.env.AUTH_AUTHENTIK_ID, clientSecret: process.env.AUTH_AUTHENTIK_SECRET }),
+    AzureAD({ clientId: process.env.AUTH_AZUREAD_ID, clientSecret: process.env.AUTH_AZUREAD_SECRET }),
+    AzureB2C({ clientId: process.env.AUTH_AZUREB2C_ID, clientSecret: process.env.AUTH_AZUREB2C_SECRET }),
+    Battlenet({ clientId: process.env.AUTH_BN_ID, clientSecret: process.env.AUTH_BN_SECRET, issuer: process.env.AUTH_BN_ISSUER }),
+    Box({ clientId: process.env.AUTH_BOX_ID, clientSecret: process.env.AUTH_BOX_SECRET }),
+    BoxyHQSAML({ clientId: process.env.AUTH_BOXYHQ_ID, clientSecret: process.env.AUTH_BOXYHQ_SECRET, issuer: process.env.AUTH_BOXYHQ_ISSUER }),
+    Bungie({ clientId: process.env.AUTH_BUNGIE_ID, clientSecret: process.env.AUTH_BUNGIE_SECRET }),
+    Cognito({ clientId: process.env.AUTH_COGNITO_ID, clientSecret: process.env.AUTH_COGNITO_SECRET }),
+    Coinbase({ clientId: process.env.AUTH_COINBASE_ID, clientSecret: process.env.AUTH_COINBASE_SECRET }),
+    Discord({ clientId: process.env.AUTH_DISCORD_ID, clientSecret: process.env.AUTH_DISCORD_SECRET }),
+    Dropbox({ clientId: process.env.AUTH_DROPBOX_ID, clientSecret: process.env.AUTH_DROPBOX_SECRET }),
+    DuendeIDS6({ clientId: process.env.AUTH_DUENDEIDS6_ID, clientSecret: process.env.AUTH_DUENDEIDS6_SECRET }),
+    Eveonline({ clientId: process.env.AUTH_EVEONLINE_ID, clientSecret: process.env.AUTH_EVEONLINE_SECRET }),
+    Facebook({ clientId: process.env.AUTH_FACEBOOK_ID, clientSecret: process.env.AUTH_FACEBOOK_SECRET }),
+    Faceit({ clientId: process.env.AUTH_FACEIT_ID, clientSecret: process.env.AUTH_FACEIT_SECRET }),
+    FortyTwoSchool({ clientId: process.env.AUTH_FORTYTWOSCHOOL_ID, clientSecret: process.env.AUTH_FORTYTWOSCHOOL_SECRET }),
+    Foursquare({ clientId: process.env.AUTH_FOURSQUARE_ID, clientSecret: process.env.AUTH_FOURSQUARE_SECRET }),
+    Freshbooks({ clientId: process.env.AUTH_FRESHBOOKS_ID, clientSecret: process.env.AUTH_FRESHBOOKS_SECRET }),
+    Fusionauth({ clientId: process.env.AUTH_FUSIONAUTH_ID, clientSecret: process.env.AUTH_FUSIONAUTH_SECRET }),
+    GitHub({ clientId: process.env.AUTH_GITHUB_ID, clientSecret: process.env.AUTH_GITHUB_SECRET }),
+    Gitlab({ clientId: process.env.AUTH_GITLAB_ID, clientSecret: process.env.AUTH_GITLAB_SECRET }),
+    Google({ clientId: process.env.AUTH_GOOGLE_ID, clientSecret: process.env.AUTH_GOOGLE_SECRET }),
+    Hubspot({ clientId: process.env.AUTH_HUBSPOT_ID, clientSecret: process.env.AUTH_HUBSPOT_SECRET }),
+    Instagram({ clientId: process.env.AUTH_INSTAGRAM_ID, clientSecret: process.env.AUTH_INSTAGRAM_SECRET }),
+    Kakao({ clientId: process.env.AUTH_KAKAO_ID, clientSecret: process.env.AUTH_KAKAO_SECRET }),
+    Keycloak({ clientId: process.env.AUTH_KEYCLOAK_ID, clientSecret: process.env.AUTH_KEYCLOAK_SECRET }),
+    Line({ clientId: process.env.AUTH_LINE_ID, clientSecret: process.env.AUTH_LINE_SECRET }),
+    LinkedIn({ clientId: process.env.AUTH_LINKEDIN_ID, clientSecret: process.env.AUTH_LINKEDIN_SECRET }),
+    Mailchimp({ clientId: process.env.AUTH_MAILCHIMP_ID, clientSecret: process.env.AUTH_MAILCHIMP_SECRET }),
+    Mailru({ clientId: process.env.AUTH_MAILRU_ID, clientSecret: process.env.AUTH_MAILRU_SECRET }),
+    Medium({ clientId: process.env.AUTH_MEDIUM_ID, clientSecret: process.env.AUTH_MEDIUM_SECRET }),
+    Naver({ clientId: process.env.AUTH_NAVER_ID, clientSecret: process.env.AUTH_NAVER_SECRET }),
+    Netlify({ clientId: process.env.AUTH_NETLIFY_ID, clientSecret: process.env.AUTH_NETLIFY_SECRET }),
+    Okta({ clientId: process.env.AUTH_OKTA_ID, clientSecret: process.env.AUTH_OKTA_SECRET }),
+    Onelogin({ clientId: process.env.AUTH_ONELOGIN_ID, clientSecret: process.env.AUTH_ONELOGIN_SECRET }),
+    Osso({ clientId: process.env.AUTH_OSSO_ID, clientSecret: process.env.AUTH_OSSO_SECRET, issuer: process.env.AUTH_OSSO_ISSUER }),
+    Osu({ clientId: process.env.AUTH_OSU_ID, clientSecret: process.env.AUTH_OSU_SECRET }),
+    Passage({ clientId: process.env.AUTH_PASSAGE_ID, clientSecret: process.env.AUTH_PASSAGE_SECRET, issuer: process.env.AUTH_PASSAGE_ISSUER }),
+    Patreon({ clientId: process.env.AUTH_PATREON_ID, clientSecret: process.env.AUTH_PATREON_SECRET }),
+    Pinterest({ clientId: process.env.AUTH_PINTEREST_ID, clientSecret: process.env.AUTH_PINTEREST_SECRET }),
+    Pipedrive({ clientId: process.env.AUTH_PIPEDRIVE_ID, clientSecret: process.env.AUTH_PIPEDRIVE_SECRET }),
+    Reddit({ clientId: process.env.AUTH_REDDIT_ID, clientSecret: process.env.AUTH_REDDIT_SECRET }),
+    Salesforce({ clientId: process.env.AUTH_SALESFORCE_ID, clientSecret: process.env.AUTH_SALESFORCE_SECRET }),
+    Slack({ clientId: process.env.AUTH_SLACK_ID, clientSecret: process.env.AUTH_SLACK_SECRET }),
+    Spotify({ clientId: process.env.AUTH_SPOTIFY_ID, clientSecret: process.env.AUTH_SPOTIFY_SECRET }),
+    Strava({ clientId: process.env.AUTH_STRAVA_ID, clientSecret: process.env.AUTH_STRAVA_SECRET }),
+    Todoist({ clientId: process.env.AUTH_TODOIST_ID, clientSecret: process.env.AUTH_TODOIST_SECRET }),
+    Trakt({ clientId: process.env.AUTH_TRAKT_ID, clientSecret: process.env.AUTH_TRAKT_SECRET }),
+    Twitch({ clientId: process.env.AUTH_TWITCH_ID, clientSecret: process.env.AUTH_TWITCH_SECRET }),
+    Twitter({ clientId: process.env.AUTH_TWITTER_ID, clientSecret: process.env.AUTH_TWITTER_SECRET, version: "2.0" }),
+    UnitedEffects({ clientId: process.env.AUTH_UE_ID, clientSecret: process.env.AUTH_UE_SECRET, issuer: process.env.AUTH_UE_ISSUER }),
+    Vk({ clientId: process.env.AUTH_VK_ID, clientSecret: process.env.AUTH_VK_SECRET }),
+    Wikimedia({ clientId: process.env.AUTH_WIKIMEDIA_ID, clientSecret: process.env.AUTH_WIKIMEDIA_SECRET }),
+    Wordpress({ clientId: process.env.AUTH_WORDPRESS_ID, clientSecret: process.env.AUTH_WORDPRESS_SECRET }),
+    WorkOS({ clientId: process.env.AUTH_WORKOS_ID, clientSecret: process.env.AUTH_WORKOS_SECRET }),
+    Yandex({ clientId: process.env.AUTH_YANDEX_ID, clientSecret: process.env.AUTH_YANDEX_SECRET }),
+    Zitadel({ clientId: process.env.AUTH_ZITADEL_ID, clientSecret: process.env.AUTH_ZITADEL_SECRET }),
+    Zoho({ clientId: process.env.AUTH_ZOHO_ID, clientSecret: process.env.AUTH_ZOHO_SECRET }),
+    Zoom({ clientId: process.env.AUTH_ZOOM_ID, clientSecret: process.env.AUTH_ZOOM_SECRET }),
+  ],
+  callbacks: {
+    async jwt({ token }) {
+      token.userRole = "admin"
+      return token
+    },
+  },
+} satisfies NextAuthConfig
+
+// Helper function to get session without passing config every time
+// https://next-auth.js.org/configuration/nextjs#getserversession
+export function auth(...args: [GetServerSidePropsContext["req"], GetServerSidePropsContext["res"]] | [NextApiRequest, NextApiResponse] | []) {
+  return getServerSession(...args, config)
+}
+
+// We recommend doing your own environment variable validation
+declare global {
+  namespace NodeJS {
+    export interface ProcessEnv {
+      NEXTAUTH_SECRET: string
+
+      AUTH_APPLE_ID: string
+      AUTH_APPLE_SECRET: string
+      AUTH_ATLASSIAN_ID: string
+      AUTH_ATLASSIAN_SECRET: string
+      AUTH_AUTH0_ID: string
+      AUTH_AUTH0_ISSUER: string
+      AUTH_AUTH0_SECRET: string
+      AUTH_AUTHENTIK_ID: string
+      AUTH_AUTHENTIK_SECRET: string
+      AUTH_AZUREAD_ID: string
+      AUTH_AZUREAD_SECRET: string
+      AUTH_AZUREB2C_ID: string
+      AUTH_AZUREB2C_SECRET: string
+      AUTH_BN_ID: string
+      AUTH_BN_ISSUER: any
+      AUTH_BN_SECRET: string
+      AUTH_BOX_ID: string
+      AUTH_BOX_SECRET: string
+      AUTH_BOXYHQ_ID: string
+      AUTH_BOXYHQ_ISSUER: string
+      AUTH_BOXYHQ_SECRET: string
+      AUTH_BUNGIE_ID: string
+      AUTH_BUNGIE_SECRET: string
+      AUTH_COGNITO_ID: string
+      AUTH_COGNITO_SECRET: string
+      AUTH_COINBASE_ID: string
+      AUTH_COINBASE_SECRET: string
+      AUTH_DISCORD_ID: string
+      AUTH_DISCORD_SECRET: string
+      AUTH_DROPBOX_ID: string
+      AUTH_DROPBOX_SECRET: string
+      AUTH_DUENDEIDS6_ID: string
+      AUTH_DUENDEIDS6_SECRET: string
+      AUTH_EVEONLINE_ID: string
+      AUTH_EVEONLINE_SECRET: string
+      AUTH_FACEBOOK_ID: string
+      AUTH_FACEBOOK_SECRET: string
+      AUTH_FACEIT_ID: string
+      AUTH_FACEIT_SECRET: string
+      AUTH_FORTYTWOSCHOOL_ID: string
+      AUTH_FORTYTWOSCHOOL_SECRET: string
+      AUTH_FOURSQUARE_ID: string
+      AUTH_FOURSQUARE_SECRET: string
+      AUTH_FRESHBOOKS_ID: string
+      AUTH_FRESHBOOKS_SECRET: string
+      AUTH_FUSIONAUTH_ID: string
+      AUTH_FUSIONAUTH_SECRET: string
+      AUTH_GITHUB_ID: string
+      AUTH_GITHUB_SECRET: string
+      AUTH_GITLAB_ID: string
+      AUTH_GITLAB_SECRET: string
+      AUTH_GOOGLE_ID: string
+      AUTH_GOOGLE_SECRET: string
+      AUTH_HUBSPOT_ID: string
+      AUTH_HUBSPOT_SECRET: string
+      AUTH_INSTAGRAM_ID: string
+      AUTH_INSTAGRAM_SECRET: string
+      AUTH_KAKAO_ID: string
+      AUTH_KAKAO_SECRET: string
+      AUTH_KEYCLOAK_ID: string
+      AUTH_KEYCLOAK_SECRET: string
+      AUTH_LINE_ID: string
+      AUTH_LINE_SECRET: string
+      AUTH_LINKEDIN_ID: string
+      AUTH_LINKEDIN_SECRET: string
+      AUTH_MAILCHIMP_ID: string
+      AUTH_MAILCHIMP_SECRET: string
+      AUTH_MAILRU_ID: string
+      AUTH_MAILRU_SECRET: string
+      AUTH_MEDIUM_ID: string
+      AUTH_MEDIUM_SECRET: string
+      AUTH_NAVER_ID: string
+      AUTH_NAVER_SECRET: string
+      AUTH_NETLIFY_ID: string
+      AUTH_NETLIFY_SECRET: string
+      AUTH_OKTA_ID: string
+      AUTH_OKTA_SECRET: string
+      AUTH_ONELOGIN_ID: string
+      AUTH_ONELOGIN_SECRET: string
+      AUTH_OSSO_ID: string
+      AUTH_OSSO_ISSUER: string
+      AUTH_OSSO_SECRET: string
+      AUTH_OSU_ID: string
+      AUTH_OSU_SECRET: string
+      AUTH_PASSAGE_ID: string
+      AUTH_PASSAGE_ISSUER: string
+      AUTH_PASSAGE_SECRET: string
+      AUTH_PATREON_ID: string
+      AUTH_PATREON_SECRET: string
+      AUTH_PINTEREST_ID: string
+      AUTH_PINTEREST_SECRET: string
+      AUTH_PIPEDRIVE_ID: string
+      AUTH_PIPEDRIVE_SECRET: string
+      AUTH_REDDIT_ID: string
+      AUTH_REDDIT_SECRET: string
+      AUTH_SALESFORCE_ID: string
+      AUTH_SALESFORCE_SECRET: string
+      AUTH_SLACK_ID: string
+      AUTH_SLACK_SECRET: string
+      AUTH_SPOTIFY_ID: string
+      AUTH_SPOTIFY_SECRET: string
+      AUTH_STRAVA_ID: string
+      AUTH_STRAVA_SECRET: string
+      AUTH_TODOIST_ID: string
+      AUTH_TODOIST_SECRET: string
+      AUTH_TRAKT_ID: string
+      AUTH_TRAKT_SECRET: string
+      AUTH_TWITCH_ID: string
+      AUTH_TWITCH_SECRET: string
+      AUTH_TWITTER_ID: string
+      AUTH_TWITTER_SECRET: string
+      AUTH_UE_ID: string
+      AUTH_UE_ISSUER: string
+      AUTH_UE_SECRET: string
+      AUTH_VK_ID: string
+      AUTH_VK_SECRET: string
+      AUTH_WIKIMEDIA_ID: string
+      AUTH_WIKIMEDIA_SECRET: string
+      AUTH_WORDPRESS_ID: string
+      AUTH_WORDPRESS_SECRET: string
+      AUTH_WORKOS_ID: string
+      AUTH_WORKOS_SECRET: string
+      AUTH_YANDEX_ID: string
+      AUTH_YANDEX_SECRET: string
+      AUTH_ZITADEL_ID: string
+      AUTH_ZITADEL_SECRET: string
+      AUTH_ZOHO_ID: string
+      AUTH_ZOHO_SECRET: string
+      AUTH_ZOOM_ID: string
+      AUTH_ZOOM_SECRET: string
+    }
+  }
+}

apps/examples/nextjs/next-auth.d.ts

@@ -1,10 +0,0 @@
-import "next-auth/jwt"
-
-// Read more at: https://next-auth.js.org/getting-started/typescript#module-augmentation
-
-declare module "next-auth/jwt" {
-  interface JWT {
-    /** The user's role. */
-    userRole?: "admin"
-  }
-}

apps/examples/nextjs/package.json

@@ -26,6 +26,6 @@
   "devDependencies": {
     "@types/node": "^18.16.2",
     "@types/react": "^18.2.0",
-    "typescript": "^5.0.4"
+    "typescript": "5.2.2"
   }
 }

apps/examples/nextjs/pages/api/auth/[...nextauth].ts

@@ -1,44 +0,0 @@
-import NextAuth, { NextAuthOptions } from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import FacebookProvider from "next-auth/providers/facebook"
-import GithubProvider from "next-auth/providers/github"
-import TwitterProvider from "next-auth/providers/twitter"
-import Auth0Provider from "next-auth/providers/auth0"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export const authOptions: NextAuthOptions = {
-  // https://next-auth.js.org/configuration/providers/oauth
-  providers: [
-    Auth0Provider({
-      clientId: process.env.AUTH0_ID,
-      clientSecret: process.env.AUTH0_SECRET,
-      issuer: process.env.AUTH0_ISSUER,
-    }),
-    FacebookProvider({
-      clientId: process.env.FACEBOOK_ID,
-      clientSecret: process.env.FACEBOOK_SECRET,
-    }),
-    GithubProvider({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-    TwitterProvider({
-      clientId: process.env.TWITTER_ID,
-      clientSecret: process.env.TWITTER_SECRET,
-      version: "2.0",
-    }),
-  ],
-  callbacks: {
-    async jwt({ token }) {
-      token.userRole = "admin"
-      return token
-    },
-  },
-}
-
-export default NextAuth(authOptions)

apps/examples/nextjs/pages/api/examples/protected.ts

@@ -1,14 +1,13 @@
 // This is an example of to protect an API route
-import { getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
 
+import { auth } from "auth"
 import type { NextApiRequest, NextApiResponse } from "next"
 
 export default async function handler(
   req: NextApiRequest,
   res: NextApiResponse
 ) {
-  const session = await getServerSession(req, res, authOptions)
+  const session = await auth(req, res)
 
   if (session) {
     return res.send({

apps/examples/nextjs/pages/api/examples/session.ts

@@ -1,13 +1,12 @@
 // This is an example of how to access a session from an API route
-import { getServerSession } from "next-auth"
-import { authOptions } from "../auth/[...nextauth]"
 
+import { auth } from "auth"
 import type { NextApiRequest, NextApiResponse } from "next"
 
 export default async function handler(
   req: NextApiRequest,
   res: NextApiResponse
 ) {
-  const session = await getServerSession(req, res, authOptions)
+  const session = await auth(req, res)
   res.send(JSON.stringify(session, null, 2))
 }

apps/examples/nextjs/pages/server.tsx

@@ -1,5 +1,4 @@
-import { getServerSession } from "next-auth/next"
-import { authOptions } from "./api/auth/[...nextauth]"
+import { auth } from "auth"
 import Layout from "../components/layout"
 
 import type { GetServerSidePropsContext } from "next"
@@ -36,9 +35,5 @@ export default function ServerSidePage() {
 
 // Export the `session` prop to use sessions with Server Side Rendering
 export async function getServerSideProps(context: GetServerSidePropsContext) {
-  return {
-    props: {
-      session: await getServerSession(context.req, context.res, authOptions),
-    },
-  }
+  return { props: { session: await auth(context.req, context.res) } }
 }

apps/examples/nextjs/process.d.ts

@@ -1,16 +0,0 @@
-declare namespace NodeJS {
-  export interface ProcessEnv {
-    NEXTAUTH_URL: string
-    NEXTAUTH_SECRET: string
-    GITHUB_ID: string
-    GITHUB_SECRET: string
-    FACEBOOK_ID: string
-    FACEBOOK_SECRET: string
-    TWITTER_ID: string
-    TWITTER_SECRET: string
-    GOOGLE_ID: string
-    GOOGLE_SECRET: string
-    AUTH0_ID: string
-    AUTH0_SECRET: string
-  }
-}

apps/examples/nextjs/tsconfig.json

@@ -1,7 +1,11 @@
 {
   "compilerOptions": {
     "target": "es5",
-    "lib": ["dom", "dom.iterable", "esnext"],
+    "lib": [
+      "dom",
+      "dom.iterable",
+      "esnext"
+    ],
     "allowJs": true,
     "skipLibCheck": true,
     "strict": true,
@@ -13,14 +17,22 @@
     "resolveJsonModule": true,
     "isolatedModules": true,
     "jsx": "preserve",
-    "incremental": true
+    "incremental": true,
+    "baseUrl": ".",
+    "plugins": [
+      {
+        "name": "next"
+      }
+    ]
   },
   "include": [
     "process.d.ts",
     "next-env.d.ts",
-    "next-auth.d.ts",
     "**/*.ts",
-    "**/*.tsx"
+    "**/*.tsx",
+    ".next/types/**/*.ts"
   ],
-  "exclude": ["node_modules"]
+  "exclude": [
+    "node_modules"
+  ]
 }

apps/examples/solid-start/package.json

@@ -13,7 +13,7 @@
     "solid-start-node": "^0.2.9",
     "solid-start-vercel": "^0.2.9",
     "tailwindcss": "^3.2.4",
-    "typescript": "^4.8.3",
+    "typescript": "5.2.2",
     "vite": "^3.1.0"
   },
   "dependencies": {

apps/examples/sveltekit/package.json

@@ -18,7 +18,7 @@
     "@sveltejs/kit": "next",
     "svelte": "3.55.0",
     "svelte-check": "2.10.2",
-    "typescript": "4.9.4",
+    "typescript": "5.2.2",
     "vite": "4.0.1"
   },
   "dependencies": {

docs/README.md

@@ -37,22 +37,31 @@ This documentation site is based on the [Docusaurus](https://docusaurus.io) fram
 
 To start a local environment of this project, please do the following.
 
