misc

fix logo link
fix readme
2026-05-01 10:55:20 +00:00 · 2023-04-06 14:13:45 +02:00 · 2023-04-06 14:08:18 +02:00 · 2023-04-06 14:07:11 +02:00 · 2023-04-06 14:02:46 +02:00 · 2023-04-06 13:43:59 +02:00
32 changed files with 1257 additions and 1047 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -63,6 +63,7 @@ packages/adapter-prisma/prisma/dev.db
 packages/adapter-prisma/prisma/migrations
 db.sqlite
 packages/adapter-supabase/supabase/.branches
+packages/adapter-drizzle/drizzle

 # Tests
 coverage
--- a/docs/docs/reference/adapters/index.md
+++ b/docs/docs/reference/adapters/index.md
@@ -9,6 +9,10 @@ Using a Auth.js / NextAuth.js adapter you can connect to any database service or
    <img src="/img/adapters/dgraph.png" width="30" />
    <h4 class="adapter-card__title">Dgraph Adapter</h4>
  </a>
+  <a href="/reference/adapter/drizzle" class="adapter-card">
+    <img src="/img/adapters/drizzle-orm.png" width="30" />
+    <h4 class="adapter-card__title">Drizzle ORM Adapter</h4>
+  </a>
  <a href="/reference/adapter/dynamodb" class="adapter-card">
    <img src="/img/adapters/dynamodb.png" width="30" />
    <h4 class="adapter-card__title">DynamoDB Adapter</h4>
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -262,6 +262,7 @@ const docusaurusConfig = {
      },
    ],
    typedocAdapter("Dgraph"),
+    typedocAdapter("Drizzle ORM"),
    typedocAdapter("DynamoDB"),
    typedocAdapter("Fauna"),
    typedocAdapter("Firebase"),
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -53,6 +53,7 @@ module.exports = {
      items: [
        { type: "doc", id: "reference/adapter/dgraph/index" },
        { type: "doc", id: "reference/adapter/dynamodb/index" },
+        { type: "doc", id: "reference/adapter/drizzle/index" },
        { type: "doc", id: "reference/adapter/fauna/index" },
        { type: "doc", id: "reference/adapter/firebase/index" },
        { type: "doc", id: "reference/adapter/mikro-orm/index" },
--- a/docs/static/img/adapters/drizzle-orm.png
+++ b/docs/static/img/adapters/drizzle-orm.png
--- a/packages/adapter-drizzle/README.md
+++ b/packages/adapter-drizzle/README.md
@@ -0,0 +1,28 @@
+<p align="center">
+  <br/>
+  <a href="https://authjs.dev" target="_blank">
+    <img height="64px" src="https://authjs.dev/img/logo/logo-sm.png" />
+  </a>
+  <a href="https://github.com/drizzle-team/drizzle-orm" target="_blank">
+    <img height="64px" src="https://authjs.dev/img/adapters/drizzle-orm.png"/>
+  </a>
+  <h3 align="center"><b>Drizzle ORM Adapter</b> - NextAuth.js / Auth.js</a></h3>
+  <p align="center" style="align: center;">
+    <a href="https://npm.im/@auth/drizzle-adapter">
+      <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+    </a>
+    <a href="https://npm.im/@auth/drizzle-adapter">
+      <img alt="npm" src="https://img.shields.io/npm/v/@auth/drizzle-adapter?color=green&label=@auth/drizzle-adapter&style=flat-square">
+    </a>
+    <a href="https://www.npmtrends.com/@auth/drizzle-adapter">
+      <img src="https://img.shields.io/npm/dm/@auth/drizzle-adapter?label=%20downloads&style=flat-square" alt="Downloads" />
+    </a>
+    <a href="https://github.com/nextauthjs/next-auth/stargazers">
+      <img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square" alt="Github Stars" />
+    </a>
+  </p>
+</p>
+
+---
+
+Check out the documentation at [authjs.dev](https://authjs.dev/reference/adapter/drizzle).
--- a/packages/adapter-drizzle/package.json
+++ b/packages/adapter-drizzle/package.json
@@ -0,0 +1,57 @@
+{
+  "name": "@auth/drizzle-adapter",
+  "version": "0.0.1",
+  "description": "Drizzle ORM adapter for Auth.js",
+  "homepage": "https://authjs.dev/reference/adapter/drizzle",
+  "repository": "https://github.com/nextauthjs/next-auth",
+  "bugs": {
+    "url": "https://github.com/nextauthjs/next-auth/issues"
+  },
+  "author": "Anthony Shew",
+  "license": "ISC",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    }
+  },
+  "keywords": [
+    "auth.js",
+    "next-auth",
+    "next.js",
+    "oauth",
+    "drizzle"
+  ],
+  "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "clean": "rm -rf *.js *.d.ts* ./drizzle db.sqlite",
+    "test:init": "pnpm clean && drizzle-kit generate:sqlite --schema=src/schema.ts --breakpoints",
+    "test": "pnpm test:init && jest",
+    "build": "pnpm clean && drizzle-kit generate:sqlite --schema=src/schema.ts && tsc",
+    "dev": "drizzle-kit generate:sqlite --schema=src/schema.ts && tsc -w"
+  },
+  "files": [
+    "src",
+    "*.js",
+    "*.d.ts*"
+  ],
+  "peerDependencies": {
+    "drizzle-orm": "^0.23.5"
+  },
+  "devDependencies": {
+    "@next-auth/adapter-test": "workspace:*",
+    "@types/better-sqlite3": "^7.6.3",
+    "better-sqlite3": "^8.2.0",
+    "drizzle-kit": "^0.17.3",
+    "drizzle-orm": "^0.23.5",
+    "jest": "^27.4.3",
+    "next-auth": "workspace:*"
+  },
+  "jest": {
+    "preset": "@next-auth/adapter-test/jest"
+  }
+}
--- a/packages/adapter-drizzle/src/index.ts
+++ b/packages/adapter-drizzle/src/index.ts
@@ -0,0 +1,248 @@
+/**
+ * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center", padding: 16}}>
+ *  <p style={{fontWeight: "normal"}}>Official <a href="https://github.com/drizzle-team/drizzle-orm">Drizzle ORM</a> adapter for Auth.js / NextAuth.js.</p>
+ *  <a href="https://github.com/drizzle-team/drizzle-orm">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/adapters/drizzle-orm.png" width="38" />
+ *  </a>
+ * </div>
+ *
+ * ## Installation
+ *
+ * ```bash npm2yarn2pnpm
+ * npm install next-auth drizzle-orm @auth/drizzle-adapter
+ * npm install drizzle-kit --save-dev
+ * ```
+ *
+ * @module @auth/drizzle-adapter
+ */
+import {
+  accounts,
+  users,
+  sessions,
+  verificationTokens,
