chore(release): bump package version(s) [skip ci]

Related: #7332

.github/workflows/release.yml

@@ -15,16 +15,46 @@ on:
         type: choice
         description: Package name (npm)
         options:
-        - "@auth/nextjs"
         - "@auth/core"
+        - "@auth/nextjs"
+        - "@auth/dgraph-adapter"
+        - "@auth/drizzle-adapter"
+        - "@auth/dynamodb-adapter"
+        - "@auth/fauna-adapter"
+        - "@auth/firebase-adapter"
+        - "@auth/mikro-orm-adapter"
+        - "@auth/mongodb-adapter"
+        - "@auth/neo4j-adapter"
+        - "@auth/pouchdb-adapter"
+        - "@auth/prisma-adapter"
+        - "@auth/sequelize-adapter"
+        - "@auth/supabase-adapter"
+        - "@auth/typeorm-legacy-adapter"
+        - "@auth/upstash-redis-adapter"
+        - "@auth/xata-adapter"
         - "next-auth"
       # TODO: Infer from package name
       path:
         type: choice
         description: Directory name (packages/*)
         options:
-        - "frameworks-nextjs"
         - "core"
+        - "frameworks-nextjs"
+        - "adapter-dgraph"
+        - "adapter-drizzle"
+        - "adapter-dynamodb"
+        - "adapter-fauna"
+        - "adapter-firebase"
+        - "adapter-mikro-orm"
+        - "adapter-mongodb"
+        - "adapter-neo4j"
+        - "adapter-pouchdb"
+        - "adapter-prisma"
+        - "adapter-sequelize"
+        - "adapter-supabase"
+        - "adapter-typeorm-legacy"
+        - "adapter-upstash-redis"
+        - "adapter-xata"
         - "next-auth"
 
 jobs:
@@ -42,6 +72,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Run tests
@@ -91,6 +122,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Publish to npm and GitHub
@@ -115,6 +147,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Determine version
@@ -153,6 +186,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Determine version
@@ -162,6 +196,7 @@ jobs:
           PACKAGE_PATH: ${{ github.event.inputs.path }}
       - name: Publish to npm
         run: |
+          pnpm build
           cd packages/$PACKAGE_PATH
           echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
           pnpm publish --no-git-checks --access public --tag experimental

.gitignore

@@ -85,10 +85,7 @@ packages/core/providers
 packages/core/src/lib/pages/styles.ts
 docs/docs/reference/core
 docs/docs/reference/sveltekit
-docs/docs/reference/nextjs
 
-# Next.js
-packages/frameworks-nextjs/lib
 
 # SvelteKit
 packages/frameworks-sveltekit/index.*

apps/dev/nextjs/app/api/auth/[...nextauth]/route.ts

@@ -1,3 +0,0 @@
-import { handlers } from "auth"
-export const { GET, POST } = handlers
-export const runtime = "edge"

apps/dev/nextjs/app/api/protected/route.ts

@@ -1,10 +0,0 @@
-import { auth } from "auth"
-import { NextResponse } from "next/server"
-
-export const GET = auth(function GET(req) {
-  if (req.auth) {
-    return NextResponse.json(req.auth)
-  }
-
-  return NextResponse.json({ message: "Not authenticated" }, { status: 401 })
-})

apps/dev/nextjs/app/client.tsx

@@ -1,10 +0,0 @@
-"use client"
-
-import { useEffect } from "react"
-
-export default function Client({ session }: any) {
-  useEffect(() => {
-    console.log(window.location)
-  })
-  return <div>{JSON.stringify(session)}</div>
-}

apps/dev/nextjs/app/dashboard/page.tsx

@@ -1,3 +0,0 @@
-export default function Page() {
-  return <h1>This page is protected.</h1>
-}

apps/dev/nextjs/app/layout.tsx

@@ -1,54 +1,12 @@
-import { auth } from "auth"
-import Footer from "components/footer"
-import { Header } from "components/header"
-import { cookies, headers } from "next/headers"
-import styles from "components/header.module.css"
-import "./styles.css"
-
-export default function RootLayout(props: { children: React.ReactNode }) {
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode
+}) {
   return (
     <html>
       <head></head>
-      <body>
-        {/* @ts-expect-error */}
-        <AppHeader />
-        <main>{props.children}</main>
-        <Footer />
-      </body>
+      <body>{children}</body>
     </html>
   )
 }
-
-function SignIn({ id, ...props }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  const action = id ? `/api/auth/signin/${id}` : "/api/auth/signin"
-  return (
-    <form action={action} method="post">
-      <button {...props} />
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut(props: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button {...props} />
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-export async function AppHeader() {
-  const session = await auth(headers())
-  return (
-    <Header
-      session={session}
-      signIn={<SignIn className={styles.buttonPrimary}>Sign in</SignIn>}
-      signOut={<SignOut className={styles.button}>Sign out</SignOut>}
-    />
-  )
-}

apps/dev/nextjs/app/page.tsx

@@ -1,17 +0,0 @@
-import { auth } from "auth"
-import { headers } from "next/headers"
-import Client from "./client"
-
-export default async function Page() {
-  const session = await auth(headers())
-  return (
-    <>
-      <Client session={session} />
-      <h1>NextAuth.js Example</h1>
-      <p>
-        This is an example site to demonstrate how to use{" "}
-        <a href="https://nextjs.authjs.dev">NextAuth.js</a> for authentication.
-      </p>
-    </>
-  )
-}

apps/dev/nextjs/app/server-component/page.tsx

@@ -0,0 +1,6 @@
+import { unstable_getServerSession } from "next-auth/next"
+
+export default async function Page() {
+  const session = await unstable_getServerSession()
+  return <pre>{JSON.stringify(session, null, 2)}</pre>
+}

apps/dev/nextjs/auth.ts

@@ -1,31 +0,0 @@
-import NextAuth from "@auth/nextjs"
-import Auth0 from "@auth/core/providers/auth0"
-import Facebook from "@auth/core/providers/facebook"
-import GitHub from "@auth/core/providers/github"
-import Google from "@auth/core/providers/google"
-import Twitter from "@auth/core/providers/twitter"
-import Credentials from "@auth/core/providers/credentials"
-
-export const { handlers, auth, getServerSession } = NextAuth({
-  debug: true,
-  providers: [
-    GitHub,
-    Auth0,
-    Facebook,
-    Google,
-    Twitter,
-    Credentials({
-      credentials: { password: { label: "Password", type: "password" } },
-      authorize(c) {
-        if (c.password !== "password") return null
-        return { id: "test", name: "Test User", email: "test@example.com" }
-      },
-    }),
-  ],
-  callbacks: {
-    async authorized({ request: { nextUrl }, auth }) {
-      if (nextUrl.pathname === "/dashboard") return !!auth.user
-      return true
-    },
-  },
-})

apps/dev/nextjs/components/access-denied.js

@@ -1,4 +1,4 @@
-import { signIn } from "@auth/nextjs/react"
+import { signIn } from "next-auth/react"
 
 export default function AccessDenied() {
   return (

apps/dev/nextjs/components/footer.js

@@ -1,6 +1,6 @@
 import Link from "next/link"
 import styles from "./footer.module.css"
-import packageJSON from "@auth/nextjs/package.json"
+import packageJSON from "package.json"
 
 export default function Footer() {
   return (

apps/dev/nextjs/components/header.js

@@ -0,0 +1,89 @@
+import Link from "next/link"
+import { useSession } from "next-auth/react"
+import styles from "./header.module.css"
+
+// The approach used in this component shows how to built a sign in and sign out
+// component that works on pages which support both client and server side
+// rendering, and avoids any flash incorrect content on initial page load.
+export default function Header() {
+  const { data: session, status } = useSession()
+
+  return (
+    <header>
+      <noscript>
+        <style>{".nojs-show { opacity: 1; top: 0; }"}</style>
+      </noscript>
+      <div className={styles.signedInStatus}>
+        <p
+          className={`nojs-show ${
+            !session && status === "loading" ? styles.loading : styles.loaded
+          }`}
+        >
+          {!session && (
+            <>
+              <span className={styles.notSignedInText}>
+                You are not signed in
+              </span>
+              <a href="/api/auth/signin" className={styles.buttonPrimary}>
+                Sign in
+              </a>
+            </>
+          )}
+          {session && (
+            <>
+              {session.user.image && (
+                <img src={session.user.image} className={styles.avatar} />
+              )}
+              <span className={styles.signedInText}>
+                <small>Signed in as</small>
+                <br />
+                <strong>{session.user.email} </strong>
+                {session.user.name ? `(${session.user.name})` : null}
+              </span>
+              <a href="/api/auth/signout" className={styles.button}>
+                Sign out
+              </a>
+            </>
+          )}
+        </p>
+      </div>
+      <nav>
+        <ul className={styles.navItems}>
+          <li className={styles.navItem}>
+            <Link href="/">Home</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/client">Client</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/server">Server</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/protected">Protected</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/protected-ssr">Protected(SSR)</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/api-example">API</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/credentials">Credentials</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/email">Email</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/middleware-protected">Middleware protected</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-client-rls">Supabase RLS</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-ssr">Supabase RLS(SSR)</Link>
+          </li>
+        </ul>
+      </nav>
+    </header>
+  )
+}

apps/dev/nextjs/components/header.module.css

@@ -1,7 +1,6 @@
 /* Set min-height to avoid page reflow while session loading */
 .signedInStatus {
-  display: flex;
-  align-items: center;
+  display: block;
   min-height: 4rem;
   width: 100%;
 }
@@ -26,13 +25,16 @@
 
 .signedInText,
 .notSignedInText {
+  position: absolute;
   padding-top: 0.8rem;
+  left: 1rem;
+  right: 6.5rem;
   white-space: nowrap;
   text-overflow: ellipsis;
   overflow: hidden;
+  display: inherit;
   z-index: 1;
   line-height: 1.3rem;
-  flex: 1;
 }
 
 .signedInText {
@@ -45,7 +47,6 @@
   float: left;
   height: 2.8rem;
   width: 2.8rem;
-  margin-right: 1rem;
   background-color: white;
   background-size: cover;
   background-repeat: no-repeat;
@@ -53,11 +54,10 @@
 
