chore(release): bump package version(s) [skip ci]

Related: #7332

.github/version-pr/index.js

@@ -5,14 +5,15 @@ const core = require("@actions/core")
 try {
   const packageJSONPath = path.join(
     process.cwd(),
-    "packages/next-auth/package.json"
+    `packages/${process.env.PACKAGE_PATH || "next-auth"}/package.json`
   )
   const packageJSON = JSON.parse(fs.readFileSync(packageJSONPath, "utf8"))
 
   const sha8 = process.env.GITHUB_SHA.substring(0, 8)
-  const prNumber = process.env.PR_NUMBER
-
-  const packageVersion = `0.0.0-pr.${prNumber}.${sha8}`
+  const prefix = "0.0.0-"
+  const pr = process.env.PR_NUMBER
+  const source = pr ? `pr.${pr}` : "manual"
+  const packageVersion = `${prefix}${source}.${sha8}`
   packageJSON.version = packageVersion
   core.setOutput("version", packageVersion)
   fs.writeFileSync(packageJSONPath, JSON.stringify(packageJSON))

.github/workflows/release.yml

@@ -8,6 +8,54 @@ on:
       - next
       - 3.x
   pull_request:
+  # TODO: Support latest releases
+  workflow_dispatch:
+    inputs:
+      name: 
+        type: choice
+        description: Package name (npm)
+        options:
+        - "@auth/core"
+        - "@auth/nextjs"
+        - "@auth/dgraph-adapter"
+        - "@auth/drizzle-adapter"
+        - "@auth/dynamodb-adapter"
+        - "@auth/fauna-adapter"
+        - "@auth/firebase-adapter"
+        - "@auth/mikro-orm-adapter"
+        - "@auth/mongodb-adapter"
+        - "@auth/neo4j-adapter"
+        - "@auth/pouchdb-adapter"
+        - "@auth/prisma-adapter"
+        - "@auth/sequelize-adapter"
+        - "@auth/supabase-adapter"
+        - "@auth/typeorm-legacy-adapter"
+        - "@auth/upstash-redis-adapter"
+        - "@auth/xata-adapter"
+        - "next-auth"
+      # TODO: Infer from package name
+      path:
+        type: choice
+        description: Directory name (packages/*)
+        options:
+        - "core"
+        - "frameworks-nextjs"
+        - "adapter-dgraph"
+        - "adapter-drizzle"
+        - "adapter-dynamodb"
+        - "adapter-fauna"
+        - "adapter-firebase"
+        - "adapter-mikro-orm"
+        - "adapter-mongodb"
+        - "adapter-neo4j"
+        - "adapter-pouchdb"
+        - "adapter-prisma"
+        - "adapter-sequelize"
+        - "adapter-supabase"
+        - "adapter-typeorm-legacy"
+        - "adapter-upstash-redis"
+        - "adapter-xata"
+        - "next-auth"
 
 jobs:
   test:
@@ -24,6 +72,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Run tests
@@ -73,6 +122,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Publish to npm and GitHub
@@ -97,6 +147,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18
+          cache: "pnpm"
       - name: Install dependencies
         run: pnpm install
       - name: Determine version
@@ -122,3 +173,36 @@ jobs:
         env:
           VERSION: ${{ steps.determine-version.outputs.version }}
           GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+  release-manual:
+    name: Publish manually
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Init
+        uses: actions/checkout@v3
+      - name: Install pnpm
+        uses: pnpm/action-setup@v2.2.4
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: "pnpm"
+      - name: Install dependencies
+        run: pnpm install
+      - name: Determine version
+        uses: ./.github/version-pr
+        id: determine-version
+        env:
+          PACKAGE_PATH: ${{ github.event.inputs.path }}
+      - name: Publish to npm
+        run: |
+          pnpm build
+          cd packages/$PACKAGE_PATH
+          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
+          pnpm publish --no-git-checks --access public --tag experimental
+          echo "🎉 Experimental release published 📦️ on npm: https://npmjs.com/package/${{ github.event.inputs.name }}/v/${{ env.VERSION }}"
+          echo "Install via: pnpm add ${{ github.event.inputs.name }}@${{ env.VERSION }}"
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          PACKAGE_PATH: ${{ github.event.inputs.path }}
+          VERSION: ${{ steps.determine-version.outputs.version }}

.gitignore

@@ -26,7 +26,15 @@ dist
 # Generated files
 .docusaurus
 .cache-loader
-
+packages/next-auth/providers
+packages/next-auth/src/providers/oauth-types.ts
+packages/next-auth/client
+packages/next-auth/css
+packages/next-auth/utils
+packages/next-auth/core
+packages/next-auth/jwt
+packages/next-auth/react
+packages/next-auth/next
 packages/*/*.js
 packages/*/*.d.ts
 packages/*/*.d.ts.map
@@ -77,10 +85,7 @@ packages/core/providers
 packages/core/src/lib/pages/styles.ts
 docs/docs/reference/core
 docs/docs/reference/sveltekit
-docs/docs/reference/next-auth
 
-# Next.js
-packages/next-auth/lib
 
 # SvelteKit
 packages/frameworks-sveltekit/index.*

.prettierignore

@@ -40,6 +40,10 @@ packages/core/src/lib/pages/styles.ts
 packages/frameworks-sveltekit/package
 packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*
 
+# next-auth
+packages/next-auth/src/providers/oauth-types.ts
+packages/next-auth/css/index.css
+
 