+  type DrizzleClient,
+} from "./schema"
+import { and, eq } from "drizzle-orm/expressions"
+import type { Adapter } from "next-auth/adapters"
+
+/**
+ * ## Setup
+ *
+ * Add this adapter to your `pages/api/[...nextauth].js` next-auth configuration object:
+ *
+ * ```js title="pages/api/auth/[...nextauth].js"
+ * import NextAuth from "next-auth"
+ * import GoogleProvider from "next-auth/providers/google"
+ * import { DrizzleAdapter } from "@auth/drizzle-adapter"
+ * import { db } from "./db-schema"
+ *
+ * export default NextAuth({
+ *   adapter: DrizzleAdapter(db),
+ *   providers: [
+ *     GoogleProvider({
+ *       clientId: process.env.GOOGLE_CLIENT_ID,
+ *       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ## Advanced usage
+ *
+ * ### Create the Drizzle schema from scratch
+ *
+ * You'll need to create a database schema that includes the minimal schema for a `next-auth` adapter.
+ * Be sure to use the Drizzle driver version that you're using for your project.
+ *
+ * > This schema is adapted for use in Drizzle and based upon our main [schema](https://authjs.dev/reference/adapters#models)
+ *
+ *
+ * ```json title="db-schema.ts"
+ *
+ * import { integer, pgTable, text, primaryKey } from 'drizzle-orm/pg-core';
+ * import { drizzle } from 'drizzle-orm/node-postgres';
+ * import { migrate } from 'drizzle-orm/node-postgres/migrator';
+ * import { Pool } from 'pg'
+ * import { ProviderType } from 'next-auth/providers';
+ *
+ * export const users = pgTable('users', {
+ * id: text('id').notNull().primaryKey(),
+ * name: text('name'),
+ * email: text("email").notNull(),
+ * emailVerified: integer("emailVerified"),
+ * image: text("image"),
+ * });
+ *
+ * export const accounts = pgTable("accounts", {
+ *  userId: text("userId").notNull().references(() => users.id, { onDelete: "cascade" }),
+ *  type: text("type").$type<ProviderType>().notNull(),
+ *  provider: text("provider").notNull(),
+ *  providerAccountId: text("providerAccountId").notNull(),
+ *  refresh_token: text("refresh_token"),
+ *  access_token: text("access_token"),
+ *  expires_at: integer("expires_at"),
+ *  token_type: text("token_type"),
+ *  scope: text("scope"),
+ *  id_token: text("id_token"),
+ *  session_state: text("session_state"),
+ * }, (account) => ({
+ *   _: primaryKey(account.provider, account.providerAccountId)
+ * }))
+ *
+ * export const sessions = pgTable("sessions", {
+ *  userId: text("userId").notNull().references(() => users.id, { onDelete: "cascade" }),
+ *  sessionToken: text("sessionToken").notNull().primaryKey(),
+ *  expires: integer("expires").notNull(),
+ * })
+ *
+ * export const verificationTokens = pgTable("verificationToken", {
+ *  identifier: text("identifier").notNull(),
+ *  token: text("token").notNull(),
+ *  expires: integer("expires").notNull()
+ * }, (vt) => ({
+ *   _: primaryKey(vt.identifier, vt.token)
+ * }))
+ *
+ * const pool = new Pool({
+ *   connectionString: "YOUR_CONNECTION_STRING"
+ * });
+ *
+ * export const db = drizzle(pool);
+ *
+ * migrate(db, { migrationsFolder: "./drizzle" })
+ *
+ * ```
+ *
+ **/
+export function DrizzleAdapter(client: DrizzleClient): Adapter {
+  return {
+    createUser(data) {
+      return client
+        .insert(users)
+        .values({ ...data, id: "123" })
+        .returning()
+        .get()
+    },
+    getUser(data) {
+      return client.select().from(users).where(eq(users.id, data)).get() ?? null
+    },
+    getUserByEmail(data) {
+      return (
+        client.select().from(users).where(eq(users.email, data)).get() ?? null
+      )
+    },
+    createSession(data) {
+      return client.insert(sessions).values(data).returning().get()
+    },
+    getSessionAndUser(data) {
+      return (
+        client
+          .select({
+            session: sessions,
+            user: users,
+          })
+          .from(sessions)
+          .where(eq(sessions.sessionToken, data))
+          .innerJoin(users, eq(users.id, sessions.userId))
+          .get() ?? null
+      )
+    },
+    updateUser(data) {
+      if (!data.id) throw new Error("No user id.")
+
+      return client
+        .update(users)
+        .set(data)
+        .where(eq(users.id, data.id))
+        .returning()
+        .get()
+    },
+    updateSession(data) {
+      return client
+        .update(sessions)
+        .set(data)
+        .where(eq(sessions.sessionToken, data.sessionToken))
+        .returning()
+        .get()
+    },
+    linkAccount(rawAccount) {
+      const updatedAccount = client
+        .insert(accounts)
+        .values(rawAccount)
+        .returning()
+        .get()
+
+      // HACK: Should not need to set `undefined` values here
+      return {
+        ...updatedAccount,
+        access_token: updatedAccount.access_token ?? undefined,
+        token_type: updatedAccount.token_type ?? undefined,
+        id_token: updatedAccount.id_token ?? undefined,
+        refresh_token: updatedAccount.refresh_token ?? undefined,
+        scope: updatedAccount.scope ?? undefined,
+        expires_at: updatedAccount.expires_at ?? undefined,
+        session_state: updatedAccount.session_state ?? undefined,
+      }
+    },
+    getUserByAccount(account) {
+      return (
+        client
+          .select()
+          .from(users)
+          .innerJoin(
+            accounts,
+            and(
+              eq(accounts.providerAccountId, account.providerAccountId),
+              eq(accounts.provider, account.provider)
+            )
+          )
+          .get()?.users ?? null
+      )
+    },
+    deleteSession(sessionToken) {
+      return client
+        .delete(sessions)
+        .where(eq(sessions.sessionToken, sessionToken))
+        .returning()
+        .get()