 .button,
 .buttonPrimary {
-  justify-self: end;
+  float: right;
+  margin-right: -0.4rem;
   font-weight: 500;
   border-radius: 0.3rem;
-  border: none;
-  font-weight: bold;
   cursor: pointer;
   font-size: 1rem;
   line-height: 1.4rem;

apps/dev/nextjs/components/header.tsx

@@ -1,55 +0,0 @@
-import Link from "next/link"
-import styles from "./header.module.css"
-
-export function Header({ session, signIn, signOut }: any) {
-  return (
-    <header>
-      <div className={styles.signedInStatus}>
-        {!session && (
-          <>
-            <span className={styles.notSignedInText}>
-              You are not signed in
-            </span>
-            {signIn}
-          </>
-        )}
-        {session && (
-          <>
-            {session.user.picture && (
-              <img src={session.user.picture} className={styles.avatar} />
-            )}
-            <span className={styles.signedInText}>
-              <small>Signed in as</small>
-              <br />
-              <strong>{session.user.email} </strong>
-              {session.user.name ? `(${session.user.name})` : null}
-            </span>
-            {signOut}
-          </>
-        )}
-      </div>
-      <nav>
-        <ul className={styles.navItems}>
-          <li className={styles.navItem}>
-            <Link href="/">Home (app)</Link>
-          </li>
-          <li className={styles.navItem}>
-            <Link href="/dashboard">Dashboard (app)</Link>
-          </li>
-          <li className={styles.navItem}>
-            <Link href="/policy">Policy (pages)</Link>
-          </li>
-          <li className={styles.navItem}>
-            <Link href="/credentials">Credentials (pages)</Link>
-          </li>
-          <li className={styles.navItem}>
-            <Link href="/protected-ssr">getServerSideProps (pages)</Link>
-          </li>
-          <li className={styles.navItem}>
-            <Link href="/api/examples/protected">API Route (pages)</Link>
-          </li>
-        </ul>
-      </nav>
-    </header>
-  )
-}

apps/dev/nextjs/components/layout.js

@@ -0,0 +1,12 @@
+import Header from "components/header"
+import Footer from "components/footer"
+
+export default function Layout({ children }) {
+  return (
+    <>
+      <Header />
+      <main>{children}</main>
+      <Footer />
+    </>
+  )
+}

apps/dev/nextjs/middleware.ts

@@ -1 +1,45 @@
-export { auth as default } from "auth"
+export { default } from "next-auth/middleware"
+
+export const config = { matcher: ["/middleware-protected"] }
+
+// Other ways to use this middleware
+
+// import withAuth from "next-auth/middleware"
+// import { withAuth } from "next-auth/middleware"
+
+// export function middleware(req, ev) {
+//   return withAuth(req)
+// }
+
+// export function middleware(req, ev) {
+//   return withAuth(req, ev)
+// }
+
+// export function middleware(req, ev) {
+//   return withAuth(req, {
+//     callbacks: {
+//       authorized: ({ token }) => !!token,
+//     },
+//   })
+// }
+
+// export default withAuth(function middleware(req, ev) {
+//   console.log(req.nextauth.token)
+// })
+
+// export default withAuth(
+//   function middleware(req, ev) {
+//     console.log(req, ev)
+//   },
+//   {
+//     callbacks: {
+//       authorized: ({ token }) => token.name === "Balázs Orbán",
+//     },
+//   }
+// )
+
+// export default withAuth({
+//   callbacks: {
+//     authorized: ({ token }) => !!token,
+//   },
+// })

apps/dev/nextjs/package.json

@@ -15,7 +15,6 @@
   "license": "ISC",
   "dependencies": {
     "@auth/core": "workspace:*",
-    "@auth/nextjs": "workspace:*",
     "@next-auth/fauna-adapter": "workspace:*",
     "@next-auth/prisma-adapter": "workspace:*",
     "@next-auth/supabase-adapter": "workspace:*",
@@ -23,7 +22,7 @@
     "@prisma/client": "^3",
     "@supabase/supabase-js": "^2.0.5",
     "faunadb": "^4",
-    "next": "13.4.0",
+    "next": "13.3.0",
     "next-auth": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",

apps/dev/nextjs/pages/_app.js

@@ -0,0 +1,10 @@
+import { SessionProvider } from "next-auth/react"
+import "./styles.css"
+
+export default function App({ Component, pageProps }) {
+  return (
+    <SessionProvider session={pageProps.session}>
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}

apps/dev/nextjs/pages/_app.tsx

@@ -1,39 +0,0 @@
-import {
-  SessionProvider,
-  signIn,
-  signOut,
-  useSession,
-} from "@auth/nextjs/react"
-import "./styles.css"
-import { Header } from "components/header"
-import styles from "components/header.module.css"
-import Footer from "components/footer"
-
-export default function App({ Component, pageProps }) {
-  return (
-    <SessionProvider session={pageProps.session}>
-      <PagesHeader />
-      <Component {...pageProps} />
-      <Footer />
-    </SessionProvider>
-  )
-}
-
-function PagesHeader() {
-  const { data: session } = useSession()
-  return (
-    <Header
-      session={session}
-      signIn={
-        <button onClick={() => signIn()} className={styles.buttonPrimary}>
-          Sign in
-        </button>
-      }
-      signOut={
-        <button onClick={() => signOut()} className={styles.button}>
-          Sign out
-        </button>
-      }
-    />
-  )
-}

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -94,11 +94,7 @@ export const authConfig: AuthConfig = {
       tenantId: process.env.AZURE_AD_TENANT_ID,
     }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
-    BeyondIdentity({
-      clientId: process.env.BEYOND_IDENTITY_CLIENT_ID,
-      clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET,
-      issuer: process.env.BEYOND_IDENTITY_ISSUER,
-    }),
+    BeyondIdentity({ clientId: process.env.BEYOND_IDENTITY_CLIENT_ID, clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET, issuer: process.env.BEYOND_IDENTITY_ISSUER }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
@@ -160,4 +156,4 @@ function AuthHandler(...args: any[]) {
 
 export default AuthHandler(authConfig)
 
-export const config = { runtime: "edge" }
+export const config = { runtime: "experimental-edge" }

apps/dev/nextjs/pages/api/examples/protected.js

@@ -1,8 +1,9 @@
 // This is an example of to protect an API route
-import { getServerSession } from "auth"
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
 
 export default async (req, res) => {
-  const session = await getServerSession(req, res)
+  const session = await unstable_getServerSession(req, res, authOptions)
 
   if (session) {
     res.send({

apps/dev/nextjs/pages/api/examples/session.js

@@ -0,0 +1,8 @@
+// This is an example of how to access a session from an API route
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+
+export default async (req, res) => {
+  const session = await unstable_getServerSession(req, res, authOptions)
+  res.json(session)
+}

apps/dev/nextjs/pages/api/examples/session.ts

@@ -1,8 +0,0 @@
-import { authConfig } from "../auth-old/[...nextauth]"
-// This is an example of how to access a session from an API route
-import { getServerSession } from "next-auth/next"
-
-export default async (req, res) => {
-  const session = await getServerSession(req, res, authConfig as any)
-  res.json(session)
-}

apps/dev/nextjs/pages/api/examples/supabase-rls.js

@@ -0,0 +1,30 @@
+// This is an example of how to query data from Supabase with RLS.
+// Learn more about Row Levele Security (RLS): https://supabase.com/docs/guides/auth/row-level-security
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+
+export default async (req, res) => {
+  const session = await unstable_getServerSession(req, res, authOptions)
+
+  if (!session)
+    return res.send(JSON.stringify({ error: "No session!" }, null, 2))
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  res.send(JSON.stringify({ supabaseAccessToken, data, error }, null, 2))
+}

apps/dev/nextjs/pages/credentials.js

@@ -0,0 +1,67 @@
+// eslint-disable-next-line no-use-before-define
+import * as React from "react"
+import { signIn, signOut, useSession } from "next-auth/react"
+import Layout from "components/layout"
+
+export default function Page() {
+  const [response, setResponse] = React.useState(null)
+  const handleLogin = (options) => async () => {
+    if (options.redirect) {
+      return signIn("credentials", options)
+    }
+    const response = await signIn("credentials", options)
+    setResponse(response)
+  }
+
+  const handleLogout = (options) => async () => {
+    if (options.redirect) {
+      return signOut(options)
+    }
+    const response = await signOut(options)
+    setResponse(response)
+  }
+
+  const { data: session } = useSession()
+
+  if (session) {
+    return (
+      <Layout>
+        <h1>Test different flows for Credentials logout</h1>
+        <span className="spacing">Default:</span>
+        <button onClick={handleLogout({ redirect: true })}>Logout</button>
+        <br />
+        <span className="spacing">No redirect:</span>
+        <button onClick={handleLogout({ redirect: false })}>Logout</button>
+        <br />
+        <p>Response:</p>
+        <pre style={{ background: "#eee", padding: 16 }}>
+          {JSON.stringify(response, null, 2)}
+        </pre>
+      </Layout>
+    )
+  }
+
+  return (
+    <Layout>
+      <h1>Test different flows for Credentials login</h1>
+      <span className="spacing">Default:</span>
+      <button onClick={handleLogin({ redirect: true, password: "password" })}>
+        Login
+      </button>
+      <br />
+      <span className="spacing">No redirect:</span>
+      <button onClick={handleLogin({ redirect: false, password: "password" })}>
+        Login
+      </button>
+      <br />
+      <span className="spacing">No redirect, wrong password:</span>
+      <button onClick={handleLogin({ redirect: false, password: "" })}>
+        Login
+      </button>
+      <p>Response:</p>
+      <pre style={{ background: "#eee", padding: 16 }}>
+        {JSON.stringify(response, null, 2)}
+      </pre>
+    </Layout>
+  )
+}

apps/dev/nextjs/pages/credentials.tsx

@@ -1,67 +0,0 @@
-import * as React from "react"
-import { signIn, signOut, useSession } from "@auth/nextjs/react"
-import { SignInResponse, SignOutResponse } from "@auth/nextjs/lib/client"
-
-export default function Page() {
-  const [response, setResponse] = React.useState<
-    SignInResponse | SignOutResponse
-  >()
-
-  const { data: session } = useSession()
-
-  if (session) {
-    return (
-      <>
-        <h1>Test different flows for Credentials logout</h1>
-        <span className="spacing">Default: </span>
-        <button onClick={() => signOut()}>Logout</button>
-        <br />
-        <span className="spacing">No redirect: </span>
-        <button onClick={() => signOut({ redirect: false }).then(setResponse)}>
-          Logout
-        </button>
-        <br />
-        <p>{response ? "Response:" : "Session:"}</p>
-        <pre style={{ background: "#eee", padding: 16 }}>
-          {JSON.stringify(response ?? session, null, 2)}
-        </pre>
-      </>
-    )
-  }
-
-  return (
-    <>
-      <h1>Test different flows for Credentials login</h1>
-      <span className="spacing">Default: </span>
-      <button onClick={() => signIn("credentials", { password: "password" })}>
-        Login
-      </button>
-      <br />
-      <span className="spacing">No redirect: </span>
-      <button
-        onClick={() =>
-          signIn("credentials", { redirect: false, password: "password" }).then(
-            setResponse
-          )
-        }
-      >
-        Login
-      </button>
-      <br />
-      <span className="spacing">No redirect, wrong password: </span>
-      <button
-        onClick={() =>
-          signIn("credentials", { redirect: false, password: "wrong" }).then(
-            setResponse
-          )
-        }
-      >
-        Login
-      </button>
-      <p>Response:</p>
-      <pre style={{ background: "#eee", padding: 16 }}>
-        {JSON.stringify(response, null, 2)}
-      </pre>
-    </>
-  )
-}

apps/dev/nextjs/pages/index.js

@@ -1,13 +1,13 @@
+import Layout from "components/layout"
+
 export default function Page() {
   return (
-    <>
+    <Layout>
       <h1>NextAuth.js Example</h1>
       <p>
         This is an example site to demonstrate how to use{" "}
         <a href="https://authjs.dev">NextAuth.js</a> for authentication.
       </p>
-    </>
+    </Layout>
   )
 }
-
-export const runtime = "experimental-edge"

apps/dev/nextjs/pages/middleware-protected/index.js

@@ -0,0 +1,9 @@
+import Layout from "components/layout"
+
+export default function Page() {
+  return (
+    <Layout>
+      <h1>Page protected by Middleware</h1>
+    </Layout>
+  )
+}

apps/dev/nextjs/pages/policy.js

@@ -1,6 +1,8 @@
+import Layout from "../components/layout"
+
 export default function Page() {
   return (
-    <>
+    <Layout>
       <p>
         This is an example site to demonstrate how to use{" "}
         <a href="https://authjs.dev">Auth.js</a> for authentication.
@@ -16,11 +18,15 @@ export default function Page() {
         SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
       </p>
       <h2>Privacy Policy</h2>
+      <p>
+        This site uses JSON Web Tokens and an in-memory database which resets
+        every ~2 hours.
+      </p>
       <p>
         Data provided to this site is exclusively used to support signing in and
         is not passed to any third party services, other than via SMTP or OAuth
         for the purposes of authentication.
       </p>
-    </>
+    </Layout>
   )
 }

apps/dev/nextjs/pages/protected-ssr.js

@@ -1,34 +1,52 @@
 // This is an example of how to protect content using server rendering
-import { getServerSession } from "auth"
-import AccessDenied from "components/access-denied"
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
 
 export default function Page({ content, session }) {
   // If no session exists, display access denied message
-  if (!session) return <AccessDenied />
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
 
