update in core

Change description to reflect that JWT is encrypted by default

.eslintignore

@@ -0,0 +1,70 @@
+.eslintrc.js
+.cache-loader
+.DS_Store
+.pnpm-debug.log
+.turbo
+.vscode/generated*
+/_work
+/actions-runner
+node_modules
+patches
+pnpm-lock.yaml
+.github/actions/issue-validator/index.mjs
+*.cjs
+*.js
+*.d.ts
+*.d.ts.map
+
+.svelte-kit
+.next
+.nuxt
+
+# --------------- Docs ---------------
+
+.docusaurus
+build
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit
+static
+
+# --------------- Packages ---------------
+
+coverage
+dist
+
+# @auth/core
+packages/core/src/providers/oauth-types.ts
+packages/core/src/lib/pages/styles.ts
+
+# @auth/sveltekit
+packages/frameworks-sveltekit/package
+packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*
+
+# next-auth
+packages/next-auth/src/providers/oauth-types.ts
+packages/next-auth/css/index.css
+
+
+# Adapters
+.branches
+db.sqlite
+dev.db
+dynamodblocal-bin
+firebase-debug.log
+firestore-debug.log
+migrations
+test.schema.gql
+
+# --------------- Apps ---------------
+
+
+# Examples should have their own Prettier config since they are templates too
+apps/example-sveltekit
+
+# Development app
+apps
+
+
+# --------------- Tests ---------------
+# TODO: these should be linted
+packages/**/*test*

.eslintrc.js

@@ -0,0 +1,75 @@
+// @ts-check
+
+/** @type {import("eslint").ESLint.ConfigData} */
+module.exports = {
+  env: { browser: true, es2022: true, node: true },
+  extends: ["eslint:recommended", "prettier"],
+  overrides: [
+    {
+      files: ["*.ts", "*.tsx"],
+      parser: "@typescript-eslint/parser",
+      parserOptions: {
+        project: ["./packages/**/tsconfig.json", "./apps/**/tsconfig.json"],
+      },
+      settings: { react: { version: "18" } },
+      extends: [
+        "plugin:react/recommended",
+        "plugin:react/jsx-runtime",
+        "standard-with-typescript",
+        "prettier",
+      ],
+      rules: {
+        "@typescript-eslint/explicit-function-return-type": "off",
+        "@typescript-eslint/method-signature-style": "off",
+        "@typescript-eslint/naming-convention": "off",
+        "@typescript-eslint/no-non-null-assertion": "off",
+        "@typescript-eslint/restrict-template-expressions": "off",
+        "@typescript-eslint/strict-boolean-expressions": "off",
+        "react/prop-types": "off",
+        "react/no-unescaped-entities": "off",
+      },
+    },
+    {
+      files: ["*.test.ts", "*.test.js"],
+      extends: ["plugin:jest/recommended"],
+      env: { jest: true },
+    },
+    {
+      files: ["docs/**"],
+      plugins: ["@docusaurus"],
+      extends: ["plugin:@docusaurus/recommended"],
+    },
+    {
+      // TODO: Expand to all packages
+      files: ["packages/{core,sveltekit}/*.ts"],
+      plugins: ["jsdoc"],
+      extends: ["plugin:jsdoc/recommended"],
+      rules: {
+        "jsdoc/require-param": "off",
+        "jsdoc/require-returns": "off",
+        "jsdoc/require-jsdoc": [
+          "warn",
+          { publicOnly: true, enableFixer: false },
+        ],
+        "jsdoc/no-multi-asterisks": ["warn", { allowWhitespace: true }],
+        "jsdoc/tag-lines": "off",
+      },
+    },
+    {
+      files: ["packages/frameworks-sveltekit"],
+      plugins: ["svelte3"],
+      overrides: [{ files: ["*.svelte"], processor: "svelte3/svelte3" }],
+      settings: {
+        "svelte3/typescript": () => require("typescript"),
+      },
+      parserOptions: { sourceType: "module", ecmaVersion: 2020 },
+      env: { browser: true, es2017: true, node: true },
+    },
+  ],
+  parserOptions: {
+    sourceType: "module",
+    ecmaVersion: "latest",
+    ecmaFeatures: { jsx: true },
+  },
+  root: true,
+}

.github/ISSUE_TEMPLATE/1_bug_framework.yml

@@ -30,7 +30,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
         ```
         Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/ISSUE_TEMPLATE/2_bug_provider.yml

@@ -25,14 +25,12 @@ body:
         - "Custom provider"
         - "42 School"
         - "Apple"
-        - "Asgardeo"
         - "Atlassian"
         - "Auth0"
         - "Authentik"
         - "Azure Active Directory"
         - "Azure Active Directory B2C"
         - "Battlenet"
-        - "Beyond Identity"
         - "Box"
         - "Bungie"
         - "Cognito"
@@ -59,7 +57,6 @@ body:
         - "Medium"
         - "Naver"
         - "Netlify"
-        - "Notion"
         - "Okta"
         - "OneLogin"
         - "Osso"
@@ -90,7 +87,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
         ```
         Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/ISSUE_TEMPLATE/3_bug_adapter.yml

@@ -44,7 +44,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*" && npx envinfo --npmPackages "@next-auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth" && npx envinfo --npmPackages "@next-auth/*"
         ```
         Alternatively, if the above command did not work, we need the version of the following packages from your package.json: "next", "react", "next-auth" and your adapter. Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/actions/issue-validator/repro.md

@@ -14,9 +14,9 @@ Ensure the link is pointing to a codebase that is accessible (e.g. not a private
 
 ### **What happens if I don't provide a sufficient minimal reproduction?**
 
-Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are closed after 7 days.
+Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.
 
-If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction. (It's less likely that we check back on already closed issues.)
+If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.
 
 ### **I did not open this issue, but it is relevant to me, what can I do to help?**
 

.github/actions/issue-validator/src/index.mjs

@@ -41,7 +41,13 @@ async function run() {
       label: { name: newLabel },
     } = payload
 
-    if (pull_request || !issue?.body || !process.env.GITHUB_TOKEN) return
+    if (
+      pull_request ||
+      !issue?.body ||
+      !process.env.GITHUB_TOKEN ||
+      !process.env.GITHUB_ACTION_PATH
+    )
+      return
 
     const labels = issue.labels.map((l) => l.name)
     // const isBugReport =
@@ -72,9 +78,7 @@ async function run() {
         client.issues.createComment({
           ...issueCommon,
           body: readFileSync(
-            join(
-              "/home/runner/work/next-auth/next-auth/.github/actions/issue-validator/repro.md"
-            ),
+            join(process.env.GITHUB_ACTION_PATH, "repro.md"),
             "utf8"
           ),
         }),

.github/sync.yml

@@ -7,13 +7,6 @@ nextauthjs/sveltekit-auth-example:
   - .github/FUNDING.yml
   - LICENSE
 
-nextauthjs/solid-start-auth-example:
-  - source: "apps/examples/solid-start"
-    dest: .
-    deleteOrphaned: true
-  - .github/FUNDING.yml
-  - LICENSE
-
 nextauthjs/next-auth-gatsby-example:
   - source: apps/playgrounds/gatsby
     dest: .

.github/workflows/issue-validator.yml

@@ -11,7 +11,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 18
-      - name: Run issue validator
+      - name: "Run issue validator"
         run: node /home/runner/work/next-auth/next-auth/.github/actions/issue-validator/index.mjs
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -3,10 +3,10 @@ name: Release
 on:
   push:
     branches:
-      - main
-      - beta
-      - next
-      - 3.x
+      - "main"
+      - "beta"
+      - "next"
+      - "3.x"
   pull_request:
 
 jobs:
@@ -24,6 +24,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Run tests
@@ -34,22 +35,6 @@ jobs:
           UPSTASH_REDIS_KEY: ${{ secrets.UPSTASH_REDIS_KEY }}
           TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-      # - name: Run E2E tests
-      #   if: github.repository == 'nextauthjs/next-auth'
-      #   run: pnpm e2e
-      #   timeout-minutes: 15
-      #   env:
-      #     AUTH0_USERNAME: ${{ secrets.AUTH0_USERNAME }}
-      #     AUTH0_PASSWORD: ${{ secrets.AUTH0_PASSWORD }}
-      #     TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-      #     TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-      # - name: Upload E2E artifacts
-      #   if: github.repository == 'nextauthjs/next-auth'
-      #   uses: actions/upload-artifact@v3
-      #   with:
-      #     name: playwright-report
-      #     path: apps/dev/nextjs/playwright-report/
-      #     retention-days: 30
       # - name: Coverage
       #   uses: codecov/codecov-action@v1
       #   with:
@@ -73,6 +58,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Publish to npm and GitHub
@@ -97,6 +83,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Determine version

.github/workflows/sync-examples.yml

@@ -11,9 +11,9 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v3
       - name: Run GitHub File Sync
-        uses: balazsorban44/repo-file-sync-action@master
+        # Can update to v1 when https://github.com/BetaHuhn/repo-file-sync-action/issues/168 is resolved
+        uses: BetaHuhn/repo-file-sync-action@v1.16.5
         with:
-          GH_PAT: ${{ secrets.GH_PAT }}
-          IS_FINE_GRAINED: true
+          GH_PAT: ${{ secrets.GH_PAT_CLASSIC }}
           SKIP_PR: true
           ORIGINAL_MESSAGE: true

.gitignore

@@ -1,5 +1,6 @@
 # Misc
 .DS_Store
+.npmrc
 .eslintcache
 .env
 .env.local
@@ -11,9 +12,8 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 firebase-debug.log
-ui-debug.log
 .pnpm-debug.log
-.husky
+
 
 # Dependencies
 node_modules
@@ -34,10 +34,13 @@ packages/next-auth/utils
 packages/next-auth/core
 packages/next-auth/jwt
 packages/next-auth/react
+packages/next-auth/adapters.d.ts
+packages/next-auth/adapters.js
+packages/next-auth/index.d.ts
+packages/next-auth/index.js
 packages/next-auth/next
-packages/*/*.js
-packages/*/*.d.ts
-packages/*/*.d.ts.map
+packages/next-auth/middleware.d.ts
+packages/next-auth/middleware.js
 
 # Development app
 apps/dev/src/css
@@ -78,12 +81,14 @@ docs/.docusaurus
 docs/providers.json
 
 # Core
-packages/core/src/providers/oauth-types.ts
+packages/core/*.js
+packages/core/*.d.ts
+packages/core/*.d.ts.map
 packages/core/lib
 packages/core/providers
 packages/core/src/lib/pages/styles.ts
-docs/docs/reference/core
-docs/docs/reference/sveltekit
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit
 
 
 # SvelteKit
@@ -93,7 +98,3 @@ packages/frameworks-sveltekit/.svelte-kit
 packages/frameworks-sveltekit/package
 packages/frameworks-sveltekit/vite.config.js.timestamp-*
 packages/frameworks-sveltekit/vite.config.ts.timestamp-*
-
-# Adapters
-
-docs/docs/reference/adapter

.npmrc

@@ -1 +0,0 @@
-public-hoist-pattern[]=*prisma*

.prettierignore

@@ -20,8 +20,8 @@ pnpm-lock.yaml
 
 .docusaurus
 build
-docs/docs/reference/core
-docs/docs/reference/sveltekit
+docs/docs/reference/03-core
+docs/docs/reference/04-sveltekit
 static
 docs/providers.json
 

.prettierrc.js

@@ -0,0 +1,22 @@
+// @ts-check
+
+/** @type {import("prettier").Config} */
+module.exports = {
+  semi: false,
+  singleQuote: false,
+  overrides: [
+    {
+      files: [
+        "apps/dev/pages/api/auth/[...nextauth].ts",
+        "docs/{sidebars,docusaurus.config}.js",
+      ],
+      options: { printWidth: 150 },
+    },
+    {
+      files: ["**/*package.json"],
+      options: {
+        trailingComma: "none",
+      },
+    },
+  ],
+}

apps/dev/nextjs/.env.local.example

@@ -9,39 +9,20 @@ NEXTAUTH_URL=http://localhost:3000
 # and/or verification tokens.
 NEXTAUTH_SECRET=secret
 
-ASGARDEO_CLIENT_ID=
-ASGARDEO_CLIENT_SECRET=
-ASGARDEO_ISSUER=
-
 AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
-# Beyond Identity Provider
-BEYOND_IDENTITY_CLIENT_ID=
-BEYOND_IDENTITY_CLIENT_SECRET=
-BEYOND_IDENTITY_ISSUER=
-
-GITHUB_ID=
-GITHUB_SECRET=
-
-NOTION_ID=
-NOTION_SECRET=
-NOTION_REDIRECT_URI=
-
-IDS4_ID=
-IDS4_SECRET=
-IDS4_ISSUER=
-
 KEYCLOAK_ID=
 KEYCLOAK_SECRET=
 KEYCLOAK_ISSUER=
 
-LINE_ID=
-LINE_SECRET=
+IDS4_ID=
+IDS4_SECRET=
+IDS4_ISSUER=
 
-TRAKT_ID=
-TRAKT_SECRET=
+GITHUB_ID=
+GITHUB_SECRET=
 
 TWITCH_ID=
 TWITCH_SECRET=
@@ -49,12 +30,11 @@ TWITCH_SECRET=
 TWITTER_ID=
 TWITTER_SECRET=
 
-WIKIMEDIA_ID=
-WIKIMEDIA_SECRET=
+LINE_ID=
+LINE_SECRET=
 
-# Yandex OAuth. new app -> https://oauth.yandex.com/client/new/id
-YANDEX_ID=
-YANDEX_SECRET=
+TRAKT_ID=
+TRAKT_SECRET=
 
 # Example configuration for a Gmail account (will need SMTP enabled)
 EMAIL_SERVER=smtps://user@gmail.com:password@smtp.gmail.com:465
@@ -67,9 +47,12 @@ EMAIL_FROM=user@gmail.com
 # MongoDB:  DATABASE_URL=mongodb://nextauth:password@127.0.0.1:27017/nextauth?synchronize=true
 DATABASE_URL=
 
+WIKIMEDIA_ID=
+WIKIMEDIA_SECRET=
+
 # Supabase Example Configuration
 # Supabase Example Configuration
 # NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
 # SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSJ9.vI9obAHOGyVVKa3pD--kJlyxp-Z2zV9UUMAhKpNLAcU
 # SUPABASE_JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long
-# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs
+# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs

apps/dev/nextjs/.gitignore

@@ -1,4 +0,0 @@
-node_modules/
-/test-results/
-/playwright-report/
-/playwright/.cache/

apps/dev/nextjs/components/header.js

@@ -1,5 +1,5 @@
 import Link from "next/link"
-import { useSession } from "next-auth/react"
+import { signIn, signOut, useSession } from "next-auth/react"
 import styles from "./header.module.css"
 
 // The approach used in this component shows how to built a sign in and sign out
@@ -24,7 +24,14 @@ export default function Header() {
               <span className={styles.notSignedInText}>
                 You are not signed in
               </span>
-              <a href="/api/auth/signin" className={styles.buttonPrimary}>
+              <a
+                href="/api/auth/signin"
+                className={styles.buttonPrimary}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signIn()
+                }}
+              >
                 Sign in
               </a>
             </>
@@ -40,7 +47,14 @@ export default function Header() {
                 <strong>{session.user.email} </strong>
                 {session.user.name ? `(${session.user.name})` : null}
               </span>
-              <a href="/api/auth/signout" className={styles.button}>
+              <a
+                href="/api/auth/signout"
+                className={styles.button}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signOut()
+                }}
+              >
                 Sign out
               </a>
             </>

apps/dev/nextjs/package.json

@@ -9,12 +9,10 @@
     "build": "next build",
     "start": "next start",
     "email": "fake-smtp-server",
-    "start:email": "pnpm email",
-    "e2e": "pnpm dlx playwright test"
+    "start:email": "pnpm email"
   },
   "license": "ISC",
   "dependencies": {
-    "@auth/core": "workspace:*",
     "@next-auth/fauna-adapter": "workspace:*",
     "@next-auth/prisma-adapter": "workspace:*",
     "@next-auth/supabase-adapter": "workspace:*",
@@ -24,16 +22,15 @@
     "faunadb": "^4",
     "next": "13.1.1",
     "next-auth": "workspace:*",
+    "@auth/core": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",
     "react-dom": "^18"
   },
   "devDependencies": {
-    "@playwright/test": "1.29.2",
     "@types/jsonwebtoken": "^8.5.5",
     "@types/react": "^18.0.15",
     "@types/react-dom": "^18.0.6",
-    "dotenv": "^16.0.3",
     "fake-smtp-server": "^0.8.0",
     "pg": "^8.7.3",
     "prisma": "^3",

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -2,11 +2,9 @@ import { Auth, type AuthConfig } from "@auth/core"
 