 # Adapters
 .branches

.vscode/settings.json

@@ -1,8 +1,8 @@
 {
   "files.exclude": {
-    "packages/core/{lib,providers,*.js,*.d.ts*}": true,
-    "packages/next-auth/{lib,*.js,*.d.ts*}": true,
+    "packages/core/{lib,providers,*.js,*.d.ts,*.d.ts.map}": true,
+    "packages/next-auth/{client,core,css,jwt,next,providers,react,utils,*.js,*.d.ts}": true
   },
   "typescript.tsdk": "node_modules/typescript/lib",
   "openInGitHub.remote.branch": "main"
-}
+}

apps/dev/nextjs/app/api/auth/[...nextauth]/route.ts

@@ -1,3 +0,0 @@
-import { handlers } from "auth"
-export const { GET, POST } = handlers
-export const runtime = "edge"

apps/dev/nextjs/app/api/protected/route.ts

@@ -1,10 +0,0 @@
-import { auth } from "auth"
-import { NextResponse } from "next/server"
-
-export const GET = auth(function GET(req) {
-  if (req.auth) {
-    return NextResponse.json(req.auth)
-  }
-
-  return NextResponse.json({ message: "Not authenticated" }, { status: 401 })
-})

apps/dev/nextjs/app/server-component/page.tsx

@@ -1,37 +1,6 @@
-import { auth } from "auth"
-import { cookies, headers } from "next/headers"
-
-function SignIn({ id, children }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action={`/api/auth/signin/${id}`} method="post">
-      <button type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut({ children }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
+import { unstable_getServerSession } from "next-auth/next"
 
 export default async function Page() {
-  const session = await auth(headers())
-  if (session) {
-    return (
-      <>
-        <pre>{JSON.stringify(session, null, 2)}</pre>
-        <SignOut>Sign out</SignOut>
-      </>
-    )
-  }
-  return <SignIn id="github">Sign in with github</SignIn>
+  const session = await unstable_getServerSession()
+  return <pre>{JSON.stringify(session, null, 2)}</pre>
 }

apps/dev/nextjs/auth.ts

@@ -1,21 +0,0 @@
-import { NextAuth } from "next-auth"
-import GitHub from "@auth/core/providers/github"
-
-export const { handlers, auth } = NextAuth({
-  providers: [GitHub],
-  callbacks: {
-    async authorized({ request, auth }) {
-      // if (request.method === "POST") {
-      // const [, token] = request.headers.get("Authorization")?.split(" ")
-      // const valid = validateToken(token)
-      // // If the request has a valid auth token, it is authorized
-      // if (valid) return true
-      // return NextResponse.json("Invalid auth token", { status: 401 })
-      // }
-
-      // Logged in users are authorized, otherwise, will redirect to login
-      // You could also return a custom redirect instead of the sign-in page
-      return !!auth
-    },
-  },
-})

apps/dev/nextjs/components/footer.js

@@ -1,6 +1,6 @@
 import Link from "next/link"
 import styles from "./footer.module.css"
-import packageJSON from "next-auth/package.json"
+import packageJSON from "package.json"
 
 export default function Footer() {
   return (

apps/dev/nextjs/components/header.js

@@ -76,6 +76,12 @@ export default function Header() {
           <li className={styles.navItem}>
             <Link href="/middleware-protected">Middleware protected</Link>
           </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-client-rls">Supabase RLS</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-ssr">Supabase RLS(SSR)</Link>
+          </li>
         </ul>
       </nav>
     </header>

apps/dev/nextjs/middleware.ts

@@ -1,10 +1,45 @@
-// export { auth as default } from "auth"
-import { auth } from "auth"
-import { NextResponse } from "next/server"
-
-export default auth((req) => {
-  if (req.auth) return NextResponse.json(req.auth)
-  return NextResponse.json("Not authorized", { status: 401 })
-})
+export { default } from "next-auth/middleware"
 
 export const config = { matcher: ["/middleware-protected"] }
+
+// Other ways to use this middleware
+
+// import withAuth from "next-auth/middleware"
+// import { withAuth } from "next-auth/middleware"
+
+// export function middleware(req, ev) {
+//   return withAuth(req)
+// }
+
+// export function middleware(req, ev) {
+//   return withAuth(req, ev)
+// }
+
+// export function middleware(req, ev) {
+//   return withAuth(req, {
+//     callbacks: {
+//       authorized: ({ token }) => !!token,
+//     },
+//   })
+// }
+
+// export default withAuth(function middleware(req, ev) {
+//   console.log(req.nextauth.token)
+// })
+
+// export default withAuth(
+//   function middleware(req, ev) {
+//     console.log(req, ev)
+//   },
+//   {
+//     callbacks: {
+//       authorized: ({ token }) => token.name === "Balázs Orbán",
+//     },
+//   }
+// )
+
+// export default withAuth({
+//   callbacks: {
+//     authorized: ({ token }) => !!token,
+//   },
+// })

apps/dev/nextjs/package.json

@@ -15,7 +15,6 @@
   "license": "ISC",
   "dependencies": {
     "@auth/core": "workspace:*",
-    "next-auth": "workspace:*",
     "@next-auth/fauna-adapter": "workspace:*",
     "@next-auth/prisma-adapter": "workspace:*",
     "@next-auth/supabase-adapter": "workspace:*",
@@ -23,7 +22,7 @@
     "@prisma/client": "^3",
     "@supabase/supabase-js": "^2.0.5",
     "faunadb": "^4",
-    "next": "13.3.2-canary.12",
+    "next": "13.3.0",
     "next-auth": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -94,11 +94,7 @@ export const authConfig: AuthConfig = {
       tenantId: process.env.AZURE_AD_TENANT_ID,
     }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
-    BeyondIdentity({
-      clientId: process.env.BEYOND_IDENTITY_CLIENT_ID,
-      clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET,
-      issuer: process.env.BEYOND_IDENTITY_ISSUER,
-    }),
+    BeyondIdentity({ clientId: process.env.BEYOND_IDENTITY_CLIENT_ID, clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET, issuer: process.env.BEYOND_IDENTITY_ISSUER }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
@@ -160,4 +156,4 @@ function AuthHandler(...args: any[]) {
 
 export default AuthHandler(authConfig)
 