-1. Clone the repository.
+1. Clone the repo:
 
-```bash
-$ git clone https://github.com/nextauthjs/docs.git
+```sh
+git clone git@github.com:nextauthjs/next-auth.git
+cd next-auth
 ```
 
-2. Install dependencies
+2. Set up the correct pnpm version, using [Corepack](https://nodejs.org/api/corepack.html). Run the following in the project'a root:
 
-```bash
-$ npm install
+```sh
+corepack enable pnpm
 ```
 
-3. Start the development server
+(Now, if you run `pnpm --version`, it should print the same verion as the `packageManager` property in the [`package.json` file](https://github.com/nextauthjs/next-auth/blob/main/package.json))
+
+3. Install packages. Developing requires Node.js v18:
+
+```sh
+pnpm install
+```
+
+4. Start the development server
 
 ```bash
-$ npm start
+$ pnpm dev:docs
 ```
 
 And thats all! Now you should have a local copy of this docs site running at [localhost:3000](http://localhost:3000)!

docs/docs/concepts/faq.md

@@ -7,7 +7,7 @@ title: Frequently Asked Questions
 
 ### Is Auth.js commercial software?
 
-Auth.js is an open source project built by individual contributors.
+Auth.js is an open-source project built by individual contributors.
 
 It is not commercial software and is not associated with a commercial organization.
 
@@ -17,7 +17,7 @@ It is not commercial software and is not associated with a commercial organizati
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>What databases does Auth.js support?</h3>
+  <h3 style={{display: "inline-block"}}>What databases does Auth.js support?</h3>
 </summary>
 <p>
 
@@ -30,7 +30,7 @@ You can use also Auth.js with any database using a custom database adapter, or b
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>What authentication services does Auth.js support?</h3>
+  <h3 style={{display: "inline-block"}}>What authentication services does Auth.js support?</h3>
 </summary>
 <p>
 
@@ -38,16 +38,16 @@ You can use also Auth.js with any database using a custom database adapter, or b
 (See also: <a href="/reference/providers/oauth-builtin">Providers</a>)
 </p>
 
-Auth.js also supports email for passwordless sign in, which is useful for account recovery or for people who are not able to use an account with the configured OAuth services (e.g. due to service outage, account suspension or otherwise becoming locked out of an account).
+Auth.js also supports email for passwordless sign-in, which is useful for account recovery or for people who are not able to use an account with the configured OAuth services (e.g. due to service outage, account suspension or otherwise becoming locked out of an account).
 
-You can also use a custom based provider to support signing in with a username and password stored in an external database and/or using two factor authentication.
+You can also use a custom-based provider to support signing in with a username and password stored in an external database and/or using two-factor authentication.
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Does Auth.js support signing in with a username and password?</h3>
+  <h3 style={{display: "inline-block"}}>Does Auth.js support signing in with a username and password?</h3>
 </summary>
 <p>
 
@@ -55,44 +55,44 @@ Auth.js is designed to avoid the need to store passwords for user accounts.
 
 If you have an existing database of usernames and passwords, you can use a custom credentials provider to allow signing in with a username and password stored in an existing database.
 
-_If you use a custom credentials provider user accounts will not be persisted in a database by Auth.js (even if one is configured). The option to use JSON Web Tokens for session tokens (which allow sign in without using a session database) must be enabled to use a custom credentials provider._
+_If you use a custom credentials provider user accounts will not be persisted in a database by Auth.js (even if one is configured). The option to use JSON Web Tokens for session tokens (which allow sign-in without using a session database) must be enabled to use a custom credentials provider._
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Can I use Auth.js with a website that does not use Next.js?</h3>
+  <h3 style={{display: "inline-block"}}>Can I use Auth.js with a website that does not use Next.js?</h3>
 </summary>
 <p>
 
 Auth.js is designed for use with Next.js and Serverless.
 
-If you are using a different framework for your website, you can create a website that handles sign in with Next.js and then access those sessions on a website that does not use Next.js as long as the websites are on the same domain.
+If you are using a different framework for your website, you can create a website that handles sign-in with Next.js and then access those sessions on a website that does not use Next.js as long as the websites are on the same domain.
 
-If you use Auth.js on a website with a different subdomain then the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/reference/configuration/auth-config#cookies))
+If you use Auth.js on a website with a different subdomain than the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/reference/configuration/auth-config#cookies))
 
-Auth.js does not currently support automatically signing into sites on different top level domains (e.g. `www.example.com` vs `www.example.org`) using a single session.
+Auth.js does not currently support automatically signing into sites on different top-level domains (e.g. `www.example.com` vs `www.example.org`) using a single session.
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Can I use Auth.js with React Native?</h3>
+  <h3 style={{display: "inline-block"}}>Can I use Auth.js with React Native?</h3>
 </summary>
 <p>
 
-Auth.js is designed as a secure, confidential client and implements a server side authentication flow.
+Auth.js is designed as a secure, confidential client and implements a server-side authentication flow.
 
-It is not intended to be used in native applications on desktop or mobile applications, which typically implement public clients (e.g. with client / secrets embedded in the application).
+It is not intended to be used in native applications on desktop or mobile applications, which typically implement public clients (e.g. with client/secrets embedded in the application).
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Is Auth.js supporting TypeScript?</h3>
+  <h3 style={{display: "inline-block"}}>Is Auth.js supporting TypeScript?</h3>
 </summary>
 <p>
 
@@ -103,11 +103,11 @@ Yes! Check out the [TypeScript docs](/getting-started/typescript)
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Is Auth.js compatible with Next.js 12 Middleware?</h3>
+  <h3 style={{display: "inline-block"}}>Is Auth.js compatible with Next.js 12 Middleware?</h3>
 </summary>
 <p>
 
-[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to the [this page](/reference/nextjs/#middleware)
+[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to [this page](https://next-auth.js.org/configuration/nextjs#middleware)
 
 </p>
 </details>
@@ -118,7 +118,7 @@ Yes! Check out the [TypeScript docs](/getting-started/typescript)
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>What databases are supported by Auth.js?</h3>
+  <h3 style={{display: "inline-block"}}>What databases are supported by Auth.js?</h3>
 </summary>
 <p>
 
@@ -131,13 +131,13 @@ It also provides an Adapter API which allows you to connect it to any database.
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>What does Auth.js use databases for?</h3>
+  <h3 style={{display: "inline-block"}}>What does Auth.js use databases for?</h3>
 </summary>
 <p>
 
-Databases in Auth.js are used for persisting users, OAuth accounts, email sign in tokens and sessions.
+Databases in Auth.js are used for persisting users, OAuth accounts, email sign-in tokens and sessions.
 
-Specifying a database is optional if you don't need to persist user data or support email sign in. If you don't specify a database then JSON Web Tokens will be enabled for session storage and used to store session data.
+Specifying a database is optional if you don't need to persist user data or support email sign-in. If you don't specify a database then JSON Web Tokens will be enabled for session storage and used to store session data.
 
 If you are using a database with Auth.js, you can still explicitly enable JSON Web Tokens for sessions (instead of using database sessions).
 
@@ -146,24 +146,24 @@ If you are using a database with Auth.js, you can still explicitly enable JSON W
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Should I use a database?</h3>
+  <h3 style={{display: "inline-block"}}>Should I use a database?</h3>
 </summary>
 <p>
 
-- Using Auth.js without a database works well for internal tools - where you need to control who is able to sign in, but when you do not need to create user accounts for them in your application.
+- Using Auth.js without a database works well for internal tools - where you need to control who can sign in, but when you do not need to create user accounts for them in your application.
 
-- Using Auth.js with a database is usually a better approach for a consumer facing application where you need to persist accounts (e.g. for billing, to contact customers, etc).
+- Using Auth.js with a database is usually a better approach for a consumer-facing application where you need to persist accounts (e.g. for billing, to contact customers, etc).
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>What database should I use?</h3>
+  <h3 style={{display: "inline-block"}}>What database should I use?</h3>
 </summary>
 <p>
 
-Managed database solutions for MySQL, Postgres and MongoDB (and compatible databases) are well supported from cloud providers such as Amazon, Google, Microsoft and Atlas.
+Managed database solutions for MySQL, Postgres and MongoDB (and compatible databases) are well supported by cloud providers such as Amazon, Google, Microsoft and Atlas.
 
 If you are deploying directly to a particular cloud platform you may also want to consider serverless database offerings they have (e.g. [Amazon Aurora Serverless on AWS](https://aws.amazon.com/rds/aurora/serverless/)).
 
@@ -174,51 +174,49 @@ If you are deploying directly to a particular cloud platform you may also want t
 
 ## Security
 
-Parts of this section has been moved to its [own page](/security).
+Parts of this section have been moved to their [page](/security)](/security).
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>How do I get Refresh Tokens and Access Tokens for an OAuth account?</h3>
+  <h3 style={{display: "inline-block"}}>How do I get Refresh Tokens and Access Tokens for an OAuth account?</h3>
 </summary>
 <p>
 
 Auth.js provides a solution for authentication, session management and user account creation.
 
-Auth.js records Refresh Tokens and Access Tokens on sign in (if supplied by the provider) and it will pass them, along with the User ID, Provider and Provider Account ID, to either:
+Auth.js records Refresh Tokens and Access Tokens on sign-in (if supplied by the provider) and it will pass them, along with the User ID, Provider and Provider Account ID, to either:
 
 1. A database - if a database connection string is provided
-2. The JSON Web Token callback - if JWT sessions are enabled (e.g. if no database specified)
+2. The JSON Web Token callback - if JWT sessions are enabled (e.g. if no database is specified)
 
 You can then look them up from the database or persist them to the JSON Web Token.
 
-Note: Auth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/guides/basics/refresh-token-rotation) if you want to implement it.
-
-We also have an [example repository](https://github.com/nextauthjs/next-auth-refresh-token-example) / project based upon Auth.js v4 where we demonstrate how to use a refresh token to refresh the provided access token.
+Note: Auth.js does not currently handle Access Token rotation for OAuth providers for you, however, you can check out [this tutorial](/guides/basics/refresh-token-rotation) if you want to implement it.
 
 </p>
 </details>
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>When I sign in with another account with the same email address, why are accounts not linked automatically?</h3>
+  <h3 style={{display: "inline-block"}}>When I sign in with another account with the same email address, why are accounts not linked automatically?</h3>
 </summary>
 <p>
 
-Automatic account linking on sign in is not secure between arbitrary providers - with the exception of allowing users to sign in via an email addresses as a fallback (as they must verify their email address as part of the flow).
+Automatic account linking on sign-in is not secure between arbitrary providers - except for allowing users to sign in via email addresses as a fallback (as they must verify their email address as part of the flow).
 
-When an email address is associated with an OAuth account it does not necessarily mean that it has been verified as belonging to account holder — how email address verification is handled is not part of the OAuth specification and varies between providers (e.g. some do not verify first, some do verify first, others return metadata indicating the verification status).
+When an email address is associated with an OAuth account it does not necessarily mean that it has been verified as belonging to the account holder — how email address verification is handled is not part of the OAuth specification and varies between providers (e.g. some do not verify first, some do verify first, others return metadata indicating the verification status).
 
-With automatic account linking on sign in, this can be exploited by bad actors to hijack accounts by creating an OAuth account associated with the email address of another user.
+With automatic account linking on sign-in, this can be exploited by bad parties to hijack accounts by creating an OAuth account associated with the email address of another user.
 
-For this reason it is not secure to automatically link accounts between arbitrary providers on sign in, which is why this feature is generally not provided by authentication service and is not provided by Auth.js.
+For this reason, it is not secure to automatically link accounts between arbitrary providers on sign-in, which is why this feature is generally not provided by an authentication service and is not provided by Auth.js.
 
 Automatic account linking is seen on some sites, sometimes insecurely. It can be technically possible to do automatic account linking securely if you trust all the providers involved to ensure they have securely verified the email address associated with the account, but requires placing trust (and transferring the risk) to those providers to handle the process securely.
 
-Examples of scenarios where this is secure include with an OAuth provider you control (e.g. that only authorizes users internal to your organization) or with a provider you explicitly trust to have verified the users email address.
+Examples of scenarios where this is secure include an OAuth provider you control (e.g. that only authorizes users internal to your organization) or a provider you explicitly trust to have verified the users' email address.
 
-Automatic account linking is not a planned feature of Auth.js, however there is scope to improve the user experience of account linking and of handling this flow, in a secure way. Typically this involves providing a fallback option to sign in via email, which is already possible (and recommended), but the current implementation of this flow could be improved on.
+Automatic account linking is not a planned feature of Auth.js, however, there is scope to improve the user experience of account linking and of handling this flow, securely. Typically this involves providing a fallback option to sign in via email, which is already possible (and recommended), but the current implementation of this flow could be improved.
 
-Providing support for secure account linking and unlinking of additional providers - which can only be done if a user is already signed in already - was originally a feature in v1.x but has not been present since v2.0, is planned to return in a future release.
+Providing support for secure account linking and unlinking of additional providers - which can only be done if a user is already signed in - was originally a feature in v1.x but has not been present since v2.0, and is planned to return in a future release.
 
 </p>
 </details>
@@ -229,11 +227,11 @@ Providing support for secure account linking and unlinking of additional provide
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>Why doesn't Auth.js support [a particular feature]?</h3>
+  <h3 style={{display: "inline-block"}}>Why doesn't Auth.js support [a particular feature]?</h3>
 </summary>
 <p>
 
-Auth.js is an open source project built by individual contributors who are volunteers writing code and providing support in their spare time.
+Auth.js is an open-source project built by individual contributors who are volunteers writing code and providing support in their spare time.
 
 If you would like Auth.js to support a particular feature, the best way to help make it happen is to raise a feature request describing the feature and offer to work with other contributors to develop and test it.
 
@@ -244,13 +242,13 @@ If you are not able to develop a feature yourself, you can offer to sponsor some
 
 <details>
 <summary>
-  <h3 style={{display:"inline-block"}}>I disagree with a design decision, how can I change your mind?</h3>
+  <h3 style={{display: "inline-block"}}>I disagree with a design decision, how can I change your mind?</h3>
 </summary>
 <p>
 
 Product design decisions on Auth.js are made by core team members.
 
-You can raise suggestions as feature requests / requests for enhancement.
+You can raise suggestions as feature requests for enhancement.
 
 Requests that provide the detail requested in the template and follow the format requested may be more likely to be supported, as additional detail prompted in the templates often provides important context.
 
@@ -286,7 +284,7 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot
 
 - JSON Web Tokens in Auth.js are secured using cryptographic encryption (JWE) to store the included information directly in a JWT session token. You may then use the token to pass information between services and APIs on the same domain without having to contact a database to verify the included information.
 
-- You can use JWT to securely store information you do not mind the client knowing even without encryption, as the JWT is stored in a server-readable-only cookie so data in the JWT is not accessible to third party JavaScript running on your site.
+- You can use JWT to securely store information you do not mind the client knowing even without encryption, as the JWT is stored in a server-readable-only cookie so data in the JWT is not accessible to third-party JavaScript running on your site.
 
 </p>
 </details>
@@ -297,15 +295,15 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot
 </summary>
 <p>
 
-- You cannot as easily expire a JSON Web Token - doing so requires maintaining a server side blocklist of invalid tokens (at least until they expire) and checking every token against the list every time a token is presented.
+- It's difficult to invalidate a JSON Web Token - doing so requires maintaining a server-side blocklist of the tokens (at least until they expire) and checking every token against the list every time a token is presented.
 
   Shorter session expiry times are used when using JSON Web Tokens as session tokens to allow sessions to be invalidated sooner and simplify this problem.
 
-  Auth.js client includes advanced features to mitigate the downsides of using shorter session expiry times on the user experience, including automatic session token rotation, optionally sending keep alive messages to prevent short lived sessions from expiring if there is an window or tab open, background re-validation, and automatic tab/window syncing that keeps sessions in sync across windows any time session state changes or a window or tab gains or loses focus.
+  Auth.js client includes advanced features to mitigate the downsides of using shorter session expiry times on the user experience, including automatic session token rotation, optionally sending keep-alive messages to prevent short-lived sessions from expiring if there is a window or tab opened, background re-validation, and automatic tab/window syncing that keeps sessions in sync across windows any time session state changes or a window or tab gains or loses focus.
 
 - As with database session tokens, JSON Web Tokens are limited in the amount of data you can store in them. There is typically a limit of around 4096 bytes per cookie, though the exact limit varies between browsers, proxies and hosting services. If you want to support most browsers, then do not exceed 4096 bytes per cookie. If you want to save more data, you will need to persist your sessions in a database (Source: [browsercookielimits.iain.guru](http://browsercookielimits.iain.guru/))
 
-  The more data you try to store in a token and the more other cookies you set, the closer you will come to this limit. Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing. However since this data needs to be transmitted on every request, if you wish to store more than ~4 KB of data you're probably at the point where you want to store a unique ID in the token and persist the data elsewhere (e.g. in a server-side key/value store).
+  The more data you try to store in a token and the more other cookies you set, the closer you will come to this limit. Auth.js uses cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing. However, since this data needs to be transmitted on every request, in case you wish to store more than ~4 KB of data you're probably at the point where you want to store a unique ID in the token and persist the data elsewhere (e.g. in a server-side key/value store).
 
 - Data stored in an encrypted JSON Web Token (JWE) may be compromised at some point.
 
@@ -313,7 +311,7 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot
 
   Avoid storing any data in a token that might be problematic if it were to be decrypted in the future.
 
-- If you do not explicitly specify a secret for for Auth.js, existing sessions will be invalidated any time your Auth.js configuration changes, as Auth.js will default to an auto-generated secret. Since v4 this only impacts development and generating a secret is required in production.
+- If you do not explicitly specify a secret for Auth.js, existing sessions will be invalidated any time your Auth.js configuration changes, as Auth.js will default to an auto-generated secret. Since v4 this only impacts development and generating a secret is required in production.
 
 </p>
 </details>
@@ -324,12 +322,10 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot
 </summary>
 <p>
 
-By default tokens are not signed (JWS) but are encrypted (JWE). Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing.
+By default, tokens are encrypted (JWE).
 
 You can specify other valid algorithms - [as specified in RFC 7518](https://tools.ietf.org/html/rfc7517) - with either a secret (for symmetric encryption) or a public/private key pair (for asymmetric encryption).
 
-Auth.js will generate keys for you, but this will generate a warning at start up.
-
 Using explicit public/private keys for signing is strongly recommended.
 
 </p>

docs/docs/getting-started/credentials-tutorial.mdx

@@ -2,6 +2,9 @@
 title: Credentials authentication
 ---
 
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
 Auth.js is built in a way that is flexible to integrate it with any authentication back-end you or your company may already have.
 
 This library has been designed to handle the user session client-wise, to support multiple authentication methods (OAuth, Email, etc...) so that you're not forced to run your own authentication service.
@@ -16,34 +19,49 @@ The functionality provided for credentials based authentication is intentionally
 
 Integrating the Credentials Provider is as simple as initializing it in the Auth.js configuration file:
 
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import CredentialsProvider from "next-auth/providers/credentials"
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
 
-export default NextAuth({
-  providers: [
-    CredentialsProvider({
-      async authorize(credentials) {
-        const authResponse = await fetch("/users/login", {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-          },
-          body: JSON.stringify(credentials),
-        })
+  ```ts title="pages/api/auth/[...nextauth].ts"
+  import NextAuth from "next-auth"
+  import CredentialsProvider from "next-auth/providers/credentials"
 
-        if (!authResponse.ok) {
-          return null
-        }
+  export default NextAuth({
+    providers: [
+      CredentialsProvider({
+        async authorize(credentials) {
+          const authResponse = await fetch("/users/login", {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify(credentials),
+          })
 
-        const user = await authResponse.json()
+          if (!authResponse.ok) {
+            return null
+          }
 
-        return user
-      },
-    }),
-  ],
-})
-```
+          const user = await authResponse.json()
+
+          return user
+        },
+      }),
+    ],
+  })
+  ```
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
 
 :::note
 Check the [Credentials Provider options](/reference/core/providers_credentials) for further customization

docs/docs/getting-started/email-tutorial.mdx

@@ -7,6 +7,8 @@ import startPageImg from "./img/email-tutorial-start.png"
 import checkPageImg from "./img/email-tutorial-check.png"
 import mailboxImg from "./img/email-tutorial-mailbox.png"
 import loggedInImg from "./img/email-tutorial-logged.png"
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
 
 Aside from authenticating users in Auth.js via [OAuth](/getting-started/oauth-tutorial), you can also enable the option to authenticate them via "magic links". These are links that are sent to the user's email and when clicking on them they'll sign up the user automatically.
 