 // Providers
 import Apple from "@auth/core/providers/apple"
-import Asgardeo from "@auth/core/providers/asgardeo"
 import Auth0 from "@auth/core/providers/auth0"
 import AzureAD from "@auth/core/providers/azure-ad"
 import AzureB2C from "@auth/core/providers/azure-ad-b2c"
-import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
@@ -25,7 +23,6 @@ import Instagram from "@auth/core/providers/instagram"
 import Line from "@auth/core/providers/line"
 import LinkedIn from "@auth/core/providers/linkedin"
 import Mailchimp from "@auth/core/providers/mailchimp"
-import Notion from "@auth/core/providers/notion"
 // import Okta from "@auth/core/providers/okta"
 import Osu from "@auth/core/providers/osu"
 import Patreon from "@auth/core/providers/patreon"
@@ -34,7 +31,6 @@ import Spotify from "@auth/core/providers/spotify"
 import Trakt from "@auth/core/providers/trakt"
 import Twitch from "@auth/core/providers/twitch"
 import Twitter from "@auth/core/providers/twitter"
-import Yandex from "@auth/core/providers/yandex"
 import Vk from "@auth/core/providers/vk"
 import Wikimedia from "@auth/core/providers/wikimedia"
 import WorkOS from "@auth/core/providers/workos"
@@ -72,7 +68,7 @@ import WorkOS from "@auth/core/providers/workos"
 
 export const authConfig: AuthConfig = {
   // adapter,
-  debug: process.env.NODE_ENV !== "production",
+  // debug: process.env.NODE_ENV !== "production",
   theme: {
     logo: "https://next-auth.js.org/img/logo/logo-sm.png",
     brandColor: "#1786fb",
@@ -86,7 +82,6 @@ export const authConfig: AuthConfig = {
       },
     }),
     Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
-    Asgardeo({ clientId: process.env.ASGARDEO_CLIENT_ID, clientSecret: process.env.ASGARDEO_CLIENT_SECRET, issuer: process.env.ASGARDEO_ISSUER }),
     Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
     AzureAD({
       clientId: process.env.AZURE_AD_CLIENT_ID,
@@ -94,7 +89,6 @@ export const authConfig: AuthConfig = {
       tenantId: process.env.AZURE_AD_TENANT_ID,
     }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
-    BeyondIdentity({ clientId: process.env.BEYOND_IDENTITY_CLIENT_ID, clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET, issuer: process.env.BEYOND_IDENTITY_ISSUER }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
@@ -111,7 +105,6 @@ export const authConfig: AuthConfig = {
     Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
     LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
     Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
-    Notion({ clientId: process.env.NOTION_ID, clientSecret: process.env.NOTION_SECRET, redirectUri: process.env.NOTION_REDIRECT_URI }),
     // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
     Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
     Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),
@@ -121,7 +114,6 @@ export const authConfig: AuthConfig = {
     Twitch({ clientId: process.env.TWITCH_ID, clientSecret: process.env.TWITCH_SECRET }),
     Twitter({ clientId: process.env.TWITTER_ID, clientSecret: process.env.TWITTER_SECRET }),
     // TwitterLegacy({ clientId: process.env.TWITTER_LEGACY_ID, clientSecret: process.env.TWITTER_LEGACY_SECRET }),
-    Yandex({ clientId: process.env.YANDEX_ID, clientSecret: process.env.YANDEX_SECRET }),
     Vk({ clientId: process.env.VK_ID, clientSecret: process.env.VK_SECRET }),
     Wikimedia({ clientId: process.env.WIKIMEDIA_ID, clientSecret: process.env.WIKIMEDIA_SECRET }),
     WorkOS({ clientId: process.env.WORKOS_ID, clientSecret: process.env.WORKOS_SECRET }),

apps/dev/nextjs/playwright.config.ts

@@ -1,107 +0,0 @@
-import type { PlaywrightTestConfig } from '@playwright/test';
-import { devices } from '@playwright/test';
-
-/**
- * Read environment variables from file.
- * https://github.com/motdotla/dotenv
- */
-require('dotenv').config();
-
-/**
- * See https://playwright.dev/docs/test-configuration.
- */
-const config: PlaywrightTestConfig = {
-  testDir: './tests',
-  /* Maximum time one test can run for. */
-  timeout: 30 * 1000,
-  expect: {
-    /**
-     * Maximum time expect() should wait for the condition to be met.
-     * For example in `await expect(locator).toHaveText();`
-     */
-    timeout: 5000
-  },
-  /* Run tests in files in parallel */
-  fullyParallel: true,
-  /* Fail the build on CI if you accidentally left test.only in the source code. */
-  forbidOnly: !!process.env.CI,
-  /* Retry on CI only */
-  retries: process.env.CI ? 2 : 0,
-  /* Opt out of parallel tests on CI. */
-  workers: process.env.CI ? 1 : undefined,
-  /* Reporter to use. See https://playwright.dev/docs/test-reporters */
-  reporter: 'html',
-  /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
-  use: {
-    /* Maximum time each action such as `click()` can take. Defaults to 0 (no limit). */
-    actionTimeout: 0,
-    /* Base URL to use in actions like `await page.goto('/')`. */
-    // baseURL: 'http://localhost:3000',
-
-    /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
-    trace: 'on-first-retry',
-  },
-
-  /* Configure projects for major browsers */
-  projects: [
-    {
-      name: 'chromium',
-      use: {
-        ...devices['Desktop Chrome'],
-      },
-    },
-
-    {
-      name: 'firefox',
-      use: {
-        ...devices['Desktop Firefox'],
-      },
-    },
-
-    {
-      name: 'webkit',
-      use: {
-        ...devices['Desktop Safari'],
-      },
-    },
-
-    /* Test against mobile viewports. */
-    // {
-    //   name: 'Mobile Chrome',
-    //   use: {
-    //     ...devices['Pixel 5'],
-    //   },
-    // },
-    // {
-    //   name: 'Mobile Safari',
-    //   use: {
-    //     ...devices['iPhone 12'],
-    //   },
-    // },
-
-    /* Test against branded browsers. */
-    // {
-    //   name: 'Microsoft Edge',
-    //   use: {
-    //     channel: 'msedge',
-    //   },
-    // },
-    // {
-    //   name: 'Google Chrome',
-    //   use: {
-    //     channel: 'chrome',
-    //   },
-    // },
-  ],
-
-  /* Folder for test artifacts such as screenshots, videos, traces, etc. */
-  // outputDir: 'test-results/',
-
-  /* Run your local dev server before starting the tests */
-  // webServer: {
-  //   command: 'npm run start',
-  //   port: 3000,
-  // },
-};
-
-export default config;

apps/dev/nextjs/tests/signin.spec.ts

@@ -1,39 +0,0 @@
-import { test, expect } from "@playwright/test"
-
-test("Sign in with Auth0", async ({ page }) => {
-  // Go to NextAuth example app
-  await page.goto("https://next-auth-example.vercel.app")
-
-  // Click 'Sign In'
-  await page.click("#__next > header > div > p > a")
-
-  // Auth0 Login Provider
-  await page.click('body > div > div form[action*="auth0"] > button')
-
-  // Enter Credentials (Username/Password Login) on Auth0 Widget
-  await page.type("#username", process.env.AUTH0_USERNAME!)
-  await page.type("#password", process.env.AUTH0_PASSWORD!)
-
-  // Snap a screenshot
-  // await page.screenshot({ path: "1-auth0-login.png", fullPage: true })
-
-  // Press submit on Auth0 form
-  await page.click('body > div > main > section > div button[type="submit"]')
-
-  // Wait for next-auth example page login status header to appear
-  await page.waitForTimeout(2000)
-
-  // Snap a screenshot
-  // await page.screenshot({
-  //   path: "2-next-auth-redirect-result.png",
-  //   fullPage: false,
-  // })
-
-  // Check session object after successful login
-  const response = await page.goto(
-    "https://next-auth-example.vercel.app/api/auth/session"
-  )
-  const session = await response?.json()
-  expect(session?.user?.email).toBe(process.env.AUTH0_USERNAME)
-  // TODO: Check whole object with .toEqual()
-})

apps/dev/sveltekit/package.json

@@ -19,8 +19,8 @@
     "vite": "4.0.1"
   },
   "dependencies": {
-    "@auth/core": "workspace:*",
-    "@auth/sveltekit": "workspace:*"
+    "@auth/core": "latest",
+    "@auth/sveltekit": "latest"
   },
   "type": "module"
 }

apps/examples/nextjs/README.md

@@ -1,14 +1,9 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://authjs.dev" target="_blank">
-   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
-   </a>
-   <a href="https://nextjs.org" target="_blank">
-   <img height="64" src="https://nextjs.org/static/favicon/android-chrome-192x192.png" />
-   </a>
-   <h3 align="center"><b>NextAuth.js</b> - Example App</h3>
+   <a href="https://next-auth.js.org" target="_blank"><img width="150px" src="https://next-auth.js.org/img/logo/logo-sm.png" /></a>
+   <h3 align="center">NextAuth.js Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -30,14 +25,20 @@
 
 ## Overview
 
-NextAuth.js is a complete open-source authentication solution.
+NextAuth.js is a complete open source authentication solution.
 
 This is an example application that shows how `next-auth` is applied to a basic Next.js app.
 
 The deployed version can be found at [`next-auth-example.vercel.app`](https://next-auth-example.vercel.app)
 
+### About NextAuth.js
+
+NextAuth.js is an easy to implement, full-stack (client/server) open source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com). Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
+
 Go to [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
 
+> _NextAuth.js is not officially associated with Vercel or Next.js._
+
 ## Getting Started
 
 ### 1. Clone the repository and install dependencies
@@ -97,13 +98,15 @@ npm run start
 
 ### 5. Preparing for Production
 
-Follow the [Deployment documentation](https://authjs.dev/guides/basics/deployment) or deploy the example instantly using [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=next-auth-example)
-
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/next-auth-example&project-name=next-auth-example&repository-name=next-auth-example)
+Follow the [Deployment documentation](https://next-auth.js.org/deployment)
 
 ## Acknowledgements
 
 <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
-<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
+<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/canary/www/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
 </a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire NextAuth.js Team</p>
+
+## License
+
+ISC

apps/examples/nextjs/pages/server.tsx

@@ -1,12 +1,11 @@
-import { getServerSession } from "next-auth/next"
+import { unstable_getServerSession } from "next-auth/next"
 import { authOptions } from "./api/auth/[...nextauth]"
 import Layout from "../components/layout"
 
 import type { GetServerSidePropsContext } from "next"
-import { useSession } from "next-auth/react"
+import type { Session } from "next-auth"
 
-export default function ServerSidePage() {
-  const { data: session } = useSession()
+export default function ServerSidePage({ session }: { session: Session }) {
   // As this page uses Server Side Rendering, the `session` will be already
   // populated on render without needing to go through a loading stage.
   return (
@@ -38,7 +37,7 @@ export default function ServerSidePage() {
 export async function getServerSideProps(context: GetServerSidePropsContext) {
   return {
     props: {
-      session: await getServerSession(
+      session: await unstable_getServerSession(
         context.req,
         context.res,
         authOptions

apps/examples/solid-start/.env.example

@@ -1,3 +0,0 @@
-GITHUB_ID=
-GITHUB_SECRET=
-AUTH_SECRET=

apps/examples/solid-start/.gitignore

@@ -1,27 +0,0 @@
-dist
-.solid
-.output
-.vercel
-.netlify
-netlify
-
-# dependencies
-/node_modules
-
-# IDEs and editors
-/.idea
-.project
-.classpath
-*.launch
-.settings/
-
-# Temp
-gitignore
-
-# System Files
-.DS_Store
-Thumbs.db
-
-.env
-
-.vercel

apps/examples/solid-start/README.md

@@ -1,85 +0,0 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/solid-start). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
-
-<p align="center">
-   <br/>
-   <a href="https://authjs.dev" target="_blank">
-   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
-   </a>
-   <a href="https://start.solidjs.com" target="_blank">
-   <img height="64" src="https://www.solidjs.com/assets/logo-123b04bc.svg" />
-   </a>
-   <h3 align="center"><b>SolidStart Auth</b> - Example App</h3>
-   <p align="center">
-   Open Source. Full Stack. Own Your Data.
-   </p>
-   <p align="center" style="align: center;">
-      <a href="https://npm.im/@auth/solid-start">
-        <img alt="npm" src="https://img.shields.io/npm/v/@auth/solid-start?color=green&label=@auth/solid-start&style=flat-square">
-      </a>
-      <a href="https://bundlephobia.com/result?p=@auth/solid-start">
-        <img src="https://img.shields.io/bundlephobia/minzip/@auth/solid-start?label=size&style=flat-square" alt="Bundle Size"/>
-      </a>
-      <a href="https://www.npmtrends.com/@auth/solid-start">
-        <img src="https://img.shields.io/npm/dm/@auth/solid-start?label=downloads&style=flat-square" alt="Downloads" />
-      </a>
-      <a href="https://npm.im/@auth/solid-start">
-        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
-      </a>
-   </p>
-</p>
-
-## Overview
-
-This is the official SolidStart Auth example for [Auth.js](https://authjs.dev).
-
-
-## Getting started
-
-You can follow the guide below, or click the following button to deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=solid-start-auth-example).
-
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/solid-start-auth-example&project-name=solid-start-auth-example&repository-name=solid-start-auth-example)
-
-### Installing
-
-```sh
-pnpm add -D solid-start-vercel
-```
-```sh
-npm i -D solid-start-vercel
-```
-```sh
-yarn add -D solid-start-vercel
-```
-
-### Adding to Vite config
-
-```ts
-import solid from "solid-start/vite";
-import dotenv from "dotenv";
-import { defineConfig } from "vite";
-// @ts-expect-error no typing
-import vercel from "solid-start-vercel";
-  
-export default defineConfig(() => {
-  dotenv.config();
-  return {
-    plugins: [solid({ ssr: true, adapter: vercel({ edge: false }) })],
-  };
-});
-  
-```
-
-### Environment Variables
-
-- `ENABLE_VC_BUILD`=`1` .
-
-### Finishing up
-
-Create a GitHub repo and push the code to it, then deploy it to Vercel.
-
-## Acknowledgements
-
-<a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
-<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
-</a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/solid-start/package.json

@@ -1,32 +0,0 @@
-{
-  "name": "my-app",
-  "scripts": {
-    "dev": "solid-start dev",
-    "build": "solid-start build",
-    "start": "solid-start start",
-    "lint": "eslint --fix \"**/*.{ts,tsx,js,jsx}\""
-  },
-  "type": "module",
-  "devDependencies": {
-    "autoprefixer": "^10.4.13",
-    "postcss": "^8.4.19",
-    "solid-start-node": "^0.2.9",
-    "solid-start-vercel": "^0.2.9",
-    "tailwindcss": "^3.2.4",
-    "typescript": "^4.8.3",
-    "vite": "^3.1.0"
-  },
-  "dependencies": {
-    "@auth/core": "latest",
-    "@solid-auth/next": "^0.0.19",
-    "@solidjs/meta": "^0.28.0",
-    "@solidjs/router": "^0.6.0",
-    "solid-js": "^1.5.7",
-    "solid-start": "^0.2.9",
-    "undici": "5.11.0",
-    "zod": "^3.19.1"
-  },
-  "engines": {
-    "node": ">=16"
-  }
-}

apps/examples/solid-start/postcss.config.cjs

@@ -1,6 +0,0 @@
-module.exports = {
-    plugins: {
-        tailwindcss: {},
-        autoprefixer: {},
-    },
-};

apps/examples/solid-start/src/components/NavBar/NavBar.tsx

@@ -1,72 +0,0 @@
-import { Match, Show, Switch, type Component } from "solid-js";
-import { createServerData$ } from "solid-start/server";
-import { authOpts } from "~/routes/api/auth/[...solidauth]";
-import { signIn, signOut } from "@solid-auth/next/client";
-import { getSession } from "@solid-auth/next";
-import { A } from "solid-start";
-
-interface INavBarProps {}
-
-const NavBar: Component<INavBarProps> = () => {
-  const session = useSession();
-  return (
-    <header class="flex flex-col w-full gap-2 fixed left-2/4 right-2/4 -translate-x-2/4 items-center">
-      <nav class="w-[70vw] sm:w-2/4 lg:w-[40%]  p-5 bg-[#0000000d] flex items-center justify-between rounded-lg">
-        <Show
-          when={session()?.user}
-          keyed
-          fallback={
-            <>
-              <p class="text-lg font-semibold">You are not signed in</p>
-              <button
-                class="p-2.5 rounded-lg bg-[#346df1] text-white text-lg font-bold flex items-center justify-center"
-                onClick={() => signIn("github")}
-              >
-                Sign in
-              </button>
-            </>
-          }
-        >
-          {(us) => (
-            <>
-              <div class="flex gap-2 items-center">
-                <Show when={us.image} keyed>
-                  {(im) => <img src={im} class="w-12 h-12 rounded-full" />}
-                </Show>
-                <div class="flex flex-col">
-                  <h3 class="font-bold text-lg">Signed in as</h3>
-                  <p class="text-lg font-semibold">{us.name}</p>
-                </div>
-              </div>
-              <button
-                onClick={() => signOut()}
-                class="text-[#555] font-semibold underline"
-              >
-                Sign out
-              </button>
-            </>
-          )}
-        </Show>
-      </nav>
-      <div class="flex gap-2 items-center">
-        <A class="text-blue-500 font-bold underline" href="/">
-          Home
-        </A>
-        <A class="text-blue-500 font-bold underline" href="/protected">
-          Protected
-        </A>
-      </div>
-    </header>
-  );
-};
-
-export default NavBar;
-
-export const useSession = () => {
-  return createServerData$(
-    async (_, { request }) => {
-      return await getSession(request, authOpts);
-    },
-    { key: () => ["auth_user"] }
-  );
-};