+    },
+    createVerificationToken(token) {
+      return client.insert(verificationTokens).values(token).returning().get()
+    },
+    useVerificationToken(token) {
+      try {
+        return (
+          client
+            .delete(verificationTokens)
+            .where(
+              and(
+                eq(verificationTokens.identifier, token.identifier),
+                eq(verificationTokens.token, token.token)
+              )
+            )
+            .returning()
+            .get() ?? null
+        )
+      } catch (err) {
+        throw new Error("No verification token found.")
+      }
+    },
+    deleteUser(id) {
+      return client.delete(users).where(eq(users.id, id)).returning().get()
+    },
+    unlinkAccount(account) {
+      client
+        .delete(accounts)
+        .where(
+          and(
+            eq(accounts.providerAccountId, account.providerAccountId),
+            eq(accounts.provider, account.provider)
+          )
+        )
+        .run()
+
+      // HACK: void should be fine
+      return undefined
+    },
+  }
+}
--- a/packages/adapter-drizzle/src/schema.ts
+++ b/packages/adapter-drizzle/src/schema.ts
@@ -0,0 +1,63 @@
+import { integer, sqliteTable, text, primaryKey } from "drizzle-orm/sqlite-core"
+import { drizzle } from "drizzle-orm/better-sqlite3"
+import { migrate } from "drizzle-orm/better-sqlite3/migrator"
+import Database from "better-sqlite3"
+import { ProviderType } from "next-auth/providers"
+
+const sqlite = new Database("db.sqlite")
+
+export const users = sqliteTable("users", {
+  id: text("id").notNull().primaryKey(),
+  name: text("name"),
+  email: text("email").notNull(),
+  emailVerified: integer("emailVerified", { mode: "timestamp_ms" }),
+  image: text("image"),
+})
+
+export const accounts = sqliteTable(
+  "accounts",
+  {
+    userId: text("userId")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    type: text("type").$type<ProviderType>().notNull(),
+    provider: text("provider").notNull(),
+    providerAccountId: text("providerAccountId").notNull(),
+    refresh_token: text("refresh_token"),
+    access_token: text("access_token"),
+    expires_at: integer("expires_at"),
+    token_type: text("token_type"),
+    scope: text("scope"),
+    id_token: text("id_token"),
+    session_state: text("session_state"),
+  },
+  (account) => ({
+    nameDoesntMatter: primaryKey(account.provider, account.providerAccountId),
+  })
+)
+
+export const sessions = sqliteTable("sessions", {
+  sessionToken: text("sessionToken").notNull().primaryKey(),
+  userId: text("userId")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+})
+
+export const verificationTokens = sqliteTable(
+  "verificationToken",
+  {
+    identifier: text("identifier").notNull(),
+    token: text("token").notNull(),
+    expires: integer("expires", { mode: "timestamp_ms" }).notNull(),
+  },
+  (vt) => ({
+    nameDoesntMatter: primaryKey(vt.identifier, vt.token),
+  })
+)
+
+export const db = drizzle(sqlite)
+
+export type DrizzleClient = typeof db
+
+migrate(db, { migrationsFolder: "./drizzle" })
--- a/packages/adapter-drizzle/tests/index.test.ts
+++ b/packages/adapter-drizzle/tests/index.test.ts
@@ -0,0 +1,68 @@
+import { randomUUID, runBasicTests } from "@next-auth/adapter-test"
+import { DrizzleAdapter } from "../src"
+import { db, users, accounts, sessions, verificationTokens } from '../src/schema'
+import { eq, and } from 'drizzle-orm/expressions';
+
+
+runBasicTests({
+  adapter: DrizzleAdapter(db),
+  db: {
+    id() {
+      return randomUUID()
+    },
+    connect: async () => {
+      await Promise.all([
+        db.delete(sessions).run(),
+        db.delete(accounts).run(),
+        db.delete(verificationTokens).run(),
+        db.delete(users).run(),
+      ])
+    },
+    disconnect: async () => {
+      await Promise.all([
+        db.delete(sessions).run(),
+        db.delete(accounts).run(),
+        db.delete(verificationTokens).run(),
+        db.delete(users).run(),
+      ])
+    },
+    user: (id) => db
+      .select()
+      .from(users)
+      .where(eq(users.id, id))
+      .get() ?? null,
+    session: (sessionToken) => db
+      .select()
+      .from(sessions)
+      .where(eq(sessions.sessionToken, sessionToken))
+      .get() ?? null,
+    account: (provider_providerAccountId) => {
+      return db
+        .select()
+        .from(accounts)
+        .where(
+          eq(
+            accounts.providerAccountId,
+            provider_providerAccountId.providerAccountId
+          )
+        )
+        .get()
+        ?? null
+    },
+    verificationToken: (identifier_token) => db
+      .select()
+      .from(verificationTokens)
+      .where(
+        and(
+          eq(
+            verificationTokens.token,
+            identifier_token.token
+          ),
+          eq(
+            verificationTokens.identifier,
+            identifier_token.identifier
+          )
+        )
+      ).get() ?? null,
+  },
+})
--- a/packages/adapter-drizzle/tsconfig.json
+++ b/packages/adapter-drizzle/tsconfig.json
@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "allowSyntheticDefaultImports": true,
+    "declaration": true,
+    "declarationMap": true,
+    "module": "ESNext",
+    "moduleResolution": "node",
+    "outDir": ".",
+    "rootDir": "src",
+    "skipDefaultLibCheck": true,
+    "skipLibCheck": true,
+    "strictNullChecks": true,
+    "stripInternal": true,
+    "target": "ES2020",
+  },
+  "exclude": [
+    "tests",
+    "*.js",
+    "*.d.ts*",
+  ]
+}
--- a/packages/core/scripts/generate-providers.js
+++ b/packages/core/scripts/generate-providers.js
@@ -5,11 +5,10 @@ const providersPath = join(process.cwd(), "src/providers")