   // If session exists, display content
   return (
-    <>
+    <Layout>
       <h1>Protected Page</h1>
       <p>
         <strong>{content}</strong>
       </p>
-    </>
+    </Layout>
   )
 }
 
 export async function getServerSideProps(context) {
-  const session = await getServerSession(context.req, context.res)
+  const session = await unstable_getServerSession(
+    context.req,
+    context.res,
+    authOptions
+  )
+  let content = null
+
   if (session) {
-    // Note usually you don't need to fetch from an API route in getServerSideProps
-    // This is done here to demonstrate how you can fetch from a third-party API
-    // with a valid session. Likely you would also not pass cookies but an `Authorization` header
     const hostname = process.env.NEXTAUTH_URL || "http://localhost:3000"
-    const res = await fetch(`${hostname}/api/examples/protected`, {
-      headers: { cookie: context.req.headers.cookie },
-    })
-    return { props: { session, content: (await res.json()).content } }
+    const options = { headers: { cookie: context.req.headers.cookie } }
+    const res = await fetch(`${hostname}/api/examples/protected`, options)
+    const json = await res.json()
+    if (json.content) {
+      content = json.content
+    }
   }
 
-  return { props: {} }
+  return {
+    props: {
+      session,
+      content,
+    },
+  }
 }

apps/dev/nextjs/pages/server.js

@@ -0,0 +1,50 @@
+import { unstable_getServerSession } from "next-auth/next"
+import Layout from "../components/layout"
+import { authOptions } from "./api/auth/[...nextauth]"
+
+export default function Page() {
+  // As this page uses Server Side Rendering, the `session` will be already
+  // populated on render without needing to go through a loading stage.
+  // This is possible because of the shared context configured in `_app.js` that
+  // is used by `useSession()`.
+
+  return (
+    <Layout>
+      <h1>Server Side Rendering</h1>
+      <p>
+        This page uses the <strong>unstable_getServerSession()</strong> method
+        in <strong>getServerSideProps()</strong>.
+      </p>
+      <p>
+        Using <strong>unstable_getServerSession()</strong> in{" "}
+        <strong>getServerSideProps()</strong> is currently the recommended
+        approach, although the API may still change, if you need to support
+        Server Side Rendering with authentication.
+      </p>
+      <p>
+        Using <strong>getSession()</strong> is still recommended on the client.
+      </p>
+      <p>
+        The advantage of Server Side Rendering is this page does not require
+        client side JavaScript.
+      </p>
+      <p>
+        The disadvantage of Server Side Rendering is that this page is slower to
+        render.
+      </p>
+    </Layout>
+  )
+}
+
+// Export the `session` prop to use sessions with Server Side Rendering
+export async function getServerSideProps(context) {
+  return {
+    props: {
+      session: await unstable_getServerSession(
+        context.req,
+        context.res,
+        authOptions
+      ),
+    },
+  }
+}

apps/dev/nextjs/pages/supabase-client-rls.js

@@ -0,0 +1,48 @@
+import Layout from "../components/layout"
+import { useState, useEffect } from "react"
+import { useSession } from "next-auth/react"
+import { createClient } from "@supabase/supabase-js"
+
+export default function Page() {
+  const { data: session } = useSession()
+  const [data, setData] = useState(null)
+
+  useEffect(() => {
+    if (session) {
+      // User is logged in, let's fetch their data.
+      const { supabaseAccessToken } = session
+      const supabase = createClient(
+        process.env.NEXT_PUBLIC_SUPABASE_URL,
+        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+        {
+          global: {
+            headers: { Authorization: `Bearer ${supabaseAccessToken}` },
+          },
+        }
+      )
+      // Fetch data with RLS enabled.
+      supabase
+        .from("users")
+        .select("*")
+        .then(({ data }) => setData(data))
+    }
+  }, [session])
+
+  return (
+    <Layout>
+      <h1>Fetch Data from Supabase with RLS</h1>
+      <h2>Client-side data fetching with RLS:</h2>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+      <h2>API Example</h2>
+      <p>
+        You can also use Supabase in API routes. See the code in the
+        `/pages/api/examples/supabase-rls.js` file.
+      </p>
+      <p>
+        <em>You must be signed in to see responses.</em>
+      </p>
+      <p>/api/examples/supabase-rls</p>
+      <iframe src="/api/examples/supabase-rls" />
+    </Layout>
+  )
+}

apps/dev/nextjs/pages/supabase-ssr.js

@@ -0,0 +1,68 @@
+// This is an example of how to protect content using server rendering
+// and fetching data from Supabase with RLS enabled.
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
+
+export default function Page({ data, session }) {
+  // If no session exists, display access denied message
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
+
+  // If session exists, display content
+  return (
+    <Layout>
+      <h1>Protected Page</h1>
+      <p>Data fetched during SSR from Supabase with RSL enabled:</p>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+    </Layout>
+  )
+}
+
+export async function getServerSideProps(context) {
+  const session = await unstable_getServerSession(
+    context.req,
+    context.res,
+    authOptions
+  )
+
+  if (!session)
+    return {
+      props: {
+        session,
+        data: null,
+        error: "No session",
+      },
+    }
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  return {
+    props: {
+      session,
+      data,
+      error,
+    },
+  }
+}

apps/dev/nextjs/types/nextauth.d.ts

@@ -18,12 +18,3 @@ declare module "next-auth" {
     foo: string
   }
 }
-
-
-declare global {
-  namespace NodeJS {
-    interface ProcessEnv {
-      [key: string]: string;
-    }
-  }
-}

apps/examples/next.config.js

@@ -1,4 +0,0 @@
-/** @type {import("next").NextConfig} */
-module.exports = {
-  reactStrictMode: true,
-}

apps/examples/nextjs/.env.local.example

@@ -1,17 +1,19 @@
-AUTH_SECRET= # Linux: `openssl rand -hex 32` or go to https://generate-secret.vercel.app/32
+NEXTAUTH_URL=http://localhost:3000
+NEXTAUTH_SECRET= # Linux: `openssl rand -hex 32` or go to https://generate-secret.now.sh/32
 
-AUTH_AUTH0_ID=
-AUTH_AUTH0_SECRET=
-AUTH_AUTH0_ISSUER=
 
-AUTH_FACEBOOK_ID=
-AUTH_FACEBOOK_SECRET=
+AUTH0_ID=
+AUTH0_SECRET=
+AUTH0_ISSUER=
 
-AUTH_GITHUB_ID=
-AUTH_GITHUB_SECRET=
+FACEBOOK_ID=
+FACEBOOK_SECRET=
 
-AUTH_GOOGLE_ID=
-AUTH_GOOGLE_SECRET=
+GITHUB_ID=
+GITHUB_SECRET=
 
-AUTH_TWITTER_ID=
-AUTH_TWITTER_SECRET=
+GOOGLE_ID=
+GOOGLE_SECRET=
+
+TWITTER_ID=
+TWITTER_SECRET=

apps/examples/nextjs/README.md

@@ -8,7 +8,7 @@
    <a href="https://nextjs.org" target="_blank">
    <img height="64" src="https://nextjs.org/static/favicon/android-chrome-192x192.png" />
    </a>
-   <h3 align="center"><b>next-auth</b> - Example App</h3>
+   <h3 align="center"><b>NextAuth.js</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -36,7 +36,7 @@ This is an example application that shows how `next-auth` is applied to a basic
 
 The deployed version can be found at [`next-auth-example.vercel.app`](https://next-auth-example.vercel.app)
 
-Go to [authjs.dev](https://authjs.dev) for more information and documentation.
+Go to [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
 
 ## Getting Started
 
@@ -66,7 +66,7 @@ You **can** skip configuring a database and come back to it later if you want.
 
 For more information about setting up a database, please check out the following links:
 
-- Docs: [authjs.dev/reference/adapters](https://authjs.dev/reference/adapters)
+- Docs: [next-auth.js.org/adapters/overview](https://next-auth.js.org/adapters/overview)
 
 ### 3. Configure Authentication Providers
 
@@ -76,7 +76,7 @@ For more information about setting up a database, please check out the following
 
 e.g. For Google OAuth you would use: `http://localhost:3000/api/auth/callback/google`
 
-A list of configured providers and their callback URLs is available from the endpoint `/api/auth/providers`. You can find more information at [authjs.dev/getting-started/oauth-tutorial](https://authjs.dev/getting-started/oauth-tutorial)
+A list of configured providers and their callback URLs is available from the endpoint `/api/auth/providers`. You can find more information at https://next-auth.js.org/configuration/providers/oauth
 
 3. You can also choose to specify an SMTP server for passwordless sign in via email.
 
@@ -106,4 +106,4 @@ Follow the [Deployment documentation](https://authjs.dev/guides/basics/deploymen
 <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
 <img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
 </a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/nextjs/app/api/auth/[...nextauth]/route.ts

@@ -1,3 +0,0 @@
-import { handlers } from "auth"
-export const { GET, POST } = handlers
-export const runtime = "edge"

apps/examples/nextjs/app/api/protected/route.ts

@@ -1,10 +0,0 @@
-import { auth } from "auth"
-import { NextResponse } from "next/server"
-
-export const GET = auth(function GET(req) {
-  if (req.auth) {
-    return NextResponse.json(req.auth)
-  }
-
-  return NextResponse.json({ message: "Not authenticated" }, { status: 401 })
-})

apps/examples/nextjs/app/layout.tsx

@@ -1,24 +0,0 @@
-import Header from "components/header"
-import Footer from "components/footer"
-import './styles.css'
-
-export default function RootLayout({
-  children,
-}: {
-  children: React.ReactNode
-}) {
-  return (
-    <html>
-      <head></head>
-      <body>
-        <Header />
-        <main>
-          {children}
-        </main>
-        <Footer />
-      </body>
-    </html>
-  )
-}
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/app/server-component/page.tsx

@@ -1,39 +0,0 @@
-import { auth } from "auth"
-import { cookies, headers } from "next/headers"
-
-function SignIn({ id, children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action={`/api/auth/signin/${id}`} method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut({ children }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-export default async function Page() {
-  const session = await auth(headers())
-  if (session) {
-    return (
-      <>
-        <pre>{JSON.stringify(session, null, 2)}</pre>
-        <SignOut>Sign out</SignOut>
-      </>
-    )
-  }
-  return <SignIn id="github">Sign in with github</SignIn>
-}
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/app/styles.css