apps/examples/solid-start/src/components/NavBar/index.ts

@@ -1 +0,0 @@
-export { default } from "./NavBar";

apps/examples/solid-start/src/components/Protected/Protected.tsx

@@ -1,37 +0,0 @@
-import { type Session } from "@auth/core";
-import { getSession } from "@solid-auth/next";
-import { Component, Show } from "solid-js";
-import { useRouteData } from "solid-start";
-import { createServerData$, redirect } from "solid-start/server";
-import { authOpts } from "~/routes/api/auth/[...solidauth]";
-
-const Protected = (Comp: IProtectedComponent) => {
-  const routeData = () => {
-    return createServerData$(
-      async (_, event) => {
-        const session = await getSession(event.request, authOpts);
-        if (!session || !session.user) {
-          throw redirect("/");
-        }
-        return session;
-      },
-      { key: () => ["auth_user"] }
-    );
-  };
-
-  return {
-    routeData,
-    Page: () => {
-      const session = useRouteData<typeof routeData>();
-      return (
-        <Show when={session()} keyed>
-          {(sess) => <Comp {...sess} />}
-        </Show>
-      );
-    },
-  };
-};
-
-type IProtectedComponent = Component<Session>;
-
-export default Protected;

apps/examples/solid-start/src/components/Protected/index.ts

@@ -1 +0,0 @@
-export { default } from "./Protected";

apps/examples/solid-start/src/components/index.ts

@@ -1,2 +0,0 @@
-export { default as NavBar } from "./NavBar";
-export { default as Protected } from "./Protected";

apps/examples/solid-start/src/entry-client.tsx

@@ -1,3 +0,0 @@
-import { mount, StartClient } from "solid-start/entry-client";
-
-mount(() => <StartClient />, document);

apps/examples/solid-start/src/entry-server.tsx

@@ -1,9 +0,0 @@
-import {
-  StartServer,
-  createHandler,
-  renderAsync,
-} from "solid-start/entry-server";
-
-export default createHandler(
-  renderAsync((event) => <StartServer event={event} />)
-);

apps/examples/solid-start/src/env/client.ts

@@ -1,24 +0,0 @@
-import type { ZodFormattedError } from "zod";
-import { clientScheme } from "./schema";
-
-export const formatErrors = (
-  errors: ZodFormattedError<Map<string, string>, string>
-) =>
-  Object.entries(errors)
-    .map(([name, value]) => {
-      if (value && "_errors" in value)
-        return `${name}: ${value._errors.join(", ")}\n`;
-    })
-    .filter(Boolean);
-
-const env = clientScheme.safeParse(import.meta.env);
-
-if (env.success === false) {
-  console.error(
-    "❌ Invalid environment variables:\n",
-    ...formatErrors(env.error.format())
-  );
-  throw new Error("Invalid environment variables");
-}
-
-export const clientEnv = env.data;

apps/examples/solid-start/src/env/schema.ts

@@ -1,15 +0,0 @@
-import { z } from "zod";
-
-export const serverScheme = z.object({
-  NODE_ENV: z
-    .enum(["development", "production", "test"])
-    .default("development"),
-  GITHUB_ID: z.string(),
-  GITHUB_SECRET: z.string(),
-  AUTH_SECRET: z.string(),
-  NEXTAUTH_URL: z.string().optional(),
-});
-
-export const clientScheme = z.object({
-  MODE: z.enum(["development", "production", "test"]).default("development"),
-});

apps/examples/solid-start/src/env/server.ts

@@ -1,24 +0,0 @@
-import { serverScheme } from "./schema";
-import type { ZodFormattedError } from "zod";
-
-export const formatErrors = (
-  errors: ZodFormattedError<Map<string, string>, string>
-) =>
-  Object.entries(errors)
-    .map(([name, value]) => {
-      if (value && "_errors" in value)
-        return `${name}: ${value._errors.join(", ")}\n`;
-    })
-    .filter(Boolean);
-
-const env = serverScheme.safeParse(process.env);
-
-if (env.success === false) {
-  console.error(
-    "❌ Invalid environment variables:\n",
-    ...formatErrors(env.error.format())
-  );
-  throw new Error("Invalid environment variables");
-}
-
-export const serverEnv = env.data;

apps/examples/solid-start/src/root.css

@@ -1,3 +0,0 @@
-@tailwind base;
-@tailwind components;
-@tailwind utilities;

apps/examples/solid-start/src/root.tsx

@@ -1,40 +0,0 @@
-// @refresh reload
-import "./root.css";
-import { Suspense } from "solid-js";
-import {
-  Body,
-  ErrorBoundary,
-  FileRoutes,
-  Head,
-  Html,
-  Meta,
-  Routes,
-  Scripts,
-  Title,
-} from "solid-start";
-import { NavBar } from "./components";
-
-export default function Root() {
-  return (
-    <Html lang="en">
-      <Head>
-        <Title>Create JD App</Title>
-        <Meta charset="utf-8" />
-        <Meta name="viewport" content="width=device-width, initial-scale=1" />
-      </Head>
-      <Body>
-        <Suspense>
-          <NavBar />
-          <div class="py-44 px-8">
-            <ErrorBoundary>
-              <Routes>
-                <FileRoutes />
-              </Routes>
-            </ErrorBoundary>
-          </div>
-        </Suspense>
-        <Scripts />
-      </Body>
-    </Html>
-  );
-}

apps/examples/solid-start/src/routes/api/auth/[...solidauth].ts

@@ -1,16 +0,0 @@
-import { SolidAuth, type SolidAuthConfig } from "@solid-auth/next";
-import GitHub from "@auth/core/providers/github";
-import { serverEnv } from "~/env/server";
-import { type APIEvent } from "solid-start";
-
-export const authOpts: SolidAuthConfig = {
-  providers: [
-    GitHub({
-      clientId: serverEnv.GITHUB_ID,
-      clientSecret: serverEnv.GITHUB_SECRET,
-    }),
-  ],
-  debug: false,
-};
-
-export const { GET, POST } = SolidAuth(authOpts);

apps/examples/solid-start/src/routes/index.tsx

@@ -1,44 +0,0 @@
-import { type ParentComponent } from "solid-js";
-import { A, Title, useRouteData } from "solid-start";
-import { createServerData$ } from "solid-start/server";
-import { authOpts } from "./api/auth/[...solidauth]";
-import { getSession } from "@solid-auth/next";
-
-export const routeData = () => {
-  return createServerData$(
-    async (_, { request }) => {
-      return await getSession(request, authOpts);
-    },
-    { key: () => ["auth_user"] }
-  );
-};
-const Home: ParentComponent = () => {
-  const user = useRouteData<typeof routeData>();
-  return (
-    <>
-      <Title>Create JD App</Title>
-      <div class="flex flex-col gap-2 items-center">
-        <h1 class="text-4xl font-bold">SolidStart Auth Example</h1>
-        <p class="font-semibold text-md max-w-[40rem]">
-          This is an example site to demonstrate how to use{" "}
-          <A
-            href="https://start.solidjs.com/getting-started/what-is-solidstart"
-            class="text-blue-500 underline font-bold"
-          >
-            SolidStart
-          </A>{" "}
-          with{" "}
-          <A
-            href="https://authjs.dev/reference/solidstart"
-            class="text-blue-500 underline font-bold"
-          >
-            SolidStart Auth
-          </A>{" "}
-          for authentication.
-        </p>
-      </div>
-    </>
-  );
-};
-
-export default Home;

apps/examples/solid-start/src/routes/protected.tsx

@@ -1,11 +0,0 @@
-import { Protected } from "~/components";
-
-export const { routeData, Page } = Protected((session) => {
-  return (
-    <main class="flex flex-col gap-2 items-center">
-      <h1>This is a protected route</h1>
-    </main>
-  );
-});
-
-export default Page;

apps/examples/solid-start/tailwind.config.cjs

@@ -1,8 +0,0 @@
-/** @type {import('tailwindcss').Config} */
-module.exports = {
-  content: ["./src/**/*.{js,ts,jsx,tsx}"],
-  theme: {
-    extend: {},
-  },
-  plugins: [],
-};

apps/examples/solid-start/tsconfig.json

@@ -1,17 +0,0 @@
-{
-  "compilerOptions": {
-    "allowSyntheticDefaultImports": true,
-    "esModuleInterop": true,
-    "strict": true,
-    "target": "ESNext",
-    "module": "ESNext",
-    "moduleResolution": "node",
-    "jsxImportSource": "solid-js",
-    "jsx": "preserve",
-    "types": ["vite/client"],
-    "baseUrl": "./",
-    "paths": {
-      "~/*": ["./src/*"]
-    }
-  }
-}

apps/examples/solid-start/vite.config.ts

@@ -1,10 +0,0 @@
-import solid from "solid-start/vite";
-import { defineConfig } from "vite";
-// @ts-expect-error no typings
-import vercel from "solid-start-vercel";
-
-export default defineConfig(() => {
-  return {
-    plugins: [solid({ ssr: true, adapter: vercel({ edge: false }) })],
-  };
-});

apps/examples/sveltekit/README.md

@@ -1,14 +1,9 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://authjs.dev" target="_blank">
-   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
-   </a>
-   <a href="https://kit.svelte.dev" target="_blank">
-   <img height="64" src="https://upload.wikimedia.org/wikipedia/commons/1/1b/Svelte_Logo.svg" />
-   </a>
-   <h3 align="center"><b>SvelteKit Auth</b> - Example App</h3>
+   <a href="https://authjs.dev" target="_blank"><img width="150px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
+   <h3 align="center">Auth.js Example App with <a href="https://kit.svelte.dev">SvelteKit</a></h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -16,24 +11,18 @@
       <a href="https://npm.im/@auth/sveltekit">
         <img alt="npm" src="https://img.shields.io/npm/v/@auth/sveltekit?color=green&label=@auth/sveltekit&style=flat-square">
       </a>
-      <a href="https://bundlephobia.com/result?p=@auth/sveltekit">
+      <a href="https://bundlephobia.com/result?p=sveltekit-auth-example">
         <img src="https://img.shields.io/bundlephobia/minzip/@auth/sveltekit?label=size&style=flat-square" alt="Bundle Size"/>
       </a>
       <a href="https://www.npmtrends.com/@auth/sveltekit">
-        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=downloads&style=flat-square" alt="Downloads" />
+        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=%20downloads&style=flat-square" alt="Downloads" />
       </a>
-      <a href="https://npm.im/@auth/sveltekit">
+      <a href="https://npm.im/next-auth">
         <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
       </a>
    </p>
 </p>
 
-## Overview
+# Documentation
 
-This is the official SvelteKit Auth example for [Auth.js](https://sveltekit.authjs.dev).
-
-## Getting started
-
-You can instantly deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=sveltekit-auth-example) by clicking the following button.
-
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/sveltekit-auth-example&project-name=sveltekit-auth-example&repository-name=sveltekit-auth-example)
+- [sveltekit.authjs.dev](https://sveltekit.authjs.dev)

apps/examples/sveltekit/src/routes/+layout.svelte

@@ -20,10 +20,10 @@
                 $page.data.session.user?.name}</strong
             >
           </span>
-          <a href="/auth/signout" class="button" data-sveltekit-preload-data="off">Sign out</a>
+          <a href="/auth/signout" class="button">Sign out</a>
         {:else}
           <span class="notSignedInText">You are not signed in</span>
-          <a href="/auth/signin" class="buttonPrimary" data-sveltekit-preload-data="off">Sign in</a>
+          <a href="/auth/signin" class="buttonPrimary">Sign in</a>
         {/if}
       </p>
     </div>

apps/playgrounds/gatsby/README.md

@@ -22,7 +22,7 @@
 
 ## Overview
 
-Auth.js is a complete open-source authentication solution.
+Auth.js is a complete open source authentication solution.
 
 This is an example application that shows how `@auth/core` is applied to a basic Gatsby app. We are showing how to configure the backend both as a [Vercel Function](https://vercel.com/docs/concepts/functions/introduction) for deployment to Vercel, and also for [Gatsby Functions](https://www.gatsbyjs.com/docs/reference/functions) for other platforms.
 
@@ -30,7 +30,7 @@ The deployed version can be found at [`next-auth-gatsby-example.vercel.app`](htt
 
 ### About Auth.js
 
-Auth.js is an easy-to-implement, full-stack (client/server) open-source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com), but this example shows how to use it in a Gatsby project. Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
+Auth.js is an easy to implement, full-stack (client/server) open source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com), but this example shows how to use it in a Gatsby project. Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
 
 Go to [authjs.dev](https://authjs.dev) for more information and documentation.
 

apps/playgrounds/gatsby/package.json

@@ -10,13 +10,13 @@
     "clean": "gatsby clean"
   },
   "dependencies": {
-    "dotenv": "16.0.0",
-    "gatsby": "5.8.0-next.3",
-    "next-auth": "workspace:*",
-    "react": "18.2.0",
-    "react-dom": "18.2.0"
+    "dotenv": "^16.0.0",
+    "gatsby": "next",
+    "next-auth": "latest",
+    "react": "^18",
+    "react-dom": "^18"
   },
   "devDependencies": {
-    "vercel": "23.1.2"
+    "vercel": "^23.1.2"
   }
 }

apps/playgrounds/nuxt/package.json

@@ -2,10 +2,11 @@
   "name": "playground-nuxt",
   "private": true,
   "scripts": {
-    "build": "nuxt prepare && nuxt build",
-    "dev": "nuxt prepare &&  export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
+    "build": "nuxt build",
+    "dev": "export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
     "generate": "nuxt generate",
-    "preview": "nuxt preview"
+    "preview": "nuxt preview",
+    "postinstall": "nuxt prepare"
   },
   "devDependencies": {
     "@nuxt/eslint-config": "^0.1.1",

docs/docs/concepts/faq.md

@@ -174,7 +174,7 @@ If you are deploying directly to a particular cloud platform you may also want t
 
 ## Security
 
-Parts of this section has been moved to its [own page](/security).
+Parts of this section has been moved to its [own page](/getting-started/security).
 