@@ -34,7 +36,7 @@ npm install -D nodemailer
 
 ## 2. Setting up a SMTP service
 
-Next we need a [SMTP service](https://sendgrid.com/blog/what-is-an-smtp-server/) which will be in charge of sending emails from our application. There's a number of services available for this, however [here are the ones](http://nodemailer.com/smtp/well-known/) known to work with `nodemailer`.
+Next we need a [SMTP service](https://sendgrid.com/blog/what-is-an-smtp-server/) which will be in charge of sending emails from our application. There's a number of services available for this, however [here are the ones](https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services) known to work with `nodemailer`.
 
 :::info
 For this tutorial, we're going to be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
@@ -64,26 +66,43 @@ Note that we're also specifying from which domain email are going to be sent fro
 
 Nice! We're getting there. Now we need to read supply this values as the configuration for our Email Provider. Open `pages/api/auth/[...nextauth].ts` and do the following:
 
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Email from "next-auth/providers/email"
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
 
-export default NextAuth({
-  providers: [
-    Email({
-      server: {
-        host: process.env.SMTP_HOST,
-        port: Number(process.env.SMTP_PORT),
-        auth: {
-          user: process.env.SMTP_USER,
-          pass: process.env.SMTP_PASSWORD,
+  
+  ```ts title="pages/api/auth/[...nextauth].ts"
+  import NextAuth from "next-auth"
+  import Email from "next-auth/providers/email"
+
+  export default NextAuth({
+    providers: [
+      Email({
+        server: {
+          host: process.env.SMTP_HOST,
+          port: Number(process.env.SMTP_PORT),
+          auth: {
+            user: process.env.SMTP_USER,
+            pass: process.env.SMTP_PASSWORD,
+          },
         },
-      },
-      from: process.env.EMAIL_FROM,
-    }),
-  ],
-})
-```
+        from: process.env.EMAIL_FROM,
+      }),
+    ],
+  })
+  ```
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
+
 
 ## 3. Setting up an adapter
 
@@ -139,30 +158,46 @@ export default clientPromise
 
 And now let's reference this new adapter from our Auth.js configuration file:
 
-```diff title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import EmailProvider from "next-auth/providers/email"
-+ import { MongoDBAdapter } from "@auth/mongodb-adapter"
-+ import clientPromise from "../../../lib/mongodb/client"
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+  ```diff title="pages/api/auth/[...nextauth].ts"
+  import NextAuth from "next-auth"
+  import EmailProvider from "next-auth/providers/email"
+  + import { MongoDBAdapter } from "@auth/mongodb-adapter"
+  + import clientPromise from "../../../lib/mongodb/client"
+
+  export default NextAuth({
+    secret: process.env.NEXTAUTH_SECRET,
+  + adapter: MongoDBAdapter(clientPromise),
+    providers: [
+      EmailProvider({
+        server: {
+          host: process.env.EMAIL_SERVER_HOST,
+          port: process.env.EMAIL_SERVER_PORT,
+          auth: {
+            user: process.env.EMAIL_SERVER_USER,
+            pass: process.env.EMAIL_SERVER_PASSWORD
+          }
+        },
+        from: process.env.EMAIL_FROM
+      }),
+    ],
+  })
+  ```
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
 
-export default NextAuth({
-  secret: process.env.NEXTAUTH_SECRET,
-+ adapter: MongoDBAdapter(clientPromise),
-  providers: [
-    EmailProvider({
-      server: {
-        host: process.env.EMAIL_SERVER_HOST,
-        port: process.env.EMAIL_SERVER_PORT,
-        auth: {
-          user: process.env.EMAIL_SERVER_USER,
-          pass: process.env.EMAIL_SERVER_PASSWORD
-        }
-      },
-      from: process.env.EMAIL_FROM
-    }),
-  ],
-})
-```
 
 ## 4. Wiring all together
 

docs/docs/getting-started/oauth-tutorial.mdx

@@ -37,7 +37,7 @@ npm install next-auth
 ```
 
 :::info
-We are working on a new `@auth/nextjs` package that will make it easier to set up Auth.js with Next.js. Stay tuned! For now, you can use the `next-auth` package.
+We are working on a new release of `next-auth` that will make it easier to set up Auth.js with Next.js. You can follow the development [on this PR](https://github.com/nextauthjs/next-auth/pull/7443)
 :::
 
 ### Creating the server config
@@ -100,11 +100,12 @@ NextAuth.js provides [`useSession()`](/reference/react/#usesession) - a [React H
 
 ```ts title="pages/_app.tsx"
 import { SessionProvider } from "next-auth/react"
+import type { AppProps } from "next/app"
 
 export default function App({
   Component,
   pageProps: { session, ...pageProps },
-}) {
+}: AppProps) {
   return (
     <SessionProvider session={session}>
       <Component {...pageProps} />
@@ -155,7 +156,7 @@ export default function CamperVanPage() {
 
 ### Protecting API Routes
 
-To protect your API Routes (blocking unauthorized access to resources), you can use [`getServerSession()`](/reference/nextjs#getserversession) to know whether a session exists or not:
+To protect your API Routes (blocking unauthorized access to resources), you can use [`getServerSession()`](https://next-auth.js.org/configuration/nextjs#getserversession) to know whether a session exists or not:
 
 ```ts title="pages/api/movies/list.ts"
 import { getServerSession } from "next-auth/next"
@@ -181,7 +182,127 @@ export default async function listMovies(req, res) {
 
   </TabItem>
   <TabItem value="sveltekit" label="SvelteKit">
-TODO: SvelteKit
+
+:::warning
+`@auth/sveltekit` is currently experimental. The API _will_ change in the future.
+:::
+
+### Prerequisites
+
+This tutorial assumes you have a SvelteKit application set up. If you don't, you can follow the [SvelteKit tutorial](https://kit.svelte.dev/docs/creating-a-project) to get started.
+
+### Installing Auth.js
+
+```bash npm2yarn
+npm install @auth/core @auth/sveltekit
+```
+
+### Create server hook
+
+Create the following [Server hook](https://kit.svelte.dev/docs/hooks) file. This route contains the necessary configuration for Auth.js, as well as the dynamic route handler:
+
+```ts title="src/hooks.server.ts"
+import { SvelteKitAuth } from "@auth/sveltekit"
+import GitHub from "@auth/core/providers/github"
+import { GITHUB_ID, GITHUB_SECRET } from "$env/static/private"
+ *
+export const handle = SvelteKitAuth({
+  providers: [GitHub({ clientId: GITHUB_ID, clientSecret: GITHUB_SECRET })],
+})
+```
+
+:::info
+
+Behind the scenes, this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
+
+- [GET `/api/auth/signin`](https://authjs.dev/reference/rest-api#get--apiauthsignin)
+- [POST `/api/auth/signin/:provider`](https://authjs.dev/reference/rest-api#post--apiauthsigninprovider)
+- [GET/POST `/api/auth/callback/:provider`](https://authjs.dev/reference/rest-api#get--post--apiauthcallbackprovider)
+- [GET `/api/auth/signout`](https://authjs.dev/reference/rest-api#get--apiauthsignout)
+- [POST `/api/auth/signout`](https://authjs.dev/reference/rest-api#post--apiauthsignout)
+- [GET `/api/auth/session`](https://authjs.dev/reference/rest-api#get--apiauthsession)
+- [GET `/api/auth/csrf`](https://authjs.dev/reference/rest-api#get--apiauthcsrf)
+- [GET `/api/auth/providers`](https://authjs.dev/reference/rest-api#get--apiauthproviders)
+
+can be handled by Auth.js. In this way, Auth.js stays in charge of the whole application's authentication request/response flow.
+
+Auth.js is fully customizable - [our guides section](/guides/overview) teaches you how to set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
+:::
+
+### Adding environment variables
+
+You may notice we are using environment variables in the code example above. We take the value of `GITHUB_ID` and `GITHUB_SECRET` from the GitHub Developer OAuth Portal. See [Configuring OAuth Provider](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
+
+In your project root, create a `.env.local` file and add the `AUTH_SECRET` environment variable:
+
+```title=".env.local"
+AUTH_SECRET="This is an example"
+```
+
+`AUTH_SECRET` is a random string used by the library to encrypt tokens and email verification hashes, and **it's mandatory to keep things secure**! 🔥 🔐 . You can use:
+
+```
+$ openssl rand -base64 32
+```
+
+or https://generate-secret.vercel.app/32 to generate a random value for it.
+
+### Exposing the session via page store
+
+Auth.js provides us a getSession, function to access the session data and status, to call from the `event.locals` variable. We can now just call it and add it to our `$page` store.
+
+```ts
+import type { LayoutServerLoad } from './$types';
+ *
+export const load: LayoutServerLoad = async (event) => {
+  return {
+    session: await event.locals.getSession()
+  };
+};
+```
+
+### Consuming the session via page store
+
+You can use the `$page.data.session` variable from anywhere on your page. Learn more about SvelteKit's page store in the [SvelteKit docs](https://learn.svelte.dev/tutorial/page-store).
+
+```ts title="route/+page.svelte"
+<script>
+  import { signIn, signOut } from '@auth/sveltekit/client'
+  import { page } from '$app/stores'
+</script>
+
+{#if $page.data.session?.user}
+  <p>Signed in as {$page.data.session.user.email}</p>
+  <button on:click={signOut}>Sign out</button>
+  <img src="https://cdn.pixabay.com/photo/2017/08/11/19/36/vw-2632486_1280.png" />
+{:else}
+  <p>Not signed in.</p>
+  <button on:click={() => signIn('github')}>Sign in</button>
+{/if}
+```
+
+### Protecting API Routes
+
+To protect your API Routes (blocking unauthorized access to resources), you can use `locals.getSessions()` just like in the layouts file to know whether a session exists or not:
+
+```ts title="routes/api/movies/+server.ts"
+import { json, error } from "@sveltejs/kit";
+import type { RequestEvent } from "./$types";
+ 
+export async function GET({ locals }: RequestEvent) {
+  const session = await locals.getSession()
+  if (!session?.user) {
+    throw error(401, "You must sign in to view movies.");
+  }
+
+  return json({
+    movies: [
+      { title: "Alien vs Predator", id: 1 },
+      { title: "Reservoir Dogs", id: 2 },
+    ]
+  })
+}
+```
   </TabItem>
   <TabItem value="solidstart" label="SolidStart">
 TODO: SolidStart
@@ -217,7 +338,7 @@ The callback URL we insert should have the following pattern:
 
 In this case, given we want to try our authentication working locally on our machine and we're using **GitHub** as our OAuth provider, it'll be:
 
-<Tabs groupId="frameworks">
+<Tabs groupId="frameworks" queryString>
   <TabItem value="next" label="Next.js" default>
 
 ```
@@ -273,7 +394,7 @@ Note that, for each provider, the configuration process will be similar to what
 2. Create create your OAuth application within it
 3. Set the callback URL
 4. Get the Client ID and Generate a Client Secret
-:::
+   :::
 
 ## 3. Wiring all together
 
@@ -288,7 +409,7 @@ GITHUB_SECRET=67890
 
 Here is our server configuration file again:
 
-<Tabs groupId="frameworks">
+<Tabs groupId="frameworks" queryString>
   <TabItem value="next" label="Next.js" default>
 
 ```ts title="pages/api/auth/[...nextauth].ts"
@@ -313,7 +434,24 @@ $ npm run next dev
 
   </TabItem>
   <TabItem value="sveltekit" label="SvelteKit">
-TODO SvelteKit
+
+```ts title="src/hooks.server.ts"
+import { SvelteKitAuth } from "@auth/sveltekit"
+import GitHub from "@auth/core/providers/github"
+import { GITHUB_ID, GITHUB_SECRET } from "$env/static/private"
+ *
+export const handle = SvelteKitAuth({
+  providers: [GitHub({ clientId: GITHUB_ID, clientSecret: GITHUB_SECRET })],
+})
+```
+
+Great! We're now ready to run our application locally. Start the Svelte app by running on your terminal the following command and navigating to [`http://localhost:5173`](http://localhost:5173):
+
+```
+$ npm run vite dev
+```
+
+
   </TabItem>
   <TabItem value="solidstart" label="SolidStart">
 TODO SolidStart

docs/docs/getting-started/typescript.md

@@ -9,6 +9,9 @@ https://github.com/nextauthjs/next-auth-example
 
 ---
 
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
 ## Adapters
 
 If you're writing your own custom Adapter, you can take advantage of the types to make sure your implementation conforms to what's expected:
@@ -46,30 +49,45 @@ This will work in code editors with a strong TypeScript integration like VSCode
 
 Let's look at `Session`:
 
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
 
-export default NextAuth({
-  callbacks: {
-    session({ session, token, user }) {
-      return session // The return type will match the one returned in `useSession()`
+  ```ts title="pages/api/auth/[...nextauth].ts"
+  import NextAuth from "next-auth"
+
+  export default NextAuth({
+    callbacks: {
+      session({ session, token, user }) {
+        return session // The return type will match the one returned in `useSession()`
+      },
     },
-  },
-})
-```
+  })
+  ```
 
-```ts title="pages/index.ts"
-import { useSession } from "next-auth/react"
+  ```ts title="pages/index.ts"
+  import { useSession } from "next-auth/react"
 
-export default function IndexPage() {
-  // `session` will match the returned value of `callbacks.session()` from `NextAuth()`
-  const { data: session } = useSession()
+  export default function IndexPage() {
+    // `session` will match the returned value of `callbacks.session()` from `NextAuth()`
+    const { data: session } = useSession()
 
-  return (
-    // Your component
-  )
-}
-```
+    return (
+      // Your component
+    )
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
 
 To extend/augment this type, create a `types/next-auth.d.ts` file in your project:
 

docs/docs/guides/adapters/using-a-database-adapter.md

@@ -2,12 +2,12 @@
 title: Using a database adapter
 ---
 
-An **Adapter** in Auth.js connects your application to whatever database or backend system you want to use to store data for users, their accounts, sessions, etc. Adapters are optional, unless you need to persist user information in your own database, or you want to implement certain flows. The [Email Provider](/getting-started/email-tutorial) requires an adapter to be able to save [Verification Tokens](/reference/adapters/models#verification-token).
+An **Adapter** in Auth.js connects your application to whatever database or backend system you want to use to store data for users, their accounts, sessions, etc. Adapters are optional, unless you need to persist user information in your own database, or you want to implement certain flows. The [Email Provider](/getting-started/email-tutorial) requires an adapter to be able to save [Verification Tokens](/reference/adapters#verification-token).
 
 :::tip
 When using a database, you can still use JWT for session handling for fast access. See the [`session.strategy`](/reference/configuration/auth-config#session) option. Read about the trade-offs of JWT in the [FAQ](/concepts/faq#json-web-tokens).
 :::
 
-We have a list of official adapters that are distributed as their own packages under the `@next-auth/{name}-adapter` namespace. Their source code is available in their various adapters package directories at [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth/tree/main/packages):
+We have a list of official adapters that are distributed as their own packages under the `@auth/{name}-adapter` namespace. Their source code is available in their various adapters package directories at [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth/tree/main/packages):
 
 - [All available adapters](/reference/adapters)

docs/docs/guides/basics/callbacks.md

@@ -12,7 +12,7 @@ If you want to pass data such as an Access Token or User ID to the browser when
 
 You can specify a handler for any of the callbacks below.
 
-```js title="pages/api/auth/[...nextauth].js"s
+```js title="auth.js"
   callbacks: {
     async signIn({ user, account, profile, email, credentials }) {
       return true
@@ -35,7 +35,7 @@ The documentation below shows how to implement each callback, their default beha
 
 Use the `signIn()` callback to control if a user is allowed to sign in.
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 callbacks: {
   async signIn({ user, account, profile, email, credentials }) {
     const isAllowedToSignIn = true
@@ -79,7 +79,7 @@ By default only URLs on the same URL as the site are allowed, you can use the re
 
 The default redirect callback looks like this:
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 callbacks: {
   async redirect({ url, baseUrl }) {
     // Allows relative callback URLs
@@ -107,7 +107,7 @@ Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`,
 
 The contents _user_, _account_, _profile_ and _isNewUser_ will vary depending on the provider and on if you are using a database or not. You can persist data such as User ID, OAuth Access Token in this token. To make it available in the browser, check out the [`session()` callback](#session-callback) as well.
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 callbacks: {
   async jwt({ token, account }) {
     // Persist the OAuth access_token to the token right after signin
@@ -132,7 +132,7 @@ e.g. `getSession()`, `useSession()`, `/api/auth/session`
 - When using database sessions, the User object is passed as an argument.
 - When using JSON Web Tokens for sessions, the JWT payload is provided instead.
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 callbacks: {
   async session({ session, token, user }) {
     // Send properties to the client, like an access_token from a provider.

docs/docs/guides/basics/deployment.md

@@ -34,7 +34,7 @@ Most OAuth providers cannot be configured with multiple callback URLs or using a
 
 However, Auth.js **supports Preview deployments**, even **with OAuth providers**:
 
-1. Determine a stable deployment URL. Eg.: A deployment whose URL does not change between builds, for example. `auth.yourdomain.com`),
+1. Determine a stable deployment URL. Eg.: A deployment whose URL does not change between builds, for example. `auth.yourdomain.com` (using a subdomain is not a requirement, this can simply be the main site's URL too.),
 2. Set `AUTH_REDIRECT_PROXY_URL` to that URL, adding the path up until your `[...nextauth]` route. Eg.: (`https://auth.yourdomain.com/api/auth`)
 3. For your OAuth provider, set the callback URL using the stable deployment URL. Eg.: For GitHub `https://auth.yourdomain.com/api/auth/callback/github`)
 
@@ -42,6 +42,9 @@ However, Auth.js **supports Preview deployments**, even **with OAuth providers**
 To support preview deployments, the `AUTH_SECRET` value needs to be the same for the stable deployment and deployments that will need OAuth support.
 :::
 
+:::note
+If you are storing users in a [database](reference/adapters), we recommend using a different OAuth app for development/production so that you don't mix your test and production user base.
+:::
 
 <details>
 <summary>

docs/docs/guides/basics/initialization.md

@@ -2,6 +2,14 @@
 title: Custom Initialization
 ---
 
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
+
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+
 In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).
 
 When you define a `/pages/api/auth/[...nextauth]` JS/TS file, you instruct Auth.js that every API request beginning with `/api/auth/*` should be handled by the code written in the `[...nextauth]` file.
@@ -120,3 +128,15 @@ This way of initializing `NextAuth` is very powerful, but should be used sparing
 :::warning
 Changing parts of the request that is essential to `NextAuth` to do it's job - like messing with the [default cookies](/reference/configuration/auth-config#cookies) - can have unforeseen consequences, and have the potential to introduce security holes if done incorrectly. Only change those if you understand consequences.
 :::
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>

docs/docs/guides/basics/overriding-jwt.md

@@ -4,10 +4,10 @@ sidebar_label: Custom JWT encoding
 ---
 
 :::warning
-If you use middleware to protect routes, make sure the same method is also set in the [`_middleware.ts` options](/reference/nextjs/#custom-jwt-decode-method)
+If you use middleware to protect routes, make sure the same method is also set in the [`middleware.ts` options](https://next-auth.js.org/configuration/nextjs#custom-jwt-decode-method)
 :::
 
-Auth.js uses encrypted JSON Web Tokens ([JWE](https://datatracker.ietf.org/doc/html/rfc7516)) by default. Unless you have a good reason, we recommend keeping this behaviour. Although you can override this using the `encode` and `decode` methods. Both methods must be defined at the same time.
+Auth.js uses encrypted JSON Web Tokens ([JWE](https://datatracker.ietf.org/doc/html/rfc7516)) by default. Unless you have a good reason, we recommend keeping this behavior. Although you can override this using the `encode` and `decode` methods. Both methods must be defined at the same time.
 
 ```js
 jwt: {

docs/docs/guides/basics/pages.md

@@ -2,13 +2,16 @@
 title: Pages
 ---
 
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
 Auth.js automatically creates simple, unbranded authentication pages for handling Sign in, Sign out, Email Verification and displaying error messages.
 
 The options displayed on the sign-up page are automatically generated based on the providers specified in the options passed to Auth.js.
 
 To add a custom login page, you can use the `pages` option:
 
-```javascript title="pages/api/auth/[...nextauth].js"
+```javascript title="auth.js"
 ...
   pages: {
     signIn: '/auth/signin',
@@ -76,6 +79,11 @@ In addition, you can define the background color and text color of the button wi
 
 In order to get the available authentication providers and the URLs to use for them, you can make a request to the API endpoint `/api/auth/providers`:
 
+
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+
 ```jsx title="pages/auth/signin.js"
 import { getProviders, signIn } from "next-auth/react"
 
@@ -100,6 +108,18 @@ export async function getServerSideProps(context) {
   }
 }
 ```
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
+
 
 There is another, more fully styled example signin page available [here](https://github.com/ndom91/next-auth-example-sign-in-page).
 