@@ -1,33 +0,0 @@
-body {
-  color: red;
-  font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont,
-    "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif,
-    "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
-  padding: 0 1rem 1rem 1rem;
-  max-width: 680px;
-  margin: 0 auto;
-  background: #fff;
-  color: var(--color-text);
-}
-
-li,
-p {
-  line-height: 1.5rem;
-}
-
-a {
-  font-weight: 500;
-}
-
-hr {
-  border: 1px solid #ddd;
-}
-
-iframe {
-  background: #ccc;
-  border: 1px solid #ccc;
-  height: 10rem;
-  width: 100%;
-  border-radius: 0.5rem;
-  filter: invert(1);
-}

apps/examples/nextjs/auth.ts

@@ -1,25 +0,0 @@
-import NextAuth from "next-auth"
-import Auth0 from "@auth/core/providers/github"
-import Facebook from "@auth/core/providers/facebook"
-import GitHub from "@auth/core/providers/github"
-import Google from "@auth/core/providers/google"
-import Twitter from "@auth/core/providers/twitter"
-
-export const { handlers, auth } = NextAuth({
-  providers: [GitHub, Auth0, Facebook, Google, Twitter],
-  callbacks: {
-    async authorized({ request, auth }) {
-      // if (request.method === "POST") {
-      // const [, token] = request.headers.get("Authorization")?.split(" ")
-      // const valid = validateToken(token)
-      // // If the request has a valid auth token, it is authorized
-      // if (valid) return true
-      // return NextResponse.json("Invalid auth token", { status: 401 })
-      // }
-
-      // Logged in users are authorized, otherwise, will redirect to login
-      // You could also return a custom redirect instead of the sign-in page
-      return !!auth
-    },
-  },
-})

apps/examples/nextjs/components/footer.tsx

@@ -1,6 +1,6 @@
 import Link from "next/link"
 import styles from "./footer.module.css"
-import packageJSON from "next-auth/package.json"
+import packageJSON from "../package.json"
 
 export default function Footer() {
   return (
@@ -8,10 +8,10 @@ export default function Footer() {
       <hr />
       <ul className={styles.navItems}>
         <li className={styles.navItem}>
-          <a href="https://authjs.dev">Documentation</a>
+          <a href="https://next-auth.js.org">Documentation</a>
         </li>
         <li className={styles.navItem}>
-          <a href="https://www.npmjs.com/package/@auth/core">NPM</a>
+          <a href="https://www.npmjs.com/package/next-auth">NPM</a>
         </li>
         <li className={styles.navItem}>
           <a href="https://github.com/nextauthjs/next-auth-example">GitHub</a>
@@ -20,7 +20,7 @@ export default function Footer() {
           <Link href="/policy">Policy</Link>
         </li>
         <li className={styles.navItem}>
-          <em>{packageJSON.version}</em>
+          <em>next-auth@{packageJSON.dependencies["next-auth"]}</em>
         </li>
       </ul>
     </footer>

apps/examples/nextjs/components/header.module.css

@@ -1,6 +1,5 @@
 /* Set min-height to avoid page reflow while session loading */
 .signedInStatus {
-  position: relative;
   display: block;
   min-height: 4rem;
   width: 100%;

apps/examples/nextjs/components/header.tsx

@@ -1,63 +1,65 @@
 import Link from "next/link"
-import { auth } from "auth"
-import { cookies, headers } from "next/headers"
+import { signIn, signOut, useSession } from "next-auth/react"
 import styles from "./header.module.css"
 
-function SignIn({ id, children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action={`/api/auth/signin/${id}`} method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut({ children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-// The approach used in this component shows how to built a sign in and sign out
+// The approach used in this component shows how to build a sign in and sign out
 // component that works on pages which support both client and server side
 // rendering, and avoids any flash incorrect content on initial page load.
-export default async function Header() {
-  const session = await auth(headers())
+export default function Header() {
+  const { data: session, status } = useSession()
+  const loading = status === "loading"
 
   return (
     <header>
       <noscript>
-        <style>{".nojs-show { opacity: 1; top: 0; }"}</style>
+        <style>{`.nojs-show { opacity: 1; top: 0; }`}</style>
       </noscript>
       <div className={styles.signedInStatus}>
-        <p className={`nojs-show ${styles.loaded}`}>
+        <p
+          className={`nojs-show ${
+            !session && loading ? styles.loading : styles.loaded
+          }`}
+        >
           {!session && (
             <>
               <span className={styles.notSignedInText}>
                 You are not signed in
               </span>
-              <SignIn className={styles.buttonPrimary}>Sign In</SignIn>
+              <a
+                href={`/api/auth/signin`}
+                className={styles.buttonPrimary}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signIn()
+                }}
+              >
+                Sign in
+              </a>
             </>
           )}
-          {session && (
+          {session?.user && (
             <>
               {session.user.image && (
-                <img src={session.user.image} className={styles.avatar} />
+                <span
+                  style={{ backgroundImage: `url('${session.user.image}')` }}
+                  className={styles.avatar}
+                />
               )}
               <span className={styles.signedInText}>
                 <small>Signed in as</small>
                 <br />
-                <strong>{session.user.email} </strong>
-                {session.user.name ? `(${session.user.name})` : null}
+                <strong>{session.user.email ?? session.user.name}</strong>
               </span>
-              <SignOut className={styles.button}>Sign Out</SignOut>
+              <a
+                href={`/api/auth/signout`}
+                className={styles.button}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signOut()
+                }}
+              >
+                Sign out
+              </a>
             </>
           )}
         </p>
@@ -71,7 +73,7 @@ export default async function Header() {
             <Link href="/client">Client</Link>
           </li>
           <li className={styles.navItem}>
-            <Link href="/server-component">Server</Link>
+            <Link href="/server">Server</Link>
           </li>
           <li className={styles.navItem}>
             <Link href="/protected">Protected</Link>
@@ -80,12 +82,13 @@ export default async function Header() {
             <Link href="/api-example">API</Link>
           </li>
           <li className={styles.navItem}>
-            <Link href="/middleware-protected">Middleware protected</Link>
+            <Link href="/admin">Admin</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/me">Me</Link>
           </li>
         </ul>
       </nav>
     </header>
   )
 }
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/components/layout.tsx

@@ -0,0 +1,13 @@
+import Header from "./header"
+import Footer from "./footer"
+import type { ReactNode } from "react"
+
+export default function Layout({ children }: { children: ReactNode }) {
+  return (
+    <>
+      <Header />
+      <main>{children}</main>
+      <Footer />
+    </>
+  )
+}

apps/examples/nextjs/middleware.ts

@@ -1,10 +1,17 @@
-// export { auth as default } from "auth"
-import { auth } from "auth"
-import { NextResponse } from "next/server"
+import { withAuth } from "next-auth/middleware"
 
-export default auth((req) => {
-  if (req.auth) return NextResponse.json(req.auth)
-  return NextResponse.json("Not authorized", { status: 401 })
+// More on how NextAuth.js middleware works: https://next-auth.js.org/configuration/nextjs#middleware
+export default withAuth({
+  callbacks: {
+    authorized({ req, token }) {
+      // `/admin` requires admin role
+      if (req.nextUrl.pathname === "/admin") {
+        return token?.userRole === "admin"
+      }
+      // `/me` only requires the user to be logged in
+      return !!token
+    },
+  },
 })
 
-export const config = { matcher: ["/middleware-protected"] }
+export const config = { matcher: ["/admin", "/me"] }

apps/examples/nextjs/next-auth.d.ts

@@ -0,0 +1,10 @@
+import "next-auth/jwt"
+
+// Read more at: https://next-auth.js.org/getting-started/typescript#module-augmentation
+
+declare module "next-auth/jwt" {
+  interface JWT {
+    /** The user's role. */
+    userRole?: "admin"
+  }
+}

apps/examples/nextjs/next.config.js

@@ -1,9 +1,4 @@
 /** @type {import("next").NextConfig} */
 module.exports = {
-  webpack(config) {
-    config.experiments = { ...config.experiments, topLevelAwait: true }
-    return config
-  },
-  experimental: { appDir: true },
-  typescript: { ignoreBuildErrors: true },
+  reactStrictMode: true,
 }

apps/examples/nextjs/package.json

@@ -1,6 +1,5 @@
 {
   "private": true,
-  "name": "nextjs-example-app",
   "description": "An example project for NextAuth.js with Next.js",
   "repository": "https://github.com/nextauthjs/next-auth-example.git",
   "bugs": {
@@ -19,9 +18,8 @@
     "Lluis Agusti <hi@llu.lu>"
   ],
   "dependencies": {
-    "@auth/core": "workspace:*",
     "next": "latest",
-    "next-auth": "workspace:*",
+    "next-auth": "latest",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

apps/examples/nextjs/pages/_app.tsx

@@ -0,0 +1,18 @@
+import { SessionProvider } from "next-auth/react"
+import "./styles.css"
+
+import type { AppProps } from "next/app"
+import type { Session } from "next-auth"
+
+// Use of the <SessionProvider> is mandatory to allow components that call
+// `useSession()` anywhere in your application to access the `session` object.
+export default function App({
+  Component,
+  pageProps: { session, ...pageProps },
+}: AppProps<{ session: Session }>) {
+  return (
+    <SessionProvider session={session}>
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}

apps/examples/nextjs/pages/admin.tsx

@@ -0,0 +1,17 @@
+import Layout from "../components/layout"
+
+export default function Page() {
+  return (
+    <Layout>
+      <h1>This page is protected by Middleware</h1>
+      <p>Only admin users can see this page.</p>
+      <p>
+        To learn more about the NextAuth middleware see&nbsp;
+        <a href="https://next-auth.js.org/configuration/nextjs#middleware">
+          the docs
+        </a>
+        .
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/api-example.tsx

@@ -0,0 +1,19 @@
+import Layout from "../components/layout"
+
+export default function ApiExamplePage() {
+  return (
+    <Layout>
+      <h1>API Example</h1>
+      <p>The examples below show responses from the example API endpoints.</p>
+      <p>
+        <em>You must be signed in to see responses.</em>
+      </p>
+      <h2>Session</h2>
+      <p>/api/examples/session</p>
+      <iframe src="/api/examples/session" />
+      <h2>JSON Web Token</h2>
+      <p>/api/examples/jwt</p>
+      <iframe src="/api/examples/jwt" />
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/api/auth/[...nextauth].ts

@@ -0,0 +1,44 @@
+import NextAuth, { NextAuthOptions } from "next-auth"
+import GoogleProvider from "next-auth/providers/google"
+import FacebookProvider from "next-auth/providers/facebook"
+import GithubProvider from "next-auth/providers/github"
+import TwitterProvider from "next-auth/providers/twitter"
+import Auth0Provider from "next-auth/providers/auth0"
+
+// For more information on each option (and a full list of options) go to
+// https://next-auth.js.org/configuration/options
+export const authOptions: NextAuthOptions = {
+  // https://next-auth.js.org/configuration/providers/oauth
+  providers: [
+    Auth0Provider({
+      clientId: process.env.AUTH0_ID,
+      clientSecret: process.env.AUTH0_SECRET,
+      issuer: process.env.AUTH0_ISSUER,
+    }),
+    FacebookProvider({
+      clientId: process.env.FACEBOOK_ID,
+      clientSecret: process.env.FACEBOOK_SECRET,
+    }),
+    GithubProvider({
+      clientId: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET,
+    }),
+    GoogleProvider({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+    }),
+    TwitterProvider({
+      clientId: process.env.TWITTER_ID,
+      clientSecret: process.env.TWITTER_SECRET,
+      version: "2.0",
+    }),
+  ],
+  callbacks: {
+    async jwt({ token }) {
+      token.userRole = "admin"
+      return token
+    },
+  },
+}
+
+export default NextAuth(authOptions)

apps/examples/nextjs/pages/api/examples/jwt.ts

@@ -0,0 +1,14 @@
+// This is an example of how to read a JSON Web Token from an API route
+import { getToken } from "next-auth/jwt"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  // If you don't have the NEXTAUTH_SECRET environment variable set,
+  // you will have to pass your secret as `secret` to `getToken`
+  const token = await getToken({ req })
+  res.send(JSON.stringify(token, null, 2))
+}