-export const config = { runtime: "edge" }
+export const config = { runtime: "experimental-edge" }

apps/dev/nextjs/pages/api/examples/protected.js

@@ -1,9 +1,9 @@
 // This is an example of to protect an API route
-import { authConfig } from "../auth-old/[...nextauth]"
-import { getServerSession } from "next-auth/next"
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
 
 export default async (req, res) => {
-  const session = await getServerSession(req, res, authConfig as any)
+  const session = await unstable_getServerSession(req, res, authOptions)
 
   if (session) {
     res.send({

apps/dev/nextjs/pages/api/examples/session.js

@@ -0,0 +1,8 @@
+// This is an example of how to access a session from an API route
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+
+export default async (req, res) => {
+  const session = await unstable_getServerSession(req, res, authOptions)
+  res.json(session)
+}

apps/dev/nextjs/pages/api/examples/session.ts

@@ -1,8 +0,0 @@
-import { authConfig } from "../auth-old/[...nextauth]"
-// This is an example of how to access a session from an API route
-import { getServerSession } from "next-auth/next"
-
-export default async (req, res) => {
-  const session = await getServerSession(req, res, authConfig as any)
-  res.json(session)
-}

apps/dev/nextjs/pages/api/examples/supabase-rls.js

@@ -0,0 +1,30 @@
+// This is an example of how to query data from Supabase with RLS.
+// Learn more about Row Levele Security (RLS): https://supabase.com/docs/guides/auth/row-level-security
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+
+export default async (req, res) => {
+  const session = await unstable_getServerSession(req, res, authOptions)
+
+  if (!session)
+    return res.send(JSON.stringify({ error: "No session!" }, null, 2))
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  res.send(JSON.stringify({ supabaseAccessToken, data, error }, null, 2))
+}

apps/dev/nextjs/pages/protected-ssr.js

@@ -1,6 +1,6 @@
 // This is an example of how to protect content using server rendering
-import { getServerSession } from "next-auth/next"
-import { authConfig } from "./api/auth-old/[...nextauth]"
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
 import Layout from "../components/layout"
 import AccessDenied from "../components/access-denied"
 
@@ -26,7 +26,11 @@ export default function Page({ content, session }) {
 }
 
 export async function getServerSideProps(context) {
-  const session = await getServerSession(context.req, context.res, authConfig)
+  const session = await unstable_getServerSession(
+    context.req,
+    context.res,
+    authOptions
+  )
   let content = null
 
   if (session) {

apps/dev/nextjs/pages/server.js

@@ -1,6 +1,6 @@
-import { getServerSession } from "next-auth/next"
+import { unstable_getServerSession } from "next-auth/next"
 import Layout from "../components/layout"
-import { authConfig } from "./api/auth-old/[...nextauth]"
+import { authOptions } from "./api/auth/[...nextauth]"
 
 export default function Page() {
   // As this page uses Server Side Rendering, the `session` will be already
@@ -12,11 +12,11 @@ export default function Page() {
     <Layout>
       <h1>Server Side Rendering</h1>
       <p>
-        This page uses the <strong>getServerSession()</strong> method in{" "}
-        <strong>getServerSideProps()</strong>.
+        This page uses the <strong>unstable_getServerSession()</strong> method
+        in <strong>getServerSideProps()</strong>.
       </p>
       <p>
-        Using <strong>getServerSession()</strong> in{" "}
+        Using <strong>unstable_getServerSession()</strong> in{" "}
         <strong>getServerSideProps()</strong> is currently the recommended
         approach, although the API may still change, if you need to support
         Server Side Rendering with authentication.
@@ -40,7 +40,11 @@ export default function Page() {
 export async function getServerSideProps(context) {
   return {
     props: {
-      session: await getServerSession(context.req, context.res, authConfig),
+      session: await unstable_getServerSession(
+        context.req,
+        context.res,
+        authOptions
+      ),
     },
   }
 }

apps/dev/nextjs/pages/supabase-client-rls.js

@@ -0,0 +1,48 @@
+import Layout from "../components/layout"
+import { useState, useEffect } from "react"
+import { useSession } from "next-auth/react"
+import { createClient } from "@supabase/supabase-js"
+
+export default function Page() {
+  const { data: session } = useSession()
+  const [data, setData] = useState(null)
+
+  useEffect(() => {
+    if (session) {
+      // User is logged in, let's fetch their data.
+      const { supabaseAccessToken } = session
+      const supabase = createClient(
+        process.env.NEXT_PUBLIC_SUPABASE_URL,
+        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+        {
+          global: {
+            headers: { Authorization: `Bearer ${supabaseAccessToken}` },
+          },
+        }
+      )
+      // Fetch data with RLS enabled.
+      supabase
+        .from("users")
+        .select("*")
+        .then(({ data }) => setData(data))
+    }
+  }, [session])
+
+  return (
+    <Layout>
+      <h1>Fetch Data from Supabase with RLS</h1>
+      <h2>Client-side data fetching with RLS:</h2>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+      <h2>API Example</h2>
+      <p>
+        You can also use Supabase in API routes. See the code in the
+        `/pages/api/examples/supabase-rls.js` file.
+      </p>
+      <p>
+        <em>You must be signed in to see responses.</em>
+      </p>
+      <p>/api/examples/supabase-rls</p>
+      <iframe src="/api/examples/supabase-rls" />
+    </Layout>
+  )
+}

