chore(release): bump package version(s) [skip ci]

feat(sveltekit): allow dynamic authOptions (#6744 )
* added optional dynamic sveltekit options * changed dynamicOptions function to async * converted dynamicOptions to a named type * updated inline docs to show async capabilities * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * refined to a simpler function signature * removed redundant return statement * Apply suggestions from code review --------- Co-authored-by: Thang Vu <hi@thvu.dev>
2026-05-01 10:55:20 +00:00 · 2023-03-05 05:08:02 +00:00 · 2023-03-04 12:21:14 +07:00 · 2023-03-01 09:31:30 +07:00 · 2023-02-28 12:56:28 +01:00 · 2023-02-28 12:54:26 +01:00
8 changed files with 45 additions and 21 deletions
--- a/.github/actions/issue-validator/repro.md
+++ b/.github/actions/issue-validator/repro.md
@@ -14,9 +14,9 @@ Ensure the link is pointing to a codebase that is accessible (e.g. not a private

 ### **What happens if I don't provide a sufficient minimal reproduction?**

-Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.
+Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are closed after 7 days.

-If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.
+If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction. (It's less likely that we check back on already closed issues.)

 ### **I did not open this issue, but it is relevant to me, what can I do to help?**

--- a/docs/docs/guides/03-basics/role-based-access-control.md
+++ b/docs/docs/guides/03-basics/role-based-access-control.md
@@ -1,8 +1,8 @@
 ---
-title: Role-based authentication
+title: Role-based access control
 ---

-There are two ways to add role-based authentication (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
+There are two ways to add role-based access control (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.

 ## Getting the role

@@ -150,4 +150,4 @@ When using Next.js and JWT, you can alternatively also use [Middleware](https://
 - [Next.js: Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware)
 - [Adapters: User model](/reference/adapters/models#user)
 - [Adapters: Prisma adapter](/reference/adapters/prisma)
- [TypeScript](/getting-started/typescript)
+- [TypeScript](/getting-started/typescript)
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@auth/core",
-  "version": "0.5.0",
+  "version": "0.5.1",
  "description": "Authentication for the Web.",
  "keywords": [
    "authentication",
--- a/packages/core/src/lib/init.ts
+++ b/packages/core/src/lib/init.ts
@@ -101,7 +101,7 @@ export async function init({
      // Asserted in assert.ts
      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
      secret: authOptions.secret!,
-      maxAge, // same as session maxAge,
+      maxAge: authOptions.session?.maxAge ?? maxAge, // default to same as `session.maxAge`
      encode: jwt.encode,
      decode: jwt.decode,
      ...authOptions.jwt,
--- a/packages/core/src/lib/routes/session.ts
+++ b/packages/core/src/lib/routes/session.ts
@@ -60,7 +60,6 @@ export async function session(
        const newToken = await jwt.encode({
          ...jwt,
          token,
-          maxAge: options.session.maxAge,
        })

        // Set cookie, to also update expiry date on cookie
@@ -73,7 +72,7 @@ export async function session(
        await events.session?.({ session: newSession, token })
      } else {
        response.cookies?.push(...sessionStore.clean())
-      } 
+      }
    } catch (e) {
      logger.error(new JWTSessionError(e as Error))
      // If the JWT is not verifiable remove the broken session cookie(s).
--- a/packages/core/src/providers/github.ts
+++ b/packages/core/src/providers/github.ts
@@ -129,14 +129,14 @@ export default function GitHub(
      url: "https://api.github.com/user",
      async request({ tokens, provider }) {
        const profile = await fetch(provider.userinfo?.url as URL, {
-          headers: { Authorization: `Bearer ${tokens.access_token}` },
+          headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
        }).then(async (res) => await res.json())

        if (!profile.email) {
          // If the user does not have a public email, get another via the GitHub API
          // See https://docs.github.com/en/rest/users/emails#list-public-email-addresses-for-the-authenticated-user
          const res = await fetch("https://api.github.com/user/emails", {
-            headers: { Authorization: `Bearer ${tokens.access_token}` },
+            headers: { Authorization: `Bearer ${tokens.access_token}`, 'User-Agent': 'authjs' },
          })