 const files = readdirSync(providersPath, "utf8")

-const nonOAuthFile = ["oauth-types", "oauth", "index", "email", "credentials"]
 const providers = files.map((file) => {
  const strippedProviderName = file.substring(0, file.indexOf("."))
  return `"${strippedProviderName}"`
-}).filter((provider) => !nonOAuthFile.includes(provider.replace(/"/g, '')))
+}).filter((provider) => provider !== '"oauth-types"' && provider !== '"index"')

 const result = `
 // THIS FILE IS AUTOGENERATED. DO NOT EDIT.
--- a/packages/core/src/errors.ts
+++ b/packages/core/src/errors.ts
@@ -1,5 +1,6 @@
 interface ErrorCause extends Record<string, unknown> {}

+/** @internal */
 export class AuthError extends Error {
  constructor(message: string | Error | ErrorCause, cause?: ErrorCause) {
    if (message instanceof Error) {
@@ -90,7 +91,7 @@ export class InvalidCallbackUrl extends AuthError {}
 export class InvalidEndpoints extends AuthError {}

 /** @todo */
-export class InvalidCheck extends AuthError {}
+export class InvalidState extends AuthError {}

 /** @todo */
 export class JWTSessionError extends AuthError {}
--- a/packages/core/src/jwt.ts
+++ b/packages/core/src/jwt.ts
@@ -48,10 +48,9 @@ const DEFAULT_MAX_AGE = 30 * 24 * 60 * 60 // 30 days
 const now = () => (Date.now() / 1000) | 0

 /** Issues a JWT. By default, the JWT is encrypted using "A256GCM". */
-export async function encode<Payload = JWT>(params: JWTEncodeParams<Payload>) {
+export async function encode(params: JWTEncodeParams) {
  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE } = params
  const encryptionSecret = await getDerivedEncryptionKey(secret)
-  // @ts-expect-error `jose` allows any object as payload.
  return await new EncryptJWT(token)
    .setProtectedHeader({ alg: "dir", enc: "A256GCM" })
    .setIssuedAt()
@@ -61,16 +60,14 @@ export async function encode<Payload = JWT>(params: JWTEncodeParams<Payload>) {
 }

 /** Decodes a Auth.js issued JWT. */
-export async function decode<Payload = JWT>(
-  params: JWTDecodeParams
-): Promise<Payload | null> {
+export async function decode(params: JWTDecodeParams): Promise<JWT | null> {
  const { token, secret } = params
  if (!token) return null
  const encryptionSecret = await getDerivedEncryptionKey(secret)
  const { payload } = await jwtDecrypt(token, encryptionSecret, {
    clockTolerance: 15,
  })
-  return payload as Payload
+  return payload
 }

 export interface GetTokenParams<R extends boolean = false> {
@@ -182,9 +179,9 @@ export interface DefaultJWT extends Record<string, unknown> {
 */
 export interface JWT extends Record<string, unknown>, DefaultJWT {}

-export interface JWTEncodeParams<Payload = JWT> {
+export interface JWTEncodeParams {
  /** The JWT payload. */
-  token?: Payload
+  token?: JWT
  /** The secret used to encode the Auth.js issued JWT. */
  secret: string
  /**
--- a/packages/core/src/lib/assert.ts
+++ b/packages/core/src/lib/assert.ts
@@ -101,8 +101,7 @@ export function assertConfig(
    )
  }

-  for (const p of options.providers) {
-    const provider = typeof p === "function" ? p() : p
+  for (const provider of options.providers) {
    if (
      (provider.type === "oauth" || provider.type === "oidc") &&
      !(provider.issuer ?? provider.options?.issuer)
@@ -128,7 +127,7 @@ export function assertConfig(
  if (hasCredentials) {
    const dbStrategy = options.session?.strategy === "database"
    const onlyCredentials = !options.providers.some(
-      (p) => (typeof p === "function" ? p() : p).type !== "credentials"
+      (p) => p.type !== "credentials"
    )
    if (dbStrategy && onlyCredentials) {
      return new UnsupportedStrategy(
@@ -136,10 +135,9 @@ export function assertConfig(
      )
    }

-    const credentialsNoAuthorize = options.providers.some((p) => {
-      const provider = typeof p === "function" ? p() : p
-      return provider.type === "credentials" && !provider.authorize
-    })
+    const credentialsNoAuthorize = options.providers.some(
+      (p) => p.type === "credentials" && !p.authorize
+    )
    if (credentialsNoAuthorize) {
      return new MissingAuthorize(
        "Must define an authorize() handler to use credentials authentication provider"
--- a/packages/core/src/lib/index.ts
+++ b/packages/core/src/lib/index.ts
@@ -11,7 +11,6 @@ import type {
  ResponseInternal,
 } from "../types.js"

-/** @internal */
 export async function AuthInternal<
  Body extends string | Record<string, any> | any[]
 >(
--- a/packages/core/src/lib/oauth/callback.ts
+++ b/packages/core/src/lib/oauth/callback.ts
@@ -73,7 +73,7 @@ export async function handleOAuth(

  const state = await checks.state.use(cookies, resCookies, options)

-  const codeGrantParams = o.validateAuthResponse(
+  const parameters = o.validateAuthResponse(
    as,
    client,
    new URLSearchParams(query),
@@ -81,22 +81,36 @@ export async function handleOAuth(
  )

  /** https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1 */
-  if (o.isOAuth2Error(codeGrantParams)) {
+  if (o.isOAuth2Error(parameters)) {
    logger.debug("OAuthCallbackError", {
      providerId: provider.id,
-      ...codeGrantParams,
+      ...parameters,
    })
-    throw new OAuthCallbackError(codeGrantParams.error)
+    throw new OAuthCallbackError(parameters.error)
  }

-  const codeVerifier = await checks.pkce.use(cookies, resCookies, options)
+  const codeVerifier = await checks.pkce.use(
+    cookies?.[options.cookies.pkceCodeVerifier.name],
+    options
+  )
+
+  if (codeVerifier) resCookies.push(codeVerifier.cookie)
+
+  // TODO:
+  const nonce = await checks.nonce.use(
+    cookies?.[options.cookies.nonce.name],
+    options
+  )
+  if (nonce && provider.type === "oidc") {
+    resCookies.push(nonce.cookie)
+  }

  let codeGrantResponse = await o.authorizationCodeGrantRequest(
    as,
    client,
-    codeGrantParams,
+    parameters,
    provider.callbackUrl,
-    codeVerifier ?? "auth" // TODO: review fallback code verifier
+    codeVerifier?.codeVerifier ?? "auth" // TODO: review fallback code verifier
  )

  if (provider.token?.conform) {
@@ -117,12 +131,11 @@ export async function handleOAuth(
  let tokens: TokenSet

  if (provider.type === "oidc") {
-    const nonce = await checks.nonce.use(cookies, resCookies, options)
    const result = await o.processAuthorizationCodeOpenIDResponse(
      as,
      client,
      codeGrantResponse,
-      nonce ?? o.expectNoNonce
+      nonce?.value ?? o.expectNoNonce
    )

    if (o.isOAuth2Error(result)) {
--- a/packages/core/src/lib/oauth/checks.ts
+++ b/packages/core/src/lib/oauth/checks.ts
@@ -1,17 +1,14 @@
 import * as o from "oauth4webapi"
-import { InvalidCheck } from "../../errors.js"
-import { encode, decode } from "../../jwt.js"
+import * as jwt from "../../jwt.js"

 import type {
-  CookiesOptions,
  InternalOptions,
  RequestInternal,
+  CookiesOptions,
 } from "../../types.js"
 import type { Cookie } from "../cookie.js"