@@ -107,6 +127,10 @@ There is another, more fully styled example signin page available [here](https:/
 
 If you create a custom sign in form for email sign in, you will need to submit both fields for the **email** address and **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/signin/email**.
 
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+
 ```jsx title="pages/auth/email-signin.js"
 import { getCsrfToken } from "next-auth/react"
 
@@ -131,6 +155,18 @@ export async function getServerSideProps(context) {
 }
 ```
 
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
+
 You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
 
 ```js
@@ -141,6 +177,10 @@ signIn("email", { email: "jsmith@example.com" })
 
 If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a `POST` request to **/api/auth/callback/credentials**.
 
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+
 ```jsx title="pages/auth/credentials-signin.js"
 import { getCsrfToken } from "next-auth/react"
 
@@ -170,6 +210,18 @@ export async function getServerSideProps(context) {
 }
 ```
 
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+    TODO Core
+  </TabItem>
+</Tabs>
+
 You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
 
 ```js

docs/docs/guides/basics/refresh-token-rotation.md

@@ -2,6 +2,9 @@
 title: Refresh token rotation
 ---
 
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
 Refresh token rotation is the practice of updating an `access_token` on behalf of the user, without requiring interaction (eg.: re-sign in). `access_token`s are usually issued for a limited time. After they expire, the service verifying them will ignore the value. Instead of asking the user to sign in again to obtain a new `access_token`, certain providers support exchanging a `refresh_token` for a new `access_token`, renewing the expiry time. Let's see how this can be achieved.
 
 :::note
@@ -26,6 +29,20 @@ Using the [jwt](../../reference/core/types#jwt) and [session](../../reference/co
 
 Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
 
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js">
+
+  TODO Next.js
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)" default>
+
 ```ts
 import { Auth } from "@auth/core"
 import { type TokenSet } from "@auth/core/types"
@@ -109,10 +126,27 @@ declare module "@auth/core/jwt" {
 }
 ```
 
+  </TabItem>
+</Tabs>
+
 #### Database strategy
 
 Using the database strategy is very similar, but instead of preserving the `access_token` and `refresh_token`, we save it, well, in the database.
 
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js">
+
+  What
+
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+    TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)" default>
+
 ```ts
 import { Auth } from "@auth/core"
 import { type TokenSet } from "@auth/core/types"
@@ -195,6 +229,8 @@ declare module "@auth/core/jwt" {
   }
 }
 ```
+  </TabItem>
+</Tabs>
 
 ### Client Side
 

docs/docs/guides/basics/securing-pages-and-api-routes.md

@@ -2,19 +2,19 @@
 title: Securing Pages & API routes
 ---
 
-You can easily protect client and server side rendered pages and API routes with Auth.js.
+You can protect client and server-side rendered pages and API routes with Auth.js.
 
 _You can find working examples of the approaches shown below in the [example project](https://github.com/nextauthjs/next-auth-example/)._
 
 :::tip
-The methods `getSession()` and `getToken()` both return an `object` if a session is valid and `null` if a session is invalid or has expired.
+The methods `getSession()` and `getToken()` both return an `object` if a session is valid and `null` if a session is not valid or has expired.
 :::
 
 ## Securing Pages
 
 ### Client Side
 
-If data on a page is fetched using calls to secure API routes - i.e. routes which use `getSession()` or `getToken()` to access the session - you can use the `useSession` React Hook to secure pages.
+If data on a page is fetched using calls to secure API routes - i.e. routes that use `getSession(`)` or `getToken()` to access the session - you can use the `useSession` React Hook to secure pages.
 
 ```js title="pages/client-side-example.js"
 import { useSession, getSession } from "next-auth/react"
@@ -41,7 +41,7 @@ export default function Page() {
 
 ### Next.js (Middleware)
 
-With Auth.js 4.2.0 and Next.js 12, you can now protect your pages via the middleware pattern more easily. If you would like to protect all pages, you can create a `_middleware.js` file in your root `pages` directory which looks like this.
+With NextAuth.js 4.2.0 and Next.js 12, you can now protect your pages via the middleware pattern more easily. If you would like to protect all pages, you can create a `_middleware.js` file in your root `pages` directory which looks like this.
 
 ```js title="/middleware.js"
 export { default } from "next-auth/middleware"
@@ -49,15 +49,15 @@ export { default } from "next-auth/middleware"
 
 Otherwise, if you only want to protect a subset of pages, you could put it in a subdirectory as well, for example in `/pages/admin/_middleware.js` would protect all pages under `/admin`.
 
-For the time being, the `withAuth` middleware only supports `"jwt"` as [session strategy](/reference/configuration/auth-config#session).
+For the time being, the `withAuth` middleware only supports `"jwt"` as a [session strategy](/reference/configuration/auth-config#session).
 
-More details can be found [here](/reference/nextjs/#middleware).
+More details can be found [here](https://next-auth.js.org/configuration/nextjs#middleware).
 
 ### Server Side
 
-You can protect server side rendered pages using the `unstable_getServerSession` method. This is different from the old `getSession()` method, in that it does not do an extra fetch out over the internet to confirm data from itself, increasing performance significantly.
+You can protect server-side rendered pages using the `unstable_getServerSession` method. This is different from the old `getSession()` method, in that it does not do an extra fetch out over the internet to confirm data from itself, increasing performance significantly.
 
-You need to add this to every server rendered page you want to protect. Be aware, `unstable_getServerSession` takes slightly different arguments than the method it is replacing, `getSession`.
+You need to add this to every server-rendered page you want to protect. Be aware, `unstable_getServerSession` takes slightly different arguments than the method it is replacing, `getSession`.
 
 ```js title="pages/server-side-example.js"
 import { unstable_getServerSession } from "next-auth/next"
@@ -136,7 +136,7 @@ export default async (req, res) => {
 
 ### Using getToken()
 
-If you are using JSON Web Tokens you can use the `getToken()` helper to access the contents of the JWT without having to handle JWT decryption / verification yourself. This method can only be used server side.
+If you are using JSON Web Tokens you can use the `getToken()` helper to access the contents of the JWT without having to handle JWT decryption/verification yourself. This method can only be used server side.
 
 ```js title="pages/api/get-token-example.js"
 // This is an example of how to read a JSON Web Token from an API route
@@ -157,7 +157,7 @@ export default async (req, res) => {
 ```
 
 :::tip
-You can use the `getToken()` helper function in any application as long as you set the `NEXTAUTH_URL` environment variable and the application is able to read the JWT cookie (e.g. is on the same domain).
+You can use the `getToken()` helper function in any application as long as you set the `NEXTAUTH_URL` environment variable and the application can read the JWT cookie (e.g. is on the same domain).
 :::
 
 :::note

docs/docs/guides/corporate-proxies/avoid-corporate-link-checking-email-provider.md

@@ -22,7 +22,7 @@ This can be done by simply returning a `200` response on `HEAD` requests at the
 
 For example
 
-```jsx title="/pages/api/auth/[...nextauth].js"
+```jsx title="auth.js"
 import type { NextApiRequest, NextApiResponse } from "next"
 import NextAuth from "next-auth"
 

docs/docs/guides/corporate-proxies/corporate-proxy.md

@@ -24,7 +24,7 @@ index 77161bd..1082fba 100644
 
  var _openidClient = require("openid-client");
 
-+var HttpsProxyAgent = require("https-proxy-agent");
++import { HttpsProxyAgent } from 'https-proxy-agent';
 +
  async function openidClient(options) {
    const provider = options.provider;

docs/docs/guides/providers/credentials-provider.md

@@ -7,11 +7,7 @@ The Credentials provider allows you to handle signing in with arbitrary credenti
 
 It is intended to support use cases where you have an existing system you need to authenticate users against.
 
-It comes with the constraint that users authenticated in this manner are not persisted in the database, and consequently that the Credentials provider can only be used if JSON Web Tokens are enabled for sessions.
-
-:::warning
-The functionality provided for credentials-based authentication is intentionally limited to discourage the use of passwords due to the inherent security risks associated with them and the additional complexity associated with supporting usernames and passwords.
-:::
+It comes with the constraint that users authenticated in this manner are not persisted in the database by default, and consequently, that the Credentials provider can only be used if JSON Web Tokens are enabled for sessions.
 
 ## Options
 
@@ -23,19 +19,33 @@ You can override any of the options to suit your own use case.
 
 ## Example - Username / Password
 
-The Credentials provider is specified like other providers, except that you need to define a handler for `authorize()` that accepts credentials submitted via HTTP POST as input and returns either:
+:::caution
+The functionality provided for credentials-based authentication is intentionally limited to discourage the use of passwords due to the inherent security risks of the username-password model.
 
-1. A `user` object, which indicates the credentials are valid.
+OAuth providers spend significant amounts of money, time, and engineering effort to build:
 
-If you return an object it will be persisted to the JSON Web Token and the user will be signed in, unless a custom `signIn()` callback is configured that subsequently rejects it.
+- bot-protection
+- rate-limiting
+- password management
+- data security
 
-2. If you return `null` then an error will be displayed advising the user to check their details.
+and much more for authentication solutions. It is likely that your application would benefit from leveraging these battle-tested solutions rather than try to rebuild them from scratch.
 
-3. If you throw an Error, the user will be sent to the error page with the error message as a query parameter.
+If you'd still like to build password-based authentication for your application despite these risks, Auth.js gives you full control to do so.
 
-The Credentials provider's `authorize()` method also provides the request object as the second parameter (see the example below).
+:::
 
-```js title="pages/api/auth/[...nextauth].js"
+The Credentials provider is specified like other providers, except that you need to define a handler for `authorize()` that accepts credentials submitted via HTTP POST as input and returns a `user` object, which indicates the credentials are valid.
+
+If you return an object it will be persisted to the JSON Web Token and the user will be signed in (unless a custom `signIn()` callback is configured that subsequently rejects it).
+
+- If you return `null` then an error will be displayed advising the user to check their details.
+
+- If you throw an Error, the user will be sent to the error page with the error message as a query parameter.
+
+The Credentials provider's `authorize()` method also provides the request object as the second parameter. Here's an example that handles these concerns.
+
+```js title="auth.js"
 import CredentialsProvider from "next-auth/providers/credentials";
 ...
 providers: [
@@ -69,7 +79,50 @@ providers: [
 ...
 ```
 
-See the [callbacks documentation](/reference/configuration/auth-config#callbacks) for more information on how to interact with the token.
+See the [callbacks documentation](/reference/configuration/auth-config#callbacks) for more information on how to interact with the token. For example, you can add additional information to the token by returning an object from the `jwt()` callback:
+
+```js
+callbacks: {
+  async jwt(token, user, account, profile, isNewUser) {
+    if (user) {
+      token.id = user.id
+    }
+    return token
+  }
+}
+```
+
+### Using a database
+
+You can also use the `authorize()` callback to interact with your database to regain some of the functionality from [more powerful providers](reference/core/providers):
+
+```js
+...
+providers: [
+  CredentialsProvider({
+    ...
+    async authorize(credentials, req) {
+      let user = null
+
+      const saltedPasswordToCheck = passwordToSalt(credentials.password)
+      user = await getUserFromDb(credentials.username, credentials.password)
+
+      if (!user) {
+        const saltedPassword = passwordToSalt(credentials.password)
+        user = await addUserToDb(credentials.username, saltedPassword)
+      }
+
+      if (!user) {
+        throw new Error("User was not found and could not be created.")
+      }
+
+      return user
+
+    }
+  })
+]
+...
+```
 
 ## Example - Web3 / Signin With Ethereum
 
@@ -78,8 +131,8 @@ The credentials provider can also be used to integrate with a service like [Sign
 For more information, check out the links below:
 
 - [Tutorial](https://docs.login.xyz/integrations/Auth.js)
-- [Example App Repo](https://github.com/spruceid/siwe-next-auth-example).
-- [Example App Demo](https://siwe-next-auth-example2.vercel.app/).
+- [Example App Repo](https://github.com/spruceid/siwe-next-auth-example)
+- [Example App Demo](https://siwe-next-auth-example2.vercel.app/)
 
 ## Multiple providers
 

docs/docs/guides/providers/email-http-api.md

@@ -17,15 +17,15 @@ We will also refer to the [Prisma Adapter](/reference/adapter/prisma). A [databa
 
 ## Setup
 
-First, if you do not have a project using Auth.js, clone and set up a basic Auth.js project like the one [provided in](https://github.com/nextauthjs/next-auth-example.git) our example repo](https://github.com/nextauthjs/next-auth-example.git).
+First, if you do not have a project using Auth.js, clone and set up a basic Auth.js project like the one [provided in our example repo](https://github.com/nextauthjs/next-auth-example).
 
 - Install the [Prisma Adapter](/reference/adapter/prisma)
 - Generate an API key from your cloud Email provider of choice and add it to your `.env.*` file. For example, mine is going to be called `SENDGRID_API`
 - Add the following configuration to your configuration file:
 
-```js title="pages/api/auth/[...nextauth].ts"
+```js title="auth.ts"
 import NextAuth, { NextAuthOptions } from "next-auth"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
+import { PrismaAdapter } from "@auth/prisma-adapter"
 import { PrismaClient } from "@prisma/client"
 
 const prisma = new PrismaClient()
@@ -42,16 +42,15 @@ export const authOptions: NextAuthOptions = {
   ],
 }
 
-export default NextAuth(authOptions)
 ```
 
 Next, all that's left to do is call the HTTP endpoint from our cloud email provider and pass it the required metadata like the `to` address, the email `body`, and any other fields we may need to include.
 
 As mentioned earlier, we're going to be using SendGrid in this example, so the appropriate endpoint is `https://api.sendgrid.com/v3/mail/send` ([more info](https://docs.sendgrid.com/for-developers/sending-email/api-getting-started)). Therefore, we're going to pull out some of the important information from the `params` argument and use it in a `fetch()` call to the previously mentioned SendGrid API.
 
-```js title="pages/api/auth/[...nextauth].ts"
+```js title="auth.ts"
 import NextAuth, { NextAuthOptions } from "next-auth"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
+import { PrismaAdapter } from "@auth/prisma-adapter"
 import { PrismaClient } from "@prisma/client"
 
 const prisma = new PrismaClient()

docs/docs/guides/providers/email-provider.md

@@ -30,7 +30,7 @@ You can override any of the options to suit your own use case.
 ## Configuration
 
 1. Auth.js does not include `nodemailer` as a dependency, so you'll need to install it yourself if you want to use the Email Provider. Run `npm install nodemailer` or `yarn add nodemailer`.
-2. You will need an SMTP account; ideally for one of the [services known to work with `nodemailer`](https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/).
+2. You will need an SMTP account; such as [the official Nodemailer recommended service](https://nodemailer.com/about/#example) of [Forward Email](https://forwardemail.net).
 3. There are two ways to configure the SMTP server connection.
 
 You can either use a connection string or a `nodemailer` configuration object.
@@ -40,13 +40,13 @@ You can either use a connection string or a `nodemailer` configuration object.
 Create an `.env` file to the root of your project and add the connection string and email address.
 
 ```js title=".env" {1}
-	EMAIL_SERVER=smtp://username:password@smtp.example.com:587
-	EMAIL_FROM=noreply@example.com
+	EMAIL_SERVER=smtp://username:password@smtp.forwardemail.net:587
+	EMAIL_FROM=support@example.com
 ```
 
 Now you can add the email provider like this:
 
-```js {3} title="pages/api/auth/[...nextauth].js"
+```js {3} title="auth.js"
 import EmailProvider from "next-auth/providers/email";
 ...
 providers: [
@@ -64,14 +64,14 @@ In your `.env` file in the root of your project simply add the configuration obj
 ```js title=".env"
 EMAIL_SERVER_USER=username
 EMAIL_SERVER_PASSWORD=password
-EMAIL_SERVER_HOST=smtp.example.com
+EMAIL_SERVER_HOST=smtp.forwardemail.net
 EMAIL_SERVER_PORT=587
 EMAIL_FROM=noreply@example.com
 ```
 
 Now you can add the provider settings to the NextAuth options object in the Email Provider.
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 import EmailProvider from "next-auth/providers/email";
 ...
 providers: [
@@ -101,7 +101,7 @@ You can fully customize the sign in email that is sent by passing a custom funct
 
 e.g.
 
-```js {3} title="pages/api/auth/[...nextauth].js"
+```js {3} title="auth.js"
 import EmailProvider from "next-auth/providers/email";
 ...
 providers: [
@@ -112,6 +112,7 @@ providers: [
       identifier: email,
       url,
       provider: { server, from },
+      request // for example can be used to get the user agent (`request.headers.get("user-agent")`) to parse and pass on to the user in the email so they can be more confident they originated the request
     }) {
       /* your function */
     },
@@ -205,7 +206,7 @@ If you want to generate great looking email client compatible HTML with React, c
 
 By default, we are generating a random verification token. You can define a `generateVerificationToken` method in your provider options if you want to override it:
 
-```js title="pages/api/auth/[...nextauth].js"
+```js title="auth.js"
 providers: [
   EmailProvider({
     async generateVerificationToken() {

docs/docs/reference/adapters/index.md

@@ -5,9 +5,17 @@ title: Overview
 Using an Auth.js / NextAuth.js adapter you can connect to any database service or even several different services at the same time. The following listed official adapters are created and maintained by the community:
 
 <div class="adapter-card-list">
+  <a href="/reference/adapter/edgedb" class="adapter-card">
+    <img src="/img/adapters/edgedb.svg" width="30" />
+    <h4 class="adapter-card__title">EdgeDB Adapter</h4>
+  </a>
   <a href="/reference/adapter/dgraph" class="adapter-card">
     <img src="/img/adapters/dgraph.png" width="30" />
     <h4 class="adapter-card__title">Dgraph Adapter</h4>
+  </a>
+   <a href="/reference/adapter/drizzle" class="adapter-card">
+    <img src="/img/adapters/drizzle-orm.png" width="30" />
+    <h4 class="adapter-card__title">Drizzle Adapter</h4>
   </a>
   <a href="/reference/adapter/dynamodb" class="adapter-card">
     <img src="/img/adapters/dynamodb.png" width="30" />
@@ -21,6 +29,10 @@ Using an Auth.js / NextAuth.js adapter you can connect to any database service o
     <img src="/img/adapters/firebase.svg" width="40" />
     <h4 class="adapter-card__title">Firebase Adapter</h4>
   </a>
+  <a href="/reference/adapter/kysely" class="adapter-card">
+    <img src="/img/adapters/kysely.svg" width="40" />
+    <h4 class="adapter-card__title">Kysely Adapter</h4>
+  </a>
   <a href="/reference/adapter/mikro-orm" class="adapter-card">
     <img src="/img/adapters/mikro-orm.png" width="30" />
     <h4 class="adapter-card__title">Mikro ORM Adapter</h4>
@@ -67,10 +79,8 @@ Using an Auth.js / NextAuth.js adapter you can connect to any database service o
 If you don't find an adapter for the database or service you use, you can always create one yourself. Have a look at our guide on [how to create a database adapter](/guides/adapters/creating-a-database-adapter).
 :::
 
-
 ## Models
 
-
 Auth.js can be used with any database. Models tell you what structures Auth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this:
 
 ```mermaid
@@ -131,7 +141,7 @@ If a user first signs in with an OAuth provider, then their email address is aut
 This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in the future (if the [Email Provider](/reference/core/providers_email) is configured).
 :::
 
-User creation in the database is automatic and happens when the user is logging in for the first time with a provider. 
+User creation in the database is automatic and happens when the user is logging in for the first time with a provider.
 If the first sign-in is via the [OAuth Provider](/reference/core/providers_oauth), the default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider](/guides/providers/custom-provider)'s [`profile()`](/reference/core/providers#profile) callback.
 
 If the first sign-in is via the [Email Provider](/reference/core/providers_email), then the saved user will have `id`, `email`, `emailVerified`, where `emailVerified` is the timestamp of when the user was created.

docs/docs/reference/index.md

@@ -4,29 +4,30 @@ title: Overview
 
 This section of the documentation contains the API reference for all the official packages under the `@auth/*` and `@next-auth/*` scopes.
 
-:::warning Warning
-The API reference is being migrated from the [old documentation page](https://next-auth.js.org), so there are going to be references to `next-auth` still. We are continuously working on updating the naming/references.
-:::
-
 ## Roadmap
 
-Here are the _currently_ planned and released packages under the `@auth/*` scope. This is not an exhaustive list, but the set of packages that we would like to focus on to begin with.
+Here are the _state_ of planned and released packages under the `@auth/*` scope. This is not an exhaustive list, but the set of packages that we would like to focus on, to begin with.
 