          if (res.ok) {
--- a/packages/frameworks-sveltekit/package.json
+++ b/packages/frameworks-sveltekit/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@auth/sveltekit",
-  "version": "0.2.2",
+  "version": "0.3.0",
  "description": "Authentication for SvelteKit.",
  "keywords": [
    "authentication",
--- a/packages/frameworks-sveltekit/src/lib/index.ts
+++ b/packages/frameworks-sveltekit/src/lib/index.ts
@@ -26,6 +26,23 @@
 *   providers: [GitHub({ clientId: GITHUB_ID, clientSecret: GITHUB_SECRET })],
 * })
 * ```
+ * 
+ * or to use sveltekit platform environment variables for platforms like Cloudflare
+ * 
+ * ```ts title="src/hooks.server.ts"
+ * import { SvelteKitAuth } from "@auth/sveltekit"
+ * import GitHub from "@auth/core/providers/github"
+ * import type { Handle } from "@sveltejs/kit";
+ *
+ * export const handle = SvelteKitAuth(async (event) => {
+ *   const authOptions = {
+ *     providers: [GitHub({ clientId: event.platform.env.GITHUB_ID, clientSecret: event.platform.env.GITHUB_SECRET })]
+ *     secret: event.platform.env.AUTH_SECRET,
+ *     trustHost: true
+ *   }
+ *   return authOptions
+ * }) satisfies Handle;
+ * ```
 *
 * Don't forget to set the `AUTH_SECRET` [environment variable](https://kit.svelte.dev/docs/modules#$env-dynamic-private). This should be a minimum of 32 characters, random string. On UNIX systems you can use `openssl rand -hex 32` or check out `https://generate-secret.vercel.app/32`.
 *
@@ -71,7 +88,7 @@
 * ## Managing the session
 *
 * The above example checks for a session available in `$page.data.session`, however that needs to be set by us somewhere.
- * If you want this data to be available to all your routes you can add this to your root `+layout.server.ts` file.
+ * If you want this data to be available to all your routes you can add this to `src/routes/+layout.server.ts`.
 * The following code sets the session data in the `$page` store to be available to all routes.
 *
 * ```ts
@@ -187,7 +204,7 @@
 */

 /// <reference types="@sveltejs/kit" />
-import type { Handle } from "@sveltejs/kit"
+import type { Handle, RequestEvent } from "@sveltejs/kit"

 import { dev } from "$app/environment"
 import { env } from "$env/dynamic/private"
@@ -237,8 +254,15 @@ const actions: AuthAction[] = [
  "error",
 ]

-function AuthHandle(prefix: string, authOptions: AuthConfig): Handle {
-  return function ({ event, resolve }) {
+type DynamicSvelteKitAuthConfig = (event: RequestEvent) => PromiseLike<SvelteKitAuthConfig>
+
+function AuthHandle(svelteKitAuthOptions: SvelteKitAuthConfig | DynamicSvelteKitAuthConfig): Handle {
+  return async function ({ event, resolve }) {
+    const authOptions =
+      typeof svelteKitAuthOptions === "object"
+        ? svelteKitAuthOptions
+        : await svelteKitAuthOptions(event)
+    const { prefix = "/auth" } = authOptions
    const { url, request } = event

    event.locals.getSession ??= () => getSession(request, authOptions)
@@ -259,11 +283,12 @@ function AuthHandle(prefix: string, authOptions: AuthConfig): Handle {
 * The main entry point to `@auth/sveltekit`
 * @see https://sveltekit.authjs.dev
 */
-export function SvelteKitAuth(options: SvelteKitAuthConfig): Handle {
-  const { prefix = "/auth", ...authOptions } = options
-  authOptions.secret ??= env.AUTH_SECRET
-  authOptions.trustHost ??= !!(env.AUTH_TRUST_HOST ?? env.VERCEL ?? dev)
-  return AuthHandle(prefix, authOptions)
+export function SvelteKitAuth(options: SvelteKitAuthConfig | DynamicSvelteKitAuthConfig): Handle {
+  if (typeof options === "object") {
+    options.secret ??= env.AUTH_SECRET
+    options.trustHost ??= !!(env.AUTH_TRUST_HOST ?? env.VERCEL ?? dev)
+  }
+  return AuthHandle(options)
 }

 declare global {
Author	SHA1	Message	Date
GitHub Actions	7c1a3b547e	chore(release): bump package version(s) [skip ci]	2023-03-05 05:08:02 +00:00
Josh Schlesser	2534ae8801	feat(sveltekit): allow dynamic authOptions (#6744 ) * added optional dynamic sveltekit options * changed dynamicOptions function to async * converted dynamicOptions to a named type * updated inline docs to show async capabilities * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * Update packages/frameworks-sveltekit/src/lib/index.ts Co-authored-by: Thang Vu <hi@thvu.dev> * refined to a simpler function signature * removed redundant return statement * Apply suggestions from code review --------- Co-authored-by: Thang Vu <hi@thvu.dev>	2023-03-04 12:21:14 +07:00
Thomas Guillet	14a120277b	docs(sveltekit): Write the explicit file to update in sveltekit (#6846 )	2023-03-01 09:31:30 +07:00
Josh Schlesser	c49f484743	fix(providers): add default user agent for GitHub (#6742 ) See: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#user-agent-required	2023-02-28 12:56:28 +01:00
Richard Tuin	676b39d5b1	docs: Improve naming on role based access (#6820 )	2023-02-28 12:54:26 +01:00
Balázs Orbán	e27dbcab2f	chore: tweak "incomplete" comment	2023-02-28 12:48:51 +01:00
Thang Vu	63805c7d75	fix: JWT maxAge default to Session maxAge value (#6829 ) * fix: JWT maxAge default to Session maxAge value Co-Authored-By: Ethan Wilkes <33569440+roberte777@users.noreply.github.com> * Move to core Co-Authored-By: Ethan Wilkes <33569440+roberte777@users.noreply.github.com> --------- Co-authored-by: Ethan Wilkes <33569440+roberte777@users.noreply.github.com>	2023-02-27 08:30:14 +07:00