-interface CheckPayload {
-  value: string
-}
+import { InvalidState } from "../../errors.js"

 /** Returns a signed cookie. */
 export async function signCookie(
@@ -28,11 +25,7 @@ export async function signCookie(
  expires.setTime(expires.getTime() + maxAge * 1000)
  return {
    name: cookies[type].name,
-    value: await encode<CheckPayload>({
-      ...options.jwt,
-      maxAge,
-      token: { value },
-    }),
+    value: await jwt.encode({ ...options.jwt, maxAge, token: { value } }),
    options: { ...cookies[type].options, expires },
  }
 }
@@ -51,43 +44,34 @@ export const pkce = {
    )
    return { cookie, value }
  },
+
  /**
-   * Returns code_verifier if the provider is configured to use PKCE,
+   * Returns code_verifier if provider uses PKCE,
   * and clears the container cookie afterwards.
-   * An error is thrown if the code_verifier is missing or invalid.
-   * @see https://www.rfc-editor.org/rfc/rfc7636
-   * @see https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/#pkce
   */
  async use(
-    cookies: RequestInternal["cookies"],
-    resCookies: Cookie[],
+    codeVerifier: string | undefined,
    options: InternalOptions<"oauth">
-  ): Promise<string | undefined> {
-    const { provider } = options
+  ): Promise<{ codeVerifier: string; cookie: Cookie } | undefined> {
+    const { cookies, provider } = options

-    if (!provider?.checks?.includes("pkce")) return
+    if (!provider?.checks?.includes("pkce") || !codeVerifier) {
+      return
+    }

-    const codeVerifier = cookies?.[options.cookies.pkceCodeVerifier.name]
-
-    if (!codeVerifier)
-      throw new InvalidCheck("PKCE code_verifier cookie was missing.")
-
-    const value = await decode<CheckPayload>({
+    const pkce = (await jwt.decode({
      ...options.jwt,
      token: codeVerifier,
-    })
+    })) as any

-    if (!value?.value)
-      throw new InvalidCheck("PKCE code_verifier value could not be parsed.")
-
-    // Clear the pkce code verifier cookie after use
-    resCookies.push({
-      name: options.cookies.pkceCodeVerifier.name,
-      value: "",
-      options: { ...options.cookies.pkceCodeVerifier.options, maxAge: 0 },
-    })
-
-    return value.value
+    return {
+      codeVerifier: pkce?.value ?? undefined,
+      cookie: {
+        name: cookies.pkceCodeVerifier.name,
+        value: "",
+        options: { ...cookies.pkceCodeVerifier.options, maxAge: 0 },
+      },
+    }
  },
 }

@@ -102,29 +86,26 @@ export const state = {
    return { cookie, value }
  },
  /**
-   * Returns state if the provider is configured to use state,
+   * Returns state from the saved cookie
+   * if the provider supports states,
   * and clears the container cookie afterwards.
-   * An error is thrown if the state is missing or invalid.
-   * @see https://www.rfc-editor.org/rfc/rfc6749#section-10.12
-   * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
   */
  async use(
    cookies: RequestInternal["cookies"],
    resCookies: Cookie[],
    options: InternalOptions<"oauth">
  ): Promise<string | undefined> {
-    const { provider } = options
+    const { provider, jwt } = options
    if (!provider.checks.includes("state")) return

    const state = cookies?.[options.cookies.state.name]

-    if (!state) throw new InvalidCheck("State cookie was missing.")
+    if (!state) throw new InvalidState("State was missing from the cookies.")

    // IDEA: Let the user do something with the returned state
-    const value = await decode<CheckPayload>({ ...options.jwt, token: state })
+    const value = (await jwt.decode({ ...options.jwt, token: state })) as any

-    if (!value?.value)
-      throw new InvalidCheck("State value could not be parsed.")
+    if (!value?.value) throw new InvalidState("Could not parse state cookie.")

    // Clear the state cookie after use
    resCookies.push({
@@ -147,36 +128,28 @@ export const nonce = {
    return { cookie, value }
  },
  /**
-   * Returns nonce if the provider is configured to use nonce,
+   * Returns nonce from if the provider supports nonce,
   * and clears the container cookie afterwards.
-   * An error is thrown if the nonce is missing or invalid.
-   * @see https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes
-   * @see https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/#nonce
   */
  async use(
-    cookies: RequestInternal["cookies"],
-    resCookies: Cookie[],
+    nonce: string | undefined,
    options: InternalOptions<"oauth">
-  ): Promise<string | undefined> {
-    const { provider } = options
+  ): Promise<{ value: string; cookie: Cookie } | undefined> {
+    const { cookies, provider } = options

-    if (!provider?.checks?.includes("nonce")) return
+    if (!provider?.checks?.includes("nonce") || !nonce) {
+      return
+    }

-    const nonce = cookies?.[options.cookies.nonce.name]
-    if (!nonce) throw new InvalidCheck("Nonce cookie was missing.")
+    const value = (await jwt.decode({ ...options.jwt, token: nonce })) as any

-    const value = await decode<CheckPayload>({ ...options.jwt, token: nonce })
-
-    if (!value?.value)
-      throw new InvalidCheck("Nonce value could not be parsed.")
-
-    // Clear the nonce cookie after use
-    resCookies.push({
-      name: options.cookies.nonce.name,
-      value: "",
-      options: { ...options.cookies.nonce.options, maxAge: 0 },
-    })
-
-    return value.value
+    return {
+      value: value?.value ?? undefined,
+      cookie: {
+        name: cookies.nonce.name,
+        value: "",
+        options: { ...cookies.nonce.options, maxAge: 0 },
+      },
+    }
  },
 }
--- a/packages/core/src/lib/providers.ts
+++ b/packages/core/src/lib/providers.ts
@@ -23,8 +23,7 @@ export default function parseProviders(params: {
 } {
  const { url, providerId } = params

-  const providers = params.providers.map((p) => {
-    const provider = typeof p === "function" ? p() : p
+  const providers = params.providers.map((provider) => {
    const { options: userOptions, ...defaults } = provider

    const id = (userOptions?.id ?? defaults.id) as string
--- a/packages/core/src/lib/routes/callback.ts
+++ b/packages/core/src/lib/routes/callback.ts
@@ -139,6 +139,7 @@ export async function callback(params: {
        })
      }