 <details>
 <summary>

docs/docs/getting-started/01-introduction.md

@@ -0,0 +1,56 @@
+---
+title: Introduction
+sidebar_position: 0
+---
+
+## About Auth.js
+
+Auth.js is a complete open-source authentication solution for [Next.js](http://nextjs.org/) applications.
+
+It is designed from the ground up to support Next.js and Serverless.
+
+Check our tutorials to see how easy it is to use Auth.js for authentication:
+
+- [Setup with OAuth](/getting-started/oauth-tutorial)
+- [Setup with magic links](/getting-started/email-tutorial)
+- [Integrating with external auth](/getting-started/credentials-tutorial)
+
+### Flexible and easy to use
+
+- Designed to work with any OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect
+- Built-in support for [many popular sign-in services](/reference/providers/oauth-builtin)
+- Supports [email / passwordless authentication](/getting-started/email-tutorial)
+- Supports stateless authentication with [any backend](/getting-started/credentials-tutorial) (Active Directory, LDAP, etc)
+- Supports both JSON Web Tokens and database sessions
+- Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
+
+### Own your own data
+
+Auth.js can be used with or without a database.
+
+- An open-source solution that allows you to keep control of your data
+- Supports Bring Your Own Database (BYOD) and can be used with any database
+- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/getting-started/databases)
+- Works great with databases from popular hosting providers
+- Can also be used _without a database_ (e.g. OAuth + JWT)
+
+_Note: Email sign-in requires a database to be configured to store single-use verification tokens._
+
+### Secure by default
+
+- Promotes the use of passwordless sign-in mechanisms
+- Designed to be secure by default and encourage best practices for safeguarding user data
+- Uses Cross-Site Request Forgery Tokens on POST routes (sign in, sign out)
+- Default cookie policy aims for the most restrictive policy appropriate for each cookie
+- When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM
+- Auto-generates symmetric signing and encryption keys for developer convenience
+- Features tab/window syncing and keepalive messages to support short-lived sessions
+- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org/)
+
+Advanced options allow you to define your own routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
+
+## Credits
+
+Auth.js is an open-source project that is only possible [thanks to contributors](/contributors).
+
+If you would like to financially support the development of Auth.js, you can find more information on our [OpenCollective](https://opencollective.com/nextauth) page.

docs/docs/getting-started/02-oauth-tutorial.mdx

@@ -0,0 +1,299 @@
+---
+title: OAuth authentication
+---
+
+import creatingOauthAppImg from "./img/getting-started-creating-oauth-app.png"
+import addingCallbackUrlImg from "./img/getting-started-oauth-callback-url.png"
+import gettingClientIdSecretImg from "./img/getting-started-oauth-clientid-secret.png"
+import startAppAndSignInImg from "./img/getting-started-app-start.png"
+import githubAuthCredentials from "./img/getting-started-github-auth.png"
+import nextAuthUserLoggedIn from "./img/getting-started-nextauth-success.png"
+
+We know, authentication is hard. Is a rabbit hole and it's easy to get lost on it. The goal of making Auth.js is that you can add authentication easily to your project with just a few lines of code.
+
+The easiest way is to setup Auth.js with an [OAuth](https://en.wikipedia.org/wiki/OAuth) provider. In this tutorial we'll be setting Auth.js in a **Next.js app** to be able to login with **Github**.
+
+:::info
+Auth.js comes with a long list of [built-in providers](/reference/providers/oauth-builtin) (Google, Facebook, Twitter, etc...) you can also integrate it with your own OAuth service easily by [building a custom provider](/guides/providers/custom-provider). Auth.js can integrate as well with other frameworks like SvelteKit and Gatsby.
+:::
+
+## 1. Configuring Auth.js
+
+### Creating the server config
+
+To add Auth.js to a [**Next.js**](https://nextjs.org/) project, create the following [API route](https://nextjs.org/docs/api-routes/introduction):
+
+```
+pages/api/auth/[...nextauth].ts
+```
+
+This route will contain the **dynamic route handler** for Auth.js which describes your global auth configuration:
+
+```ts title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import GithubProvider from "next-auth/providers/github"
+
+export default NextAuth({
+  providers: [
+    GithubProvider({
+      clientId: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET,
+    }),
+  ],
+})
+```
+
+Behind the scenes this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
+
+- `/api/auth/callback`
+- `/api/auth/signIn`
+- `/api/auth/signOut`
+- etc...
+
+can be handled by Auth.js. In this way, Auth.js stays in charge of handling the whole authentication request/response flow of your application for you.
+
+You may notice there are some environment variables in the code example above. `GITHUB_ID` and `GITHUB_SECRET` are provided by the OAuth provider (in this case **Github**) see ["Configuring OAuth Provider"](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
+
+`NEXTAUTH_SECRET` is a random string used by the library to encrypt tokens and email verification hashes, and **it's mandatory to keep things secure**! 🔥 🔐 . You can use:
+
+```
+$ openssl rand -base64 32
+```
+
+or https://generate-secret.vercel.app/32 to generate a random value for it.
+
+:::info
+Auth.js is extremely customizable, [our guides section](/guides/overview) will teach you how you can set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
+:::
+
+### Exposing the session via provider
+
+To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/reference/react/#sessionprovider), at the top level of your application:
+
+```ts title="pages/_app.ts"
+import { SessionProvider } from "next-auth/react"
+
+export default function App({
+  Component,
+  pageProps: { session, ...pageProps },
+}) {
+  return (
+    <SessionProvider session={session}>
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}
+```
+
+Instances of `useSession` (more on it in the next section) will then have access to the session data and status. The `<SessionProvider />` also takes care of keeping the session updated and synced between browser tabs and windows. 💪🏽
+
+:::tip
+Check our [client docs](/reference/react/) to learn all the available options for handling sessions on the browser.
+:::
+
+### Consuming the session via hooks
+
+Auth.js exposes a [`useSession()`](/reference/react/#usesession) React Hook so that you can easily check if someone is signed in:
+
+```ts title="pages/overview.tsx"
+import { useSession, signIn, signOut } from "next-auth/react"
+
+export default function CamperVanPage() {
+  const { data: session, status } = useSession()
+  const userEmail = session?.user.email;
+
+  if (status === "loading") {
+    return <p>Hang on there...</p>
+  }
+
+  if (status === "authenticated") {
+    return (
+      <>
+        <p>Signed in as {userEmail}</p>
+        <button onClick={() => signOut()}>Sign out</button>
+        <img src="https://cdn.pixabay.com/photo/2017/08/11/19/36/vw-2632486_1280.png" />
+      </>
+    )
+  }
+
+  return (
+    <>
+      <p>Not signed in.</p>
+      <button onClick={() => signIn()}>Sign in</button>
+    </>
+  )
+}
+```
+
+You can use the `useSession` hook from anywhere in your application (e.g. in a header component). Behind the scenes, the hook will connect to the `<SessionProvider />` to read the current user session.
+
+### Protecting API Routes
+
+Protecting your custom API Routes (.i.e not allowing a resource to be accessed in case the user is not logged in) is easy! You can use [`getSession()`](/reference/utilities/#getsession) to know whether a session exists or not:
+
+```ts title="pages/api/movies/list.ts"
+import { getSession } from "next-auth/react"
+
+export default async function listMovies(req, res) {
+  const session = await getSession({ req })
+
+  if (session) {
+    res.send({
+      movies: [
+        { title: "Alien vs Predator", id: 1 },
+        { title: "Reservoir Dogs", id: 2 },
+      ],
+    })
+  } else {
+    res.send({
+      error: "You must sign in to view movies.",
+    })
+  }
+}
+```
+
+## 2. Configuring OAuth Provider
+
+Ok, we have our Next.js app setup with NextAuth, however, if you run the app right now, it won't work as we haven't configured our OAuth provider (**Github**) yet.
+
+:::info
+When using OAuth you're asking for a third-party service (in this case Github, although it could be Google, Twitter, etc...) to handle user authentication for your app.
+:::
+
+We need to register our new Next.js app in Github, so that when Auth.js forwards the authorization requests to it, Github can recognize your application and prompt the user to sign in.
+
+<img src={creatingOauthAppImg} />
+
+Log in into **Github**, go to `Settings / Developers / OAuth Apps` and click on "New OAuth App".
+
+Next you'll be presented with a screen to add details about your new application. Fill in the required fields, but pay extra attention to the **Authorization Callback URL** one:
+
+<img src={addingCallbackUrlImg} />
+
+The callback URL we insert should have the following pattern:
+
+```
+[origin]/api/auth/callback/[provider]
+```
+
+In this case, given we want to try our authentication working locally on our machine and we're using **Github** as our OAuth provider, it'll be:
+
+```
+http://localhost:3000/api/auth/callback/github
+```
+
+:::info
+Auth.js will already magically create this API endpoint for you when we start the application later. Note that because we're using Next.js, locally it starts our server on the port `3000`, hence the origin is `http://localhost:3000`.
+:::
+
+Next you'll be presented with the following screen which presents all the configuration for your new OAuth app. For now, let's we need two things from it: the **Client ID** and **Client Secret** for our new OAuth app:
+
+<img src={gettingClientIdSecretImg} />
+
+The Client ID is always there, a public identifier of your OAuth application within Github. Click on the **Generate a new client Secret** button and should be presented with a new string (which is just a randomized string).
+
+:::warning
+🔥 Keep both your Client ID and Client Secret secure and never expose them to the public or shared with people outside your organization. With tem a malicious actor could hijack your application and cause you and your user serious problems!
+:::
+
+Now let's copy both the Client ID and Client Secret and paste them in an environment file in the root of your project like so:
+
+```title=".env.local"
+GITHUB_ID=12345
+GITHUB_SECRET=67890
+```
+
+Cool! We have finished the configuring our OAuth provider, now let's wire all together so we can finally see authentication working in our app!
+
+:::info
+As noted previously, Auth.js has built-in support for multiple OAuth providers, <a href="">here the full list</a>. You can also easily build your own in case the provider you need is not on the list.
+
+Note that, for each provider, the configuration process will be similar to what we just did:
+
+1. Log in to the provider
+2. Create create your OAuth application within it
+3. Set the callback URL
+4. Get the Client ID and Generate a Client Secret
+   :::
+
+## 3. Wiring all together
+
+Finally, we just need to reference our **Client ID** and **Client Secret** we just generated in the previous in our Auth.js config. In this way the library will be able to use them when forwarding users to Github, and Github will be able to recognize the request as generated from our application:
+
+```ts title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import GithubProvider from "next-auth/providers/github"
+
+export default NextAuth({
+  providers: [
+    GithubProvider({
+      clientId: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET,
+    }),
+  ],
+})
+```
+
+Great! We're now ready to run our application locally. Start the Next.js app by running on your terminal the following command and navigating to [`http://localhost:3000`](http://localhost:3000):
+
+```
+$ npm run next dev
+```
+
+You should see the following page:
+
+<img src={startAppAndSignInImg} />
+
+Click on "Sign in" and then on "Sign in with Github": Auth.js will redirect you to Github, and Github will recognize our app [that we just registered](#2-configuring-oauth-provider) and ask the user (in this case you) to enter its credentials to proceed:
+
+<img src={githubAuthCredentials} />
+
+Once inserted and correct, Github will redirect the user to our app and Auth.js will take care of any further calls with Github to get access to the user profile and start a user sessions safely in the background:
+
+<img src={nextAuthUserLoggedIn} />
+
+Great! We have completed the whole E2E authentication flow setup so that users can login in our application through Github!
+
+:::info
+You can create your own Sign In page instead of using the default one from Auth.js. You can learn how to do so in our dedicated guide for it.
+:::
+
+## 4. Deploying to production
+
+### Configuring different environments
+
+It's normal to test your application under different environments. Usually you'll have a development environment (when you run the application locally in your machine), a staging environment (for teams members to try the application) and a production environment.
+
+For each environment, you're going to need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it.
+
+For instance in the previous section, we pointed the callback URL to:
+
+```
+http://localhost:3000/api/auth/callback/github
+```
+
+as we wanted to test our application in the development environment.
+
+If we were to deploy our app to production, we would need to create again a new **OAuth App** in Github (calling it something like "Van life – prod") and point the **callback URL** to our production domain:
+
+```
+https://example.com/api/auth/callback/github
+```
+
+Finally, we would need just to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run against.
+
+### Setting up `NEXTAUTH_URL`
+
+When deploying your site, **you need to set** the `NEXTAUTH_URL` environment variable to the canonical URL of your website:
+
+```
+NEXTAUTH_URL=https://example.com
+```
+
+:::warning
+In production, this needs to be set as an environment variable on the service you use to deploy your app.
+
+To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `vercel env pull` [command](https://vercel.com/docs/build-step#development-environment-variables).
+:::
+
+For more information please check out our [deployment page](/guides/basics/deployment).

docs/docs/getting-started/03-email-tutorial.mdx

@@ -37,7 +37,7 @@ npm install -D nodemailer
 Next we need a [SMTP service](https://sendgrid.com/blog/what-is-an-smtp-server/) which will be in charge of sending emails from our application. There's a number of services available for this, however [here are the ones](http://nodemailer.com/smtp/well-known/) known to work with `nodemailer`.
 
 :::info
-For this tutorial, we're going to be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
+For this tutorial, we're gonna be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
 :::
 
 First create an account in and then login to the dashboard, then navigate to "Settings → API Keys" and create an API key:
@@ -60,23 +60,23 @@ SMTP_PORT=587
 EMAIL_FROM={SENDER_EMAIL}
 ```
 
-Note that we're also specifying from which domain email are going to be sent from. You're going to need to verify [a sender identity](https://docs.sendgrid.com/for-developers/sending-email/sender-identity) so that Sendgrid can send emails from your domain.
+Note that we're also specifying from which domain email are going to be sent from. You're gonna need to verify [a sender identity](https://docs.sendgrid.com/for-developers/sending-email/sender-identity) so that Sendgrid can send emails from your domain.
 
 Nice! We're getting there. Now we need to read supply this values as the configuration for our Email Provider. Open `pages/api/auth/[...nextauth].ts` and do the following:
 
 ```ts title="pages/api/auth/[...nextauth].ts"
 import NextAuth from "next-auth"
-import Email from "next-auth/providers/email"
+import EmailProvider from "next-auth/providers/email"
 
 export default NextAuth({
   providers: [
     Email({
       server: {
-        host: process.env.SMTP_HOST,
-        port: Number(process.env.SMTP_PORT),
+        host: process.env.EMAIL_SERVER_HOST,
+        port: Number(process.env.EMAIL_SERVER_PORT),
         auth: {
-          user: process.env.SMTP_USER,
-          pass: process.env.SMTP_PASSWORD,
+          user: process.env.EMAIL_SERVER_USER,
+          pass: process.env.EMAIL_SERVER_PASSWORD,
         },
       },
       from: process.env.EMAIL_FROM,
@@ -147,8 +147,8 @@ import EmailProvider from "next-auth/providers/email"
 
 export default NextAuth({
   secret: process.env.NEXTAUTH_SECRET,
-+ adapter: MongoDBAdapter(clientPromise),
   providers: [
++   adapter: MongoDBAdapter(clientPromise),
     EmailProvider({
       server: {
         host: process.env.EMAIL_SERVER_HOST,
@@ -170,7 +170,7 @@ Now that everything is properly configured, let's try to sign in via email on ou
 
 Let's start by running a Next.js application with NextAuth, making sure the **EmailProvider** and a Database Adapter are properly configured as per the instructions above.
 
-For this tutorial we're going to be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
+For this tutorial we're gonna be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
 
 <img src={startPageImg} alt="Screenshot of sign in page" />
 
@@ -188,7 +188,7 @@ Let's now check our email, and look for one sent from NextAuth (check your spam
 
 <img src={mailboxImg} alt="Screenshot of mailbox" />
 
-Nice! We got one, coming from the sender specified in the `EMAIL_FROM` environment variable from our configuration above and that's is the sender we verified in Sendgrid.
+Nice! We got one, coming from the sender specified in the `EMAIL_FROM` environment variable from our configuration above and that's is the sender we verified in Sengrid.
 
 Click on "Sign in" and a new browser tab will open, you should then land on your application as authenticated!
 