apps/dev/nextjs/pages/supabase-ssr.js

@@ -0,0 +1,68 @@
+// This is an example of how to protect content using server rendering
+// and fetching data from Supabase with RLS enabled.
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
+
+export default function Page({ data, session }) {
+  // If no session exists, display access denied message
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
+
+  // If session exists, display content
+  return (
+    <Layout>
+      <h1>Protected Page</h1>
+      <p>Data fetched during SSR from Supabase with RSL enabled:</p>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+    </Layout>
+  )
+}
+
+export async function getServerSideProps(context) {
+  const session = await unstable_getServerSession(
+    context.req,
+    context.res,
+    authOptions
+  )
+
+  if (!session)
+    return {
+      props: {
+        session,
+        data: null,
+        error: "No session",
+      },
+    }
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  return {
+    props: {
+      session,
+      data,
+      error,
+    },
+  }
+}

apps/dev/nextjs/types/nextauth.d.ts

@@ -18,12 +18,3 @@ declare module "next-auth" {
     foo: string
   }
 }
-
-
-declare global {
-  namespace NodeJS {
-    interface ProcessEnv {
-      [key: string]: string;
-    }
-  }
-}

apps/examples/next.config.js

@@ -1,4 +0,0 @@
-/** @type {import("next").NextConfig} */
-module.exports = {
-  reactStrictMode: true,
-}

apps/examples/nextjs/.env.local.example

@@ -1,5 +1,5 @@
 NEXTAUTH_URL=http://localhost:3000
-NEXTAUTH_SECRET= # Linux: `openssl rand -hex 32` or go to https://generate-secret.vercel.app/32
+NEXTAUTH_SECRET= # Linux: `openssl rand -hex 32` or go to https://generate-secret.now.sh/32
 
 
 AUTH0_ID=

apps/examples/nextjs/README.md

@@ -8,7 +8,7 @@
    <a href="https://nextjs.org" target="_blank">
    <img height="64" src="https://nextjs.org/static/favicon/android-chrome-192x192.png" />
    </a>
-   <h3 align="center"><b>next-auth</b> - Example App</h3>
+   <h3 align="center"><b>NextAuth.js</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -36,7 +36,7 @@ This is an example application that shows how `next-auth` is applied to a basic
 
 The deployed version can be found at [`next-auth-example.vercel.app`](https://next-auth-example.vercel.app)
 
-Go to [authjs.dev](https://authjs.dev) for more information and documentation.
+Go to [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
 
 ## Getting Started
 
@@ -66,7 +66,7 @@ You **can** skip configuring a database and come back to it later if you want.
 
 For more information about setting up a database, please check out the following links:
 
-- Docs: [authjs.dev/reference/adapters](https://authjs.dev/reference/adapters)
+- Docs: [next-auth.js.org/adapters/overview](https://next-auth.js.org/adapters/overview)
 
 ### 3. Configure Authentication Providers
 
@@ -76,7 +76,7 @@ For more information about setting up a database, please check out the following
 
 e.g. For Google OAuth you would use: `http://localhost:3000/api/auth/callback/google`
 
-A list of configured providers and their callback URLs is available from the endpoint `/api/auth/providers`. You can find more information at [authjs.dev/getting-started/oauth-tutorial](https://authjs.dev/getting-started/oauth-tutorial)
+A list of configured providers and their callback URLs is available from the endpoint `/api/auth/providers`. You can find more information at https://next-auth.js.org/configuration/providers/oauth
 
 3. You can also choose to specify an SMTP server for passwordless sign in via email.
 
@@ -106,4 +106,4 @@ Follow the [Deployment documentation](https://authjs.dev/guides/basics/deploymen
 <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
 <img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
 </a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/nextjs/app/api/auth/[...nextauth]/route.ts

@@ -1,3 +0,0 @@
-import { handlers } from "auth"
-export const { GET, POST } = handlers
-export const runtime = "edge"

apps/examples/nextjs/app/api/protected/route.ts

@@ -1,10 +0,0 @@
-import { auth } from "auth"
-import { NextResponse } from "next/server"
-
-export const GET = auth(function GET(req) {
-  if (req.auth) {
-    return NextResponse.json(req.auth)
-  }
-
-  return NextResponse.json({ message: "Not authenticated" }, { status: 401 })
-})

apps/examples/nextjs/app/layout.tsx

@@ -1,24 +0,0 @@
-import Header from "components/header"
-import Footer from "components/footer"
-import './styles.css'
-
-export default function RootLayout({
-  children,
-}: {
-  children: React.ReactNode
-}) {
-  return (
-    <html>
-      <head></head>
-      <body>
-        <Header />
-        <main>
-          {children}
-        </main>
-        <Footer />
-      </body>
-    </html>
-  )
-}
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/app/page.tsx

@@ -1,13 +0,0 @@
-export default function Page() {
-  return (
-    <>
-      <h1>NextAuth.js Example</h1>
-      <p>
-        This is an example site to demonstrate how to use{" "}
-        <a href="https://authjs.dev">NextAuth.js</a> for authentication.
-      </p>
-    </>
-  )
-}
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/app/server-component/page.tsx

@@ -1,39 +0,0 @@
-import { auth } from "auth"
-import { cookies, headers } from "next/headers"
-
-function SignIn({ id, children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action={`/api/auth/signin/${id}`} method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut({ children }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-export default async function Page() {
-  const session = await auth(headers())
-  if (session) {
-    return (
-      <>
-        <pre>{JSON.stringify(session, null, 2)}</pre>
-        <SignOut>Sign out</SignOut>
-      </>
-    )
-  }
-  return <SignIn id="github">Sign in with github</SignIn>
-}
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/auth.ts