+      // @ts-expect-error
      await events.signIn?.({ user, account, profile, isNewUser })

      // Handle first logins on new accounts
--- a/packages/core/src/lib/routes/session.ts
+++ b/packages/core/src/lib/routes/session.ts
@@ -9,7 +9,7 @@ import type { SessionStore } from "../cookie.js"
 export async function session(
  sessionStore: SessionStore,
  options: InternalOptions
-): Promise<ResponseInternal<Session | null>> {
+): Promise<ResponseInternal<Session | {}>> {
  const {
    adapter,
    jwt,
@@ -19,8 +19,8 @@ export async function session(
    session: { strategy: sessionStrategy, maxAge: sessionMaxAge },
  } = options

-  const response: ResponseInternal<Session | null> = {
-    body: null,
+  const response: ResponseInternal<Session | {}> = {
+    body: {},
    headers: { "Content-Type": "application/json" },
    cookies: [],
  }
--- a/packages/core/src/lib/web.ts
+++ b/packages/core/src/lib/web.ts
@@ -78,6 +78,7 @@ export function toResponse(res: ResponseInternal): Response {
    const cookieHeader = serialize(name, value, options)
    if (headers.has("Set-Cookie")) headers.append("Set-Cookie", cookieHeader)
    else headers.set("Set-Cookie", cookieHeader)
+    // headers.set("Set-Cookie", cookieHeader) // TODO: Remove. Seems to be a bug with Headers in the runtime
  })

  let body = res.body
--- a/packages/core/src/providers/apple.ts
+++ b/packages/core/src/providers/apple.ts
@@ -1,19 +1,22 @@
 /**
- * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
- * <span style={{fontSize: "1.35rem" }}>
- *  Built-in sign in with <b>Apple</b> integration.
- * </span>
- * <a href="https://apple.com" style={{backgroundColor: "black", padding: "12px", borderRadius: "100%" }}>
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/apple-dark.svg" width="24"/>
+ * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Apple</b> integration.</span>
+ * <a href="https://apple.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/apple-dark.svg" height="48" width="48"/>
 * </a>
 * </div>
 *
+ * ---
 * @module providers/apple
 */

 import type { OAuthConfig, OAuthUserConfig } from "./index.js"

-/** The returned user profile from Apple when using the profile callback. */
+/**
+ * See more at:
+ * [Retrieve the User's Information from Apple ID Servers
+](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773)
+ */
 export interface AppleProfile extends Record<string, any> {
  /**
   * The issuer registered claim identifies the principal that issued the identity token.
@@ -96,44 +99,6 @@ export interface AppleProfile extends Record<string, any> {
  auth_time: number
 }

-/**
- * ## Setup
- *
- * Import the provider and configure it in your **Auth.js** initialization file:
- *
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import AppleProvider from "next-auth/providers/apple"
- *
- * export default NextAuth({
- *   providers: [
- *     AppleProvider({
- *       clientId: process.env.GITHUB_ID,
- *       clientSecret: process.env.GITHUB_SECRET,
- *     }),
- *   ],
- * })
- * ```
- * 
- * ## Resources
- * 
- * - Sign in with Apple [Overview](https://developer.apple.com/sign-in-with-apple/get-started/)
- * - Sign in with Apple [REST API](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api)
- * - [How to retrieve](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773) the user's information from Apple ID servers
- * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
-
- * ## Notes
- * 
- * The Apple provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/apple.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
- *
- * ## Help
- *
- * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
- *
- * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
- * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
- * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
- */
 export default function Apple<P extends AppleProfile>(
  options: Omit<OAuthUserConfig<P>, "clientSecret"> & {
    /**
--- a/packages/core/src/providers/asgardeo.ts
+++ b/packages/core/src/providers/asgardeo.ts
@@ -1,100 +1,95 @@
 /**
- * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
- * <span style={{fontSize: "1.35rem" }}>
- *  Built-in sign in with <b>Asgardeo</b> integration.
- * </span>
- * <a href="https://wso2.com/asgardeo/" style={{backgroundColor: "#ECEFF1", padding: "12px", borderRadius: "100%" }}>
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/asgardeo-dark.svg" width="24"/>
+ * <div style={{backgroundColor: "#24292f", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Asgardeo</b> integration.</span>
+ * <a href="https://wso2.com/asgardeo/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/asgardeo-dark.svg" height="48" width="48"/>
 * </a>
 * </div>
 *
+ * ---
 * @module providers/asgardeo
 */

 import type { OIDCConfig, OIDCUserConfig } from "./index.js"

-/** The returned user profile from Asgardeo when using the profile callback. */
-export interface AsgardeoProfile extends Record<string, any> {
-  /**
-   * The user Asgardeo account ID
-   */
+export interface AsgardeoProfile {
  sub: string
-  /**
-   * The user name
-   */
  given_name: string
-  /**
-   * The user email
-   */
  email: string
-  /**
-   * The user profile picture
-   */
  picture: string
 }