apps/examples/nextjs/pages/api/examples/protected.ts

@@ -0,0 +1,23 @@
+// This is an example of to protect an API route
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const session = await getServerSession(req, res, authOptions)
+
+  if (session) {
+    return res.send({
+      content:
+        "This is protected content. You can access this content because you are signed in.",
+    })
+  }
+
+  res.send({
+    error: "You must be signed in to view the protected content on this page.",
+  })
+}

apps/examples/nextjs/pages/api/examples/session.ts

@@ -0,0 +1,13 @@
+// This is an example of how to access a session from an API route
+import { getServerSession } from "next-auth"
+import { authOptions } from "../auth/[...nextauth]"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const session = await getServerSession(req, res, authOptions)
+  res.send(JSON.stringify(session, null, 2))
+}

apps/examples/nextjs/pages/client.tsx

@@ -1,13 +1,15 @@
-export default function Page() {
+import Layout from "../components/layout"
+
+export default function ClientPage() {
   return (
-    <>
+    <Layout>
       <h1>Client Side Rendering</h1>
       <p>
         This page uses the <strong>useSession()</strong> React Hook in the{" "}
-        <strong>&lt;/Header&gt;</strong> component.
+        <strong>&lt;Header/&gt;</strong> component.
       </p>
       <p>
-        The <strong>useSession()</strong> React Hook easy to use and allows
+        The <strong>useSession()</strong> React Hook is easy to use and allows
         pages to render very quickly.
       </p>
       <p>
@@ -20,6 +22,6 @@ export default function Page() {
         The disadvantage of <strong>useSession()</strong> is that it requires
         client side JavaScript.
       </p>
-    </>
+    </Layout>
   )
 }

apps/examples/nextjs/pages/index.tsx

@@ -0,0 +1,13 @@
+import Layout from "../components/layout"
+
+export default function IndexPage() {
+  return (
+    <Layout>
+      <h1>NextAuth.js Example</h1>
+      <p>
+        This is an example site to demonstrate how to use{" "}
+        <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/me.tsx

@@ -0,0 +1,12 @@
+import { useSession } from "next-auth/react"
+import Layout from "../components/layout"
+
+export default function MePage() {
+  const { data } = useSession()
+
+  return (
+    <Layout>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/policy.tsx

@@ -0,0 +1,32 @@
+import Layout from "../components/layout"
+
+export default function PolicyPage() {
+  return (
+    <Layout>
+      <p>
+        This is an example site to demonstrate how to use{" "}
+        <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
+      </p>
+      <h2>Terms of Service</h2>
+      <p>
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+        OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+        MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+        IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+        CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+        TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+        SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+      </p>
+      <h2>Privacy Policy</h2>
+      <p>
+        This site uses JSON Web Tokens and an in-memory database which resets
+        every ~2 hours.
+      </p>
+      <p>
+        Data provided to this site is exclusively used to support signing in and
+        is not passed to any third party services, other than via SMTP or OAuth
+        for the purposes of authentication.
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/protected.tsx

@@ -0,0 +1,40 @@
+import { useState, useEffect } from "react"
+import { useSession } from "next-auth/react"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
+
+export default function ProtectedPage() {
+  const { data: session } = useSession()
+  const [content, setContent] = useState()
+
+  // Fetch content from protected route
+  useEffect(() => {
+    const fetchData = async () => {
+      const res = await fetch("/api/examples/protected")
+      const json = await res.json()
+      if (json.content) {
+        setContent(json.content)
+      }
+    }
+    fetchData()
+  }, [session])
+
+  // If no session exists, display access denied message
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
+
+  // If session exists, display content
+  return (
+    <Layout>
+      <h1>Protected Page</h1>
+      <p>
+        <strong>{content ?? "\u00a0"}</strong>
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/server.tsx

@@ -0,0 +1,44 @@
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import Layout from "../components/layout"
+
+import type { GetServerSidePropsContext } from "next"
+import { useSession } from "next-auth/react"
+
+export default function ServerSidePage() {
+  const { data: session } = useSession()
+  // As this page uses Server Side Rendering, the `session` will be already
+  // populated on render without needing to go through a loading stage.
+  return (
+    <Layout>
+      <h1>Server Side Rendering</h1>
+      <p>
+        This page uses the <strong>getServerSession()</strong> method in{" "}
+        <strong>getServerSideProps()</strong>.
+      </p>
+      <p>
+        Using <strong>getServerSession()</strong> in{" "}
+        <strong>getServerSideProps()</strong> is the recommended approach if you
+        need to support Server Side Rendering with authentication.
+      </p>
+      <p>
+        The advantage of Server Side Rendering is this page does not require
+        client side JavaScript.
+      </p>
+      <p>
+        The disadvantage of Server Side Rendering is that this page is slower to
+        render.
+      </p>
+      <pre>{JSON.stringify(session, null, 2)}</pre>
+    </Layout>
+  )
+}
+
+// Export the `session` prop to use sessions with Server Side Rendering
+export async function getServerSideProps(context: GetServerSidePropsContext) {
+  return {
+    props: {
+      session: await getServerSession(context.req, context.res, authOptions),
+    },
+  }
+}

apps/examples/nextjs/pages/styles.css

@@ -6,7 +6,7 @@ body {
   max-width: 680px;
   margin: 0 auto;
   background: #fff;
-  color: var(--color-text);
+  color: #333;
 }
 
 li,

apps/examples/nextjs/tsconfig.json

@@ -1,14 +1,10 @@
 {
   "compilerOptions": {
-    "target": "esnext",
-    "lib": [
-      "dom",
-      "dom.iterable",
-      "esnext"
-    ],
+    "target": "es5",
+    "lib": ["dom", "dom.iterable", "esnext"],
     "allowJs": true,
     "skipLibCheck": true,
-    "strict": false,
+    "strict": true,
     "forceConsistentCasingInFileNames": true,
     "noEmit": true,
     "esModuleInterop": true,
@@ -16,24 +12,15 @@
     "moduleResolution": "node",
     "resolveJsonModule": true,
     "isolatedModules": true,
-    "incremental": true,
     "jsx": "preserve",
-    "baseUrl": ".",
-    "plugins": [
-      {
-        "name": "next"
-      }
-    ],
-    "strictNullChecks": true
+    "incremental": true
   },
   "include": [
+    "process.d.ts",
     "next-env.d.ts",
+    "next-auth.d.ts",
     "**/*.ts",
-    "**/*.tsx",
-    ".next/types/**/*.ts"
+    "**/*.tsx"
   ],
-  "exclude": [
-    "node_modules",
-    "jest.config.js"
-  ]
+  "exclude": ["node_modules"]
 }

apps/playgrounds/nuxt/composables/useSession.ts

@@ -1,4 +1,4 @@
-import { Session } from "@auth/core"
+import { Session } from "@auth/core/types"
 
 export default function useSession() {
   return useState<Session | null>("session", () => null)

apps/playgrounds/nuxt/lib/auth/client.ts

@@ -43,7 +43,7 @@ export async function signIn<
 
   // TODO: Handle custom base path
   // TODO: Remove this since Sveltekit offers the CSRF protection via origin check
-  const { csrfToken } = await $fetch("/api/auth/csrf")
+  const { csrfToken } = await $fetch<{ csrfToken: string }>("/api/auth/csrf")
 
   console.log(_signInUrl)
 

apps/playgrounds/nuxt/lib/auth/server.ts

@@ -1,13 +1,14 @@
-import { AuthHandler, AuthOptions, Session } from "@auth/core"
+import { AuthConfig, Session } from "@auth/core/types"
+import { Auth } from "@auth/core"
 import { fromNodeMiddleware, H3Event } from "h3"
 import getURL from "requrl"
 import { createMiddleware } from "@hattip/adapter-node"
 
-export function NuxtAuthHandler(options: AuthOptions) {
+export function NuxtAuthHandler(options: AuthConfig) {
   async function handler(ctx: { request: Request }) {
     options.trustHost ??= true
 
-    return AuthHandler(ctx.request, options)
+    return Auth(ctx.request, options)
   }
 
   const middleware = createMiddleware(handler)
@@ -17,7 +18,7 @@ export function NuxtAuthHandler(options: AuthOptions) {
 
 export async function getSession(
   event: H3Event,
-  options: AuthOptions
+  options: AuthConfig
 ): Promise<Session | null> {
   options.trustHost ??= true
 
@@ -30,7 +31,7 @@ export async function getSession(
     nodeHeaders.append(key, headers[key] as any)
   })
 
-  const response = await AuthHandler(
+  const response = await Auth(
     new Request(url, { headers: nodeHeaders }),
     options
   )

apps/playgrounds/nuxt/package.json

@@ -1,21 +1,22 @@
 {
-  "name": "playground-nuxt",
+  "name": "next-auth-nuxt",
   "private": true,
   "scripts": {
-    "build": "nuxt prepare && nuxt build",
-    "dev": "nuxt prepare &&  export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
+    "build": "nuxt build",
+    "dev": "nuxt dev",
     "generate": "nuxt generate",
-    "preview": "nuxt preview"
+    "preview": "nuxt preview",
+    "postinstall": "nuxt prepare"
   },
   "devDependencies": {
     "@nuxt/eslint-config": "^0.1.1",
     "eslint": "^8.29.0",
-    "h3": "1.0.2",
-    "nuxt": "3.0.0"
+    "h3": "1.6.6",
+    "nuxt": "3.5.1"
   },
   "dependencies": {
     "@auth/core": "workspace:*",
-    "@hattip/adapter-node": "^0.0.22",
+    "@hattip/adapter-node": "^0.0.34",
     "requrl": "^3.0.2"
   }
 }

apps/playgrounds/nuxt/plugins/auth.ts

@@ -1,4 +1,4 @@
-import { Session } from "@auth/core"
+import { Session } from "@auth/core/types"
 
 export default defineNuxtPlugin(async () => {
   const session = useSession()

apps/playgrounds/nuxt/server/api/auth/[...].ts

@@ -1,10 +1,10 @@
 import { NuxtAuthHandler } from "@/lib/auth/server"
 import GithubProvider from "@auth/core/providers/github"
-import type { AuthOptions } from "@auth/core"
+import type { AuthConfig } from "@auth/core"
 
 const runtimeConfig = useRuntimeConfig()
 