@@ -1,21 +0,0 @@
-import NextAuth from "next-auth"
-import GitHub from "@auth/core/providers/github"
-
-export const { handlers, auth } = NextAuth({
-  providers: [GitHub],
-  callbacks: {
-    async authorized({ request, auth }) {
-      // if (request.method === "POST") {
-      // const [, token] = request.headers.get("Authorization")?.split(" ")
-      // const valid = validateToken(token)
-      // // If the request has a valid auth token, it is authorized
-      // if (valid) return true
-      // return NextResponse.json("Invalid auth token", { status: 401 })
-      // }
-
-      // Logged in users are authorized, otherwise, will redirect to login
-      // You could also return a custom redirect instead of the sign-in page
-      return !!auth
-    },
-  },
-})

apps/examples/nextjs/components/footer.tsx

@@ -1,6 +1,6 @@
 import Link from "next/link"
 import styles from "./footer.module.css"
-import packageJSON from "next-auth/package.json"
+import packageJSON from "../package.json"
 
 export default function Footer() {
   return (
@@ -8,10 +8,10 @@ export default function Footer() {
       <hr />
       <ul className={styles.navItems}>
         <li className={styles.navItem}>
-          <a href="https://authjs.dev">Documentation</a>
+          <a href="https://next-auth.js.org">Documentation</a>
         </li>
         <li className={styles.navItem}>
-          <a href="https://www.npmjs.com/package/@auth/core">NPM</a>
+          <a href="https://www.npmjs.com/package/next-auth">NPM</a>
         </li>
         <li className={styles.navItem}>
           <a href="https://github.com/nextauthjs/next-auth-example">GitHub</a>
@@ -20,7 +20,7 @@ export default function Footer() {
           <Link href="/policy">Policy</Link>
         </li>
         <li className={styles.navItem}>
-          <em>{packageJSON.version}</em>
+          <em>next-auth@{packageJSON.dependencies["next-auth"]}</em>
         </li>
       </ul>
     </footer>

apps/examples/nextjs/components/header.module.css

@@ -1,6 +1,5 @@
 /* Set min-height to avoid page reflow while session loading */
 .signedInStatus {
-  position: relative;
   display: block;
   min-height: 4rem;
   width: 100%;

apps/examples/nextjs/components/header.tsx

@@ -1,63 +1,65 @@
 import Link from "next/link"
-import { auth } from "auth"
-import { cookies, headers } from "next/headers"
+import { signIn, signOut, useSession } from "next-auth/react"
 import styles from "./header.module.css"
 
-function SignIn({ id, children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action={`/api/auth/signin/${id}`} method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-function SignOut({ children, className }: any) {
-  const $cookies = cookies()
-  const csrfToken = $cookies.get("next-auth.csrf-token")?.value.split("|")[0]
-  return (
-    <form action="/api/auth/signout" method="post">
-      <button className={className} type="submit">{children}</button>
-      <input type="hidden" name="csrfToken" value={csrfToken} />
-    </form>
-  )
-}
-
-// The approach used in this component shows how to built a sign in and sign out
+// The approach used in this component shows how to build a sign in and sign out
 // component that works on pages which support both client and server side
 // rendering, and avoids any flash incorrect content on initial page load.
-export default async function Header() {
-  const session = await auth(headers())
+export default function Header() {
+  const { data: session, status } = useSession()
+  const loading = status === "loading"
 
   return (
     <header>
       <noscript>
-        <style>{".nojs-show { opacity: 1; top: 0; }"}</style>
+        <style>{`.nojs-show { opacity: 1; top: 0; }`}</style>
       </noscript>
       <div className={styles.signedInStatus}>
-        <p className={`nojs-show ${styles.loaded}`}>
+        <p
+          className={`nojs-show ${
+            !session && loading ? styles.loading : styles.loaded
+          }`}
+        >
           {!session && (
             <>
               <span className={styles.notSignedInText}>
                 You are not signed in
               </span>
-              <SignIn className={styles.buttonPrimary}>Sign In</SignIn>
+              <a
+                href={`/api/auth/signin`}
+                className={styles.buttonPrimary}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signIn()
+                }}
+              >
+                Sign in
+              </a>
             </>
           )}
-          {session && (
+          {session?.user && (
             <>
               {session.user.image && (
-                <img src={session.user.image} className={styles.avatar} />
+                <span
+                  style={{ backgroundImage: `url('${session.user.image}')` }}
+                  className={styles.avatar}
+                />
               )}
               <span className={styles.signedInText}>
                 <small>Signed in as</small>
                 <br />
-                <strong>{session.user.email} </strong>
-                {session.user.name ? `(${session.user.name})` : null}
+                <strong>{session.user.email ?? session.user.name}</strong>
               </span>
-              <SignOut className={styles.button}>Sign Out</SignOut>
+              <a
+                href={`/api/auth/signout`}
+                className={styles.button}
+                onClick={(e) => {
+                  e.preventDefault()
+                  signOut()
+                }}
+              >
+                Sign out
+              </a>
             </>
           )}
         </p>
@@ -71,7 +73,7 @@ export default async function Header() {
             <Link href="/client">Client</Link>
           </li>
           <li className={styles.navItem}>
-            <Link href="/server-component">Server</Link>
+            <Link href="/server">Server</Link>
           </li>
           <li className={styles.navItem}>
             <Link href="/protected">Protected</Link>
@@ -80,12 +82,13 @@ export default async function Header() {
             <Link href="/api-example">API</Link>
           </li>
           <li className={styles.navItem}>
-            <Link href="/middleware-protected">Middleware protected</Link>
+            <Link href="/admin">Admin</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/me">Me</Link>
           </li>
         </ul>
       </nav>
     </header>
   )
 }
-
-export const runtime = "experimental-edge"

apps/examples/nextjs/components/layout.tsx

@@ -0,0 +1,13 @@
+import Header from "./header"
+import Footer from "./footer"
+import type { ReactNode } from "react"
+
+export default function Layout({ children }: { children: ReactNode }) {
+  return (
+    <>
+      <Header />
+      <main>{children}</main>
+      <Footer />
+    </>
+  )
+}

apps/examples/nextjs/middleware.ts

@@ -1,10 +1,17 @@
-// export { auth as default } from "auth"
-import { auth } from "auth"
-import { NextResponse } from "next/server"
+import { withAuth } from "next-auth/middleware"
 