docs/docs/getting-started/04-credentials-tutorial.mdx

@@ -46,7 +46,7 @@ export default NextAuth({
 ```
 
 :::note
-Check the [Credentials Provider options](/reference/core/providers_credentials) for further customization
+Check the [Credentials Provider options](/reference/providers/credentials) for further customization
 :::
 
 Note that we only need to define an `authorize` method that is in charge of receiving the credentials inserted by the user and call the authorization service.

docs/docs/getting-started/05-typescript.md

@@ -5,7 +5,7 @@ title: TypeScript
 Auth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.
 
 Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-example
+https://github.com/nextauthjs/next-auth-typescript-example
 
 ---
 

docs/docs/getting-started/07-security.md

@@ -2,16 +2,6 @@
 title: Security
 ---
 
-## Supported Versions
-
-Security updates are only released for the current version.
-
-Old releases are not maintained and do not receive updates.
-
-:::caution
-`@auth/*` packages are currently under development and - unless stated otherwise - they are not considered ready for production yet. That said, we encourage you to reach out to us if you have any questions or concerns via the below-mentioned channels. We are committed to making Auth.js a secure and reliable solution for your authentication needs.
-:::
-
 ## Reporting a Vulnerability
 
 Auth.js practices responsible disclosure.
@@ -23,11 +13,16 @@ If you contact us regarding a serious issue:
 - We will endeavor to get back to you within 72 hours.
 - We will aim to publish a fix within 30 days.
 - We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
-- If 90 days have elapsed and we still don't have a fix, we will disclose the issue publicly.
+- If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.
 
-The best way to report an issue is by contacting us via email at info@balazsorban.com, hi@thvu.dev and yo@ndo.dev, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.)
+The best way to report an issue is by contacting us via email at info@balazsorban.com or me@iaincollins.com and yo@ndo.dev, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.)
 
 :::note
 For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future) it is appropriate to make these public as bug reports or feature requests or to raise a question to open a discussion around them.
 :::
 
+## Supported Versions
+
+Security updates are only released for the current version.
+
+Old releases are not maintained and do not receive updates.

docs/docs/getting-started/08-upgrade-to-v4.md

@@ -239,7 +239,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.1
 
 ## `nodemailer`
 
-Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/guides/providers/email) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
+Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/reference/providers/email) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
 
 Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.2
 

docs/docs/getting-started/introduction.md

@@ -1,44 +0,0 @@
----
-title: Introduction
-sidebar_position: 0
----
-
-## About Auth.js
-
-Auth.js is a complete open-source authentication solution for web applications. Check out the live demos of Auth.js in action:
-
-- [Next.js](https://next-auth-example.vercel.app/)
-- [SvelteKit](https://sveltekit-auth-example.vercel.app/)
-- [SolidStart](https://auth-solid.vercel.app/)
-
-Continue to our tutorials to see how to use Auth.js for authentication:
-
-- [Setup with OAuth](/getting-started/oauth-tutorial)
-- [Setup with magic links](/getting-started/email-tutorial)
-- [Integrating with external auth](/getting-started/credentials-tutorial)
-
-### Battery included
-
-- Built in support for 60+ popular services (Google, Facebook, Auth0, Apple…)
-- Built-in email/password-less/magic link
-- Use with any OAuth 2 or OpenID Connect provider
-- Use with any username/password store
-
-### Flexible
-- Runtime agnostic - run anywhere! Vercel Edge Functions, Node.js, Serverless, etc.
-- Use with any modern framework! Next.js, SolidStart, SvelteKit, etc.
-- [Bring Your Own Database](/getting-started/databases) - or none! MySQL, Postgres, MSSQL, MongoDB, etc. Choose database sessions or JWT.
-
-_Note: Email sign-in requires a database to store single-use verification tokens._
-
-### Secure by default
-- Signed, prefixed, server-only cookies
-- Built-in CSRF protection
-- Doesn't rely on client-side JavaScript
-- JWT with JWS / JWE / JWK.
-
-## Credits
-
-Auth.js is an open-source project that is only possible [thanks to contributors](/contributors).
-
-To financially support the development of Auth.js, you can check our [OpenCollective](https://opencollective.com/nextauth) page. We appreciate your support 💚.

docs/docs/getting-started/oauth-tutorial.mdx

@@ -1,369 +0,0 @@
----
-title: OAuth authentication
----
-
-import creatingOauthAppImg from "./img/getting-started-creating-oauth-app.png"
-import addingCallbackUrlImg from "./img/getting-started-oauth-callback-url.png"
-import gettingClientIdSecretImg from "./img/getting-started-oauth-clientid-secret.png"
-import startAppAndSignInImg from "./img/getting-started-app-start.png"
-import githubAuthCredentials from "./img/getting-started-github-auth.png"
-import nextAuthUserLoggedIn from "./img/getting-started-nextauth-success.png"
-import Tabs from "@theme/Tabs"
-import TabItem from "@theme/TabItem"
-
-The goal of Auth.js is that you can add authentication easily to your project with just a few lines of code.
-
-The fastest way to set up Auth.js is with an [OAuth](/concepts/oauth) provider. In this tutorial, we'll be setting Auth.js in a web application to be able to log in with **GitHub**.
-
-:::info
-Auth.js comes with a list of [built-in providers](/reference/providers/oauth-builtin) (Google, Facebook, Twitter, etc.). You can also integrate it with your OAuth service by [building a custom provider](/guides/providers/custom-provider).
-:::
-
-## 1. Configuring Auth.js
-
-To add Auth.js to your project:
-
-<Tabs groupId="frameworks" queryString>
-  <TabItem value="next" label="Next.js" default>
-
-### Prerequisites
-
-This tutorial assumes you have a Next.js application set up. If you don't, you can follow the [Next.js tutorial](https://nextjs.org/learn/basics/create-nextjs-app) to get started.
-
-### Installing NextAuth.js
-
-```bash npm2yarn
-npm install next-auth
-```
-
-:::info
-We are working on a new `@auth/nextjs` package that will make it easier to set up Auth.js with Next.js. Stay tuned! For now, you can use the `next-auth` package.
-:::
-
-### Creating the server config
-
-Create the following [API route](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes) file. This route contains the necessary configuration for NextAuth.js, as well as the dynamic route handler:
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import GithubProvider from "next-auth/providers/github"
-
-export default NextAuth({
-  providers: [
-    GithubProvider({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-  ],
-})
-```
-
-:::info
-
-Behind the scenes, this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
-
-- [GET `/api/auth/signin`](https://authjs.dev/reference/rest-api#get--apiauthsignin)
-- [POST `/api/auth/signin/:provider`](https://authjs.dev/reference/rest-api#post--apiauthsigninprovider)
-- [GET/POST `/api/auth/callback/:provider`](https://authjs.dev/reference/rest-api#get--post--apiauthcallbackprovider)
-- [GET `/api/auth/signout`](https://authjs.dev/reference/rest-api#get--apiauthsignout)
-- [POST `/api/auth/signout`](https://authjs.dev/reference/rest-api#post--apiauthsignout)
-- [GET `/api/auth/session`](https://authjs.dev/reference/rest-api#get--apiauthsession)
-- [GET `/api/auth/csrf`](https://authjs.dev/reference/rest-api#get--apiauthcsrf)
-- [GET `/api/auth/providers`](https://authjs.dev/reference/rest-api#get--apiauthproviders)
-
-can be handled by NextAuth.js. In this way, NextAuth.js stays in charge of the whole application's authentication request/response flow.
-
-NextAuth.js is fully customizable - [our guides section](/guides/overview) teaches you how to set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
-:::
-
-### Adding environment variables
-
-You may notice we are using environment variables in the code example above. We take the value of `GITHUB_ID` and `GITHUB_SECRET` from the GitHub Developer OAuth Portal. See [Configuring OAuth Provider](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
-
-In your project root, create a `.env.local` file and add the `NEXTAUTH_SECRET` environment variable:
-
-```title=".env.local"
-NEXTAUTH_SECRET="This is an example"
-```
-
-`NEXTAUTH_SECRET` is a random string used by the library to encrypt tokens and email verification hashes, and **it's mandatory to keep things secure**! 🔥 🔐 . You can use:
-
-```
-$ openssl rand -base64 32
-```
-
-or https://generate-secret.vercel.app/32 to generate a random value for it.
-
-### Exposing the session via `SessionProvider`:
-
-NextAuth.js provides [`useSession()`](/reference/react/#usesession) - a [React Hooks](https://reactjs.org/docs/hooks-intro.html) to access the session data and status. To use it first you'll need to expose the session context - [`<SessionProvider />`](/reference/react/#sessionprovider) - at the top level of your application:
-
-```ts title="pages/_app.tsx"
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-Instances of `useSession` (more on it in the next section) will have access to the session data and status. The `<SessionProvider />` also keep the session updated and synced between browser tabs and windows. 💪🏽
-
-:::tip
-Check our [client docs](/reference/react/) to learn all the available options for handling sessions on the browser.
-:::
-
-### Consuming the session via hooks
-
-You can use the `useSession` hook from anywhere in your application (E.g. in a header component). Behind the scenes, the hook will connect to the `<SessionProvider />` to read the current user session. Learn more about React Context in the [React docs](https://reactjs.org/docs/context.html).
-
-```ts title="pages/overview.tsx"
-import { useSession, signIn, signOut } from "next-auth/react"
-
-export default function CamperVanPage() {
-  const { data: session, status } = useSession()
-  const userEmail = session?.user?.email
-
-  if (status === "loading") {
-    return <p>Hang on there...</p>
-  }
-
-  if (status === "authenticated") {
-    return (
-      <>
-        <p>Signed in as {userEmail}</p>
-        <button onClick={() => signOut()}>Sign out</button>
-        <img src="https://cdn.pixabay.com/photo/2017/08/11/19/36/vw-2632486_1280.png" />
-      </>
-    )
-  }
-
-  return (
-    <>
-      <p>Not signed in.</p>
-      <button onClick={() => signIn("github")}>Sign in</button>
-    </>
-  )
-}
-```
-
-### Protecting API Routes
-
-To protect your API Routes (blocking unauthorized access to resources), you can use [`getServerSession()`](/reference/nextjs#getserversession) to know whether a session exists or not:
-
-```ts title="pages/api/movies/list.ts"
-import { getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
-
-export default async function listMovies(req, res) {
-  const session = await getServerSession(req, res, authOptions)
-
-  if (session) {
-    res.send({
-      movies: [
-        { title: "Alien vs Predator", id: 1 },
-        { title: "Reservoir Dogs", id: 2 },
-      ],
-    })
-  } else {
-    res.send({
-      error: "You must sign in to view movies.",
-    })
-  }
-}
-```
-
-  </TabItem>
-  <TabItem value="sveltekit" label="SvelteKit">
-TODO: SvelteKit
-  </TabItem>
-  <TabItem value="solidstart" label="SolidStart">
-TODO: SolidStart
-  </TabItem>
-  <TabItem value="core" label="Vanilla (No Framework)">
-TODO Core
-  </TabItem>
-</Tabs>
-
-## 2. Configuring OAuth Provider
-
-Ok, we have our app set up with NextAuth.js, however, if you run the app right now, it won't work as we haven't configured our OAuth provider (**GitHub**) yet.
-
-:::info
-When using OAuth you're asking for a third-party service (in this case GitHub, although it could be Google, Twitter, etc...) to handle user authentication for your app.
-:::
-
-We need to register our new app in GitHub, so that when NextAuth.js forwards the authorization requests to it, GitHub can recognize your application and prompt the user to sign in.
-
-<img src={creatingOauthAppImg} />
-
-Log in to **GitHub**, go to [`Settings / Developers / OAuth Apps`](https://github.com/settings/developers) and click "New OAuth App"
-
-Next, you'll be presented with a screen to add details about your new application. Fill in the required fields, but pay extra attention to the **Authorization Callback URL** one:
-
-<img src={addingCallbackUrlImg} />
-
-The callback URL we insert should have the following pattern:
-
-```
-[origin]/api/auth/callback/[provider]
-```
-
-In this case, given we want to try our authentication working locally on our machine and we're using **GitHub** as our OAuth provider, it'll be:
-
-<Tabs groupId="frameworks">
-  <TabItem value="next" label="Next.js" default>
-
-```
-http://localhost:3000/api/auth/callback/github
-```
-
-:::info
-NextAuth.js will already create this API endpoint for you when we start the application later. Note that because we're using Next.js, locally it starts our server on port `3000` by default. Hence, the origin is `http://localhost:3000`.
-:::
-
-  </TabItem>
-  <TabItem value="sveltekit" label="SvelteKit">
-
-```
-http://localhost:5173/auth/callback/github
-```
-
-  </TabItem>
-  <TabItem value="solidstart" label="SolidStart">
-    TODO SolidStart
-  </TabItem>
-  <TabItem value="core" label="Vanilla (No Framework)">
-TODO Core
-  </TabItem>
-</Tabs>
-:::info
-The last part of the URL, `[provider]`, is the ID of the provider you're using. In this case, we're using GitHub, so it's `github`. If you're using Google, it'll be `google`, etc... We keep track of the provider IDs internally.
-The same id is used in the `signIn()` method we saw earlier.
-:::
-To register, tap on "Register application" button.
-
-The next screen shows all the configurations for your newly created OAuth app. For now, we need two things from it - the **Client ID** and **Client Secret**:
-
-<img src={gettingClientIdSecretImg} />
-
-The Client ID is always there, a public identifier of your OAuth application within GitHub. Click on the **Generate a new client Secret** button and should be presented with a new string (which is just a randomized string).
-
-:::warning
-Keep both your Client ID and Client Secret secure and never expose them to the public or share them with people outside your organization. With them, a malicious actor could hijack your application and cause you and your user serious problems!
-:::
-
-Cool! We have finished configuring our OAuth provider, now let's wire all together so we can finally see authentication working in our app!
-
-:::info
-As noted previously, NextAuth.js has built-in support for multiple OAuth providers, <a href="">here is the full list</a>. You can also easily build your own in case the provider you need is not on the list.
-
-Note that, for each provider, the configuration process will be similar to what we just did:
-
-1. Log in to the provider
-2. Create create your OAuth application within it
-3. Set the callback URL
-4. Get the Client ID and Generate a Client Secret
-:::
-
-## 3. Wiring all together
-
-Finally, we just need to reference our **Client ID** and **Client Secret** we just generated in the previous in our Auth.js config. In this way, the library will be able to use them when forwarding users to GitHub, and GitHub will be able to recognize the request as generated from our application.
-
-Now let's copy both the Client ID and Client Secret and paste them into an environment file in the root of your project like so:
-
-```title=".env.local"
-GITHUB_ID=12345
-GITHUB_SECRET=67890
-```
-
-Here is our server configuration file again:
-
-<Tabs groupId="frameworks">
-  <TabItem value="next" label="Next.js" default>
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import GithubProvider from "next-auth/providers/github"
-
-export default NextAuth({
-  providers: [
-    GithubProvider({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-  ],
-})
-```
-
-Great! We're now ready to run our application locally. Start the Next.js app by running on your terminal the following command and navigating to [`http://localhost:3000`](http://localhost:3000):
-
-```
-$ npm run next dev
-```
-
-  </TabItem>