-export const authOptions: AuthOptions = {
+export const authOptions = {
   secret: runtimeConfig.secret,
   providers: [
     GithubProvider({
@@ -12,6 +12,6 @@ export const authOptions: AuthOptions = {
       clientSecret: runtimeConfig.github.clientSecret,
     }),
   ],
-}
+} as AuthConfig
 
 export default NuxtAuthHandler(authOptions)

docs/docs/getting-started/oauth-tutorial.mdx

@@ -36,6 +36,10 @@ This tutorial assumes you have a Next.js application set up. If you don't, you c
 npm install next-auth
 ```
 
+:::info
+We are working on a new `@auth/nextjs` package that will make it easier to set up Auth.js with Next.js. Stay tuned! For now, you can use the `next-auth` package.
+:::
+
 ### Creating the server config
 
 Create the following [API route](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes) file. This route contains the necessary configuration for NextAuth.js, as well as the dynamic route handler:
@@ -239,10 +243,13 @@ http://localhost:5173/auth/callback/github
 TODO Core
   </TabItem>
 </Tabs>
+
 :::info
 The last part of the URL, `[provider]`, is the ID of the provider you're using. In this case, we're using GitHub, so it's `github`. If you're using Google, it'll be `google`, etc... We keep track of the provider IDs internally.
+
 The same id is used in the `signIn()` method we saw earlier.
 :::
+
 To register, tap on "Register application" button.
 
 The next screen shows all the configurations for your newly created OAuth app. For now, we need two things from it - the **Client ID** and **Client Secret**:
@@ -266,7 +273,7 @@ Note that, for each provider, the configuration process will be similar to what
 2. Create create your OAuth application within it
 3. Set the callback URL
 4. Get the Client ID and Generate a Client Secret
-   :::
+:::
 
 ## 3. Wiring all together
 

docs/docs/getting-started/upgrade-to-v5.md

@@ -1,32 +0,0 @@
----
-title: Upgrade Guide (v5)
----
-
-NextAuth.js version 5 will continue to be shipped as `next-auth` *for the Next.js version only*. We're here to help you upgrade your applications as smoothly as possible. It is possible to upgrade from any version of 4.x to the latest v5 release by following the  migration steps below.
-
-Upgrade to the latest version by running:
-
-```bash npm2yarn2pnpm
-npm install next-auth
-```
-
-## Getting Started
-
-Below is a summary of the high-level API changes in `next-auth` v5.
-
-```
-| Where                     | Old                                                 | New            |
-| ------------------------- | --------------------------------------------------- | -------------- |
-| API Route (Node)          | getServerSession(req, res, authOptions)             | auth() wrapper |
-| API Route (Edge)          | -                                                   | auth() wrapper |
-| getServerSideProps        | getServerSession(ctx.req, ctx.res, authOptions)     | auth() wrapper |
-| Middleware                | withAuth(middleware, subset of authOptions) wrapper | auth() wrapper |
-| Route Handler             | -                                                   | auth() wrapper |
-| Server Component          | getServerSession(authOptions)                       | auth() call    |
-| Client Component          | useSession() hook                                   | useAuth() hook |
-```
-
-
-## Summary
-
-We hope this migration goes smoothly for each and every one of you! If you have any questions or get stuck anywhere, feel free to create [a new issue](https://github.com/nextauthjs/next-auth/issues/new) on GitHub.

docs/docs/guides/testing/testing-with-cypress.md

@@ -110,10 +110,6 @@ describe("Login page", () => {
             secure: cookie.secure,
           })
 
-          Cypress.Cookies.defaults({
-            preserve: cookieName,
-          })
-
           // remove the two lines below if you need to stay logged in
           // for your remaining tests
           cy.visit("/api/auth/signout")

docs/docs/reference/adapters/index.md

@@ -96,8 +96,13 @@ erDiagram
       string type
       string provider
       string providerAccountId
+      string refresh_token
       string access_token
+      int expires_at
+      string token_type
+      string scope
       string id_token
+      string session_state
     }
     VerificationToken {
       string identifier
@@ -137,7 +142,7 @@ The Account model is for information about OAuth accounts associated with a User
 
 A single User can have multiple Accounts, but each Account can only have one User.
 
-Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `refresh_token`, `id_token` and `expires_at`. You can save other fields by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
+Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `expires_at`, `refresh_token`, `id_token`, `token_type`, `scope` and `session_state`. You can save other fields or remove the ones you don't need by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
 
 Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information on why this is a requirement.
 

docs/docs/reference/index.md

@@ -12,10 +12,9 @@ The API reference is being migrated from the [old documentation page](https://ne
 
 Here are the _currently_ planned and released packages under the `@auth/*` scope. This is not an exhaustive list, but the set of packages that we would like to focus on to begin with.
 
-|       Package       |  Status  |
+|       Feature       |  Status  |
 | ------------------- | -------- |
-| `next-auth@4 `      | Stable. See [docs](https://next-auth.js.org/)   |
-| `@auth/nextjs`      | Experimental, under `next-auth@5`.  |
+| `@auth/nextjs`      | Planned  |
 | `@auth/*-adapter`   | Planned  |
 | `@auth/core`        | Experimental |
 | `@auth/sveltekit`   | Experimental |

docs/docs/reference/nextjs/client.md

@@ -0,0 +1,7 @@
+---
+title: Client
+---
+
+:::warning WIP
+`@auth/nextjs/client` is work in progress. For now, please use [NextAuth.js Client API](https://next-auth.js.org/getting-started/client).
+:::

docs/docs/reference/nextjs/index.md

@@ -0,0 +1,7 @@
+---
+title: Next.js Auth
+---
+
+:::warning WIP
+`@auth/nextjs` is work in progress. For now, please use [NextAuth.js](https://next-auth.js.org).
+:::

docs/docusaurus.config.js

@@ -38,22 +38,6 @@ function typedocAdapter(name) {
   ]
 }
 
-function typedocFramework(id, entrypoints) {
-  return [
-    "docusaurus-plugin-typedoc",
-    {
-      ...typedocConfig,
-      id: id.replace("frameworks-", ""),
-      plugin: [require.resolve("./typedoc-mdn-links")],
-      watch: process.env.TYPEDOC_WATCH,
-      entryPoints: entrypoints.map((e) => `../packages/${id}/src/${e}`),
-      tsconfig: `../packages/${id}/tsconfig.json`,
-      out: `reference/${id.replace("frameworks-", "")}`,
-      sidebar: { indexLabel: "index" },
-    },
-  ]
-}
-
 /** @type {import("@docusaurus/types").Config} */
 const docusaurusConfig = {
   markdown: {
@@ -247,9 +231,36 @@ const docusaurusConfig = {
     ],
   ],
   plugins: [
-    typedocFramework("core", ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"]),
-    typedocFramework("frameworks-sveltekit", ["lib/index.ts", "lib/client.ts"]),
-    typedocFramework("frameworks-nextjs", ["index.ts", "react.tsx", "jwt.ts", "adapters.ts", "next.ts", "types.ts", "middleware.ts"]),
+    [
+      "docusaurus-plugin-typedoc",
+      {
+        ...typedocConfig,
+        id: "core",
+        plugin: [require.resolve("./typedoc-mdn-links")],
+        watch: process.env.TYPEDOC_WATCH,
+        entryPoints: ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"].map((e) => `${coreSrc}/${e}`).concat(providers),
+        tsconfig: "../packages/core/tsconfig.json",
+        out: "reference/core",
+        sidebar: {
+          indexLabel: "index",
+        },
+      },
+    ],
+    [
+      "docusaurus-plugin-typedoc",
+      {
+        ...typedocConfig,
+        id: "sveltekit",
+        plugin: [require.resolve("./typedoc-mdn-links")],
+        watch: process.env.TYPEDOC_WATCH,
+        entryPoints: ["index.ts", "client.ts"].map((e) => `../packages/frameworks-sveltekit/src/lib/${e}`),
+        tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
+        out: "reference/sveltekit",
+        sidebar: {
+          indexLabel: "index",
+        },
+      },
+    ],
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []
       : [

docs/sidebars.js

@@ -35,9 +35,16 @@ module.exports = {
     },
     {
       type: "category",
-      label: "next-auth",
+      label: "@auth/nextjs",
       link: { type: "doc", id: "reference/nextjs/index" },
-      items: [{ type: "autogenerated", dirName: "reference/nextjs" }],
+      items: [
+        "reference/nextjs/client",
+        {
+          type: "link",
+          label: "NextAuth.js (next-auth)",
+          href: "https://next-auth.js.org",
+        },
+      ],
     },
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []

docs/src/css/adapters.css

@@ -29,6 +29,7 @@ html[data-theme="dark"] .adapter-card {
   color: #f5f5f5;
 }
 
+html[data-theme="dark"] .adapter-card:hover,
 .adapter-card:hover {
   text-decoration: none;
   color: black;

docs/vercel.json

@@ -66,16 +66,6 @@
       "has": [{ "type": "host", "value": "solid-start.authjs.dev" }],
       "destination": "https://authjs.dev/reference/solid-start"
     },
-    {
-      "source": "/:path(.*)",
-      "has": [{ "type": "host", "value": "nextjs.authjs.dev" }],
-      "destination": "https://authjs.dev/reference/nextjs"
-    },
-    {
-      "source": "/v5",
-      "has": [{ "type": "host", "value": "nextjs.authjs.dev" }],
-      "destination": "https://authjs.dev/getting-started/upgrade-to-v5"
-    },
     {
       "source": "/:path(.*)",
       "has": [{ "type": "host", "value": "errors.authjs.dev" }],

package.json

@@ -9,7 +9,6 @@
     "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
     "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!@*upstash* --filter=!*dynamodb-*",
     "clean": "turbo run clean --no-cache",
-    "dev:example": "turbo run dev --parallel --continue --filter=nextjs-example-app... --filter=!./packages/adapter-*",
     "dev:db": "turbo run dev --parallel --continue --filter=next-auth-app...",
     "dev": "turbo run dev --parallel --continue --filter=next-auth-app... --filter=!./packages/adapter-*",
     "dev-v4:db": "turbo run dev --parallel --continue --filter=next-auth-app-v4...",
@@ -29,7 +28,7 @@
     "@actions/core": "^1.10.0",
     "@balazsorban/monorepo-release": "0.1.8",
     "@types/jest": "^28.1.3",
-    "@types/node": "^18.15.11",
+    "@types/node": "^17.0.25",
     "@typescript-eslint/eslint-plugin": "5.47.0",
     "@typescript-eslint/parser": "5.47.0",
     "eslint": "8.30.0",
@@ -97,6 +96,8 @@
     "packages/core/src/lib/pages/styles.ts",
     "packages/frameworks-sveltekit/package",
     "packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*",
+    "packages/next-auth/src/providers/oauth-types.ts",
+    "packages/next-auth/css/index.css",
     ".branches",
     "db.sqlite",
     "dev.db",
@@ -247,10 +248,8 @@
     "overrides": [
       {
         "files": [
-          "apps/dev/nextjs/pages/api/auth-old/[...nextauth].ts",
-          "apps/dev/nextjs/app/api/auth/[...nextauth]/route.ts",
-          "docs/{sidebars,docusaurus.config}.js",
-          "packages/next-auth/src/lib/env.ts"
+          "apps/dev/nextjs/pages/api/auth/[...nextauth].ts",
+          "docs/{sidebars,docusaurus.config}.js"
         ],
         "options": {
           "printWidth": 150

packages/adapter-prisma/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/prisma-adapter",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Prisma adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/core",
-  "version": "0.7.1",
+  "version": "0.8.0",
   "description": "Authentication for the Web.",
   "keywords": [
     "authentication",

packages/core/src/lib/callback-handler.ts

@@ -158,7 +158,7 @@ export async function handleLogin(
     const { provider: p } = options as InternalOptions<"oauth" | "oidc">
     const { type, provider, providerAccountId, userId, ...tokenSet } = account
     const defaults = { providerAccountId, provider, type, userId }
-    account = Object.assign(p.account(tokenSet), defaults)
+    account = Object.assign(p.account(tokenSet) ?? {}, defaults)
 
     if (user) {