-|       Feature       |  Status  |
-| ------------------- | -------- |
-| `@auth/nextjs`      | Planned  |
-| `@auth/*-adapter`   | Planned  |
-| `@auth/core`        | Experimental |
-| `@auth/sveltekit`   | Experimental |
-| `@auth/solid-start` | Experimental |
+|        Feature         |  Status  |
+| ---------------------- | -------- |
+| `@auth/*-adapter`      | Released (stable). Fully compatible with `next-auth` and all `@auth/*` libraries.   |
+| `@next-auth/*-adapter` | Maintenance has stopped. Update to `@auth/*-adapter`. See above.  |
+| `@auth/core`           | Released (experimental). |
+| `@auth/sveltekit`      | Released (experimental, [help needed](#help-needed)). |
+| `@auth/solid-start`    | Released (experimental, [help needed](#help-needed)). Community package: [`@solid-mediakit/auth`](https://www.npmjs.com/package/@solid-mediakit/auth) |
+| `@auth/express`        | [Planned](https://github.com/nextauthjs/next-auth/issues/8257). |
+| `@auth/remix`          | Planned, [help needed](#help-needed). |
+| `@auth/astro`          | Planned, [help needed](#help-needed). |
+| `@auth/nuxt`           | Planned, [help needed](#help-needed). Community packages: [`@sidebase/nuxt-auth`](https://github.com/sidebase/nuxt-auth), [`@hebilicious/authjs-nuxt`](https://authjs-nuxt.pages.dev/) |
 
-### Community Packages
-
-While we are migrating the documentation and working on stabilizing the core package, the community has been working on some packages that are already available. With collaboration, we hope to make these packages official in the future.
-
-:::note
-If you are a maintainer of a package, [reach out](https://twitter.com/balazsorban44) if you want to collaborate on making it official or open a PR to add it to the list below, so others can discover it more easily.
+:::info
+`next-auth` is still the official package for Next.js. The documentation is at [next-auth.js.org](https://next-auth.js.org), while guides are being migrated over to the new documentation page. A major refactor of `next-auth` is on the way, you can [follow this PR](https://github.com/nextauthjs/next-auth/pull/7443) for updates.
 :::
 
-- ...
-- ...
+### Help needed
+
+In case you are a maintainer of a package that uses `@auth/core`, feel free to [reach out to Balázs](https://twitter.com/balazsorban44), if you want to collaborate on making it an official package, maintained in our repository. If you are interested in bringing `@auth/core` support to your favorite framework, we would love to hear from you!
+
+#### Community Packages
+
+While we are migrating the documentation and working on stabilizing the core package, the community has been working on some packages that are already available. With collaboration, we hope to make these packages official in the future.

docs/docs/reference/nextjs/client.md

@@ -1,7 +0,0 @@
----
-title: Client
----
-
-:::warning WIP
-`@auth/nextjs/client` is work in progress. For now, please use [NextAuth.js Client API](https://next-auth.js.org/getting-started/client).
-:::

docs/docs/reference/nextjs/index.md

@@ -1,7 +0,0 @@
----
-title: Next.js Auth
----
-
-:::warning WIP
-`@auth/nextjs` is work in progress. For now, please use [NextAuth.js](https://next-auth.js.org).
-:::

docs/docusaurus.config.js

@@ -213,7 +213,25 @@ const docusaurusConfig = {
           breadcrumbs: false,
           routeBasePath: "/",
           sidebarPath: require.resolve("./sidebars.js"),
-          editUrl: "https://github.com/nextauthjs/next-auth/edit/main/docs",
+          /**
+           *
+           * @param {{
+           *  version: string;
+           *  versionDocsDirPath: string;
+           *  docPath: string;
+           *  permalink: string;
+           *  locale: string;
+           *}} params
+           */
+          editUrl({ docPath }) {
+            // TODO: support other packages, fix directory links like "providers"
+            if (docPath.includes("reference/core")) {
+              const file = docPath.split("reference/core/")[1].replace(".md", ".ts").replace("_", "/")
+              const base = `https://github.com/nextauthjs/next-auth/edit/main/packages/core/src/${file}`
+              return base
+            }
+            return "https://github.com/nextauthjs/next-auth/edit/main/docs"
+          },
           lastVersion: "current",
           showLastUpdateAuthor: true,
           showLastUpdateTime: true,
@@ -264,10 +282,13 @@ const docusaurusConfig = {
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []
       : [
+          typedocAdapter("EdgeDb"),
           typedocAdapter("Dgraph"),
+          typedocAdapter("Drizzle"),
           typedocAdapter("DynamoDB"),
           typedocAdapter("Fauna"),
           typedocAdapter("Firebase"),
+          typedocAdapter("Kysely"),
           typedocAdapter("Mikro ORM"),
           typedocAdapter("MongoDB"),
           typedocAdapter("Neo4j"),

docs/package.json

@@ -27,15 +27,15 @@
     "styled-components": "5.3.6"
   },
   "devDependencies": {
-    "@docusaurus/core": "2.3.1",
-    "@docusaurus/eslint-plugin": "2.3.1",
-    "@docusaurus/module-type-aliases": "2.3.1",
-    "@docusaurus/preset-classic": "2.3.1",
-    "@docusaurus/theme-common": "2.3.1",
-    "@docusaurus/theme-mermaid": "2.3.1",
-    "@docusaurus/types": "2.3.1",
+    "@docusaurus/core": "2.4.1",
+    "@docusaurus/eslint-plugin": "2.4.1",
+    "@docusaurus/module-type-aliases": "2.4.1",
+    "@docusaurus/preset-classic": "2.4.1",
+    "@docusaurus/theme-common": "2.4.1",
+    "@docusaurus/theme-mermaid": "2.4.1",
+    "@docusaurus/types": "2.4.1",
     "docusaurus-plugin-typedoc": "1.0.0-next.5",
-    "typedoc": "^0.24.4",
+    "typedoc": "^0.24.8",
     "typedoc-plugin-markdown": "4.0.0-next.6"
   },
   "browserslist": {

docs/sidebars.js

@@ -34,17 +34,9 @@ module.exports = {
       items: [{ type: "autogenerated", dirName: "reference/solidstart" }],
     },
     {
-      type: "category",
-      label: "@auth/nextjs",
-      link: { type: "doc", id: "reference/nextjs/index" },
-      items: [
-        "reference/nextjs/client",
-        {
-          type: "link",
-          label: "NextAuth.js (next-auth)",
-          href: "https://next-auth.js.org",
-        },
-      ],
+      type: "link",
+      label: "NextAuth.js (next-auth)",
+      href: "https://next-auth.js.org",
     },
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []
@@ -55,9 +47,11 @@ module.exports = {
             link: { type: "doc", id: "reference/adapters/index" },
             items: [
               { type: "doc", id: "reference/adapter/dgraph/index" },
+              { type: "doc", id: "reference/adapter/drizzle/index" },
               { type: "doc", id: "reference/adapter/dynamodb/index" },
               { type: "doc", id: "reference/adapter/fauna/index" },
               { type: "doc", id: "reference/adapter/firebase/index" },
+              { type: "doc", id: "reference/adapter/kysely/index" },
               { type: "doc", id: "reference/adapter/mikro-orm/index" },
               { type: "doc", id: "reference/adapter/mongodb/index" },
               { type: "doc", id: "reference/adapter/neo4j/index" },

docs/src/components/ProviderMarquee.js

@@ -7,6 +7,7 @@ const icons = [
   "/img/providers/apple.svg",
   "/img/providers/auth0.svg",
   "/img/providers/cognito.svg",
+  "/img/providers/descope.svg",
   "/img/providers/battlenet.svg",
   "/img/providers/box.svg",
   "/img/providers/facebook.svg",

docs/src/css/navbar.css

@@ -91,7 +91,7 @@ html[data-theme="dark"] .navbar__item.navbar__link[href*="npm"]:before {
   position: absolute;
   color: #000;
   top: -10px;
-  right: -45px;
+  right: 4px;
   font-size: 9px;
   background-color: #ccc;
   padding: 2px 5px;

docs/src/pages/index.js

@@ -101,13 +101,13 @@ export default function Home() {
       .fetch("https://api.github.com/repos/nextauthjs/next-auth")
       .then((res) => res.json())
       .then((data) => {
-        const navLinks = document.getElementsByClassName(
-          "navbar__item navbar__link"
+        const githubLink = document.querySelector(
+          ".navbar__item.navbar__link[href*='github']"
         )
         const githubStat = document.createElement("span")
         githubStat.innerHTML = kFormatter(data.stargazers_count)
         githubStat.className = "github-counter"
-        navLinks[4].appendChild(githubStat)
+        githubLink.appendChild(githubStat)
       })
   }, [])
   return (

docs/static/img/adapters/edgedb.svg

@@ -0,0 +1,4 @@
+<svg style="color:#1F8AED" width="140" height="114" viewBox="0 0 140 114" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path fill-rule="evenodd" clip-rule="evenodd" d="M118.58 56.966C118.58 66.6274 114.706 68.3592 110.377 68.3592H101.171V45.5728H110.377C114.706 45.5728 118.58 47.3046 118.58 56.966ZM113.887 56.966C113.887 50.2212 111.836 49.9022 108.874 49.9022H106.003V64.0298H108.874C111.836 64.0298 113.887 63.7108 113.887 56.966ZM65.1234 68.3592V45.5728H79.6155V49.9022H69.9541V54.5507H77.2458V58.8345H69.9541V64.0298H79.6155V68.3592H65.1234ZM87.7282 113.932H92.5589V0H87.7282V113.932ZM128.242 58.242V64.0298H132.252C134.758 64.0298 135.396 62.3892 135.396 61.1587C135.396 60.2017 134.941 58.242 131.523 58.242H128.242ZM128.242 49.9022V54.2317H131.523C133.391 54.2317 134.485 53.4113 134.485 52.0442C134.485 50.677 133.391 49.9022 131.523 49.9022H128.242ZM123.411 45.5728H132.708C137.585 45.5728 139.043 48.9908 139.043 51.4517C139.043 53.7304 137.585 55.371 136.582 55.8267C139.499 57.2395 140 60.1105 140 61.5689C140 63.4829 139.043 68.3592 132.708 68.3592H123.411V45.5728ZM37.3702 56.966C37.3702 66.6274 33.4966 68.3592 29.1671 68.3592H19.9614V45.5728H29.1671C33.4966 45.5728 37.3702 47.3046 37.3702 56.966ZM51.5885 64.2121C54.0495 64.2121 55.3255 63.3918 55.7812 62.8449V60.3384H51.862V56.4191H59.6549V65.4881C58.9713 66.5363 55.2344 68.5871 51.8164 68.5871C46.211 68.5871 41.4714 66.3996 41.4714 56.7381C41.4714 47.0767 46.2565 45.345 50.5859 45.345C57.3763 45.345 59.0625 48.8996 59.6094 52.0442L55.5989 52.9556C55.3711 51.4973 54.095 49.6744 51.1784 49.6744C48.2162 49.6744 46.1654 49.9934 46.1654 56.7381C46.1654 63.4829 48.3073 64.2121 51.5885 64.2121ZM32.6756 56.966C32.6756 50.2212 30.6248 49.9022 27.6626 49.9022H24.7915V64.0298H27.6626C30.6248 64.0298 32.6756 63.7108 32.6756 56.966ZM0 68.3592V45.5728H14.4921V49.9022H4.83072V54.5507H12.1224V58.8345H4.83072V64.0298H14.4921V68.3592H0Z" fill="currentColor">
+    </path>
+</svg>

docs/static/img/adapters/kysely.svg

@@ -0,0 +1,14 @@
+<svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <g clip-path="url(#clip0_8_3)">
+    <rect x="2" y="2" width="128" height="128" rx="16" fill="white" />
+    <path
+      d="M41.2983 109V23.9091H46.4918V73.31H47.0735L91.9457 23.9091H98.8427L61.9062 64.1694L98.5103 109H92.0288L58.5824 67.9087L46.4918 81.2873V109H41.2983Z"
+      fill="black" />
+  </g>
+  <rect x="2" y="2" width="128" height="128" rx="16" stroke="#121212" stroke-width="4" />
+  <defs>
+    <clipPath id="clip0_8_3">
+      <rect x="2" y="2" width="128" height="128" rx="16" fill="white" />
+    </clipPath>
+  </defs>
+</svg>

docs/static/img/providers/click-up.svg

@@ -0,0 +1,27 @@
+<svg width="185" height="185" viewBox="0 0 185 185" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g filter="url(#filter0_d)">
+<rect x="30" y="20" width="125" height="125" rx="62.5" fill="white"/>
+<rect x="30" y="20" width="125" height="125" rx="62.5" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M55.8789 105.714L69.3974 95.3593C76.5762 104.732 84.1998 109.051 92.6948 109.051C101.143 109.051 108.557 104.781 115.414 95.4832L129.119 105.59C119.232 118.996 106.932 126.079 92.6948 126.079C78.5049 126.079 66.0907 119.046 55.8789 105.714Z" fill="url(#paint0_linear)"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M92.6491 60.7078L68.5883 81.4406L57.4727 68.5407L92.6969 38.1885L127.647 68.5644L116.477 81.417L92.6491 60.7078Z" fill="url(#paint1_linear)"/>
+</g>
+<defs>
+<filter id="filter0_d" x="0" y="0" width="185" height="185" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="10"/>
+<feGaussianBlur stdDeviation="15"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0.0627451 0 0 0 0 0.117647 0 0 0 0 0.211765 0 0 0 0.1 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/>
+</filter>
+<linearGradient id="paint0_linear" x1="55.8789" y1="116.251" x2="129.119" y2="116.251" gradientUnits="userSpaceOnUse">
+<stop stop-color="#8930FD"/>
+<stop offset="1" stop-color="#49CCF9"/>
+</linearGradient>
+<linearGradient id="paint1_linear" x1="57.4727" y1="67.6025" x2="127.647" y2="67.6025" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FF02F0"/>
+<stop offset="1" stop-color="#FFC800"/>
+</linearGradient>
+</defs>
+</svg>

docs/static/img/providers/descope.svg

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 26.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="194.7px" height="215.2px" viewBox="0 0 194.7 215.2" style="enable-background:new 0 0 194.7 215.2;" xml:space="preserve"
+	>
+<style type="text/css">
+	.st0{fill:url(#SVGID_1_);}
+	.st1{fill:url(#SVGID_00000004519561486438896460000001266960168497785022_);}
+	.st2{fill:url(#SVGID_00000049204468076180615810000015113731544435055266_);}
+	.st3{fill:url(#SVGID_00000116951257355544416270000003794629356563808950_);}
+</style>
+<g>
+	<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="68.3919" y1="222.1531" x2="185.0265" y2="41.0264">
+		<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+		<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+		<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+	</linearGradient>
+	<path class="st0" d="M129.8,174.7c7.6-1.6,14-4.8,19.2-9.7c7.7-7.3,8.8-17.1,8.8-29.4V80.7c0-12.3-1.1-22.1-8.8-29.4
+		c-5.2-4.9-11.6-8.1-19.2-9.7V15.4c12.5,1.8,22.9,6.5,31,14.2c10.6,10,19.9,23.5,19.9,40.5v75c0,17-9.3,30.5-19.9,40.5
+		c-8.1,7.7-18.5,12.4-31,14.2V174.7z"/>
+	
+		<linearGradient id="SVGID_00000040544740507634666800000017273841385603649669_" gradientUnits="userSpaceOnUse" x1="5.037" y1="181.3564" x2="121.6716" y2="0.2297">
+		<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+		<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+		<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+	</linearGradient>
+	<path style="fill:url(#SVGID_00000040544740507634666800000017273841385603649669_);" d="M33.9,29.6c8.1-7.7,18.5-12.4,31-14.2
+		v26.3c-7.6,1.6-14,4.8-19.2,9.7c-7.7,7.3-8.8,17-8.8,29.2v55.1c0,12.3,1.1,22.1,8.8,29.4c5.2,4.9,11.6,8.1,19.2,9.7v25.1
+		c-12.5-1.8-22.9-6.5-31-14.2c-10.6-10-19.9-23.5-19.9-40.5V69.8C13.9,53,23.2,39.6,33.9,29.6z"/>
+	<g>
+		
+			<linearGradient id="SVGID_00000060713993868866928010000000698955780952733088_" gradientUnits="userSpaceOnUse" x1="22.0278" y1="192.2974" x2="138.6624" y2="11.1707">
+			<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+			<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+			<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+		</linearGradient>
+		<path style="fill:url(#SVGID_00000060713993868866928010000000698955780952733088_);" d="M120.2,87.8l8.5-13.7l-17.8-9.4
+			l-7.5,14.2c-1.1,2.1-3.1,3.3-5.5,3.3c-2.3,0-4.4-1.2-5.5-3.3L85,64.7L67.3,74l12.3,19.7L120.2,87.8z"/>
+		
+			<linearGradient id="SVGID_00000115475840050352750520000000840372054167564949_" gradientUnits="userSpaceOnUse" x1="37.9651" y1="202.5601" x2="154.5998" y2="21.4334">
+			<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+			<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+			<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+		</linearGradient>
+		<path style="fill:url(#SVGID_00000115475840050352750520000000840372054167564949_);" d="M142.4,97.7l-87.8,0.8v17.7l27.5-0.1
+			l-14.8,23.8l17.7,9.3l7.5-14.2c1.1-2.1,3.1-3.3,5.5-3.3c2.3,0,4.4,1.2,5.5,3.3l7.5,14.2l17.8-9.4l-12-19.3L93.7,116l48.7-0.2V97.7
+			z"/>
+	</g>
+</g>
+</svg>

docs/static/img/providers/dribbble-dark.svg

@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16704 0 0 7.16704 0 16C0 24.833 7.16704 32 16 32C24.8156 32 32 24.833 32 16C32 7.16704 24.8156 0 16 0ZM26.5683 7.37526C28.4772 9.70064 29.6226 12.6681 29.6573 15.8785C29.2061 15.7917 24.6941 14.872 20.1475 15.4447C20.0434 15.2191 19.9566 14.9761 19.8525 14.7332C19.5748 14.0738 19.2625 13.397 18.9501 12.7549C23.9827 10.7072 26.2733 7.75706 26.5683 7.37526ZM16 2.36009C19.4707 2.36009 22.6464 3.6616 25.0586 5.7961C24.8156 6.14317 22.7505 8.9024 17.8916 10.7245C15.6529 6.61171 13.1714 3.24512 12.7896 2.72451C13.8134 2.48156 14.8894 2.36009 16 2.36009ZM10.1866 3.64426C10.551 4.13014 12.9805 7.51411 15.2538 11.5401C8.86768 13.2408 3.22778 13.2061 2.62039 13.2061C3.50541 8.97181 6.36877 5.44902 10.1866 3.64426ZM2.32538 16.0173C2.32538 15.8785 2.32538 15.7397 2.32538 15.6009C2.9154 15.6182 9.54448 15.705 16.3644 13.6573C16.7636 14.4208 17.128 15.2017 17.475 15.9827C17.3015 16.0347 17.1106 16.0868 16.9371 16.1388C9.89155 18.4122 6.14317 24.6247 5.83082 25.1453C3.6616 22.7332 2.32538 19.5228 2.32538 16.0173ZM16 29.6746C12.8417 29.6746 9.92624 28.5987 7.61821 26.7939C7.86118 26.2907 10.6378 20.9458 18.3427 18.256C18.3774 18.2386 18.3948 18.2386 18.4295 18.2212C20.3557 23.2017 21.1367 27.3839 21.3449 28.5813C19.6963 29.2928 17.8916 29.6746 16 29.6746ZM23.6182 27.3319C23.4794 26.4989 22.7506 22.5076 20.9631 17.5965C25.2495 16.9197 28.9978 18.0304 29.4664 18.1866C28.8764 21.987 26.6898 25.2668 23.6182 27.3319Z" fill="white"/>
+</svg>

docs/static/img/providers/dribbble.svg

@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16704 0 0 7.16704 0 16C0 24.833 7.16704 32 16 32C24.8156 32 32 24.833 32 16C32 7.16704 24.8156 0 16 0ZM26.5683 7.37526C28.4772 9.70064 29.6226 12.6681 29.6573 15.8785C29.2061 15.7917 24.6941 14.872 20.1475 15.4447C20.0434 15.2191 19.9566 14.9761 19.8525 14.7332C19.5748 14.0738 19.2625 13.397 18.9501 12.7549C23.9827 10.7072 26.2733 7.75706 26.5683 7.37526ZM16 2.36009C19.4707 2.36009 22.6464 3.6616 25.0586 5.7961C24.8156 6.14317 22.7505 8.9024 17.8916 10.7245C15.6529 6.61171 13.1714 3.24512 12.7896 2.72451C13.8134 2.48156 14.8894 2.36009 16 2.36009ZM10.1866 3.64426C10.551 4.13014 12.9805 7.51411 15.2538 11.5401C8.86768 13.2408 3.22778 13.2061 2.62039 13.2061C3.50541 8.97181 6.36877 5.44902 10.1866 3.64426ZM2.32538 16.0173C2.32538 15.8785 2.32538 15.7397 2.32538 15.6009C2.9154 15.6182 9.54448 15.705 16.3644 13.6573C16.7636 14.4208 17.128 15.2017 17.475 15.9827C17.3015 16.0347 17.1106 16.0868 16.9371 16.1388C9.89155 18.4122 6.14317 24.6247 5.83082 25.1453C3.6616 22.7332 2.32538 19.5228 2.32538 16.0173ZM16 29.6746C12.8417 29.6746 9.92624 28.5987 7.61821 26.7939C7.86118 26.2907 10.6378 20.9458 18.3427 18.256C18.3774 18.2386 18.3948 18.2386 18.4295 18.2212C20.3557 23.2017 21.1367 27.3839 21.3449 28.5813C19.6963 29.2928 17.8916 29.6746 16 29.6746ZM23.6182 27.3319C23.4794 26.4989 22.7506 22.5076 20.9631 17.5965C25.2495 16.9197 28.9978 18.0304 29.4664 18.1866C28.8764 21.987 26.6898 25.2668 23.6182 27.3319Z" fill="#EA4C89"/>
+</svg>