-export default auth((req) => {
-  if (req.auth) return NextResponse.json(req.auth)
-  return NextResponse.json("Not authorized", { status: 401 })
+// More on how NextAuth.js middleware works: https://next-auth.js.org/configuration/nextjs#middleware
+export default withAuth({
+  callbacks: {
+    authorized({ req, token }) {
+      // `/admin` requires admin role
+      if (req.nextUrl.pathname === "/admin") {
+        return token?.userRole === "admin"
+      }
+      // `/me` only requires the user to be logged in
+      return !!token
+    },
+  },
 })
 
-export const config = { matcher: ["/middleware-protected"] }
+export const config = { matcher: ["/admin", "/me"] }

apps/examples/nextjs/next-auth.d.ts

@@ -0,0 +1,10 @@
+import "next-auth/jwt"
+
+// Read more at: https://next-auth.js.org/getting-started/typescript#module-augmentation
+
+declare module "next-auth/jwt" {
+  interface JWT {
+    /** The user's role. */
+    userRole?: "admin"
+  }
+}

apps/examples/nextjs/next.config.js

@@ -1,9 +1,4 @@
 /** @type {import("next").NextConfig} */
 module.exports = {
-  webpack(config) {
-    config.experiments = { ...config.experiments, topLevelAwait: true }
-    return config
-  },
-  experimental: { appDir: true },
-  typescript: { ignoreBuildErrors: true },
+  reactStrictMode: true,
 }

apps/examples/nextjs/package.json

@@ -1,6 +1,5 @@
 {
   "private": true,
-  "name": "nextjs-example-app",
   "description": "An example project for NextAuth.js with Next.js",
   "repository": "https://github.com/nextauthjs/next-auth-example.git",
   "bugs": {
@@ -19,9 +18,8 @@
     "Lluis Agusti <hi@llu.lu>"
   ],
   "dependencies": {
-    "@auth/core": "workspace:*",
     "next": "latest",
-    "next-auth": "workspace:*",
+    "next-auth": "latest",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

apps/examples/nextjs/pages/_app.tsx

@@ -0,0 +1,18 @@
+import { SessionProvider } from "next-auth/react"
+import "./styles.css"
+
+import type { AppProps } from "next/app"
+import type { Session } from "next-auth"
+
+// Use of the <SessionProvider> is mandatory to allow components that call
+// `useSession()` anywhere in your application to access the `session` object.
+export default function App({
+  Component,
+  pageProps: { session, ...pageProps },
+}: AppProps<{ session: Session }>) {
+  return (
+    <SessionProvider session={session}>
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}

apps/examples/nextjs/pages/admin.tsx

@@ -0,0 +1,17 @@
+import Layout from "../components/layout"
+
+export default function Page() {
+  return (
+    <Layout>
+      <h1>This page is protected by Middleware</h1>
+      <p>Only admin users can see this page.</p>
+      <p>
+        To learn more about the NextAuth middleware see&nbsp;
+        <a href="https://next-auth.js.org/configuration/nextjs#middleware">
+          the docs
+        </a>
+        .
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/api-example.tsx

@@ -0,0 +1,19 @@
+import Layout from "../components/layout"
+
+export default function ApiExamplePage() {
+  return (
+    <Layout>
+      <h1>API Example</h1>
+      <p>The examples below show responses from the example API endpoints.</p>
+      <p>
+        <em>You must be signed in to see responses.</em>
+      </p>
+      <h2>Session</h2>
+      <p>/api/examples/session</p>
+      <iframe src="/api/examples/session" />
+      <h2>JSON Web Token</h2>
+      <p>/api/examples/jwt</p>
+      <iframe src="/api/examples/jwt" />
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/api/auth/[...nextauth].ts

@@ -0,0 +1,44 @@
+import NextAuth, { NextAuthOptions } from "next-auth"
+import GoogleProvider from "next-auth/providers/google"
+import FacebookProvider from "next-auth/providers/facebook"
+import GithubProvider from "next-auth/providers/github"
+import TwitterProvider from "next-auth/providers/twitter"
+import Auth0Provider from "next-auth/providers/auth0"
+
+// For more information on each option (and a full list of options) go to
+// https://next-auth.js.org/configuration/options
+export const authOptions: NextAuthOptions = {
+  // https://next-auth.js.org/configuration/providers/oauth
+  providers: [
+    Auth0Provider({
+      clientId: process.env.AUTH0_ID,
+      clientSecret: process.env.AUTH0_SECRET,
+      issuer: process.env.AUTH0_ISSUER,
+    }),
+    FacebookProvider({
+      clientId: process.env.FACEBOOK_ID,
+      clientSecret: process.env.FACEBOOK_SECRET,
+    }),
+    GithubProvider({
+      clientId: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET,
+    }),
+    GoogleProvider({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+    }),
+    TwitterProvider({
+      clientId: process.env.TWITTER_ID,
+      clientSecret: process.env.TWITTER_SECRET,
+      version: "2.0",
+    }),
+  ],
+  callbacks: {
+    async jwt({ token }) {
+      token.userRole = "admin"
+      return token
+    },
+  },
+}
+
+export default NextAuth(authOptions)