 /**
+ * Add Asgardeo login to your page.
+ * ## Documentation
 *
- * ## Setup
+ * https://wso2.com/asgardeo/docs/guides/authentication
 *
- * Import the provider and configure it in your **Auth.js** initialization file:
 *
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import AsgardeoProvider from "next-auth/providers/asgardeo";
+ * ## Instructions
 *
- * export default NextAuth({
- *  providers: [
- *    AsgardeoProvider({
- *      clientId: process.env.ASGARDEO_CLIENT_ID,
- *      clientSecret: process.env.ASGARDEO_CLIENT_SECRET,
- *      issuer: process.env.ASGARDEO_ISSUER
- *    }),
- *  ],
- * })
- * ```
+ * - Log into https://console.asgardeo.io.
+ * - Next, go to "Application" tab (More info: https://wso2.com/asgardeo/docs/guides/applications/register-oidc-web-app/).
+ * - Register standard based - Open id connect, application.
+ * - Add callback URL: http://localhost:3000/api/auth/callback/asgardeo and https://your-domain.com/api/auth/callback/asgardeo
+ * - After registering the application, go to protocol tab.
+ * - Check `code` grant type.
+ * - Add Authorized redirect URLs & Allowed origins fields.
+ * - Make Email, First Name, Photo URL user attributes mandatory from the console.
 *
- * ### Configuring Asgardeo
+ * Create a `.env` file in the project root add the following entries:
 *
- * Follow these steps:
- *
- * 1. Log into the [Asgardeo console](https://console.asgardeo.io)
- * 2. Next, go to "Application" tab (more info [here](https://wso2.com/asgardeo/docs/guides/applications/register-oidc-web-app/))
- * 3. Register a standard based, Open ID connect, application
- * 4. Add the **callback URLs**: `http://localhost:3000/api/auth/callback/asgardeo` (development) and `https://{YOUR_DOMAIN}.com/api/auth/callback/asgardeo` (production)
- * 5. After registering the application, go to "Protocol" tab.
- * 6. Check `code` as the grant type.
- * 7. Add "Authorized redirect URLs" & "Allowed origins fields"
- * 8. Make Email, First Name, Photo URL user attributes mandatory from the console.
- *
- * Then, create a `.env` file in the project root add the following entries:
+ * These values can be collected from the application created.
 *
 * ```
- * ASGARDEO_CLIENT_ID="Copy client ID from protocol tab here"
- * ASGARDEO_CLIENT_SECRET="Copy client from protocol tab here"
- * ASGARDEO_ISSUER="Copy the issuer url from the info tab here"
+ * ASGARDEO_CLIENT_ID=<Copy client ID from protocol tab here>
+ * ASGARDEO_CLIENT_SECRET=<Copy client from protocol tab here>
+ * ASGARDEO_ISSUER=<Copy the issuer url from the info tab here>
+ * ```
+ *
+ * In `pages/api/auth/[...nextauth].js` find or add the `Asgardeo` entries:
+ *
+ * ```js
+ * import Asgardeo from "next-auth/providers/asgardeo";
+ * ...
+ * providers: [
+ *   Asgardeo({
+ *     clientId: process.env.ASGARDEO_CLIENT_ID,
+ *     clientSecret: process.env.ASGARDEO_CLIENT_SECRET,
+ *     issuer: process.env.ASGARDEO_ISSUER
+ *   }),
+ * ],
+ *
+ * ...
 * ```
 *
 * ## Resources
 *
- * - [Asgardeo - Authentication Guide](https://wso2.com/asgardeo/docs/guides/authentication)
- * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * @see [Asgardeo - Authentication Guide](https://wso2.com/asgardeo/docs/guides/authentication)
+ * @see [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * @see [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts)
 *
 * ## Notes
 *
- * The Asgardeo provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ * By default, Auth.js assumes that the Asgardeo provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Asgardeo provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/asgardeo.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
 *
- * :::info
- * By default, Auth.js assumes that the Asgardeo provider is based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) spec
 * :::
 *
- * ## Help
+ * :::info **Disclaimer**
 *
 * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
 *
 * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
 * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
 * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
 */
 export default function Asgardeo(
  config: OIDCUserConfig<AsgardeoProfile>
--- a/packages/core/src/providers/atlassian.ts
+++ b/packages/core/src/providers/atlassian.ts
@@ -1,72 +1,12 @@
-/**
- * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
- * <span style={{fontSize: "1.35rem" }}>
- *  Built-in sign in with <b>Atlassian</b> integration.
- * </span>
- * <a href="https://www.atlassian.com/" style={{backgroundColor: "black", padding: "12px", borderRadius: "100%" }}>
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/atlassian.svg" width="24" style={{ marginTop: "-3px"}} />
- * </a>
- * </div>
- *
- * @module providers/atlassian
- */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"

-/** The returned user profile from Atlassian when using the profile callback. */
-export interface AtlassianProfile extends Record<string, any> {
-  /**
-   * The user's atlassian account ID
-   */
+interface AtlassianProfile extends Record<string, any> {
  account_id: string
-  /**
-   * The user name
-   */
  name: string
-  /**
-   * The user's email
-   */
  email: string
-  /**
-   * The user's profile picture
-   */
  picture: string
 }

-/**
- * ## Setup
- *
- * Import the provider and configure it in your **Auth.js** initialization file:
- *
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import AtlassianProvider from "next-auth/providers/atlassian"
- *
- * export default NextAuth({
- *   providers: [
- *     AtlassianProvider({
- *       clientId: process.env.ATLASSIAN_ID,
- *       clientSecret: process.env.ATLASSIAN_SECRET,
- *     }),
- *   ],
- * })
- * ```
- *
- * ## Resources
- *
- * - [Atlassian docs](https://developer.atlassian.com/server/jira/platform/oauth/)
- *
- * ## Notes
- *
- * The Atlassian provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/atlassian.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
- *
- * ## Help
- *
- * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
- *
- * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
- * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
- * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
- */
 export default function Atlassian<P extends AtlassianProfile>(
  options: OAuthUserConfig<P>
 ): OAuthConfig<P> {
--- a/packages/core/src/providers/auth0.ts
+++ b/packages/core/src/providers/auth0.ts
@@ -1,19 +1,19 @@
 /**
- * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
- * <span style={{fontSize: "1.35rem" }}>
- *  Built-in sign in with <b>Auth0</b> integration.
- * </span>
- * <a href="https://auth0.com" style={{backgroundColor: "black", padding: "12px", borderRadius: "100%" }}>
- *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/auth0-dark.svg" width="24"/>
+ * <div style={{backgroundColor: "#EB5424", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Auth0</b> integration.</span>
+ * <a href="https://auth0.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/auth0-dark.svg" height="48" width="48"/>
 * </a>
 * </div>
 *
+ * ---
 * @module providers/auth0
 */
+
 import type { OIDCConfig, OIDCUserConfig } from "./index.js"

-/** The returned user profile from Auth0 when using the profile callback. [Reference](https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure). */
-export interface Auth0Profile extends Record<string, any> {
+/** @see [User Profile Structure](https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure) */
+export interface Auth0Profile {
  /** The user's unique identifier. */
  sub: string
  /** Custom fields that store info about a user that influences the user's access, such as support plan, security roles (if not using the Authorization Core feature set), or access control groups. To learn more, read Metadata Overview. */
@@ -75,40 +75,51 @@ export interface Auth0Profile extends Record<string, any> {
 }