       // If the user is already signed in and the OAuth account isn't already associated

packages/core/src/lib/index.ts

@@ -47,7 +47,7 @@ export async function AuthInternal<
       case "providers":
         return (await routes.providers(options.providers)) as any
       case "session": {
-        const session = await routes.session(sessionStore, options)
+        const session = await routes.session({ sessionStore, options })
         if (session.cookies) cookies.push(...session.cookies)
         // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
         return { ...session, cookies } as any
@@ -177,6 +177,22 @@ export async function AuthInternal<
           return { ...callback, cookies }
         }
         break
+      case "session": {
+        if (options.csrfTokenVerified) {
+          const session = await routes.session({
+            options,
+            sessionStore,
+            newSession: request.body?.data,
+            isUpdate: true,
+          })
+          if (session.cookies) cookies.push(...session.cookies)
+          return { ...session, cookies } as any
+        }
+
+        // If CSRF token is invalid, return a 400 status code
+        // we should not redirect to a page as this is an API route
+        return { status: 400, cookies }
+      }
       default:
     }
   }

packages/core/src/lib/oauth/callback.ts

@@ -171,18 +171,18 @@ export async function handleOAuth(
       Math.floor(Date.now() / 1000) + Number(tokens.expires_in)
   }
 
-  const profileResult = await getUserAndProfile(
+  const profileResult = await getUserAndAccount(
     profile,
     provider,
     tokens,
     logger
   )
 
-  return { ...profileResult, cookies: resCookies }
+  return { ...profileResult, profile, cookies: resCookies }
 }
 
-/** Returns profile, raw profile and auth provider details */
-async function getUserAndProfile(
+/** Returns the user and account that is going to be created in the database. */
+async function getUserAndAccount(
   OAuthProfile: Profile,
   provider: OAuthConfigInternal<any>,
   tokens: TokenSet,
@@ -206,7 +206,6 @@ async function getUserAndProfile(
         providerAccountId: user.id.toString(),
         ...tokens,
       },
-      OAuthProfile,
     }
   } catch (e) {
     // If we didn't get a response either there was a problem with the provider

packages/core/src/lib/providers.ts

@@ -106,14 +106,16 @@ const defaultProfile: ProfileCallback<Profile> = (profile) => {
  * @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
  * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
  * @see https://authjs.dev/reference/adapters#account
- *
- * @todo Return `refresh_token` and `expires_at` as well when built-in
- * refresh token support is added. (Can make it opt-in first with a flag).
  */
 const defaultAccount: AccountCallback = (account) => {
   return stripUndefined({
     access_token: account.access_token,
     id_token: account.id_token,
+    refresh_token: account.refresh_token,
+    expires_at: account.expires_at,
+    scope: account.scope,
+    token_type: account.token_type,
+    session_state: account.session_state,
   })
 }
 

packages/core/src/lib/routes/callback.ts

@@ -75,7 +75,7 @@ export async function callback(params: {
       const {
         user: userFromProvider,
         account,
-        OAuthProfile,
+        profile: OAuthProfile,
       } = authorizationResult
 
       // If we don't have a profile object then either something went wrong
@@ -134,6 +134,7 @@ export async function callback(params: {
           account,
           profile: OAuthProfile,
           isNewUser,
+          trigger: isNewUser ? "signUp" : "signIn",
         })
 
         // Clear cookies if token is null
@@ -244,6 +245,7 @@ export async function callback(params: {
           user: loggedInUser,
           account,
           isNewUser,
+          trigger: isNewUser ? "signUp" : "signIn",
         })
 
         // Clear cookies if token is null
@@ -340,6 +342,7 @@ export async function callback(params: {
         // @ts-expect-error
         account,
         isNewUser: false,
+        trigger: "signIn",
       })
 
       // Clear cookies if token is null

packages/core/src/lib/routes/session.ts

@@ -6,10 +6,13 @@ import type { InternalOptions, ResponseInternal, Session } from "../../types.js"
 import type { SessionStore } from "../cookie.js"
 
 /** Return a session object filtered via `callbacks.session` */
-export async function session(
-  sessionStore: SessionStore,
+export async function session(params: {
   options: InternalOptions
-): Promise<ResponseInternal<Session | null>> {
+  sessionStore: SessionStore
+  isUpdate?: boolean
+  newSession?: any
+}): Promise<ResponseInternal<Session | null>> {
+  const { options, sessionStore, newSession, isUpdate } = params
   const {
     adapter,
     jwt,
@@ -33,23 +36,24 @@ export async function session(
     try {
       const decodedToken = await jwt.decode({ ...jwt, token: sessionToken })
 
-      const newExpires = fromDate(sessionMaxAge)
-
-      // By default, only exposes a limited subset of information to the client
-      // as needed for presentation purposes (e.g. "you are logged in as...").
-      const session = {
-        user: {
-          name: decodedToken?.name,
-          email: decodedToken?.email,
-          picture: decodedToken?.picture,
-        },
-        expires: newExpires.toISOString(),
-      }
+      if (!decodedToken) throw new Error("Invalid JWT")
 
       // @ts-expect-error
-      const token = await callbacks.jwt({ token: decodedToken })
+      const token = await callbacks.jwt({
+        token: decodedToken,
+        ...(isUpdate && { trigger: "update" }),
+        session: newSession,
+      })
+
+      const newExpires = fromDate(sessionMaxAge)
 
       if (token !== null) {
+        // By default, only exposes a limited subset of information to the client
+        // as needed for presentation purposes (e.g. "you are logged in as...").
+        const session = {
+          user: { name: token.name, email: token.email, image: token.picture },
+          expires: newExpires.toISOString(),
+        }
         // @ts-expect-error
         const newSession = await callbacks.session({ session, token })
 
@@ -125,14 +129,12 @@ export async function session(
         // By default, only exposes a limited subset of information to the client
         // as needed for presentation purposes (e.g. "you are logged in as...").
         session: {
-          user: {
-            name: user.name,
-            email: user.email,
-            picture: user.image,
-          },
+          user: { name: user.name, email: user.email, image: user.image },
           expires: session.expires.toISOString(),
         },
         user,
+        newSession,
+        ...(isUpdate ? { trigger: "update" } : {}),
       })
 
       // Return session payload as response

packages/core/src/providers/credentials.ts

@@ -32,12 +32,14 @@ export interface CredentialsConfig<
    * @example
    * ```ts
    * //...
-   * async authorize(, request) {
+   * async authorize(credentials, request) {
+   *   if(!isValidCredentials(credentials)) return null
    *   const response = await fetch(request)
    *   if(!response.ok) return null
    *   return await response.json() ?? null
    * }
    * //...
+   * ```
    */
   authorize: (
     /**

packages/core/src/providers/oauth.ts

@@ -95,7 +95,7 @@ export type ProfileCallback<Profile> = (
   tokens: TokenSet
 ) => Awaitable<User>
 
-export type AccountCallback = (account: TokenSet) => TokenSet
+export type AccountCallback = (tokens: TokenSet) => TokenSet | undefined | void
 
 export interface OAuthProviderButtonStyles {
   logo: string
@@ -155,7 +155,31 @@ export interface OAuth2Config<Profile>
    * Receives the full {@link TokenSet} returned by the OAuth provider, and returns a subset.
    * It is used to create the account associated with a user in the database.
    *
-   * Defaults to: `access_token` and `id_token`
+   * :::note
+   * You need to adjust your database's [Account model](https://authjs.dev/reference/adapters#account) to match the returned properties.
+   * Check out the documentation of your [database adapter](https://authjs.dev/reference/adapters) for more information.
+   * :::
+   *
+   * Defaults to: `access_token`, `id_token`, `refresh_token`, `expires_at`, `scope`, `token_type`, `session_state`
+   *
+   * @example
+   * ```ts
+   * import GitHub from "@auth/core/providers/github"
+   * // ...
+   * GitHub({
+   *   account(account) {
+   *     // https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens#refreshing-a-user-access-token-with-a-refresh-token
+   *     const refresh_token_expires_at =
+   *       Math.floor(Date.now() / 1000) + Number(account.refresh_token_expires_in)
+   *     return {
+   *       access_token: account.access_token,
+   *       expires_at: account.expires_at,
+   *       refresh_token: account.refresh_token,
+   *       refresh_token_expires_at
+   *     }
+   *   }
+   * })
+   * ```
    *
    * @see [Database Adapter: Account model](https://authjs.dev/reference/adapters#account)
    * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse

packages/core/src/types.ts

@@ -98,7 +98,15 @@ export interface Theme {
  */
 export type TokenSet = Partial<
   OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse
->
+> & {
+  /**
+   * Date of when the `access_token` expires in seconds.
+   * This value is calculated from the `expires_in` value.
+   *
+   * @see https://www.ietf.org/rfc/rfc6749.html#section-4.2.2
+   */
+  expires_at?: number
+}
 
 /**
  * Usually contains information about the provider being used
@@ -224,46 +232,92 @@ export interface CallbacksOptions<P = Profile, A = Account> {
    * This callback is called whenever a session is checked.
    * (Eg.: invoking the `/api/session` endpoint, using `useSession` or `getSession`)
    *
-   * ⚠ By default, only a subset (email, name, picture)
+   * ⚠ By default, only a subset (email, name, image)
    * of the token is returned for increased security.
    *
    * If you want to make something available you added to the token through the `jwt` callback,
    * you have to explicitly forward it here to make it available to the client.
    *
-   * [Documentation](https://authjs.dev/guides/basics/callbacks#session-callback) |
-   * [`jwt` callback](https://authjs.dev/guides/basics/callbacks#jwt-callback) |
-   * [`useSession`](https://authjs.dev/reference/react/#usesession) |
-   * [`getSession`](https://authjs.dev/reference/utilities/#getsession) |
-   *
+   * @see [`jwt` callback](https://authjs.dev/reference/core/types#jwt)
    */
-  session: (params: {
-    session: Session
-    user: User | AdapterUser
-    token: JWT
-  }) => Awaitable<Session>
+  session: (
+    params:
+      | {
+          session: Session
+          /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */
+          token: JWT
+          /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */
+          user: AdapterUser
+        } & {
+          /**
+           * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session.
+           *
+           * :::note
+           * You should validate this data before using it.
+           * :::
+           */
+          newSession: any
+          trigger: "update"
+        }
+  ) => Awaitable<Session | DefaultSession>
   /**
    * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
    * or updated (i.e whenever a session is accessed in the client).
    * Its content is forwarded to the `session` callback,
    * where you can control what should be returned to the client.
-   * Anything else will be kept inaccessible from the client.
+   * Anything else will be kept from your front-end.
    *
-   * Returning `null` will invalidate the JWT session by clearing
-   * the user's cookies. You'll still have to monitor and invalidate
-   * unexpired tokens from future requests yourself to prevent
-   * unauthorized access.
+   * The JWT is encrypted by default.
    *
-   * By default the JWT is encrypted.
-   *
-   * [Documentation](https://authjs.dev/guides/basics/callbacks#jwt-callback) |
-   * [`session` callback](https://authjs.dev/guides/basics/callbacks#session-callback)
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+   * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback)
    */
   jwt: (params: {