-  <TabItem value="sveltekit" label="SvelteKit">
-TODO SvelteKit
-  </TabItem>
-  <TabItem value="solidstart" label="SolidStart">
-TODO SolidStart
-  </TabItem>
-  <TabItem value="core" label="Vanilla (No Framework)">
-TODO Core
-  </TabItem>
-</Tabs>
-
-You should see the following page:
-
-<img src={startAppAndSignInImg} />
-
-Click on "Sign in" and then on "Sign in with GitHub": Auth.js will redirect you to GitHub, and GitHub will recognize our app [that we just registered](#2-configuring-oauth-provider) and ask the user (in this case you) to enter its credentials to proceed:
-
-<img src={githubAuthCredentials} />
-
-Once inserted and correct, GitHub will redirect the user to our app and NextAuth.js will take care of any further calls with GitHub to get access to the user profile and start a user session safely in the background:
-
-<img src={nextAuthUserLoggedIn} />
-
-Great! We have completed the whole E2E authentication flow setup so that users can log in to our application through GitHub!
-
-## 4. Deploying to production
-
-### Configuring different environments
-
-It's normal to test your application in different environments. Usually, you'll have a development environment (when you run the application locally on your machine), a staging environment (for team members to try the application), and a production environment.
-
-For each environment, you need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it.
-
-For instance, in the previous section, we pointed the callback URL to `http://localhost:3000/api/auth/callback/github` as we wanted to test our application in the development environment.
-
-If we were to deploy our app to production, we would need to create a new **OAuth App** in GitHub (calling it something like "Van life – prod") and point the **callback URL** to our production domain: `https://example.com/api/auth/callback/github`
-
-Finally, we would need to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run with.
-
-### Setting up `NEXTAUTH_URL`
-
-:::tip
-Skip this section if you are deploying to Vercel.
-:::
-
-When deploying your site, **you need to set** the `NEXTAUTH_URL` environment variable to the canonical URL of your website:
-
-```
-NEXTAUTH_URL=https://example.com
-```
-
-:::warning
-In production, this needs to be set as an environment variable on the service you use to deploy your app.
-
-To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `vercel env pull` [command](https://vercel.com/docs/build-step#development-environment-variables).
-:::
-
-For more information please check out our [deployment page](/guides/basics/deployment).

docs/docs/guides/03-basics/_category_.json

@@ -1,5 +1,5 @@
 {
   "label": "Basics",
   "collapsible": true,
-  "collapsed": false
+  "collapsed": true
 }

docs/docs/guides/03-basics/pages.md

@@ -60,7 +60,7 @@ Example: `/auth/signin?error=Default`
 
 By default, the built-in pages will follow the system theme, utilizing the [`prefer-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) Media Query. You can override this to always use a dark or light theme, through the [`theme.colorScheme` option](/reference/configuration/auth-config#theme).
 
-In addition, you can define the background color and text color of the button with the `theme.brandColor` and `theme.buttonText` options. You can also define a URL to a logo in `theme.logo` which will be rendered at the top of the card.
+In addition, you can define a `theme.brandColor` to define a custom accent color for these built-in pages. You can also define a URL to a logo in `theme.logo` which will be rendered above the primary card in these pages.
 
 #### Sign In
 

docs/docs/guides/03-basics/refresh-token-rotation.md

@@ -0,0 +1,136 @@
+---
+title: Refresh token rotation
+---
+
+While Auth.js doesn't automatically handle access token rotation for [OAuth providers](/reference/providers/oauth-builtin) yet, this functionality can be implemented using [callbacks](/guides/basics/callbacks).
+
+## Source Code
+
+A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
+
+## Implementation
+
+### Server Side
+
+Using a [JWT callback](https://authjs.dev/guides/basics/callbacks#jwt-callback) and a [session callback](https://authjs.dev/guides/basics/callbacks#session-callback), we can persist OAuth tokens and refresh them when they expire.
+
+Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
+
+```js title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import GoogleProvider from "next-auth/providers/google"
+
+const GOOGLE_AUTHORIZATION_URL =
+  "https://accounts.google.com/o/oauth2/v2/auth?" +
+  new URLSearchParams({
+    prompt: "consent",
+    access_type: "offline",
+    response_type: "code",
+  })
+
+/**
+ * Takes a token, and returns a new token with updated
+ * `accessToken` and `accessTokenExpires`. If an error occurs,
+ * returns the old token and an error property
+ */
+async function refreshAccessToken(token) {
+  try {
+    const url =
+      "https://oauth2.googleapis.com/token?" +
+      new URLSearchParams({
+        client_id: process.env.GOOGLE_CLIENT_ID,
+        client_secret: process.env.GOOGLE_CLIENT_SECRET,
+        grant_type: "refresh_token",
+        refresh_token: token.refreshToken,
+      })
+
+    const response = await fetch(url, {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      method: "POST",
+    })
+
+    const refreshedTokens = await response.json()
+
+    if (!response.ok) {
+      throw refreshedTokens
+    }
+
+    return {
+      ...token,
+      accessToken: refreshedTokens.access_token,
+      accessTokenExpires: Date.now() + refreshedTokens.expires_at * 1000,
+      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
+    }
+  } catch (error) {
+    console.log(error)
+
+    return {
+      ...token,
+      error: "RefreshAccessTokenError",
+    }
+  }
+}
+
+export default NextAuth({
+  providers: [
+    GoogleProvider({
+      clientId: process.env.GOOGLE_CLIENT_ID,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+      authorization: GOOGLE_AUTHORIZATION_URL,
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user, account }) {
+      // Initial sign in
+      if (account && user) {
+        return {
+          accessToken: account.access_token,
+          accessTokenExpires: Date.now() + account.expires_at * 1000,
+          refreshToken: account.refresh_token,
+          user,
+        }
+      }
+
+      // Return previous token if the access token has not expired yet
+      if (Date.now() < token.accessTokenExpires) {
+        return token
+      }
+
+      // Access token has expired, try to update it
+      return refreshAccessToken(token)
+    },
+    async session({ session, token }) {
+      session.user = token.user
+      session.accessToken = token.accessToken
+      session.error = token.error
+
+      return session
+    },
+  },
+})
+```
+
+### Client Side
+
+The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed all the way to the client. This means that you can direct the user to the sign in flow if we cannot refresh their token.
+
+We can handle this functionality as a side effect:
+
+```js title="pages/home.js"
+import { signIn, useSession } from "next-auth/react";
+import { useEffect } from "react";
+
+const HomePage() {
+  const { data: session } = useSession();
+
+  useEffect(() => {
+    if (session?.error === "RefreshAccessTokenError") {
+      signIn(); // Force sign in to hopefully resolve error
+    }
+  }, [session]);
+
+return (...)
+}
+```

docs/docs/guides/03-basics/role-based-login-strategy.md

@@ -0,0 +1,64 @@
+---
+title: Role based logins
+---
+
+To add role based authentication to your application, you must do three things.
+
+1. Update your database schema
+2. Add the `role` to the session object
+3. Check for `role` in your pages/components
+
+First modify the `user` table and add a `role` column with the type of `String?`.
+
+Below is an example Prisma schema file.
+
+```javascript title="/prisma/schema.prisma"
+model User {
+  id            String    @id @default(cuid())
+  name          String?
+  email         String?   @unique
+  emailVerified DateTime?
+  image         String?
+  role          String?  // New Column
+  accounts      Account[]
+  sessions      Session[]
+}
+
+```
+
+Next, implement a custom session callback in the `[...nextauth].js` file, as shown below.
+
+```javascript title="/pages/api/auth/[...nextauth].js"
+callbacks: {
+  async session({ session, token, user }) {
+    session.user.role = user.role; // Add role value to user object so it is passed along with session
+    return session;
+},
+```
+
+Going forward, when using the `getSession` hook, check that `session.user.role` matches the required role. The example below assumes the role `'admin'` is required.
+
+```javascript title="/pages/admin.js"
+import { getSession } from "next-auth/react"
+
+export default function Page() {
+  const session = await getSession({ req })
+
+  if (session && session.user.role === "admin") {
+    return (
+      <div>
+        <h1>Admin</h1>
+        <p>Welcome to the Admin Portal!</p>
+      </div>
+    )
+  } else {
+    return (
+      <div>
+        <h1>You are not authorized to view this page!</h1>
+      </div>
+    )
+  }
+}
+```
+
+Then it is up to you how you manage your roles, either through direct database access or building your own role update API.

docs/docs/guides/04-providers/00-custom-provider.md

@@ -0,0 +1,136 @@
+---
+title: Using a custom Provider
+sidebar_label: Creating a Provider
+---
+
+You can use an OAuth provider that isn't built-in by using a custom object.
+
+As an example of what this looks like, this is the provider object returned for the Google provider:
+
+```js
+{
+  id: "google",
+  name: "Google",
+  type: "oauth",
+  wellKnown: "https://accounts.google.com/.well-known/openid-configuration",
+  authorization: { params: { scope: "openid email profile" } },
+  idToken: true,
+  checks: ["pkce", "state"],
+  profile(profile) {
+    return {
+      id: profile.sub,
+      name: profile.name,
+      email: profile.email,
+      image: profile.picture,
+    }
+  },
+}
+```
+
+As you can see, if your provider supports OpenID Connect and the `/.well-known/openid-configuration` endpoint contains support for the `grant_type`: `authorization_code`, you only need to pass the URL to that configuration file and define some basic fields like `name` and `type`.
+
+Otherwise, you can pass a more full set of URLs for each OAuth2.0 flow step, for example:
+
+```js
+{
+  id: "kakao",
+  name: "Kakao",
+  type: "oauth",
+  authorization: "https://kauth.kakao.com/oauth/authorize",
+  token: "https://kauth.kakao.com/oauth/token",
+  userinfo: "https://kapi.kakao.com/v2/user/me",
+  profile(profile) {
+    return {
+      id: profile.id,
+      name: profile.kakao_account?.profile.nickname,
+      email: profile.kakao_account?.email,
+      image: profile.kakao_account?.profile.profile_image_url,
+    }
+  },
+}
+```
+
+Replace all the options in this JSON object with the ones from your custom provider - be sure to give it a unique ID and specify the required URLs, and finally add it to the providers array when initializing the library:
+
+```js title="pages/api/auth/[...nextauth].js"
+import TwitterProvider from "next-auth/providers/twitter"
+...
+providers: [
+  TwitterProvider({
+    clientId: process.env.TWITTER_ID,
+    clientSecret: process.env.TWITTER_SECRET,
+  }),
+  {
+    id: 'customProvider',
+    name: 'CustomProvider',
+    type: 'oauth',
+    scope: ''  // Make sure to request the users email address
+    ...
+  }
+]
+...
+```
+
+### Override default options
+
+For built-in providers, in most cases you will only need to specify the `clientId` and `clientSecret`. If you need to override any of the defaults, add your own [options](#options).
+
+Even if you are using a built-in provider, you can override any of these options to tweak the default configuration.
+
+:::note
+The user provided options are deeply merged with the default options. That means you only have to override part of the options that you need to be different. For example if you want different scopes, overriding `authorization.params.scope` is enough, instead of the whole `authorization` option.
+:::
+
+```js title=/api/auth/[...nextauth].js
+import Auth0Provider from "next-auth/providers/auth0"
+
+Auth0Provider({
+  clientId: process.env.CLIENT_ID,
+  clientSecret: process.env.CLIENT_SECRET,
+  issuer: process.env.ISSUER,
+  authorization: { params: { scope: "openid your_custom_scope" } },
+})
+```
+
+Another example, the `profile` callback will return `id`, `name`, `email` and `picture` by default, but you might need more information from the provider. After setting the correct scopes, you can then do something like this:
+
+```js title=/api/auth/[...nextauth].js
+import GoogleProvider from "next-auth/providers/google"
+
+GoogleProvider({
+  clientId: process.env.GOOGLE_CLIENT_ID,
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+  profile(profile) {
+    return {
+      // Return all the profile information you need.
+      // The only truly required field is `id`
+      // to be able identify the account when added to a database
+    }
+  },
+})
+```
+
+An example of how to enable automatic account linking:
+
+```js title=/api/auth/[...nextauth].js
+import GoogleProvider from "next-auth/providers/google"
+GoogleProvider({
+  clientId: process.env.GOOGLE_CLIENT_ID,
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+  allowDangerousEmailAccountLinking: true,
+})
+```
+
+### Adding a new built-in provider
+
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily!
+
+You only need to add three changes:
+
+1. Add your config: [`src/providers/{provider}.ts`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
+   - Make sure you use a named default export, like this: `export default function YourProvider`
+   - Add two SVG's of the provider logo, like `google-dark.svg` (dark mode) and `google.svg` (light mode), to the `/packages/next-auth/provider-logos/` directory as well as the styling config to the provider config object. See existing provider for example
+2. Add provider documentation: [`docs/docs/reference/05-oauth-providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/docs/docs/reference/05-oauth-providers)
+3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)
+
+That's it! 🎉 Others will be able to discover and use this provider much more easily now!

docs/docs/guides/04-providers/01-credentials-provider.md

@@ -3,21 +3,21 @@ id: credentials
 title: Credentials Provider
 ---
 
-The Credentials provider allows you to handle signing in with arbitrary credentials, such as a username and password, domain, or two-factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
+The Credentials provider allows you to handle signing in with arbitrary credentials, such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
 
 It is intended to support use cases where you have an existing system you need to authenticate users against.
 
 It comes with the constraint that users authenticated in this manner are not persisted in the database, and consequently that the Credentials provider can only be used if JSON Web Tokens are enabled for sessions.
 
 :::warning
-The functionality provided for credentials-based authentication is intentionally limited to discourage the use of passwords due to the inherent security risks associated with them and the additional complexity associated with supporting usernames and passwords.
+The functionality provided for credentials based authentication is intentionally limited to discourage use of passwords due to the inherent security risks associated with them and the additional complexity associated with supporting usernames and passwords.
 :::
 
 ## Options
 
 The **Credentials Provider** comes with a set of default options:
 
-- [Credentials Provider options](/reference/core/providers_credentials)
+- [Credentials Provider options](/reference/providers/credentials)
 
 You can override any of the options to suit your own use case.
 
@@ -33,7 +33,7 @@ If you return an object it will be persisted to the JSON Web Token and the user
 
 3. If you throw an Error, the user will be sent to the error page with the error message as a query parameter.
 
-The Credentials provider's `authorize()` method also provides the request object as the second parameter (see the example below).
+The Credentials provider's `authorize()` method also provides the request object as the second parameter (see example below).
 