 /**
- * ## Setup
+ * Add Auth0 login to your page.
 *
- * Import the provider and configure it in your **Auth.js** initialization file:
+ * ## Example
 *
- * ```ts title="pages/api/auth/[...nextauth].ts"
- * import NextAuth from "next-auth"
- * import Auth0Provider from "next-auth/providers/auth0"
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Auth0 from "@auth/core/providers/auth0"
 *
- * export default NextAuth({
- *   providers: [
- *     Auth0Provider({
- *       clientId: process.env.AUTH0_ID,
- *       clientSecret: process.env.AUTH0_SECRET,
- *     }),
- *   ],
+ * const request = new Request("https://example.com")
+ * const response = await Auth(request, {
+ *   providers: [Auth0({ clientId: "", clientSecret: "", issuer: "" })],
 * })
 * ```
 *
+ * ---
+ *
 * ## Resources
 *
- * - [Auth0 docs](https://auth0.com/docs/authenticate)
+ * - [Authenticate - Auth0 docs](https://auth0.com/docs/authenticate)
+ *
+ * ---
 *
 * ## Notes
 *
- * The Auth0 provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ * By default, Auth.js assumes that the Auth0 provider is
+ * based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.
 *
- * ## Help
+ * :::tip
+ *
+ * The Auth0 provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
 *
 * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
 *
 * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
 * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
 * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
 */
+
 export default function Auth0(
  config: OIDCUserConfig<Auth0Profile>
 ): OIDCConfig<Auth0Profile> {
--- a/packages/core/src/providers/index.ts
+++ b/packages/core/src/providers/index.ts
@@ -44,12 +44,6 @@ export interface CommonProviderOptions {
  type: ProviderType
 }

-interface InternalProviderOptions {
-  /** Used to deep merge user-provided config with the default config
-   */
-  options?: Record<string, unknown>
-}
-
 /**
 * Must be a supported authentication provider config:
 * - {@link OAuthConfig}
@@ -63,14 +57,17 @@ interface InternalProviderOptions {
 * @see [Credentials guide](https://authjs.dev/guides/providers/credentials)
 */
 export type Provider<P extends Profile = Profile> = (
-  | ((OIDCConfig<P> | OAuth2Config<P> | EmailConfig | CredentialsConfig) &
-      InternalProviderOptions)
-  | ((
-      ...args: any
-    ) => (OAuth2Config<P> | OIDCConfig<P> | EmailConfig | CredentialsConfig) &
-      InternalProviderOptions)
-) &
-  InternalProviderOptions
+  | OIDCConfig<P>
+  | OAuth2Config<P>
+  | EmailConfig
+  | CredentialsConfig
+) & {
+  /**
+   * Used to deep merge user-provided config with the default config
+   * @internal
+   */
+  options: Record<string, unknown>
+}

 export type BuiltInProviders = Record<
  OAuthProviderType,
--- a/packages/core/src/providers/oauth.ts
+++ b/packages/core/src/providers/oauth.ts
@@ -19,7 +19,7 @@ type UrlParams = Record<string, unknown>

 type EndpointRequest<C, R, P> = (
  context: C & {
-    /** Provider is passed for convenience, and also contains the `callbackUrl`. */
+    /** Provider is passed for convenience, ans also contains the `callbackUrl`. */
    provider: OAuthConfigInternal<P> & {
      signinUrl: string
      callbackUrl: string
@@ -183,6 +183,7 @@ export type OAuthEndpointType = "authorization" | "token" | "userinfo"
 /**
 * We parsed `authorization`, `token` and `userinfo`
 * to always contain a valid `URL`, with the params
+ * @internal
 */
 export type OAuthConfigInternal<Profile> = Omit<
  OAuthConfig<Profile>,
@@ -192,7 +193,6 @@ export type OAuthConfigInternal<Profile> = Omit<
  token?: {
    url: URL
    request?: TokenEndpointHandler["request"]
-    /** @internal */
    conform?: TokenEndpointHandler["conform"]
  }
  userinfo?: { url: URL; request?: UserinfoEndpointHandler["request"] }
--- a/packages/core/src/providers/reddit.js
+++ b/packages/core/src/providers/reddit.js
@@ -7,7 +7,6 @@ export default function Reddit(options) {
    authorization: "https://www.reddit.com/api/v1/authorize?scope=identity",
    token: "https://www.reddit.com/api/v1/access_token",
    userinfo: "https://oauth.reddit.com/api/v1/me",
-    checks: ["state"],
    style: {
      logo: "/reddit.svg",
      bg: "#fff",
--- a/packages/core/src/providers/salesforce.ts
+++ b/packages/core/src/providers/salesforce.ts
@@ -1,48 +1,3 @@
-/**
- * Add Salesforce login to your page.
- *
- * ## Example
- *
- * ```ts
- * import { Auth } from "@auth/core"
- * import Salesforce from "@auth/core/providers/salesforce"
- *
- * const request = new Request("https://example.com")
- * const response = await AuthHandler(request, {
- *   providers: [Salesforce({ clientId: "", clientSecret: "" })],
- * })
- * ```
- *
- * ---
- *
- * ## Resources
- *
- * - [](https://example.com)
- *
- * ---
- *
- * ## Notes
- *
- * By default, Auth.js assumes that the Salesforce provider is
- * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
- *
- * :::tip
- *
- * The Salesforce provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/.ts).
- * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
- *
- * :::
- *
- * :::info **Disclaimer**
- *
- * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
- *
- * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
- * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
- * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
- *
- * :::
- */
 import type { OAuthConfig, OAuthUserConfig } from "./index.js"

 export interface SalesforceProfile extends Record<string, any> {
--- a/packages/core/src/types.ts
+++ b/packages/core/src/types.ts
@@ -121,10 +121,10 @@ export interface Account extends Partial<OpenIDTokenEndpointResponse> {

 /** The OAuth profile returned from your provider */
 export interface Profile {
-  sub?: string | null
-  name?: string | null
-  email?: string | null
-  image?: string | null
+  sub?: string
+  name?: string
+  email?: string
+  image?: string
 }

 /** [Documentation](https://authjs.dev/guides/basics/callbacks) */
@@ -406,7 +406,7 @@ export interface RequestInternal {

 /** @internal */
 export interface ResponseInternal<
-  Body extends string | Record<string, any> | any[] | null = any
+  Body extends string | Record<string, any> | any[] = any
 > {
  status?: number
  headers?: Headers | HeadersInit
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
Author	SHA1	Message	Date
Balázs Orbán	b72eabb15d	misc	2023-04-06 14:13:45 +02:00
Balázs Orbán	371f7bd4a1	fix logo link	2023-04-06 14:08:18 +02:00
Balázs Orbán	35f71bbcc8	fix readme	2023-04-06 14:07:11 +02:00
Balázs Orbán	97b1202ecb	some fixes	2023-04-06 14:02:46 +02:00
Balázs Orbán	8423a05e95	feat(adapters): add Drizzle ORM adapter	2023-04-06 13:43:59 +02:00