apps/examples/nextjs/pages/api/examples/jwt.ts

@@ -0,0 +1,14 @@
+// This is an example of how to read a JSON Web Token from an API route
+import { getToken } from "next-auth/jwt"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  // If you don't have the NEXTAUTH_SECRET environment variable set,
+  // you will have to pass your secret as `secret` to `getToken`
+  const token = await getToken({ req })
+  res.send(JSON.stringify(token, null, 2))
+}

apps/examples/nextjs/pages/api/examples/protected.ts

@@ -0,0 +1,23 @@
+// This is an example of to protect an API route
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const session = await getServerSession(req, res, authOptions)
+
+  if (session) {
+    return res.send({
+      content:
+        "This is protected content. You can access this content because you are signed in.",
+    })
+  }
+
+  res.send({
+    error: "You must be signed in to view the protected content on this page.",
+  })
+}

apps/examples/nextjs/pages/api/examples/session.ts

@@ -0,0 +1,13 @@
+// This is an example of how to access a session from an API route
+import { getServerSession } from "next-auth"
+import { authOptions } from "../auth/[...nextauth]"
+
+import type { NextApiRequest, NextApiResponse } from "next"
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const session = await getServerSession(req, res, authOptions)
+  res.send(JSON.stringify(session, null, 2))
+}

apps/examples/nextjs/pages/client.tsx

@@ -1,13 +1,15 @@
-export default function Page() {
+import Layout from "../components/layout"
+
+export default function ClientPage() {
   return (
-    <>
+    <Layout>
       <h1>Client Side Rendering</h1>
       <p>
         This page uses the <strong>useSession()</strong> React Hook in the{" "}
-        <strong>&lt;/Header&gt;</strong> component.
+        <strong>&lt;Header/&gt;</strong> component.
       </p>
       <p>
-        The <strong>useSession()</strong> React Hook easy to use and allows
+        The <strong>useSession()</strong> React Hook is easy to use and allows
         pages to render very quickly.
       </p>
       <p>
@@ -20,6 +22,6 @@ export default function Page() {
         The disadvantage of <strong>useSession()</strong> is that it requires
         client side JavaScript.
       </p>
-    </>
+    </Layout>
   )
 }

apps/examples/nextjs/pages/index.tsx

@@ -0,0 +1,13 @@
+import Layout from "../components/layout"
+
+export default function IndexPage() {
+  return (
+    <Layout>
+      <h1>NextAuth.js Example</h1>
+      <p>
+        This is an example site to demonstrate how to use{" "}
+        <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/me.tsx

@@ -0,0 +1,12 @@
+import { useSession } from "next-auth/react"
+import Layout from "../components/layout"
+
+export default function MePage() {
+  const { data } = useSession()
+
+  return (
+    <Layout>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/policy.tsx

@@ -0,0 +1,32 @@
+import Layout from "../components/layout"
+
+export default function PolicyPage() {
+  return (
+    <Layout>
+      <p>
+        This is an example site to demonstrate how to use{" "}
+        <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
+      </p>
+      <h2>Terms of Service</h2>
+      <p>
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+        OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+        MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+        IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+        CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+        TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+        SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+      </p>
+      <h2>Privacy Policy</h2>
+      <p>
+        This site uses JSON Web Tokens and an in-memory database which resets
+        every ~2 hours.
+      </p>
+      <p>
+        Data provided to this site is exclusively used to support signing in and
+        is not passed to any third party services, other than via SMTP or OAuth
+        for the purposes of authentication.
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/protected.tsx

@@ -0,0 +1,40 @@
+import { useState, useEffect } from "react"
+import { useSession } from "next-auth/react"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
+
+export default function ProtectedPage() {
+  const { data: session } = useSession()
+  const [content, setContent] = useState()
+
+  // Fetch content from protected route
+  useEffect(() => {
+    const fetchData = async () => {
+      const res = await fetch("/api/examples/protected")
+      const json = await res.json()
+      if (json.content) {
+        setContent(json.content)
+      }
+    }
+    fetchData()
+  }, [session])
+
+  // If no session exists, display access denied message
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
+
+  // If session exists, display content
+  return (
+    <Layout>
+      <h1>Protected Page</h1>
+      <p>
+        <strong>{content ?? "\u00a0"}</strong>
+      </p>
+    </Layout>
+  )
+}

apps/examples/nextjs/pages/server.tsx

@@ -0,0 +1,44 @@
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import Layout from "../components/layout"
+
+import type { GetServerSidePropsContext } from "next"
+import { useSession } from "next-auth/react"
+
+export default function ServerSidePage() {
+  const { data: session } = useSession()
+  // As this page uses Server Side Rendering, the `session` will be already
+  // populated on render without needing to go through a loading stage.
+  return (
+    <Layout>
+      <h1>Server Side Rendering</h1>
+      <p>
+        This page uses the <strong>getServerSession()</strong> method in{" "}
+        <strong>getServerSideProps()</strong>.
+      </p>
+      <p>
+        Using <strong>getServerSession()</strong> in{" "}
+        <strong>getServerSideProps()</strong> is the recommended approach if you
+        need to support Server Side Rendering with authentication.
+      </p>
+      <p>
+        The advantage of Server Side Rendering is this page does not require
+        client side JavaScript.
+      </p>
+      <p>
+        The disadvantage of Server Side Rendering is that this page is slower to
+        render.
+      </p>
+      <pre>{JSON.stringify(session, null, 2)}</pre>
+    </Layout>
+  )
+}
+
+// Export the `session` prop to use sessions with Server Side Rendering
+export async function getServerSideProps(context: GetServerSidePropsContext) {
+  return {
+    props: {
+      session: await getServerSession(context.req, context.res, authOptions),
+    },
+  }
+}

apps/examples/nextjs/pages/styles.css

@@ -1,5 +1,4 @@
 body {
-  color: red;
   font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont,
     "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif,
     "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
@@ -7,7 +6,7 @@ body {
   max-width: 680px;
   margin: 0 auto;
   background: #fff;
-  color: var(--color-text);
+  color: #333;
 }
 