 ```js title="pages/api/auth/[...nextauth].js"
 import CredentialsProvider from "next-auth/providers/credentials";
@@ -89,7 +89,7 @@ You can specify more than one credentials provider by specifying a unique `id` f
 
 You can also use them in conjunction with other provider options.
 
-As with all providers, the order you specify is the order they are displayed on the sign-in page.
+As with all providers, the order you specify them is the order they are displayed on the sign in page.
 
 ```js
 providers: [

docs/docs/guides/04-providers/02-email-provider.md

@@ -23,7 +23,7 @@ The Email Provider can be used with both JSON Web Tokens and database sessions,
 
 The **Email Provider** comes with a set of default options:
 
-- [Email Provider options](/guides/providers/email)
+- [Email Provider options](/reference/providers/email)
 
 You can override any of the options to suit your own use case.
 

docs/docs/guides/05-adapters/using-a-database-adapter.md

@@ -10,4 +10,4 @@ When using a database, you can still use JWT for session handling for fast acces
 
 We have a list of official adapters that are distributed as their own packages under the `@next-auth/{name}-adapter` namespace. Their source code is available in their various adapters package directories at [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth/tree/main/packages):
 
-- [All available adapters](/reference/adapters)
+- [All available adapters](/reference/adapters/overview)

docs/docs/guides/07-corporate-proxies/corporate-proxy.md

@@ -2,7 +2,7 @@
 title: Corporate proxy
 ---
 
-Using Auth.js behind a corporate proxy is not supported out of the box. This is due to the fact that the underlying library we use, [`openid-client`](https://npm.im/openid-client) which uses the built-in Node.js `http` / `https` libraries, and those do not support proxies by default:
+Using Auth.js behind a corporate proxy is not supported out of the box. This is due to the fact that the underlying library we use, [`openid-client`](https://npm.im/openid-client) which uses the built-in Node.js `http` / `https` libraries, and those do not support proxys by default:
 
 - [`http` docs](https://nodejs.org/dist/latest-v18.x/docs/api/http.html)
 - [`https` docs](https://nodejs.org/dist/latest-v18.x/docs/api/https.html)

docs/docs/guides/08-other/_category_.json

@@ -0,0 +1,5 @@
+{
+  "label": "Other",
+  "collapsible": true,
+  "collapsed": true
+}

docs/docs/guides/08-other/ldap-auth.md

@@ -0,0 +1,79 @@
+---
+title: LDAP Authentication
+---
+
+Auth.js provides the ability to setup a [custom Credential provider](/guides/providers/credentials) which we can take advantage of to authenticate users against an existing LDAP server.
+
+You will need an additional dependency, `ldapjs`, which you can install by running
+
+```bash npm2yarn2pnpm
+npm install ldapjs
+```
+
+Then you must setup the `CredentialsProvider()` provider key like so:
+
+```js title="[...nextauth].js"
+const ldap = require("ldapjs")
+import NextAuth from "next-auth"
+import CredentialsProvider from "next-auth/providers/credentials"
+
+export default NextAuth({
+  providers: [
+    CredentialsProvider({
+      name: "LDAP",
+      credentials: {
+        username: { label: "DN", type: "text", placeholder: "" },
+        password: { label: "Password", type: "password" },
+      },
+      async authorize(credentials, req) {
+        // You might want to pull this call out so we're not making a new LDAP client on every login attemp
+        const client = ldap.createClient({
+          url: process.env.LDAP_URI,
+        })
+
+        // Essentially promisify the LDAPJS client.bind function
+        return new Promise((resolve, reject) => {
+          client.bind(credentials.username, credentials.password, (error) => {
+            if (error) {
+              console.error("Failed")
+              reject()
+            } else {
+              console.log("Logged in")
+              resolve({
+                username: credentials.username,
+                password: credentials.password,
+              })
+            }
+          })
+        })
+      },
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user }) {
+      const isSignIn = user ? true : false
+      if (isSignIn) {
+        token.username = user.username
+        token.password = user.password
+      }
+      return token
+    },
+    async session({ session, token }) {
+      return { ...session, user: { username: token.username } }
+    },
+  },
+})
+```
+
+The idea is that once one is authenticated with the LDAP server, one can pass through both the username/DN and password to the JWT stored in the browser.
+
+This is then passed back to any API routes and retrieved as such:
+
+```js title="/pages/api/doLDAPWork.js"
+token = await jwt.getToken({
+  req,
+})
+const { username, password } = token
+```
+
+> Thanks to [Winwardo](https://github.com/Winwardo) for the code example

docs/docs/guides/08-other/usage-with-class-components.md

@@ -0,0 +1,60 @@
+---
+title: Usage with class components
+---
+
+If you want to use the [`useSession()`](/reference/react/#usesession) hook in your class components you can do so with the help of a higher order component or with a render prop.
+
+## Higher Order Component
+
+```js
+import { useSession } from "next-auth/react"
+
+const withSession = (Component) => (props) => {
+  const session = useSession()
+
+  // if the component has a render property, we are good
+  if (Component.prototype.render) {
+    return <Component session={session} {...props} />
+  }
+
+  // if the passed component is a function component, there is no need for this wrapper
+  throw new Error(
+    [
+      "You passed a function component, `withSession` is not needed.",
+      "You can `useSession` directly in your component.",
+    ].join("\n")
+  )
+}
+
+// Usage
+class ClassComponent extends React.Component {
+  render() {
+    const { data: session, status } = this.props.session
+    return null
+  }
+}
+
+const ClassComponentWithSession = withSession(ClassComponent)
+```
+
+## Render Prop
+
+```js
+import { useSession } from "next-auth/react"
+
+const UseSession = ({ children }) => {
+  const session = useSession()
+  return children(session)
+}
+
+// Usage
+class ClassComponent extends React.Component {
+  render() {
+    return (
+      <UseSession>
+        {(session) => <pre>{JSON.stringify(session, null, 2)}</pre>}
+      </UseSession>
+    )
+  }
+}
+```

docs/docs/guides/basics/refresh-token-rotation.md

@@ -1,225 +0,0 @@
----
-title: Refresh token rotation
----
-
-Refresh token rotation is the practice of updating an `access_token` on behalf of the user, without requiring interaction (eg.: re-sign in). `access_token`s are usually issued for a limited time. After they expire, the service verifying them will ignore the value. Instead of asking the user to sign in again to obtain a new `access_token`, certain providers support exchanging a `refresh_token` for a new `access_token`, renewing the expiry time. Let's see how this can be achieved.
-
-:::note
-Our goal is to add zero-config support for built-in providers eventually. Let us know if you would like to help.
-:::
-
-## Implementation
-
-First, make sure that the provider you want to use supports `refresh_token`'s. Check out [The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-6) spec for more details.
-
-### Server Side
-
-Depending on the session strategy, `refresh_token` can be persisted either in a database, or in a cookie, in an encrypted JWT.
-
-:::info
-Using a JWT to store the `refresh_token` is less secure than saving it in a database, and you need to evaluate based on your requirements which strategy you choose.
-:::
-
-#### JWT strategy
-
-Using the [jwt](../../reference/core/types#jwt) and [session](../../reference/core/types#session) callbacks, we can persist OAuth tokens and refresh them when they expire.
-
-Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
-
-```ts
-import { Auth } from "@auth/core"
-import { type TokenSet } from "@auth/core/types"
-import Google from "@auth/core/providers/google"
-
-export default Auth(new Request("https://example.com"), {
-  providers: [
-    Google({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-      authorization: { params: { access_type: "offline", prompt: "consent" } },
-    }),
-  ],
-  callbacks: {
-    async jwt({ token, account }) {
-      if (account) {
-        // Save the access token and refresh token in the JWT on the initial login
-        return {
-          access_token: account.access_token,
-          expires_at: Math.floor(Date.now() / 1000 + account.expires_in),
-          refresh_token: account.refresh_token,
-        }
-      } else if (Date.now() < token.expires_at * 1000) {
-        // If the access token has not expired yet, return it
-        return token
-      } else {
-        // If the access token has expired, try to refresh it
-        try {
-          // https://accounts.google.com/.well-known/openid-configuration
-          // We need the `token_endpoint`.
-          const response = await fetch("https://oauth2.googleapis.com/token", {
-            headers: { "Content-Type": "application/x-www-form-urlencoded" },
-            body: new URLSearchParams({
-              client_id: process.env.GOOGLE_ID,
-              client_secret: process.env.GOOGLE_SECRET,
-              grant_type: "refresh_token",
-              refresh_token: token.refresh_token,
-            }),
-            method: "POST",
-          })
-
-          const tokens: TokenSet = await response.json()
-
-          if (!response.ok) throw tokens
-
-          return {
-            ...token, // Keep the previous token properties
-            access_token: tokens.access_token,
-            expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
-            // Fall back to old refresh token, but note that
-            // many providers may only allow using a refresh token once.
-            refresh_token: tokens.refresh_token ?? token.refresh_token,
-          }
-        } catch (error) {
-          console.error("Error refreshing access token", error)
-          // The error property will be used client-side to handle the refresh token error
-          return { ...token, error: "RefreshAccessTokenError" as const }
-        }
-      }
-    },
-    async session({ session, token }) {
-      session.error = token.error
-      return session
-    },
-  },
-})
-
-declare module "@auth/core/types" {
-  interface Session {
-    error?: "RefreshAccessTokenError"
-  }
-}
-
-declare module "@auth/core/jwt" {
-  interface JWT {
-    access_token: string
-    expires_at: number
-    refresh_token: string
-    error?: "RefreshAccessTokenError"
-  }
-}
-```
-
-#### Database strategy
-
-Using the database strategy is very similar, but instead of preserving the `access_token` and `refresh_token`, we save it, well, in the database.
-
-```ts
-import { Auth } from "@auth/core"
-import { type TokenSet } from "@auth/core/types"
-import Google from "@auth/core/providers/google"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
-import { PrismaClient } from "@prisma/client"
-
-const prisma = new PrismaClient()
-
-export default Auth(new Request("https://example.com"), {
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    Google({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-      authorization: { params: { access_type: "offline", prompt: "consent" } },
-    }),
-  ],
-  callbacks: {
-    async session({ session, user }) {
-      const [google] = await prisma.account.findMany({
-        where: { userId: user.id, provider: "google" },
-      })
-      if (google.expires_at * 1000 < Date.now()) {
-        // If the access token has expired, try to refresh it
-        try {
-          // https://accounts.google.com/.well-known/openid-configuration
-          // We need the `token_endpoint`.
-          const response = await fetch("https://oauth2.googleapis.com/token", {
-            headers: { "Content-Type": "application/x-www-form-urlencoded" },
-            body: new URLSearchParams({
-              client_id: process.env.GOOGLE_ID,
-              client_secret: process.env.GOOGLE_SECRET,
-              grant_type: "refresh_token",
-              refresh_token: google.refresh_token,
-            }),
-            method: "POST",
-          })
-
-          const tokens: TokenSet = await response.json()
-
-          if (!response.ok) throw tokens
-
-          await prisma.account.update({
-            data: {
-              access_token: tokens.access_token,
-              expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
-              refresh_token: tokens.refresh_token ?? google.refresh_token,
-            },
-            where: {
-              provider_providerAccountId: {
-                provider: "google",
-                providerAccountId: google.providerAccountId,
-              },
-            },
-          })
-        } catch (error) {
-          console.error("Error refreshing access token", error)
-          // The error property will be used client-side to handle the refresh token error
-          session.error = "RefreshAccessTokenError"
-        }
-      }
-      return session
-    },
-  },
-})
-
-declare module "@auth/core/types" {
-  interface Session {
-    error?: "RefreshAccessTokenError"
-  }
-}
-
-declare module "@auth/core/jwt" {
-  interface JWT {
-    access_token: string
-    expires_at: number
-    refresh_token: string
-    error?: "RefreshAccessTokenError"
-  }
-}
-```
-
-### Client Side
-
-The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed to the client. This means that you can direct the user to the sign-in flow if we cannot refresh their token.
-
-We can handle this functionality as a side effect:
-
-```js title="pages/home.js"
-import { signIn, useSession } from "next-auth/react";
-import { useEffect } from "react";
-
-const HomePage() {
-  const { data: session } = useSession();
-
-  useEffect(() => {
-    if (session?.error === "RefreshAccessTokenError") {
-      signIn(); // Force sign in to hopefully resolve error
-    }
-  }, [session]);
-
-return (...)
-}
-```
-
-## Source Code
-
-A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
-

docs/docs/guides/basics/role-based-access-control.md

@@ -1,153 +0,0 @@
----
-title: Role-based access control
----
-
-There are two ways to add role-based access control (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
-
-## Getting the role
-
-We are going to start by adding a `profile()` callback to the providers' config to determine the user role:
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-
-export default NextAuth({
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      },
-      ...
-    })  
-  ],
-})
-```
-
-:::tip
-To determine the user's role, you can either add your logic or if your provider assigns roles already, use that instead.
-:::
-
-## Persisting the role
-### With JWT
-
-When you don't have a database configured, the role will be persisted in a cookie, by using the `jwt()` callback. On sign-in, the `role` property is exposed from the `profile` callback on the `user` object. Persist the `user.role` value by assigning it to `token.role`. That's it!
-
-If you also want to use the role on the client, you can expose it via the `session` callback.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-
-export default NextAuth({
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      },
-      ...
-    })  
-  ],
-  // highlight-start
-  callbacks: {
-    jwt({ token, user }) {
-      if(user) token.role = user.role
-      return token
-    },
-    session({ session, token }) {
-      session.user.role = token.role
-      return session
-    }
-  }
-  // highlight-end
-})
-```
-
-:::info
-With this strategy, if you want to update the role, the user needs to be forced to sign in again.
-:::
-
-### With Database
-
-When you have a database, you can save the user role on the [User model](/reference/adapters/models#user). The below example is showing you how to do this with Prisma, but the idea is the same for all adapters.
-
-First, add a `role` column to the User model.
-
-```ts title="/prisma/schema.prisma"
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  role          String?  // New column
-  accounts      Account[]
-  sessions      Session[]
-}
-```
-
-The `profile()` callback's return value is used to create users in the database. That's it! Your newly created users will now have an assigned role.
-
-If you also want to use the role on the client, you can expose it via the `session` callback.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import Google from "next-auth/providers/google"
-  // highlight-next-line
-import prisma from "lib/prisma"
-
-export default NextAuth({
-  // highlight-next-line
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    Google({
-      profile(profile) {
-        return { role: profile.role ?? "user", ... }
-      }
-      ...
-    })  
-  ],
-  // highlight-start
-  callbacks: {
-    session({ session, user }) {
-      session.user.role = user.role
-      return session
-    }
-  }
-  // highlight-end
-})
-```
-
-:::info
-It is up to you how you want to manage to update the roles, either through direct database access or building your role update API.
-:::
-
-## Using the role
-
-If you want to use the role in the client, for both cases above, when using the `useSession` hook, `session.user.role` will have the required role if you exposed it via the `session` callback. You can use this to render a different UI for different users.
-
-```ts title="/pages/admin.tsx"
-import { useSession } from "next-auth/react"
-
-export default function Page() {
-  const session = await useSession()
-
-  if (session?.user.role === "admin") {
-    return <p>You are an admin, welcome!</p>
-  }
-
-  return <p>You are not authorized to view this page!</p>
-}
-```
-
-:::tip
-When using Next.js and JWT, you can alternatively also use [Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware) to redirect the user based on their role, even before rendering the page.
-:::
-
-## Resources
-
-- [Concepts: Session strategies](/concepts/session-strategies)
-- [Next.js: Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware)
-- [Adapters: User model](/reference/adapters/models#user)
-- [Adapters: Prisma adapter](/reference/adapters/prisma)
-- [TypeScript](/getting-started/typescript)

docs/docs/guides/index.md

@@ -1,12 +1,9 @@
 ---
 title: Overview
+sidebar_label: Guides
 sidebar_position: 0
 ---
 
-This section contains guides for common use cases.
+We're creating internal guides to help understand how to use Auth.js and all the possible configurations and uses cases it supports.
 
-If you can't find what you're looking for, [raise an issue](https://github.com/nextauthjs/next-auth/issues/new?assignees=&labels=triage%2Cdocumentation&template=4_documentation.yml).
-
-:::warning Warning
-Guides are being migrated from the [old documentation page](https://next-auth.js.org), so there are going to be references to `next-auth` still. We are continuously working on updating the naming/references.
-:::
+If you can't find what you're looking for, [raise an issue](https://github.com/nextauthjs/next-auth/issues/new/choose) then take a look at our third-party [community resources](/guides/resources).

docs/docs/guides/providers/custom-provider.md

@@ -1,112 +0,0 @@
----
-title: OAuth Provider
----
-
-Auth.js comes with a set of built-in OAuth providers that you can import from `@auth/core/providers/*`. Every provider has their separate documentation page under the [core package's API Reference](/reference/core)
-
-
-## Use your own provider
-
-However, you can use _any_ provider as long as they are compliant with the OAuth/OIDC specifications.
-
-Auth.js uses the [`oauth4webapi`](https://github.com/panva/oauth4webapi/blob/main/docs/README.md) package under the hood.
-
-To use a custom OAuth provider with Auth.js, pass an object to the [`providers` list](/reference/core#providers).
-
-It can implement either the [`OAuth2Config`](/reference/core/providers#oauth2configprofile) or the [`OIDCConfig`](/reference/core/providers#oidcconfigprofile) interface, depending on if your provider is OAuth 2 or OpenID Connect compliant.
-
-For example, if you have a fully OIDC-compliant provider, this is all you need:
-
-```ts
-import type { OIDCConfig } from "@auth/core/providers"
-
-...
-providers: [
-  {
-    id: "my-oidc-provider",
-    name: "My Provider",
-    type: "oidc",
-    issuer: "https://my.oidc-provider.com",
-    clientId: process.env.CLIENT_ID,
-    clientSecret: process.env.CLIENT_SECRET
-  } satisfies OIDCConfig
-]
-...
-```
-
-Then, you can set the [Redirect URI](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-07.html#name-client-redirection-endpoint) in your provider's dashboard to something like `https://app-url.com/{path-to-auth-handler}/callback/my-oidc-provider`.
-
-`{path-to-auth-handler}` is _usually_ `auth` or `api/auth`, depending on your framework of your choice.
-`my-oidc-provider` matches the `id` you set in the [`providers` list](/reference/core#providers).
-
-
-## Override default provider config
-
-For built-in providers, in most cases you will only need to specify the `clientId` and `clientSecret`, and in case of OIDC providers, the `issuer` property. If you need to override any of the defaults, you can add them in the provider's function call and they will be deep-merged with the default configuration options.
-
-:::note
-The user provided options are deeply merged with the default options. That means you only have to override part of the options that you need to be different. For example if you want different scopes, overriding `authorization.params.scope` is enough, instead of the whole `authorization` option.
-:::
-
-
-For example, to override a provider's default scopes, you can do the following:
-
-```ts
-import Auth0Provider from "@auth/core/providers/auth0"
-
-Auth0Provider({
-  clientId: process.env.CLIENT_ID,
-  clientSecret: process.env.CLIENT_SECRET,
-  issuer: process.env.ISSUER,
-  authorization: { params: { scope: "openid your_custom_scope" } },
-})
-```
-
-Another example, the `profile` callback will return `id`, `name`, `email` and `picture` by default, but you might want to return more information from the provider. After setting the correct scopes, you can then do something like this:
-
-```ts
-import GoogleProvider from "@auth/core/providers/google"
-
-GoogleProvider({
-  clientId: process.env.GOOGLE_CLIENT_ID,
-  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-  profile(profile) {
-    return {
-      // Return all the profile information you need.
-      // The only truly required field is `id`