+    /**
+     * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT},
+     * `name`, `email` and `image` will be included.
+     *
+     * Otherwise, it will be the full {@link JWT} for subsequent calls.
+     */
     token: JWT
-    user?: User | AdapterUser
-    account?: A | null
+    /**
+     * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback.
+     * @note available when `trigger` is `"signIn"` or `"signUp"`.
+     *
+     * Resources:
+     * - [Credentials Provider](https://authjs.dev/reference/core/providers_credentials)
+     * - [User database model](https://authjs.dev/reference/adapters#user)
+     */
+    user: User | AdapterUser
+    /**
+     * Contains information about the provider that was used to sign in.
+     * Also includes {@link TokenSet}
+     * @note available when `trigger` is `"signIn"` or `"signUp"`
+     */
+    account: A | null
+    /**
+     * The OAuth profile returned from your provider.
+     * (In case of OIDC it will be the decoded ID Token or /userinfo response)
+     * @note available when `trigger` is `"signIn"`.
+     */
     profile?: P
+    /**
+     * Check why was the jwt callback invoked. Possible reasons are:
+     * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present.
+     * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`)
+     * - update event: Triggered by the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+     * In case of the latter, `trigger` will be `undefined`.
+     */
+    trigger?: "signIn" | "signUp" | "update"
+    /** @deprecated use `trigger === "signUp"` instead */
     isNewUser?: boolean
+    /**
+     * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data
+     * sent from the client via the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+     *
+     * ⚠ Note, you should validate this data before using it.
+     */
+    session?: any
   }) => Awaitable<JWT | null>
 }
 
@@ -377,7 +431,7 @@ export interface DefaultSession {
   user?: {
     name?: string | null
     email?: string | null
-    picture?: string | null
+    image?: string | null
   }
   expires: ISODateString
 }
@@ -443,7 +497,9 @@ export type InternalProvider<T = ProviderType> = (T extends "oauth"
  * :::
  * - **`"error"`**: Renders the built-in error page.
  * - **`"providers"`**: Returns a client-safe list of all configured providers.
- * - **`"session"`**: Returns the user's session if it exists, otherwise `null`.
+ * - **`"session"`**:
+ *   - **`GET**`: Returns the user's session if it exists, otherwise `null`.
+ *   - **`POST**`: Updates the user's session and returns the updated session.
  * - **`"signin"`**:
  *   - **`GET`**: Renders the built-in sign-in page.
  *   - **`POST`**: Initiates the sign-in flow.

packages/frameworks-nextjs/README.md

@@ -1,24 +0,0 @@
-<p align="center">
-   <br/>
-   <a href="https://authjs.dev" target="_blank"><img width="150px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
-   <h3 align="center">NextAuth.js</a></h3>
-   <h4 align="center">Authentication for Next.js.</h4>
-   <p align="center" style="align: center;">
-      <a href="https://npm.im/next-auth">
-        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
-      </a>
-      <a href="https://npm.im/next-auth">
-        <img alt="npm" src="https://img.shields.io/npm/v/next-auth?color=green&label=next-auth&style=flat-square">
-      </a>
-      <a href="https://www.npmtrends.com/next-auth">
-        <img src="https://img.shields.io/npm/dm/next-auth?label=%20downloads&style=flat-square" alt="Downloads" />
-      </a>
-      <a href="https://github.com/nextauthjs/next-auth/stargazers">
-        <img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square" alt="Github Stars" />
-      </a>
-   </p>
-</p>
-
----
-
-Check out the documentation at [nextjs.authjs.dev](https://nextjs.authjs.dev).

packages/frameworks-nextjs/package.json

@@ -1,75 +0,0 @@
-{
-  "name": "@auth/nextjs",
-  "version": "0.0.1",
-  "description": "Authentication for Next.js",
-  "homepage": "https://nextjs.authjs.dev",
-  "repository": "https://github.com/nextauthjs/next-auth.git",
-  "author": "Balázs Orbán <info@balazsorban.com>",
-  "keywords": [
-    "react",
-    "nodejs",
-    "oauth",
-    "jwt",
-    "oauth2",
-    "authentication",
-    "nextjs",
-    "csrf",
-    "oidc",
-    "nextauth"
-  ],
-  "type": "module",
-  "types": "./index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./index.d.ts",
-      "import": "./index.js"
-    },
-    "./adapters": {
-      "types": "./adapters.d.ts"
-    },
-    "./jwt": {
-      "types": "./jwt.d.ts",
-      "import": "./jwt.js"
-    },
-    "./middleware": {
-      "types": "./middleware.d.ts",
-      "import": "./middleware.js"
-    },
-    "./next": {
-      "types": "./next.d.ts",
-      "import": "./next.js"
-    },
-    "./providers": {
-      "types": "./providers.d.ts"
-    },
-    "./react": {
-      "types": "./react.d.ts",
-      "import": "./react.js"
-    },
-    "./package.json": "./package.json"
-  },
-  "scripts": {
-    "dev": "tsc -w",
-    "clean": "rm -rf *.js *.d.ts lib",
-    "build": "pnpm clean && tsc"
-  },
-  "files": [
-    "*.js",
-    "*.d.ts",
-    "lib",
-    "src"
-  ],
-  "devDependencies": {
-    "@types/react": "18.0.37",
-    "typescript": "^4",
-    "next": "13.4.0"
-  },
-  "license": "ISC",
-  "dependencies": {
-    "@auth/core": "workspace:*"
-  },
-  "peerDependencies": {
-    "next": "^13.4.0",
-    "react": "^18.2.0"
-  }
-}

packages/frameworks-nextjs/src/adapters.ts

@@ -1,47 +0,0 @@
-/**
- * :::warning Deprecated
- * This module is being replaced by [`@auth/core/adapters`](https://authjs.dev/reference/core/adapters) and only kept for backwards compatibility.
- * :::
- *
- * @module adapters
- */
-
-// TODO: remove this file and replace references with `@auth/core/adapters`
-
-import type {
-  Adapter as CoreAdapter,
-  AdapterAccount as CoreAdapterAccount,
-  AdapterSession as CoreAdapterSession,
-  AdapterUser as CoreAdapterUser,
-  VerificationToken as CoreVerificationToken,
-} from "@auth/core/adapters"
-
-/**
- * @deprecated use `@auth/core/adapters`
- * Read more at: https://nextjs.authjs.dev/v5
- */
-export type Adapter = CoreAdapter
-
-/**
- * @deprecated use `@auth/core/adapters`
- * Read more at: https://nextjs.authjs.dev/v5
- */
-export type AdapterAccount = CoreAdapterAccount
-
-/**
- * @deprecated use `@auth/core/adapters`
- * Read more at: https://nextjs.authjs.dev/v5
- */
-export type AdapterSession = CoreAdapterSession
-
-/**
- * @deprecated use `@auth/core/adapters`
- * Read more at: https://nextjs.authjs.dev/v5
- */
-export type AdapterUser = CoreAdapterUser
-
-/**
- * @deprecated use `@auth/core/adapters`
- * Read more at: https://nextjs.authjs.dev/v5
- */
-export type VerificationToken = CoreVerificationToken

packages/frameworks-nextjs/src/index.ts

@@ -1,176 +0,0 @@
-/**
- *
- * :::warning Note
- * This is the documentation for `next-auth@5`, which is currently **experimental**. For the documentation of the latest stable version, see [next-auth@4](https://next-auth.js.org).
- * :::
- *
- * If you are looking for the migration guide, visit the [`next-auth@5` Migration Guide](https://nextjs.authjs.dev/v5).
- *
- * ## Installation
- *
- * ```bash npm2yarn2pnpm
- * npm install next-auth@5 @auth/core
- * ```
- *
- * ## Signing in and signing out
- *
- * The App Router embraces Server Actions that can be leveraged to decrease the amount of JavaScript sent to the browser.
- *
- * :::info
- * [Next.js Server Actions](https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions) is **in alpha stage**. In the future, NextAuth.js will integrate with Server Actions and provide first-party APIs.
- * Until then, here is how you can use NextAuth.js to log in and log out without JavaScript.
- * :::
- *
- * ```ts title="app/auth-components.tsx"
- * import { auth } from "../auth"
- * import { cookies, headers } from "next/headers"
- *
- * function CSRF() {
- *   const value = cookies().get("next-auth.csrf-token")?.value.split("|")[0]
- *   return <input type="hidden" name="csrfToken" value={value} />
- * }
- *
- * export function SignIn({ provider, ...props }: any) {
- *   return (
- *     <form action={`/api/auth/signin/${provider}`} method="post">
- *       <button {{...props}}/>
- *       <CSRF/>
- *     </form>
- *   )
- * }
- *
- * export function SignOut(props: any) {
- *   return (
- *     <form action="/api/auth/signout" method="post">
- *       <button {...props}/>
- *       <CSRF/>
- *     </form>
- *   )
- * }
- * ```
- *
- * Alternatively, you can create client components, using the `signIn()` and `signOut` methods:
- *
- * ```ts title="app/auth-components.tsx"
- * "use client"
- * import { signIn, signOut } from "next-auth/react"
- *
- * export function SignIn({provider, ...props}: any) {
- *   return <button {...props} onClick={() => signIn(provider)}/>
- * }
- *
- * export function SignOut(props: any) {
- *   return <button {...props} onClick={() => signOut()}/>
- * }
- * ```
- *
- * Then, you could for example use it like this:
- *
- * ```ts title=app/page.tsx
- * import { headers } from "next/headers"
- * import { SignIn, SignOut } from "./auth-components"
- *
- * export default async function Page() {
- *   const session = await auth(headers())
- *   if (session) {
- *     return (
- *       <>
- *         <pre>{JSON.stringify(session, null, 2)}</pre>
- *         <SignOut>Sign out</SignOut>
- *       </>
- *     )
- *   }
- *   return <SignIn id="github">Sign in with github</SignIn>
- * }
- * ```
- *
- * @module index
- */
-
-import { Auth } from "@auth/core"
-import { setEnvDefaults } from "./lib/env.js"
-import { initAuth } from "./lib/index.js"
-
-import type { NextRequest } from "next/server"
-import type { NextAuthConfig } from "./lib/index.js"
-import { getServerSession } from "./next"
-
-type AppRouteHandlers = Record<
-  "GET" | "POST",
-  (req: NextRequest) => Promise<Response>
->
-
-export type { NextAuthConfig }
-
-/**
- * The result of invoking {@link NextAuth}, initialized with the {@link NextAuthConfig}.
- * It contains methods to set up and interact with NextAuth.js in your Next.js app.
- */
-export interface NextAuthResult {
-  /**
-   * The NextAuth.js [Route Handler](https://beta.nextjs.org/docs/routing/route-handlers) methods. After initializing NextAuth.js in `auth.ts`,
-   * export these methods from `app/api/auth/[...nextauth]/route.ts`.
-   *
-   * :::note
-   * This is a workaround until we have integrated with [Next.js Server Actions](https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions).
-   * :::
-   *
-   * @example
-   * ```ts title="app/api/auth/[...nextauth]/route.ts"
-   * import { handlers } from "../../../../auth"
-   * export const { GET, POST } = handlers
-   * export const runtime = "edge"
-   * ```
-   */
-  handlers: AppRouteHandlers
-  /**
-   * A universal method to interact with NextAuth.js in your Next.js app.
-   * After initializing NextAuth.js in `auth.ts`, use this method in Middleware, Route Handlers or React Server Components.
-   *
-   * @example
-   * ```ts title="middleware.ts"
-   * export { auth as middleware } from "./auth"
-   * ```
-   * @example
-   * ```ts title="app/page.ts"
-   * import { auth } from "../auth"
-   * import { headers } from "next/headers"
-   * export default async function Page() {
-   *   const { user } = await auth(headers())
-   *   return <div>Hello {user?.name}</div>
-   * }
-   * ```
-   * @example
-   * ```ts title="app/api/route.ts"
-   * import { auth } from "../../auth"
-   *
-   * export const POST = auth((req) => {
-   *   // req.auth
-   * })
-   * ```
-   */
-  auth: ReturnType<typeof initAuth>
-  /** TODO: document */
-  getServerSession: ReturnType<typeof getServerSession>
-}
-
-/**
- *  Initialize NextAuth.js.
- *
- *  @example
- * ```ts title="auth.ts"
- * import NextAuth from "next-auth"
- * import GitHub from "@auth/core/providers/github"
- *
- * export const { handlers, auth } = NextAuth({ providers: [GitHub] })
- * ```
- */
-export default function NextAuth(config: NextAuthConfig): NextAuthResult {
-  setEnvDefaults(config)
-  const httpHandler = (req: NextRequest) => Auth(req, config)
-  return {
-    handlers: { GET: httpHandler, POST: httpHandler } as const,
-    auth: initAuth(config),
-    getServerSession: getServerSession(config),
-  }
-}