docs/static/img/providers/mastodon.svg

@@ -0,0 +1,10 @@
+<svg width="75" height="79" viewBox="0 0 75 79" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M73.8393 17.4898C72.6973 9.00165 65.2994 2.31235 56.5296 1.01614C55.05 0.797115 49.4441 0 36.4582 0H36.3612C23.3717 0 20.585 0.797115 19.1054 1.01614C10.5798 2.27644 2.79399 8.28712 0.904997 16.8758C-0.00358524 21.1056 -0.100549 25.7949 0.0682394 30.0965C0.308852 36.2651 0.355538 42.423 0.91577 48.5665C1.30307 52.6474 1.97872 56.6957 2.93763 60.6812C4.73325 68.042 12.0019 74.1676 19.1233 76.6666C26.7478 79.2728 34.9474 79.7055 42.8039 77.9162C43.6682 77.7151 44.5217 77.4817 45.3645 77.216C47.275 76.6092 49.5123 75.9305 51.1571 74.7385C51.1797 74.7217 51.1982 74.7001 51.2112 74.6753C51.2243 74.6504 51.2316 74.6229 51.2325 74.5948V68.6416C51.2321 68.6154 51.2259 68.5896 51.2142 68.5661C51.2025 68.5426 51.1858 68.522 51.1651 68.5058C51.1444 68.4896 51.1204 68.4783 51.0948 68.4726C51.0692 68.4669 51.0426 68.467 51.0171 68.4729C45.9835 69.675 40.8254 70.2777 35.6502 70.2682C26.7439 70.2682 24.3486 66.042 23.6626 64.2826C23.1113 62.762 22.7612 61.1759 22.6212 59.5646C22.6197 59.5375 22.6247 59.5105 22.6357 59.4857C22.6466 59.4609 22.6633 59.4391 22.6843 59.422C22.7053 59.4048 22.73 59.3929 22.7565 59.3871C22.783 59.3813 22.8104 59.3818 22.8367 59.3886C27.7864 60.5826 32.8604 61.1853 37.9522 61.1839C39.1768 61.1839 40.3978 61.1839 41.6224 61.1516C46.7435 61.008 52.1411 60.7459 57.1796 59.7621C57.3053 59.7369 57.431 59.7154 57.5387 59.6831C65.4861 58.157 73.0493 53.3672 73.8178 41.2381C73.8465 40.7606 73.9184 36.2364 73.9184 35.7409C73.9219 34.0569 74.4606 23.7949 73.8393 17.4898Z" fill="url(#paint0_linear_549_34)"/>
+<path d="M61.2484 27.0263V48.114H52.8916V27.6475C52.8916 23.3388 51.096 21.1413 47.4437 21.1413C43.4287 21.1413 41.4177 23.7409 41.4177 28.8755V40.0782H33.1111V28.8755C33.1111 23.7409 31.0965 21.1413 27.0815 21.1413C23.4507 21.1413 21.6371 23.3388 21.6371 27.6475V48.114H13.2839V27.0263C13.2839 22.7176 14.384 19.2946 16.5843 16.7572C18.8539 14.2258 21.8311 12.926 25.5264 12.926C29.8036 12.926 33.0357 14.5705 35.1905 17.8559L37.2698 21.346L39.3527 17.8559C41.5074 14.5705 44.7395 12.926 49.0095 12.926C52.7013 12.926 55.6784 14.2258 57.9553 16.7572C60.1531 19.2922 61.2508 22.7152 61.2484 27.0263Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_549_34" x1="37.0692" y1="0" x2="37.0692" y2="79" gradientUnits="userSpaceOnUse">
+<stop stop-color="#6364FF"/>
+<stop offset="1" stop-color="#563ACC"/>
+</linearGradient>
+</defs>
+</svg>

docs/static/img/providers/passage.svg

@@ -0,0 +1,11 @@
+<svg width="250" height="250" viewBox="0 0 250 250" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.8" d="M37.8419 71.6921L65.1425 87.4541C86.2537 99.6426 93.4921 126.639 81.3036 147.75C80.2315 149.607 79.045 151.353 77.7583 152.989L12.6182 115.381C8.67588 113.105 5.58417 109.922 3.44179 106.254C-0.964934 98.6912 -1.30613 89.0446 3.38448 80.9202C10.348 68.8591 25.7752 64.7254 37.8419 71.6921Z" fill="#3D53F6"/>
+<path opacity="0.5" d="M37.8419 180.052L65.1425 164.29C86.2537 152.101 93.4921 125.105 81.3036 103.994C80.2315 102.137 79.045 100.391 77.7583 98.7544L12.6182 136.363C8.67588 138.639 5.58417 141.822 3.44179 145.49C-0.964934 153.053 -1.30613 162.699 3.38448 170.824C10.348 182.885 25.7752 187.019 37.8419 180.052Z" fill="#3D53F6"/>
+<path opacity="0.5" d="M212.753 71.6921L185.452 87.4541C164.341 99.6426 157.103 126.639 169.291 147.75C170.363 149.607 171.55 151.353 172.836 152.989L237.976 115.381C241.919 113.105 245.01 109.922 247.153 106.254C251.56 98.6912 251.901 89.0446 247.21 80.9202C240.247 68.8591 224.819 64.7254 212.753 71.6921Z" fill="#3D53F6"/>
+<path opacity="0.8" d="M212.753 180.052L185.452 164.29C164.341 152.101 157.103 125.105 169.291 103.994C170.363 102.137 171.55 100.391 172.836 98.7544L237.976 136.363C241.919 138.639 245.01 141.822 247.153 145.49C251.56 153.053 251.901 162.699 247.21 170.824C240.247 182.885 224.819 187.019 212.753 180.052Z" fill="#3D53F6"/>
+<path d="M125.297 150.525C139.228 150.525 150.52 139.232 150.52 125.302C150.52 111.372 139.228 100.079 125.297 100.079C111.367 100.079 100.075 111.372 100.075 125.302C100.075 139.232 111.367 150.525 125.297 150.525Z" fill="#FF2F1D"/>
+<path opacity="0.8" d="M71.1172 212.753L86.8793 185.452C99.0678 164.341 126.064 157.102 147.175 169.291C149.032 170.363 150.778 171.55 152.415 172.836L114.806 237.976C112.53 241.919 109.347 245.01 105.679 247.153C98.1164 251.559 88.4698 251.901 80.3454 247.21C68.2842 240.247 64.1505 224.819 71.1172 212.753Z" fill="#FF2F1D"/>
+<path opacity="0.5" d="M179.477 212.752L163.715 185.452C151.526 164.341 124.53 157.102 103.419 169.291C101.562 170.363 99.8157 171.549 98.1794 172.836L135.788 237.976C138.064 241.919 141.247 245.01 144.915 247.153C152.478 251.559 162.124 251.901 170.249 247.21C182.31 240.246 186.444 224.819 179.477 212.752Z" fill="#FF2F1D"/>
+<path opacity="0.5" d="M71.1172 37.8419L86.8793 65.1425C99.0678 86.2537 126.064 93.4921 147.175 81.3036C149.032 80.2315 150.778 79.045 152.415 77.7583L114.806 12.6182C112.53 8.67589 109.347 5.58416 105.679 3.44179C98.1164 -0.964936 88.4698 -1.30613 80.3454 3.38449C68.2842 10.348 64.1505 25.7752 71.1172 37.8419Z" fill="#3D53F6"/>
+<path opacity="0.8" d="M179.477 37.8419L163.715 65.1425C151.526 86.2537 124.53 93.4921 103.419 81.3036C101.562 80.2315 99.8157 79.045 98.1794 77.7583L135.788 12.6182C138.064 8.67589 141.247 5.58416 144.915 3.44179C152.478 -0.964936 162.124 -1.30613 170.249 3.38449C182.31 10.348 186.444 25.7752 179.477 37.8419Z" fill="#3D53F6"/>
+</svg>

docs/static/img/providers/tiktok-dark.svg

@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg fill="#ffffff" width="64px" height="64px" viewBox="0 0 32 32" version="1.1" xmlns="http://www.w3.org/2000/svg" stroke="#ffffff">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+

docs/static/img/providers/tiktok.svg

@@ -0,0 +1,14 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-label="TikTok" role="img" viewBox="0 0 512.00 512.00" width="64px" height="64px" fill="#000000" stroke="#000000" stroke-width="0.00512">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round" stroke="#CCCCCC" stroke-width="1.024"/>
+
+<g id="SVGRepo_iconCarrier">
+
+<rect rx="15%" height="512" width="512" fill="#ffffff"/>
+
+<defs>

docs/vercel.json

@@ -1,4 +1,5 @@
 {
+  "$schema": "https://openapi.vercel.sh/vercel.json",
   "cleanUrls": true,
   "headers": [
     {
@@ -76,10 +77,15 @@
       "has": [{ "type": "host", "value": "warnings.authjs.dev" }],
       "destination": "https://authjs.dev/reference/warnings/:path*"
     },
+    {
+      "source": "/",
+      "has": [{ "type": "host", "value": "adapters.authjs.dev" }],
+      "destination": "https://authjs.dev/reference/adapters"
+    },
     {
       "source": "/:path(.*)",
       "has": [{ "type": "host", "value": "adapters.authjs.dev" }],
-      "destination": "https://authjs.dev/reference/adapters/:path*"
+      "destination": "https://authjs.dev/reference/adapter/:path*"
     },
     {
       "source": "/:path",

package.json

@@ -6,8 +6,8 @@
   "scripts": {
     "build:app": "turbo run build --filter=next-auth-app",
     "build:docs": "turbo run build --filter=docs",
-    "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
-    "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!@*upstash* --filter=!*dynamodb-*",
+    "build": "turbo run build --filter=next-auth --filter=@auth/* --no-deps",
+    "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!@*upstash* --filter=!*dynamodb-* --filter=!*app*",
     "clean": "turbo run clean --no-cache",
     "dev:db": "turbo run dev --parallel --continue --filter=next-auth-app...",
     "dev": "turbo run dev --parallel --continue --filter=next-auth-app... --filter=!./packages/adapter-*",
@@ -43,13 +43,13 @@
     "eslint-plugin-svelte3": "^4.0.0",
     "prettier": "2.8.1",
     "prettier-plugin-svelte": "^2.8.1",
-    "turbo": "1.10.1",
-    "typescript": "4.9.4"
+    "turbo": "^1.10.12",
+    "typescript": "5.2.2"
   },
   "engines": {
     "node": "^16.13.0 || ^18.12.0"
   },
-  "packageManager": "pnpm@7.23.0",
+  "packageManager": "pnpm@8.7.1",
   "funding": [
     {
       "type": "github",
@@ -249,6 +249,7 @@
       {
         "files": [
           "apps/dev/nextjs/pages/api/auth/[...nextauth].ts",
+          "apps/examples/nextjs/auth.ts",
           "docs/{sidebars,docusaurus.config}.js"
         ],
         "options": {

packages/adapter-dgraph/.npmrc

@@ -1 +0,0 @@
-//registry.npmjs.org/:_authToken=${NPM_TOKEN}

packages/adapter-dgraph/package.json

@@ -41,13 +41,13 @@
     "test": "./tests/test.sh"
   },
   "devDependencies": {
-    "@next-auth/adapter-test": "workspace:*",
-    "@next-auth/tsconfig": "workspace:*",
+    "@auth/adapter-test": "workspace:*",
+    "@auth/tsconfig": "workspace:*",
     "@types/jest": "^26.0.24",
     "@types/jsonwebtoken": "^8.5.5",
-    "@types/node-fetch": "^2.5.11",
     "jest": "^27.4.3",
     "ts-jest": "^27.0.3",
+    "typescript": "5.2.2",
     "undici": "5.22.1"
   },
   "dependencies": {
@@ -55,6 +55,6 @@
     "jsonwebtoken": "^8.5.1"
   },
   "jest": {
-    "preset": "@next-auth/adapter-test/jest"
+    "preset": "@auth/adapter-test/jest"
   }
-}
+}

packages/adapter-dgraph/tests/index.test.ts

@@ -1,7 +1,7 @@
 import { DgraphAdapter, format } from "../src"
 import { client as dgraphClient } from "../src/lib/client"
 import * as fragments from "../src/lib/graphql/fragments"
-import { runBasicTests } from "@next-auth/adapter-test"
+import { runBasicTests } from "@auth/adapter-test"
 import fs from "fs"
 import path from "path"
 

packages/adapter-dgraph/tsconfig.json

@@ -1,5 +1,5 @@
 {
-  "extends": "@next-auth/tsconfig/tsconfig.base.json",
+  "extends": "@auth/tsconfig/tsconfig.base.json",
   "compilerOptions": {
     "allowJs": true,
     "baseUrl": ".",

packages/adapter-drizzle/README.md

@@ -0,0 +1,28 @@
+<p align="center">
+  <br/>
+  <a href="https://authjs.dev" target="_blank">
+    <img height="64px" src="https://authjs.dev/img/logo/logo-sm.png" />
+  </a>
+  <a href="https://github.com/drizzle-team/drizzle-orm" target="_blank">
+    <img height="64px" src="https://authjs.dev/img/adapters/drizzle-orm.png"/>
+  </a>
+  <h3 align="center"><b>Drizzle ORM Adapter</b> - NextAuth.js / Auth.js</a></h3>
+  <p align="center" style="align: center;">
+    <a href="https://npm.im/@auth/drizzle-adapter">
+      <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+    </a>
+    <a href="https://npm.im/@auth/drizzle-adapter">
+      <img alt="npm" src="https://img.shields.io/npm/v/@auth/drizzle-adapter?color=green&label=@auth/drizzle-adapter&style=flat-square">
+    </a>
+    <a href="https://www.npmtrends.com/@auth/drizzle-adapter">
+      <img src="https://img.shields.io/npm/dm/@auth/drizzle-adapter?label=%20downloads&style=flat-square" alt="Downloads" />
+    </a>
+    <a href="https://github.com/nextauthjs/next-auth/stargazers">
+      <img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square" alt="Github Stars" />
+    </a>
+  </p>
+</p>
+
+---
+
+Check out the documentation at [authjs.dev](https://authjs.dev/reference/adapter/drizzle).

packages/adapter-drizzle/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@auth/drizzle-adapter",
+  "version": "0.3.2",
+  "description": "Drizzle adapter for Auth.js.",
+  "homepage": "https://authjs.dev",
+  "repository": "https://github.com/nextauthjs/next-auth",
+  "bugs": {
+    "url": "https://github.com/nextauthjs/next-auth/issues"
+  },
+  "author": "Anthony Shew",
+  "type": "module",
+  "types": "./index.d.ts",
+  "files": [
+    "*.d.ts*",
+    "*.js",
+    "lib",
+    "src"
+  ],
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    }
+  },
+  "license": "ISC",
+  "keywords": [
+    "next-auth",
+    "@auth",
+    "Auth.js",
+    "next.js",
+    "oauth",
+    "drizzle"
+  ],
+  "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "clean": "find . -type d -name \".drizzle\" | xargs rm -rf",
+    "test": "pnpm test:mysql && pnpm test:sqlite && pnpm test:pg",
+    "test:mysql": "pnpm clean && ./tests/mysql/test.sh",
+    "test:sqlite": "pnpm clean && ./tests/sqlite/test.sh",
+    "test:pg": "pnpm clean && ./tests/pg/test.sh",
+    "build": "tsc",
+    "dev": "drizzle-kit generate:mysql --schema=src/schema.ts --out=.drizzle && tsc -w"
+  },
+  "dependencies": {
+    "@auth/core": "workspace:*"
+  },
+  "devDependencies": {
+    "@auth/adapter-test": "workspace:*",
+    "@auth/tsconfig": "workspace:*",
+    "@types/better-sqlite3": "^7.6.4",
+    "@types/uuid": "^8.3.3",
+    "better-sqlite3": "^8.4.0",
+    "drizzle-kit": "^0.19.5",
+    "drizzle-orm": "^0.27.0",
+    "jest": "^27.4.3",
+    "mysql2": "^3.2.0",
+    "postgres": "^3.3.4"
+  },
+  "jest": {
+    "preset": "@auth/adapter-test/jest"
+  }
+}