-      // to be able identify the account when added to a database
-    }
-  },
-})
-```
-
-An example of how to enable automatic account linking:
-
-```ts
-import GoogleProvider from "@auth/core/providers/google"
-
-GoogleProvider({
-  clientId: process.env.GOOGLE_CLIENT_ID,
-  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-  allowDangerousEmailAccountLinking: true,
-})
-```
-
-## Adding a new built-in provider
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list.
-
-:::note
-We are only accepting new providers to `@auth/core`, and not `next-auth`. Follow the steps below to make sure your PR is merged!
-:::
-
-1. Create a new `{provider}.ts` (for it to get merged, you must use TypeScript) file under the [`packages/core/src/providers`](https://github.com/nextauthjs/next-auth/tree/main/packages/core/src/providers) directory.
-2. Make sure that you are following other providers, ie.:
-  - Use a named default export: `export default function YourProvider`
-  - Export the TypeScript `interface` that defines the provider's available user info properties
-  - Add the necessary JSDoc comments/documentation (Study the built-in providers to get an understanding what's needed. For example, the [Auth0 provider](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts) is a good example for OIDC and the [GitHub Provider](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts) is an OAuth provider.)
-  - Add links to the provider's API reference/documentation so others can understand how to use the provider
-3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)
-4. (Optional): Add a logo `{provider}.svg` to the [`docs/static/img/providers`](https://github.com/nextauthjs/next-auth/tree/main/docs/static/img/providers) directory.
-
-That's it! 🎉 Others will be able to discover and use this provider!

docs/docs/guides/providers/email-http-api.md

@@ -1,109 +0,0 @@
----
-id: email-http
-title: HTTP-based Email Provider
----
-
-## Introduction
-
-:::note
-The following guide is written for `next-auth` (NextAuth.js), but it should work for any of the Auth.js framework libraries (`@auth/*`) as well.
-:::
-
-
-There is a built-in Email provider with which you could connect to the SMTP server of your choice to send "magic link" emails for sign-in purposes. However, the Email provider can also be used with HTTP-based email services, like AWS SES, Postmark, Sendgrid, etc. In this guide, we are going to explain how to use our Email magic link provider with any of the more modern HTTP-based Email APIs.
-
-For this example, we will be using [SendGrid](https://sendgrid.com), but any email service providing an HTTP API or JS client library will work.
-We will also refer to the [Prisma Adapter](/reference/adapter/prisma). A [database adapter](/adapters/overview) is a requirement for the Email provider.
-
-## Setup
-
-First, if you do not have a project using Auth.js, clone and set up a basic Auth.js project like the one [provided in](https://github.com/nextauthjs/next-auth-example.git) our example repo](https://github.com/nextauthjs/next-auth-example.git).
-
-- Install the [Prisma Adapter](/reference/adapter/prisma)
-- Generate an API key from your cloud Email provider of choice and add it to your `.env.*` file. For example, mine is going to be called `SENDGRID_API`
-- Add the following configuration to your configuration file:
-
-```js title="pages/api/auth/[...nextauth].ts"
-import NextAuth, { NextAuthOptions } from "next-auth"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
-import { PrismaClient } from "@prisma/client"
-
-const prisma = new PrismaClient()
-
-export const authOptions: NextAuthOptions = {
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    {
-      id: 'sendgrid',
-      type: 'email',
-      async sendVerificationRequest({identifier: email, url}) {
-      }
-    }
-  ],
-}
-
-export default NextAuth(authOptions)
-```
-
-Next, all that's left to do is call the HTTP endpoint from our cloud email provider and pass it the required metadata like the `to` address, the email `body`, and any other fields we may need to include.
-
-As mentioned earlier, we're going to be using SendGrid in this example, so the appropriate endpoint is `https://api.sendgrid.com/v3/mail/send` ([more info](https://docs.sendgrid.com/for-developers/sending-email/api-getting-started)). Therefore, we're going to pull out some of the important information from the `params` argument and use it in a `fetch()` call to the previously mentioned SendGrid API.
-
-```js title="pages/api/auth/[...nextauth].ts"
-import NextAuth, { NextAuthOptions } from "next-auth"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
-import { PrismaClient } from "@prisma/client"
-
-const prisma = new PrismaClient()
-
-export const authOptions: NextAuthOptions = {
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    {
-      id: 'sendgrid',
-      type: 'email',
-      async sendVerificationRequest({identifier: email, url}) {
-        // highlight-start
-        // Call the cloud Email provider API for sending emails
-        // See https://docs.sendgrid.com/api-reference/mail-send/mail-send
-        const response = await fetch("https://api.sendgrid.com/v3/mail/send", {
-          // The body format will vary depending on provider, please see their documentation
-          // for further details.
-          body: JSON.stringify({
-            personalizations: [{ to: [{ email }] }],
-            from: { email: "noreply@company.com" },
-            subject: "Sign in to Your page",
-            content: [
-              {
-                type: "text/plain",
-                value: `Please click here to authenticate - ${url}`,
-              },
-            ],
-          }),
-          headers: {
-            // Authentication will also vary from provider to provider, please see their docs.
-            Authorization: `Bearer ${process.env.SENDGRID_API}`,
-            "Content-Type": "application/json",
-          },
-          method: "POST",
-        })
-
-        if (!response.ok) {
-          const { errors } = await response.json()
-          throw new Error(JSON.stringify(errors))
-        }
-        // highlight-end
-      },
-    }
-  ],
-}
-```
-
-And that's all we need to do to send Emails via an HTTP API! Note here that the example is only using `text/plain` as the body type. You'll probably want to change that to `text/html` and pass in a nice-looking HTML email. See, for example, our `html` function in [the Auth.js docs](/providers/email#customizing-emails).
-
-To sign in via this custom provider, you would refer to it by the `id` in when you are calling the sign-in method, for example: `signIn('sendgrid', { email: 'user@company.com' })`.
-
-## References
-
-- [Email provider documentation with HTML generation and more](/reference/core/modules/providers_email)
-- [SendGrid JSON Body documentation](https://docs.sendgrid.com/api-reference/mail-send/mail-send#body)

docs/docs/reference/02-configuration/01-auth-config.md

@@ -0,0 +1,447 @@
+---
+title: Initialization
+---
+
+## Options
+
+Options are passed to Auth.js when initializing it in a server environment like a Next.js API Route.
+
+### providers
+
+- **Default value**: `[]`
+- **Required**: _Yes_
+
+#### Description
+
+An array of authentication providers for signing in (e.g. Google, Facebook, Twitter, GitHub, Email, etc) in any order. This can be one of the built-in providers or an object with a custom provider.
+
+Refer to the list of [all available Oauth providers](/reference/providers/oauth-builtin) and the [Oauth tutorial](/getting-started/oauth-tutorial) on how to use them.
+
+---
+
+### secret
+
+- **Default value**: `string` (_SHA hash of the "options" object_) in development, no default in production.
+- **Required**: _Yes, in production!_
+
+#### Description
+
+A random string is used to hash tokens, sign/encrypt cookies and generate cryptographic keys.
+
+If you set [`NEXTAUTH_SECRET`](#nextauth_secret) as an environment variable, you don't have to define this option.
+
+If no value specified specified in development (and there is no `NEXTAUTH_SECRET` variable either), it uses a hash for all configuration options, including OAuth Client ID / Secrets for entropy.
+
+:::warning
+Not providing any `secret` or `NEXTAUTH_SECRET` will throw [an error](/reference/errors#no_secret) in production.
+:::
+
+You can quickly create a good value on the command line via this `openssl` command.
+
+```bash
+$ openssl rand -base64 32
+```
+
+:::tip
+If you rely on the default secret generation in development, you might notice JWT decryption errors, since the secret changes whenever you change your configuration. Defining an explicit secret will make this problem go away. We will likely make this option mandatory, even in development, in the future.
+:::
+
+---
+
+### session
+
+- **Default value**: `object`
+- **Required**: _No_
+
+#### Description
+
+The `session` object and all properties on it are optional.
+
+Default values for this option are shown below:
+
+```js
+session: {
+  // Choose how you want to save the user session.
+  // The default is `"jwt"`, an encrypted JWT (JWE) stored in the session cookie.
+  // If you use an `adapter` however, we default it to `"database"` instead.
+  // You can still force a JWT session by explicitly defining `"jwt"`.
+  // When using `"database"`, the session cookie will only contain a `sessionToken` value,
+  // which is used to look up the session in the database.
+  strategy: "database",
+
+  // Seconds - How long until an idle session expires and is no longer valid.
+  maxAge: 30 * 24 * 60 * 60, // 30 days
+
+  // Seconds - Throttle how frequently to write to database to extend a session.
+  // Use it to limit write operations. Set to 0 to always update the database.
+  // Note: This option is ignored if using JSON Web Tokens
+  updateAge: 24 * 60 * 60, // 24 hours
+}
+```
+
+---
+
+### jwt
+
+- **Default value**: `object`
+- **Required**: _No_
+
+#### Description
+
+JSON Web Tokens can be used for session tokens if enabled with `session: { strategy: "jwt" }` option. JSON Web Tokens are enabled by default if you have not specified an adapter. JSON Web Tokens are encrypted (JWE) by default. We recommend you keep this behaviour. See the [Override JWT `encode` and `decode` methods](#override-jwt-encode-and-decode-methods) advanced option.
+
+#### JSON Web Token Options
+
+```js
+jwt: {
+  // The maximum age of the Auth.js issued JWT in seconds.
+  // Defaults to `session.maxAge`.
+  maxAge: 60 * 60 * 24 * 30,
+  // You can define your own encode/decode functions for signing and encryption
+  async encode() {},
+  async decode() {},
+}
+```
+
+An example JSON Web Token contains a payload like this:
+
+```js
+{
+  name: 'Iain Collins',
+  email: 'me@iaincollins.com',
+  picture: 'https://example.com/image.jpg',
+  iat: 1594601838,
+  exp: 1597193838
+}
+```
+
+#### JWT Helper
+
+You can use the built-in `getToken()` helper method to verify and decrypt the token, like this:
+
+```js
+import { getToken } from "next-auth/jwt"
+
+const secret = process.env.NEXTAUTH_SECRET
+
+export default async function handler(req, res) {
+  // if using `NEXTAUTH_SECRET` env variable, we detect it, and you won't actually need to `secret`
+  // const token = await getToken({ req })
+  const token = await getToken({ req, secret })
+  console.log("JSON Web Token", token)
+  res.end()
+}
+```
+
+_For convenience, this helper function is also able to read and decode tokens passed from the `Authorization: 'Bearer token'` HTTP header._
+
+**Required**
+
+The getToken() helper requires the following options:
+
+- `req` - (object) Request object
+- `secret` - (string) JWT Secret. Use `NEXTAUTH_SECRET` instead.
+
+You must also pass _any options configured on the `jwt` option_ to the helper.
+
+e.g. Including custom session `maxAge` and custom signing and/or encryption keys or options
+
+**Optional**
+
+It also supports the following options:
+
+- `secureCookie` - (boolean) Use secure prefixed cookie name
+
+  By default, the helper function will attempt to determine if it should use the secure prefixed cookie (e.g. `true` in production and `false` in development, unless NEXTAUTH_URL contains an HTTPS URL).
+
+- `cookieName` - (string) Session token cookie name
+
+  The `secureCookie` option is ignored if `cookieName` is explicitly specified.
+
+- `raw` - (boolean) Get raw token (not decoded)
+
+  If set to `true` returns the raw token without decrypting or verifying it.
+
+:::note
+The JWT is stored in the Session Token cookie, the same cookie used for tokens with database sessions.
+:::
+
+---
+
+### pages
+
+- **Default value**: `{}`
+- **Required**: _No_
+
+#### Description
+
+Specify URLs to be used if you want to create custom sign in, sign out and error pages.
+
+Pages specified will override the corresponding built-in page.
+
+_For example:_
+
+```js
+pages: {
+  signIn: '/auth/signin',
+  signOut: '/auth/signout',
+  error: '/auth/error', // Error code passed in query string as ?error=
+  verifyRequest: '/auth/verify-request', // (used for check email message)
+  newUser: '/auth/new-user' // New users will be directed here on first sign in (leave the property out if not of interest)
+}
+```
+
+:::note
+When using this configuration, ensure that these pages actually exist. For example `error: '/auth/error'` refers to a page file at `pages/auth/error.js`.
+:::
+
+See the documentation for the [creating custom pages guide](/guides/basics/pages) for more information.
+
+---
+
+### callbacks
+
+- **Default value**: `object`
+- **Required**: _No_
+
+#### Description
+
+Callbacks are asynchronous functions you can use to control what happens when an action is performed.
+
+Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as they allow you to implement access controls without a database and to integrate with external databases or APIs.
+
+You can specify a handler for any of the callbacks below.
+
+```js
+callbacks: {
+  async signIn({ user, account, profile, email, credentials }) {
+    return true
+  },
+  async redirect({ url, baseUrl }) {
+    return baseUrl
+  },
+  async session({ session, token, user }) {
+    return session
+  },
+  async jwt({ token, user, account, profile, isNewUser }) {
+    return token
+  }
+}
+```
+
+See [our callbacks guide](/guides/basics/callbacks) for more information on how to use the callback functions.
+
+---
+
+### events
+
+- **Default value**: `object`
+- **Required**: _No_
+
+#### Description
+
+Events are asynchronous functions that do not return a response, they are useful for audit logging.
+
+You can specify a handler for any of these events below - e.g. for debugging or to create an audit log.
+
+The content of the message object varies depending on the flow (e.g. OAuth or Email authentication flow, JWT or database sessions, etc). See the [events guide](/guides/basics/events) for more information on the form of each message object and how to use the events functions.
+
+```js
+events: {
+  async signIn(message) { /* on successful sign in */ },
+  async signOut(message) { /* on signout */ },
+  async createUser(message) { /* user created */ },
+  async updateUser(message) { /* user updated - e.g. their email was verified */ },
+  async linkAccount(message) { /* account (e.g. Twitter) linked to a user */ },
+  async session(message) { /* session is active */ },
+}
+```
+
+---
+
+### adapter
+
+- **Default value**: none
+- **Required**: _No_
+
+#### Description
+
+By default Auth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](/reference/adapters/overview).
+
+---
+
+### debug
+
+- **Default value**: `false`
+- **Required**: _No_
+
+#### Description
+
+Set debug to `true` to enable debug messages for authentication and database operations.
+
+---
+
+### logger
+
+- **Default value**: `console`
+- **Required**: _No_
+
+#### Description
+
+Override any of the logger levels (`undefined` levels will use the built-in logger), and intercept logs in NextAuth. You can use this to send NextAuth logs to a third-party logging service.
+
+The `code` parameter for `error` and `warn` are explained in the [Warnings](/reference/warnings) and [Errors](/reference/errors) pages respectively.
+
+Example:
+
+```js title="/pages/api/auth/[...nextauth].js"
+import log from "logging-service"
+
+export default NextAuth({
+  ...
+  logger: {
+    error(code, metadata) {
+      log.error(code, metadata)
+    },
+    warn(code) {
+      log.warn(code)
+    },
+    debug(code, metadata) {
+      log.debug(code, metadata)
+    }
+  }
+  ...
+})
+```
+
+:::note
+If the `debug` level is defined by the user, it will be called regardless of the `debug: false` [option](#debug).
+:::
+
+---
+
+### theme
+
+- **Default value**: `object`
+- **Required**: _No_
+
+#### Description
+
+Changes the color scheme theme of [pages](/reference/configuration/auth-config#pages) as well as allows some minor customization. Set `theme.colorScheme` to `"light"`, if you want to force pages to always be light. Set to `"dark"`, if you want to force pages to always be dark. Set to `"auto"`, (or leave this option out) if you want the pages to follow the preferred system theme. (Uses the [prefers-color-scheme](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) media query.)
+
+In addition, you can define a logo URL in `theme.logo` which will be rendered above the main card in the default signin/signout/error/verify-request pages, as well as a `theme.brandColor` which will affect the accent color of these pages.
+
+```js
+theme: {
+  colorScheme: "auto", // "auto" | "dark" | "light"
+  brandColor: "", // Hex color code
+  logo: "" // Absolute URL to image
+}
+```
+
+---
+
+## Advanced Options
+
+Advanced options are passed the same way as basic options, but may have complex implications or side effects. You should try to avoid using advanced options unless you are very comfortable using them.
+
+---
+
+### useSecureCookies
+
+- **Default value**: `true` for HTTPS sites / `false` for HTTP sites
+- **Required**: _No_
+
+#### Description
+
+When set to `true` (the default for all site URLs that start with `https://`) then all cookies set by Auth.js will only be accessible from HTTPS URLs.
+
+This option defaults to `false` on URLs that start with `http://` (e.g. `http://localhost:3000`) for developer convenience.
+
+:::note
+Properties on any custom `cookies` that are specified override this option.
+:::
+
+:::warning
+Setting this option to _false_ in production is a security risk and may allow sessions to be hijacked if used in production. It is intended to support development and testing. Using this option is not recommended.
+:::
+
+---
+
+### cookies
+
+- **Default value**: `{}`
+- **Required**: _No_
+
+#### Description
+
+Cookies in Auth.js are chunked by default, meaning that once they reach the 4kb limit, we will create a new cookie with the `.{number}` suffix and reassemble the cookies in the correct order when parsing / reading them. This was introduced to avoid size constraints which can occur when users want to store additional data in their sessionToken, for example.
+
+You can override the default cookie names and options for any of the cookies used by Auth.js.
+
+This is an advanced option and using it is not recommended as you may break authentication or introduce security flaws into your application.
+
+You can specify one or more cookies with custom properties, but if you specify custom options for a cookie you must provide all the options for that cookie.
+
+If you use this feature, you will likely want to create conditional behaviour to support setting different cookies policies in development and production builds, as you will be opting out of the built-in dynamic policy.
+
+:::tip
+An example of a use case for this option is to support sharing session tokens across subdomains.
+:::
+
+#### Example
+
+```js
+cookies: {
+  sessionToken: {
+    name: `__Secure-next-auth.session-token`,
+    options: {
+      httpOnly: true,
+      sameSite: 'lax',
+      path: '/',
+      secure: true
+    }
+  },
+  callbackUrl: {
+    name: `__Secure-next-auth.callback-url`,
+    options: {
+      sameSite: 'lax',
+      path: '/',
+      secure: true
+    }
+  },
+  csrfToken: {
+    name: `__Host-next-auth.csrf-token`,
+    options: {
+      httpOnly: true,
+      sameSite: 'lax',
+      path: '/',
+      secure: true
+    }
+  },
+  pkceCodeVerifier: {
+    name: `${cookiePrefix}next-auth.pkce.code_verifier`,
+    options: {
+      httpOnly: true,
+      sameSite: 'lax',
+      path: '/',
+      secure: useSecureCookies,
+      maxAge: 900
+    }
+  },
+  state: {
+    name: `${cookiePrefix}next-auth.state`,
+    options: {
+      httpOnly: true,
+      sameSite: "lax",
+      path: "/",
+      secure: useSecureCookies,
+      maxAge: 900
+    },
+  },
+}
+```
+
+:::warning
+Using a custom cookie policy may introduce security flaws into your application and is intended as an option for advanced users who understand the implications. Using this option is not recommended.
+:::

docs/docs/reference/02-configuration/04-env.md

@@ -0,0 +1,38 @@
+---
+title: Environment variables
+sidebar_label: Environment Variables
+---
+
+## NEXTAUTH_URL
+
+When deploying to production, set the `NEXTAUTH_URL` environment variable to the canonical URL of your site.
+
+```
+NEXTAUTH_URL=https://example.com
+```
+
+If your Next.js application uses a custom base path, specify the route to the API endpoint in full.
+
+_e.g. `NEXTAUTH_URL=https://example.com/custom-route/api/auth`_
+
+:::note
+Using [System Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) we automatically detect when you deploy to [Vercel](https://vercel.com) so you don't have to define this variable. Make sure **Automatically expose System Environment Variables** is checked in your Project Settings.
+:::
+
+---
+
+## NEXTAUTH_SECRET
+
+Used to encrypt the Auth.js JWT, and to hash [email verification tokens](/reference/adapters/models#verification-token). This is the default value for the [`secret`](/reference/configuration/auth-config#secret) option. The `secret` option might be removed in the future in favor of this.
+
+If you are using [Middleware](/reference/nextjs/#prerequisites) this environment variable must be set.
+
+---
+
+## NEXTAUTH_URL_INTERNAL
+
+If provided, server-side calls will use this instead of `NEXTAUTH_URL`. Useful in environments when the server doesn't have access to the canonical URL of your site. Defaults to `NEXTAUTH_URL`.
+
+```
+NEXTAUTH_URL_INTERNAL=http://10.240.8.16
+```

docs/docs/reference/02-configuration/_category_.json

@@ -0,0 +1,5 @@
+{
+  "label": "Configuration",
+  "collapsible": true,
+  "collapsed": true
+}