packages/adapter-drizzle/src/index.ts

@@ -0,0 +1,269 @@
+/**
+ * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center", padding: 16}}>
+ *  <p style={{fontWeight: "normal"}}>Official <a href="https://orm.drizzle.team">Drizzle ORM</a> adapter for Auth.js / NextAuth.js.</p>
+ *  <a href="https://orm.drizzle.team">
+ *   <img style={{display: "block"}} src="/img/adapters/drizzle-orm.png" width="38" />
+ *  </a>
+ * </div>
+ *
+ * ## Installation
+ *
+ * ```bash npm2yarn2pnpm
+ * npm install drizzle-orm @auth/drizzle-adapter
+ * npm install drizzle-kit --save-dev
+ * ```
+ *
+ * @module @auth/drizzle-adapter
+ */
+
+import { MySqlDatabase, MySqlTableFn } from "drizzle-orm/mysql-core"
+import { PgDatabase, PgTableFn } from "drizzle-orm/pg-core"
+import { BaseSQLiteDatabase, SQLiteTableFn } from "drizzle-orm/sqlite-core"
+import { mySqlDrizzleAdapter } from "./lib/mysql.js"
+import { pgDrizzleAdapter } from "./lib/pg.js"
+import { SQLiteDrizzleAdapter } from "./lib/sqlite.js"
+import { SqlFlavorOptions, TableFn } from "./lib/utils.js"
+import { is } from "drizzle-orm"
+
+import type { Adapter } from "@auth/core/adapters"
+
+/**
+ * Add the adapter to your `pages/api/[...nextauth].ts` next-auth configuration object.
+ *
+ * ```ts title="pages/api/auth/[...nextauth].ts"
+ * import NextAuth from "next-auth"
+ * import GoogleProvider from "next-auth/providers/google"
+ * import { DrizzleAdapter } from "@auth/drizzle-adapter"
+ * import { db } from "./schema"
+ *
+ * export default NextAuth({
+ *   adapter: DrizzleAdapter(db),
+ *   providers: [
+ *     GoogleProvider({
+ *       clientId: process.env.GOOGLE_CLIENT_ID,
+ *       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ * 
+ * :::info
+ * If you're using multi-project schemas, you can pass your table function as a second argument
+ * :::
+ *
+ * ## Setup
+ *
+ * First, create a schema that includes [the minimum requirements for a `next-auth` adapter](/reference/adapters#models). You can select your favorite SQL flavor below and copy it.
+ * Additionally, you may extend the schema from the minimum requirements to suit your needs.
+ *
+ * - [Postgres](#postgres)
+ * - [MySQL](#mysql)
+ * - [SQLite](#sqlite)
+ *
+ * ### Postgres
+
+ * ```ts title="schema.ts"
+ * import {
+ *   timestamp,
+ *   pgTable,
+ *   text,
+ *   primaryKey,
+ *  integer
+ * } from "drizzle-orm/pg-core"
+ * import type { AdapterAccount } from '@auth/core/adapters'
+ *
+ * export const users = pgTable("user", {
+ *  id: text("id").notNull().primaryKey(),
+ *  name: text("name"),
+ *  email: text("email").notNull(),
+ *  emailVerified: timestamp("emailVerified", { mode: "date" }),
+ *  image: text("image"),
+ * })
+ *
+ * export const accounts = pgTable(
+ * "account",
+ * {
+ *   userId: text("userId")
+ *     .notNull()
+ *     .references(() => users.id, { onDelete: "cascade" }),
+ *   type: text("type").$type<AdapterAccount["type"]>().notNull(),
+ *   provider: text("provider").notNull(),
+ *   providerAccountId: text("providerAccountId").notNull(),
+ *   refresh_token: text("refresh_token"),
+ *   access_token: text("access_token"),
+ *   expires_at: integer("expires_at"),
+ *   token_type: text("token_type"),
+ *   scope: text("scope"),
+ *    id_token: text("id_token"),
+ *   session_state: text("session_state"),
+ * },
+ * (account) => ({
+ *   compoundKey: primaryKey(account.provider, account.providerAccountId),
+ * })
+ * )
+ *
+ * export const sessions = pgTable("session", {
+ *  sessionToken: text("sessionToken").notNull().primaryKey(),
+ *  userId: text("userId")
+ *    .notNull()
+ *    .references(() => users.id, { onDelete: "cascade" }),
+ *  expires: timestamp("expires", { mode: "date" }).notNull(),
+ * })
+ *
+ * export const verificationTokens = pgTable(
+ *  "verificationToken",
+ *  {
+ *    identifier: text("identifier").notNull(),
+ *    token: text("token").notNull(),
+ *    expires: timestamp("expires", { mode: "date" }).notNull(),
+ *  },
+ *  (vt) => ({
+ *    compoundKey: primaryKey(vt.identifier, vt.token),
+ *  })
+ * )
+ * ```
+ *
+ * ### MySQL
+ *
+ * ```ts title="schema.ts"
+ * import {
+ *  int,
+ *  timestamp,
+ *  mysqlTable,
+ *  primaryKey,
+ *  varchar,
+ * } from "drizzle-orm/mysql-core"
+ * import type { AdapterAccount } from "@auth/core/adapters"
+ *
+ * export const users = mysqlTable("user", {
+ *  id: varchar("id", { length: 255 }).notNull().primaryKey(),
+ *  name: varchar("name", { length: 255 }),
+ *  email: varchar("email", { length: 255 }).notNull(),
+ *   emailVerified: timestamp("emailVerified", { mode: "date", fsp: 3 }).defaultNow(),
+ *  image: varchar("image", { length: 255 }),
+ * })
+ *
+ * export const accounts = mysqlTable(
+ *  "account",
+ *   {
+ *    userId: varchar("userId", { length: 255 })
+ *       .notNull()
+ *       .references(() => users.id, { onDelete: "cascade" }),
+ *    type: varchar("type", { length: 255 }).$type<AdapterAccount["type"]>().notNull(),
+ *     provider: varchar("provider", { length: 255 }).notNull(),
+ *    providerAccountId: varchar("providerAccountId", { length: 255 }).notNull(),
+ *    refresh_token: varchar("refresh_token", { length: 255 }),
+ *    access_token: varchar("access_token", { length: 255 }),
+ *    expires_at: int("expires_at"),
+ *   token_type: varchar("token_type", { length: 255 }),
+ *   scope: varchar("scope", { length: 255 }),
+ *   id_token: varchar("id_token", { length: 255 }),
+ *   session_state: varchar("session_state", { length: 255 }),
+ * },
+ * (account) => ({
+ *   compoundKey: primaryKey(account.provider, account.providerAccountId),
+ * })
+ * )
+ *
+ * export const sessions = mysqlTable("session", {
+ *  sessionToken: varchar("sessionToken", { length: 255 }).notNull().primaryKey(),
+ *  userId: varchar("userId", { length: 255 })
+ *    .notNull()
+ *    .references(() => users.id, { onDelete: "cascade" }),
+ *  expires: timestamp("expires", { mode: "date" }).notNull(),
+ * })
+ *
+ * export const verificationTokens = mysqlTable(
+ * "verificationToken",
+ * {
+ *   identifier: varchar("identifier", { length: 255 }).notNull(),
+ *   token: varchar("token", { length: 255 }).notNull(),
+ *   expires: timestamp("expires", { mode: "date" }).notNull(),
+ * },
+ * (vt) => ({
+ *   compoundKey: primaryKey(vt.identifier, vt.token),
+ * })
+ * )
+ * ```
+ *
+ * ### SQLite
+ *
+ * ```ts title="schema.ts"
+ * import { integer, sqliteTable, text, primaryKey } from "drizzle-orm/sqlite-core"
+ * import type { AdapterAccount } from "@auth/core/adapters"
+ *
+ * export const users = sqliteTable("user", {
+ *  id: text("id").notNull().primaryKey(),
+ *  name: text("name"),
+ *  email: text("email").notNull(),
+ *  emailVerified: integer("emailVerified", { mode: "timestamp_ms" }),
+ *  image: text("image"),
+ * })
+ *
+ * export const accounts = sqliteTable(
+ *  "account",
+ *  {
+ *    userId: text("userId")
+ *      .notNull()
+ *      .references(() => users.id, { onDelete: "cascade" }),
+ *    type: text("type").$type<AdapterAccount["type"]>().notNull(),
+ *    provider: text("provider").notNull(),
+ *    providerAccountId: text("providerAccountId").notNull(),
+ *    refresh_token: text("refresh_token"),
+ *    access_token: text("access_token"),
+ *    expires_at: integer("expires_at"),
+ *    token_type: text("token_type"),
+ *    scope: text("scope"),
+ *    id_token: text("id_token"),
+ *    session_state: text("session_state"),
+ *  },
+ *  (account) => ({
+ *    compoundKey: primaryKey(account.provider, account.providerAccountId),
+ *  })
+ * )
+ *
+ * export const sessions = sqliteTable("session", {
+ * sessionToken: text("sessionToken").notNull().primaryKey(),
+ * userId: text("userId")
+ *   .notNull()
+ *   .references(() => users.id, { onDelete: "cascade" }),
+ * expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+ * })
+ *
+ * export const verificationTokens = sqliteTable(
+ * "verificationToken",
+ * {
+ *   identifier: text("identifier").notNull(),
+ *   token: text("token").notNull(),
+ *   expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+ * },
+ * (vt) => ({
+ *   compoundKey: primaryKey(vt.identifier, vt.token),
+ * })
+ * )
+ * ```
+ *
+ * ## Migrating your database
+ * With your schema now described in your code, you'll need to migrate your database to your schema.
+ *
+ * For full documentation on how to run migrations with Drizzle, [visit the Drizzle documentation](https://orm.drizzle.team/kit-docs/overview#running-migrations).
+ *
+ * ---
+ *
+ **/
+export function DrizzleAdapter<SqlFlavor extends SqlFlavorOptions>(
+  db: SqlFlavor,
+  table?: TableFn<SqlFlavor>
+): Adapter {
+  if (is(db, MySqlDatabase)) {
+    return mySqlDrizzleAdapter(db, table as MySqlTableFn)
+  } else if (is(db, PgDatabase)) {
+    return pgDrizzleAdapter(db, table as PgTableFn)
+  } else if (is(db, BaseSQLiteDatabase)) {
+    return SQLiteDrizzleAdapter(db, table as SQLiteTableFn)
+  }
+
+  throw new Error(
+    `Unsupported database type (${typeof db}) in Auth.js Drizzle adapter.`
+  )
+}

packages/adapter-drizzle/src/lib/mysql.ts

@@ -0,0 +1,264 @@
+import { and, eq } from "drizzle-orm"
+import {
+  int,
+  timestamp,
+  mysqlTable as defaultMySqlTableFn,
+  primaryKey,
+  varchar,
+  MySqlTableFn,
+  MySqlDatabase,
+} from "drizzle-orm/mysql-core"
+
+import type { Adapter, AdapterAccount } from "@auth/core/adapters"
+
+export function createTables(mySqlTable: MySqlTableFn) {
+  const users = mySqlTable("user", {
+    id: varchar("id", { length: 255 }).notNull().primaryKey(),
+    name: varchar("name", { length: 255 }),
+    email: varchar("email", { length: 255 }).notNull(),
+    emailVerified: timestamp("emailVerified", {
+      mode: "date",
+      fsp: 3,
+    }).defaultNow(),
+    image: varchar("image", { length: 255 }),
+  })
+
+  const accounts = mySqlTable(
+    "account",
+    {
+      userId: varchar("userId", { length: 255 })
+        .notNull()
+        .references(() => users.id, { onDelete: "cascade" }),
+      type: varchar("type", { length: 255 })
+        .$type<AdapterAccount["type"]>()
+        .notNull(),
+      provider: varchar("provider", { length: 255 }).notNull(),
+      providerAccountId: varchar("providerAccountId", {
+        length: 255,
+      }).notNull(),
+      refresh_token: varchar("refresh_token", { length: 255 }),
+      access_token: varchar("access_token", { length: 255 }),
+      expires_at: int("expires_at"),
+      token_type: varchar("token_type", { length: 255 }),
+      scope: varchar("scope", { length: 255 }),
+      id_token: varchar("id_token", { length: 255 }),
+      session_state: varchar("session_state", { length: 255 }),
+    },
+    (account) => ({
+      compoundKey: primaryKey(account.provider, account.providerAccountId),
+    })
+  )
+
+  const sessions = mySqlTable("session", {
+    sessionToken: varchar("sessionToken", { length: 255 })
+      .notNull()
+      .primaryKey(),
+    userId: varchar("userId", { length: 255 })
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    expires: timestamp("expires", { mode: "date" }).notNull(),
+  })
+
+  const verificationTokens = mySqlTable(
+    "verificationToken",
+    {
+      identifier: varchar("identifier", { length: 255 }).notNull(),
+      token: varchar("token", { length: 255 }).notNull(),
+      expires: timestamp("expires", { mode: "date" }).notNull(),
+    },
+    (vt) => ({
+      compoundKey: primaryKey(vt.identifier, vt.token),
+    })
+  )
+
+  return { users, accounts, sessions, verificationTokens }
+}
+
+export type DefaultSchema = ReturnType<typeof createTables>
+
+export function mySqlDrizzleAdapter(
+  client: InstanceType<typeof MySqlDatabase>,
+  tableFn = defaultMySqlTableFn
+): Adapter {
+  const { users, accounts, sessions, verificationTokens } =
+    createTables(tableFn)
+
+  return {
+    async createUser(data) {
+      const id = crypto.randomUUID()
+
+      await client.insert(users).values({ ...data, id })
+
+      return await client
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0])
+    },
+    async getUser(data) {
+      const thing =
+        (await client
+          .select()
+          .from(users)
+          .where(eq(users.id, data))
+          .then((res) => res[0])) ?? null
+
+      return thing
+    },
+    async getUserByEmail(data) {
+      const user =
+        (await client
+          .select()
+          .from(users)
+          .where(eq(users.email, data))
+          .then((res) => res[0])) ?? null
+
+      return user
+    },
+    async createSession(data) {
+      await client.insert(sessions).values(data)
+
+      return await client
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+        .then((res) => res[0])
+    },
+    async getSessionAndUser(data) {
+      const sessionAndUser =
+        (await client
+          .select({
+            session: sessions,
+            user: users,
+          })
+          .from(sessions)
+          .where(eq(sessions.sessionToken, data))
+          .innerJoin(users, eq(users.id, sessions.userId))
+          .then((res) => res[0])) ?? null
+
+      return sessionAndUser
+    },
+    async updateUser(data) {
+      if (!data.id) {
+        throw new Error("No user id.")
+      }
+
+      await client.update(users).set(data).where(eq(users.id, data.id))
+
+      return await client
+        .select()
+        .from(users)
+        .where(eq(users.id, data.id))
+        .then((res) => res[0])
+    },
+    async updateSession(data) {
+      await client
+        .update(sessions)
+        .set(data)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+
+      return await client
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+        .then((res) => res[0])
+    },
+    async linkAccount(rawAccount) {
+      await client.insert(accounts).values(rawAccount)
+    },
+    async getUserByAccount(account) {
+      const dbAccount =
+        (await client
+          .select()
+          .from(accounts)
+          .where(
+            and(
+              eq(accounts.providerAccountId, account.providerAccountId),
+              eq(accounts.provider, account.provider)
+            )
+          )
+          .leftJoin(users, eq(accounts.userId, users.id))
+          .then((res) => res[0])) ?? null
+
+      if (!dbAccount) {
+        return null
+      }
+
+      return dbAccount.user
+    },
+    async deleteSession(sessionToken) {
+      const session =
+        (await client
+          .select()
+          .from(sessions)
+          .where(eq(sessions.sessionToken, sessionToken))
+          .then((res) => res[0])) ?? null
+
+      await client
+        .delete(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+
+      return session
+    },
+    async createVerificationToken(token) {
+      await client.insert(verificationTokens).values(token)
+
+      return await client
+        .select()
+        .from(verificationTokens)
+        .where(eq(verificationTokens.identifier, token.identifier))
+        .then((res) => res[0])
+    },
+    async useVerificationToken(token) {
+      try {
+        const deletedToken =
+          (await client
+            .select()
+            .from(verificationTokens)
+            .where(
+              and(
+                eq(verificationTokens.identifier, token.identifier),
+                eq(verificationTokens.token, token.token)
+              )
+            )
+            .then((res) => res[0])) ?? null
+
+        await client
+          .delete(verificationTokens)
+          .where(
+            and(
+              eq(verificationTokens.identifier, token.identifier),
+              eq(verificationTokens.token, token.token)
+            )
+          )
+
+        return deletedToken
+      } catch (err) {
+        throw new Error("No verification token found.")
+      }
+    },
+    async deleteUser(id) {
+      const user = await client
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0] ?? null)
+
+      await client.delete(users).where(eq(users.id, id))
+
+      return user
+    },
+    async unlinkAccount(account) {
+      await client
+        .delete(accounts)
+        .where(
+          and(
+            eq(accounts.providerAccountId, account.providerAccountId),
+            eq(accounts.provider, account.provider)
+          )
+        )
+
+      return undefined
+    },
+  }
+}

packages/adapter-drizzle/src/lib/pg.ts

@@ -0,0 +1,233 @@
+import { and, eq } from "drizzle-orm"
+import {
+  timestamp,
+  pgTable as defaultPgTableFn,
+  text,
+  primaryKey,
+  integer,
+  PgTableFn,
+  PgDatabase,
+} from "drizzle-orm/pg-core"
+
+import type { Adapter, AdapterAccount } from "@auth/core/adapters"
+
+export function createTables(pgTable: PgTableFn) {
+  const users = pgTable("user", {
+    id: text("id").notNull().primaryKey(),
+    name: text("name"),
+    email: text("email").notNull(),
+    emailVerified: timestamp("emailVerified", { mode: "date" }),
+    image: text("image"),
+  })
+
+  const accounts = pgTable(
+    "account",
+    {
+      userId: text("userId")
+        .notNull()
+        .references(() => users.id, { onDelete: "cascade" }),
+      type: text("type").$type<AdapterAccount["type"]>().notNull(),
+      provider: text("provider").notNull(),
+      providerAccountId: text("providerAccountId").notNull(),
+      refresh_token: text("refresh_token"),
+      access_token: text("access_token"),
+      expires_at: integer("expires_at"),
+      token_type: text("token_type"),
+      scope: text("scope"),
+      id_token: text("id_token"),
+      session_state: text("session_state"),
+    },
+    (account) => ({
+      compoundKey: primaryKey(account.provider, account.providerAccountId),
+    })
+  )
+
+  const sessions = pgTable("session", {
+    sessionToken: text("sessionToken").notNull().primaryKey(),
+    userId: text("userId")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    expires: timestamp("expires", { mode: "date" }).notNull(),
+  })
+
+  const verificationTokens = pgTable(
+    "verificationToken",
+    {
+      identifier: text("identifier").notNull(),
+      token: text("token").notNull(),
+      expires: timestamp("expires", { mode: "date" }).notNull(),
+    },
+    (vt) => ({
+      compoundKey: primaryKey(vt.identifier, vt.token),
+    })
+  )
+
+  return { users, accounts, sessions, verificationTokens }
+}
+
+export type DefaultSchema = ReturnType<typeof createTables>
+
+export function pgDrizzleAdapter(
+  client: InstanceType<typeof PgDatabase>,
+  tableFn = defaultPgTableFn
+): Adapter {
+  const { users, accounts, sessions, verificationTokens } =
+    createTables(tableFn)
+
+  return {
+    async createUser(data) {
+      return await client
+        .insert(users)
+        .values({ ...data, id: crypto.randomUUID() })
+        .returning()
+        .then((res) => res[0] ?? null)
+    },
+    async getUser(data) {
+      return await client
+        .select()
+        .from(users)
+        .where(eq(users.id, data))
+        .then((res) => res[0] ?? null)
+    },
+    async getUserByEmail(data) {
+      return await client
+        .select()
+        .from(users)
+        .where(eq(users.email, data))
+        .then((res) => res[0] ?? null)
+    },
+    async createSession(data) {
+      return await client
+        .insert(sessions)
+        .values(data)
+        .returning()
+        .then((res) => res[0])
+    },
+    async getSessionAndUser(data) {
+      return await client
+        .select({
+          session: sessions,
+          user: users,
+        })
+        .from(sessions)
+        .where(eq(sessions.sessionToken, data))
+        .innerJoin(users, eq(users.id, sessions.userId))
+        .then((res) => res[0] ?? null)
+    },
+    async updateUser(data) {
+      if (!data.id) {
+        throw new Error("No user id.")
+      }
+
+      return await client
+        .update(users)
+        .set(data)
+        .where(eq(users.id, data.id))
+        .returning()
+        .then((res) => res[0])
+    },
+    async updateSession(data) {
+      return await client
+        .update(sessions)
+        .set(data)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+        .returning()
+        .then((res) => res[0])
+    },
+    async linkAccount(rawAccount) {
+      const updatedAccount = await client
+        .insert(accounts)
+        .values(rawAccount)
+        .returning()
+        .then((res) => res[0])
+
+      // Drizzle will return `null` for fields that are not defined.
+      // However, the return type is expecting `undefined`.
+      const account = {
+        ...updatedAccount,
+        access_token: updatedAccount.access_token ?? undefined,
+        token_type: updatedAccount.token_type ?? undefined,
+        id_token: updatedAccount.id_token ?? undefined,
+        refresh_token: updatedAccount.refresh_token ?? undefined,
+        scope: updatedAccount.scope ?? undefined,
+        expires_at: updatedAccount.expires_at ?? undefined,
+        session_state: updatedAccount.session_state ?? undefined,
+      }
+
+      return account
+    },
+    async getUserByAccount(account) {
+      const dbAccount =
+        (await client
+          .select()
+          .from(accounts)
+          .where(
+            and(
+              eq(accounts.providerAccountId, account.providerAccountId),
+              eq(accounts.provider, account.provider)
+            )
+          )
+          .leftJoin(users, eq(accounts.userId, users.id))
+          .then((res) => res[0])) ?? null
+
+      if (!dbAccount) {
+        return null
+      }
+
+      return dbAccount.user
+    },
+    async deleteSession(sessionToken) {
+      const session = await client
+        .delete(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .returning()
+        .then((res) => res[0] ?? null)
+
+      return session
+    },
+    async createVerificationToken(token) {
+      return await client
+        .insert(verificationTokens)
+        .values(token)
+        .returning()
+        .then((res) => res[0])
+    },
+    async useVerificationToken(token) {
+      try {
+        return await client
+          .delete(verificationTokens)
+          .where(
+            and(
+              eq(verificationTokens.identifier, token.identifier),
+              eq(verificationTokens.token, token.token)
+            )
+          )
+          .returning()
+          .then((res) => res[0] ?? null)
+      } catch (err) {
+        throw new Error("No verification token found.")
+      }
+    },
+    async deleteUser(id) {
+      await client
+        .delete(users)
+        .where(eq(users.id, id))
+        .returning()
+        .then((res) => res[0] ?? null)
+    },
+    async unlinkAccount(account) {
+      const { type, provider, providerAccountId, userId } = await client
+        .delete(accounts)
+        .where(
+          and(
+            eq(accounts.providerAccountId, account.providerAccountId),
+            eq(accounts.provider, account.provider)
+          )
+        )
+        .returning()
+        .then((res) => res[0] ?? null)
+
+      return { provider, type, providerAccountId, userId }
+    },
+  }
+}

packages/adapter-drizzle/src/lib/sqlite.ts

@@ -0,0 +1,211 @@
+import { eq, and } from "drizzle-orm"
+import {
+  integer,
+  sqliteTable as defaultSqliteTableFn,
+  text,
+  primaryKey,
+  BaseSQLiteDatabase,
+  SQLiteTableFn,
+} from "drizzle-orm/sqlite-core"
+
+import type { Adapter, AdapterAccount } from "@auth/core/adapters"
+
+export function createTables(sqliteTable: SQLiteTableFn) {
+  const users = sqliteTable("user", {
+    id: text("id").notNull().primaryKey(),
+    name: text("name"),
+    email: text("email").notNull(),
+    emailVerified: integer("emailVerified", { mode: "timestamp_ms" }),
+    image: text("image"),
+  })
+
+  const accounts = sqliteTable(
+    "account",
+    {
+      userId: text("userId")
+        .notNull()
+        .references(() => users.id, { onDelete: "cascade" }),
+      type: text("type").$type<AdapterAccount["type"]>().notNull(),
+      provider: text("provider").notNull(),
+      providerAccountId: text("providerAccountId").notNull(),
+      refresh_token: text("refresh_token"),
+      access_token: text("access_token"),
+      expires_at: integer("expires_at"),
+      token_type: text("token_type"),
+      scope: text("scope"),
+      id_token: text("id_token"),
+      session_state: text("session_state"),
+    },
+    (account) => ({
+      compoundKey: primaryKey(account.provider, account.providerAccountId),
+    })
+  )
+
+  const sessions = sqliteTable("session", {
+    sessionToken: text("sessionToken").notNull().primaryKey(),
+    userId: text("userId")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+  })
+
+  const verificationTokens = sqliteTable(
+    "verificationToken",
+    {
+      identifier: text("identifier").notNull(),
+      token: text("token").notNull(),
+      expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+    },
+    (vt) => ({
+      compoundKey: primaryKey(vt.identifier, vt.token),
+    })
+  )
+
+  return { users, accounts, sessions, verificationTokens }
+}
+
+export type DefaultSchema = ReturnType<typeof createTables>
+
+export function SQLiteDrizzleAdapter(
+  client: InstanceType<typeof BaseSQLiteDatabase>,
+  tableFn = defaultSqliteTableFn
+): Adapter {
+  const { users, accounts, sessions, verificationTokens } =
+    createTables(tableFn)
+
+  return {
+    createUser(data) {
+      return client
+        .insert(users)
+        .values({ ...data, id: crypto.randomUUID() })
+        .returning()
+        .get()
+    },
+    getUser(data) {
+      return client.select().from(users).where(eq(users.id, data)).get() ?? null
+    },
+    getUserByEmail(data) {
+      return (
+        client.select().from(users).where(eq(users.email, data)).get() ?? null
+      )
+    },
+    createSession(data) {
+      return client.insert(sessions).values(data).returning().get()
+    },
+    getSessionAndUser(data) {
+      return (
+        client
+          .select({
+            session: sessions,
+            user: users,
+          })
+          .from(sessions)
+          .where(eq(sessions.sessionToken, data))
+          .innerJoin(users, eq(users.id, sessions.userId))
+          .get() ?? null
+      )
+    },
+    updateUser(data) {
+      if (!data.id) {
+        throw new Error("No user id.")
+      }
+
+      return client
+        .update(users)
+        .set(data)
+        .where(eq(users.id, data.id))
+        .returning()
+        .get()
+    },
+    updateSession(data) {
+      return client
+        .update(sessions)
+        .set(data)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+        .returning()
+        .get()
+    },
+    linkAccount(rawAccount) {
+      const updatedAccount = client
+        .insert(accounts)
+        .values(rawAccount)
+        .returning()
+        .get()
+
+      const account: AdapterAccount = {
+        ...updatedAccount,
+        type: updatedAccount.type,
+        access_token: updatedAccount.access_token ?? undefined,
+        token_type: updatedAccount.token_type ?? undefined,
+        id_token: updatedAccount.id_token ?? undefined,
+        refresh_token: updatedAccount.refresh_token ?? undefined,
+        scope: updatedAccount.scope ?? undefined,
+        expires_at: updatedAccount.expires_at ?? undefined,
+        session_state: updatedAccount.session_state ?? undefined,
+      }
+
+      return account
+    },
+    getUserByAccount(account) {
+      const results = client
+        .select()
+        .from(accounts)
+        .leftJoin(users, eq(users.id, accounts.userId))
+        .where(
+          and(
+            eq(accounts.provider, account.provider),
+            eq(accounts.providerAccountId, account.providerAccountId)
+          )
+        )
+        .get()
+
+      return results?.user ?? null
+    },
+    deleteSession(sessionToken) {
+      return (
+        client
+          .delete(sessions)
+          .where(eq(sessions.sessionToken, sessionToken))
+          .returning()
+          .get() ?? null
+      )
+    },
+    createVerificationToken(token) {
+      return client.insert(verificationTokens).values(token).returning().get()
+    },
+    useVerificationToken(token) {
+      try {
+        return (
+          client
+            .delete(verificationTokens)
+            .where(
+              and(
+                eq(verificationTokens.identifier, token.identifier),
+                eq(verificationTokens.token, token.token)
+              )
+            )
+            .returning()
+            .get() ?? null
+        )
+      } catch (err) {
+        throw new Error("No verification token found.")
+      }
+    },
+    deleteUser(id) {
+      return client.delete(users).where(eq(users.id, id)).returning().get()
+    },
+    unlinkAccount(account) {
+      client
+        .delete(accounts)
+        .where(
+          and(
+            eq(accounts.providerAccountId, account.providerAccountId),
+            eq(accounts.provider, account.provider)
+          )
+        )
+        .run()
+
+      return undefined
+    },
+  }
+}

packages/adapter-drizzle/src/lib/utils.ts

@@ -0,0 +1,41 @@
+import { MySqlDatabase } from "drizzle-orm/mysql-core"
+import { PgDatabase } from "drizzle-orm/pg-core"
+import { BaseSQLiteDatabase } from "drizzle-orm/sqlite-core"
+
+import type { AnyMySqlTable, MySqlTableFn } from "drizzle-orm/mysql-core"
+import type { AnyPgTable, PgTableFn } from "drizzle-orm/pg-core"
+import type { AnySQLiteTable, SQLiteTableFn } from "drizzle-orm/sqlite-core"
+import type { DefaultSchema as PgSchema } from "./pg.js"
+import type { DefaultSchema as MySqlSchema } from "./mysql.js"
+import type { DefaultSchema as SQLiteSchema } from "./sqlite.js"
+
+export type AnyMySqlDatabase = MySqlDatabase<any, any>
+export type AnyPgDatabase = PgDatabase<any, any, any>
+export type AnySQLiteDatabase = BaseSQLiteDatabase<any, any, any, any>
+
+export interface MinimumSchema {
+  mysql: MySqlSchema & Record<string, AnyMySqlTable>
+  pg: PgSchema & Record<string, AnyPgTable>
+  sqlite: SQLiteSchema & Record<string, AnySQLiteTable>
+}
+
+export type SqlFlavorOptions =
+  | AnyMySqlDatabase
+  | AnyPgDatabase
+  | AnySQLiteDatabase
+
+export type ClientFlavors<Flavor> = Flavor extends AnyMySqlDatabase
+  ? MinimumSchema["mysql"]
+  : Flavor extends AnyPgDatabase
+  ? MinimumSchema["pg"]
+  : Flavor extends AnySQLiteDatabase
+  ? MinimumSchema["sqlite"]
+  : never
+
+export type TableFn<Flavor> = Flavor extends AnyMySqlDatabase
+  ? MySqlTableFn
+  : Flavor extends AnyPgDatabase
+  ? PgTableFn
+  : Flavor extends AnySQLiteDatabase
+  ? SQLiteTableFn
+  : AnySQLiteTable

packages/adapter-drizzle/tests/fixtures.ts

@@ -0,0 +1,43 @@
+// This work is needed as workaround to Drizzle truncating millisecond precision.
+// https://github.com/drizzle-team/drizzle-orm/pull/668
+
+import { randomUUID } from "../../adapter-test"
+
+const emailVerified = new Date()
+emailVerified.setMilliseconds(0)
+
+const ONE_WEEK_FROM_NOW = new Date(Date.now() + 1000 * 60 * 60 * 24 * 7)
+ONE_WEEK_FROM_NOW.setMilliseconds(0)
+const FIFTEEN_MINUTES_FROM_NOW = new Date(Date.now() + 15 * 60 * 1000)
+FIFTEEN_MINUTES_FROM_NOW.setMilliseconds(0)
+
+const ONE_MONTH = 1000 * 60 * 60 * 24 * 30
+const ONE_MONTH_FROM_NOW = new Date(Date.now() + ONE_MONTH)
+ONE_MONTH_FROM_NOW.setMilliseconds(0)
+
+export const fixtures = {
+  user: {
+    email: "fill@murray.com",
+    image: "https://www.fillmurray.com/460/300",
+    name: "Fill Murray",
+    emailVerified,
+  },
+  session: {
+    sessionToken: randomUUID(),
+    expires: ONE_WEEK_FROM_NOW,
+  },
+  sessionUpdateExpires: ONE_MONTH_FROM_NOW,
+  verificationTokenExpires: FIFTEEN_MINUTES_FROM_NOW,
+  account: {
+    provider: "github",
+    providerAccountId: randomUUID(),
+    type: "oauth",
+    access_token: randomUUID(),
+    expires_at: ONE_MONTH / 1000,
+    id_token: randomUUID(),
+    refresh_token: randomUUID(),
+    token_type: "bearer",
+    scope: "user",
+    session_state: randomUUID(),
+  },
+}

packages/adapter-drizzle/tests/mysql-multi-project-schema/drizzle.config.ts

@@ -0,0 +1,13 @@
+import type { Config } from "drizzle-kit"
+
+export default {
+  schema: "./tests/mysql/schema.ts",
+  out: "./tests/mysql/.drizzle",
+  driver: "mysql2",
+  dbCredentials: {
+    host: "localhost",
+    user: "root",
+    password: "password",
+    database: "next-auth",
+  },
+} satisfies Config

packages/adapter-drizzle/tests/mysql-multi-project-schema/index.test.ts

@@ -0,0 +1,71 @@
+import { runBasicTests } from "../../../adapter-test"
+import { DrizzleAdapter } from "../../src"
+import { db, sessions, verificationTokens, accounts, users } from "./schema"
+import { eq, and } from "drizzle-orm"
+import { fixtures } from "../fixtures"
+
+globalThis.crypto ??= require("node:crypto").webcrypto
+
+runBasicTests({
+  adapter: DrizzleAdapter(db),
+  fixtures,
+  db: {
+    connect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    disconnect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    user: async (id) => {
+      const user = await db
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0] ?? null)
+      return user
+    },
+    session: async (sessionToken) => {
+      const session = await db
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .then((res) => res[0] ?? null)
+
+      return session
+    },
+    account: (provider_providerAccountId) => {
+      const account = db
+        .select()
+        .from(accounts)
+        .where(
+          eq(
+            accounts.providerAccountId,
+            provider_providerAccountId.providerAccountId
+          )
+        )
+        .then((res) => res[0] ?? null)
+      return account
+    },
+    verificationToken: (identifier_token) =>
+      db
+        .select()
+        .from(verificationTokens)
+        .where(
+          and(
+            eq(verificationTokens.token, identifier_token.token),
+            eq(verificationTokens.identifier, identifier_token.identifier)
+          )
+        )
+        .then((res) => res[0]) ?? null,
+  },
+})

packages/adapter-drizzle/tests/mysql-multi-project-schema/schema.ts

@@ -0,0 +1,19 @@
+import { mysqlTableCreator } from "drizzle-orm/mysql-core"
+import { drizzle } from "drizzle-orm/mysql2"
+import { createPool } from "mysql2"
+import { createTables } from "../../src/lib/mysql"
+
+const poolConnection = createPool({
+  host: "localhost",
+  user: "root",
+  password: "password",
+  database: "next-auth",
+})
+
+const mysqlTable = mysqlTableCreator((name) => `foobar_${name}`)
+
+export const { users, accounts, sessions, verificationTokens } =
+  createTables(mysqlTable)
+export const schema = { users, accounts, sessions, verificationTokens }
+
+export const db = drizzle(poolConnection, { schema })

packages/adapter-drizzle/tests/mysql-multi-project-schema/test.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+echo "Initializing container for MySQL tests."
+
+MYSQL_DATABASE=next-auth
+MYSQL_ROOT_PASSWORD=password
+MYSQL_CONTAINER_NAME=next-auth-mysql-test
+
+docker run -d --rm \
+-e MYSQL_DATABASE=${MYSQL_DATABASE} \
+-e MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--name "${MYSQL_CONTAINER_NAME}" \
+-p 3306:3306 \
+mysql:8 \
+--default-authentication-plugin=mysql_native_password
+
+echo "Waiting 15 sec for db to start..." && sleep 15
+
+drizzle-kit generate:mysql --config=./tests/mysql/drizzle.config.ts
+drizzle-kit push:mysql --config=./tests/mysql/drizzle.config.ts
+jest ./tests/mysql/index.test.ts --forceExit
+docker stop ${MYSQL_CONTAINER_NAME}

packages/adapter-drizzle/tests/mysql/drizzle.config.ts

@@ -0,0 +1,13 @@
+import type { Config } from "drizzle-kit"
+
+export default {
+  schema: "./tests/mysql/schema.ts",
+  out: "./tests/mysql/.drizzle",
+  driver: "mysql2",
+  dbCredentials: {
+    host: "localhost",
+    user: "root",
+    password: "password",
+    database: "next-auth",
+  },
+} satisfies Config

packages/adapter-drizzle/tests/mysql/index.test.ts

@@ -0,0 +1,71 @@
+import { runBasicTests } from "../../../adapter-test"
+import { DrizzleAdapter } from "../../src"
+import { db, sessions, verificationTokens, accounts, users } from "./schema"
+import { eq, and } from "drizzle-orm"
+import { fixtures } from "../fixtures"
+
+globalThis.crypto ??= require("node:crypto").webcrypto
+
+runBasicTests({
+  adapter: DrizzleAdapter(db),
+  fixtures,
+  db: {
+    connect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    disconnect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    user: async (id) => {
+      const user = await db
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0] ?? null)
+      return user
+    },
+    session: async (sessionToken) => {
+      const session = await db
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .then((res) => res[0] ?? null)
+
+      return session
+    },
+    account: (provider_providerAccountId) => {
+      const account = db
+        .select()
+        .from(accounts)
+        .where(
+          eq(
+            accounts.providerAccountId,
+            provider_providerAccountId.providerAccountId
+          )
+        )
+        .then((res) => res[0] ?? null)
+      return account
+    },
+    verificationToken: (identifier_token) =>
+      db
+        .select()
+        .from(verificationTokens)
+        .where(
+          and(
+            eq(verificationTokens.token, identifier_token.token),
+            eq(verificationTokens.identifier, identifier_token.identifier)
+          )
+        )
+        .then((res) => res[0]) ?? null,
+  },
+})

packages/adapter-drizzle/tests/mysql/schema.ts

@@ -0,0 +1,17 @@
+import { mysqlTable } from "drizzle-orm/mysql-core"
+import { drizzle } from "drizzle-orm/mysql2"
+import { createPool } from "mysql2"
+import { createTables } from "../../src/lib/mysql"
+
+const poolConnection = createPool({
+  host: "localhost",
+  user: "root",
+  password: "password",
+  database: "next-auth",
+})
+
+export const { users, accounts, sessions, verificationTokens } =
+  createTables(mysqlTable)
+export const schema = { users, accounts, sessions, verificationTokens }
+
+export const db = drizzle(poolConnection, { schema })

packages/adapter-drizzle/tests/mysql/test.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+echo "Initializing container for MySQL tests."
+
+MYSQL_DATABASE=next-auth
+MYSQL_ROOT_PASSWORD=password
+MYSQL_CONTAINER_NAME=next-auth-mysql-test
+
+docker run -d --rm \
+-e MYSQL_DATABASE=${MYSQL_DATABASE} \
+-e MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--name "${MYSQL_CONTAINER_NAME}" \
+-p 3306:3306 \
+mysql:8 \
+--default-authentication-plugin=mysql_native_password
+
+echo "Waiting 15 sec for db to start..." && sleep 15
+
+drizzle-kit generate:mysql --config=./tests/mysql/drizzle.config.ts
+drizzle-kit push:mysql --config=./tests/mysql/drizzle.config.ts
+jest ./tests/mysql/index.test.ts --forceExit
+docker stop ${MYSQL_CONTAINER_NAME}

packages/adapter-drizzle/tests/pg-multi-project-schema/drizzle.config.ts

@@ -0,0 +1,13 @@
+import type { Config } from "drizzle-kit"
+
+export default {
+  schema: "./tests/pg/schema.ts",
+  out: "./tests/pg/.drizzle",
+  dbCredentials: {
+    database: "nextauth",
+    host: "nextauth",
+    user: "nextauth",
+    password: "nextauth",
+    port: 5432,
+  },
+} satisfies Config

packages/adapter-drizzle/tests/pg-multi-project-schema/index.test.ts

@@ -0,0 +1,65 @@
+import { runBasicTests } from "../../../adapter-test"
+import { DrizzleAdapter } from "../../src"
+import { db, accounts, sessions, users, verificationTokens } from "./schema"
+import { eq, and } from "drizzle-orm"
+import { fixtures } from "../fixtures"
+
+globalThis.crypto ??= require("node:crypto").webcrypto
+
+runBasicTests({
+  adapter: DrizzleAdapter(db),
+  fixtures,
+  db: {
+    connect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    disconnect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    user: async (id) =>
+      db
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0] ?? null),
+    session: (sessionToken) =>
+      db
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .then((res) => res[0] ?? null),
+    account: (provider_providerAccountId) => {
+      return db
+        .select()
+        .from(accounts)
+        .where(
+          eq(
+            accounts.providerAccountId,
+            provider_providerAccountId.providerAccountId
+          )
+        )
+        .then((res) => res[0] ?? null)
+    },
+    verificationToken: (identifier_token) =>
+      db
+        .select()
+        .from(verificationTokens)
+        .where(
+          and(
+            eq(verificationTokens.token, identifier_token.token),
+            eq(verificationTokens.identifier, identifier_token.identifier)
+          )
+        )
+        .then((res) => res[0] ?? null),
+  },
+})

packages/adapter-drizzle/tests/pg-multi-project-schema/migrator.ts

@@ -0,0 +1,10 @@
+import { migrate } from "drizzle-orm/postgres-js/migrator"
+import { db } from "./schema"
+
+const migrator = async () => {
+  await migrate(db, { migrationsFolder: "./tests/pg/.drizzle" })
+}
+
+migrator()
+  .then(() => process.exit(0))
+  .catch(() => process.exit(1))

packages/adapter-drizzle/tests/pg-multi-project-schema/schema.ts

@@ -0,0 +1,17 @@
+import { drizzle } from "drizzle-orm/postgres-js"
+import postgres from "postgres"
+import { createTables } from "../../src/lib/pg"
+import { pgTableCreator } from "drizzle-orm/pg-core"
+
+const connectionString = "postgres://nextauth:nextauth@localhost:5432/nextauth"
+const sql = postgres(connectionString, { max: 1 })
+
+const pgTable = pgTableCreator((name) => `foobar_${name}`)
+
+export const { users, accounts, sessions, verificationTokens } =
+  createTables(pgTable)
+export const schema = { users, accounts, sessions, verificationTokens }
+
+export const db = drizzle(sql, {
+  schema,
+})

packages/adapter-drizzle/tests/pg-multi-project-schema/test.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+echo "Initializing container for PostgreSQL tests."
+
+PGUSER=nextauth
+PGPASSWORD=nextauth
+PGDATABASE=nextauth
+PGPORT=5432
+PG_CONTAINER_NAME=next-auth-postgres-test
+
+docker run -d --rm \
+-e POSTGRES_USER=${PGUSER} \
+-e POSTGRES_PASSWORD=${PGUSER} \
+-e POSTGRES_DB=${PGDATABASE} \
+-e POSTGRES_HOST_AUTH_METHOD=trust \
+--name "${PG_CONTAINER_NAME}" \
+-p ${PGPORT}:5432 \
+postgres:15.3
+
+echo "Waiting 15 sec for db to start..." && sleep 15
+
+drizzle-kit generate:pg --config=./tests/pg/drizzle.config.ts
+npx tsx ./tests/pg/migrator.ts
+jest ./tests/pg/index.test.ts --forceExit
+docker stop ${PG_CONTAINER_NAME}

packages/adapter-drizzle/tests/pg/drizzle.config.ts

@@ -0,0 +1,13 @@
+import type { Config } from "drizzle-kit"
+
+export default {
+  schema: "./tests/pg/schema.ts",
+  out: "./tests/pg/.drizzle",
+  dbCredentials: {
+    database: "nextauth",
+    host: "nextauth",
+    user: "nextauth",
+    password: "nextauth",
+    port: 5432,
+  },
+} satisfies Config

packages/adapter-drizzle/tests/pg/index.test.ts

@@ -0,0 +1,65 @@
+import { runBasicTests } from "../../../adapter-test"
+import { DrizzleAdapter } from "../../src"
+import { db, accounts, sessions, users, verificationTokens } from "./schema"
+import { eq, and } from "drizzle-orm"
+import { fixtures } from "../fixtures"
+
+globalThis.crypto ??= require("node:crypto").webcrypto
+
+runBasicTests({
+  adapter: DrizzleAdapter(db),
+  fixtures,
+  db: {
+    connect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    disconnect: async () => {
+      await Promise.all([
+        db.delete(sessions),
+        db.delete(accounts),
+        db.delete(verificationTokens),
+        db.delete(users),
+      ])
+    },
+    user: async (id) =>
+      db
+        .select()
+        .from(users)
+        .where(eq(users.id, id))
+        .then((res) => res[0] ?? null),
+    session: (sessionToken) =>
+      db
+        .select()
+        .from(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .then((res) => res[0] ?? null),
+    account: (provider_providerAccountId) => {
+      return db
+        .select()
+        .from(accounts)
+        .where(
+          eq(
+            accounts.providerAccountId,
+            provider_providerAccountId.providerAccountId
+          )
+        )
+        .then((res) => res[0] ?? null)
+    },
+    verificationToken: (identifier_token) =>
+      db
+        .select()
+        .from(verificationTokens)
+        .where(
+          and(
+            eq(verificationTokens.token, identifier_token.token),
+            eq(verificationTokens.identifier, identifier_token.identifier)
+          )
+        )
+        .then((res) => res[0] ?? null),
+  },
+})