 li,

apps/examples/nextjs/tsconfig.json

@@ -1,14 +1,10 @@
 {
   "compilerOptions": {
-    "target": "esnext",
-    "lib": [
-      "dom",
-      "dom.iterable",
-      "esnext"
-    ],
+    "target": "es5",
+    "lib": ["dom", "dom.iterable", "esnext"],
     "allowJs": true,
     "skipLibCheck": true,
-    "strict": false,
+    "strict": true,
     "forceConsistentCasingInFileNames": true,
     "noEmit": true,
     "esModuleInterop": true,
@@ -16,24 +12,15 @@
     "moduleResolution": "node",
     "resolveJsonModule": true,
     "isolatedModules": true,
-    "incremental": true,
     "jsx": "preserve",
-    "baseUrl": ".",
-    "plugins": [
-      {
-        "name": "next"
-      }
-    ],
-    "strictNullChecks": true
+    "incremental": true
   },
   "include": [
+    "process.d.ts",
     "next-env.d.ts",
+    "next-auth.d.ts",
     "**/*.ts",
-    "**/*.tsx",
-    ".next/types/**/*.ts"
+    "**/*.tsx"
   ],
-  "exclude": [
-    "node_modules",
-    "jest.config.js"
-  ]
+  "exclude": ["node_modules"]
 }

apps/playgrounds/nuxt/composables/useSession.ts

@@ -1,4 +1,4 @@
-import { Session } from "@auth/core"
+import { Session } from "@auth/core/types"
 
 export default function useSession() {
   return useState<Session | null>("session", () => null)

apps/playgrounds/nuxt/lib/auth/client.ts

@@ -43,7 +43,7 @@ export async function signIn<
 
   // TODO: Handle custom base path
   // TODO: Remove this since Sveltekit offers the CSRF protection via origin check
-  const { csrfToken } = await $fetch("/api/auth/csrf")
+  const { csrfToken } = await $fetch<{ csrfToken: string }>("/api/auth/csrf")
 
   console.log(_signInUrl)
 

apps/playgrounds/nuxt/lib/auth/server.ts

@@ -1,13 +1,14 @@
-import { AuthHandler, AuthOptions, Session } from "@auth/core"
+import { AuthConfig, Session } from "@auth/core/types"
+import { Auth } from "@auth/core"
 import { fromNodeMiddleware, H3Event } from "h3"
 import getURL from "requrl"
 import { createMiddleware } from "@hattip/adapter-node"
 
-export function NuxtAuthHandler(options: AuthOptions) {
+export function NuxtAuthHandler(options: AuthConfig) {
   async function handler(ctx: { request: Request }) {
     options.trustHost ??= true
 
-    return AuthHandler(ctx.request, options)
+    return Auth(ctx.request, options)
   }
 
   const middleware = createMiddleware(handler)
@@ -17,7 +18,7 @@ export function NuxtAuthHandler(options: AuthOptions) {
 
 export async function getSession(
   event: H3Event,
-  options: AuthOptions
+  options: AuthConfig
 ): Promise<Session | null> {
   options.trustHost ??= true
 
@@ -30,7 +31,7 @@ export async function getSession(
     nodeHeaders.append(key, headers[key] as any)
   })
 
-  const response = await AuthHandler(
+  const response = await Auth(
     new Request(url, { headers: nodeHeaders }),
     options
   )

apps/playgrounds/nuxt/package.json

@@ -1,21 +1,22 @@
 {
-  "name": "playground-nuxt",
+  "name": "next-auth-nuxt",
   "private": true,
   "scripts": {
-    "build": "nuxt prepare && nuxt build",
-    "dev": "nuxt prepare &&  export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
+    "build": "nuxt build",
+    "dev": "nuxt dev",
     "generate": "nuxt generate",
-    "preview": "nuxt preview"
+    "preview": "nuxt preview",
+    "postinstall": "nuxt prepare"
   },
   "devDependencies": {
     "@nuxt/eslint-config": "^0.1.1",
     "eslint": "^8.29.0",
-    "h3": "1.0.2",
-    "nuxt": "3.0.0"
+    "h3": "1.6.6",
+    "nuxt": "3.5.1"
   },
   "dependencies": {
     "@auth/core": "workspace:*",
-    "@hattip/adapter-node": "^0.0.22",
+    "@hattip/adapter-node": "^0.0.34",
     "requrl": "^3.0.2"
   }
 }

apps/playgrounds/nuxt/plugins/auth.ts

@@ -1,4 +1,4 @@
-import { Session } from "@auth/core"
+import { Session } from "@auth/core/types"
 
 export default defineNuxtPlugin(async () => {
   const session = useSession()

apps/playgrounds/nuxt/server/api/auth/[...].ts

@@ -1,10 +1,10 @@
 import { NuxtAuthHandler } from "@/lib/auth/server"
 import GithubProvider from "@auth/core/providers/github"
-import type { AuthOptions } from "@auth/core"
+import type { AuthConfig } from "@auth/core"
 
 const runtimeConfig = useRuntimeConfig()
 
-export const authOptions: AuthOptions = {
+export const authOptions = {
   secret: runtimeConfig.secret,
   providers: [
     GithubProvider({
@@ -12,6 +12,6 @@ export const authOptions: AuthOptions = {
       clientSecret: runtimeConfig.github.clientSecret,
     }),
   ],
-}
+} as AuthConfig
 
 export default NuxtAuthHandler(authOptions)

docs/docs/getting-started/oauth-tutorial.mdx

@@ -36,6 +36,10 @@ This tutorial assumes you have a Next.js application set up. If you don't, you c
 npm install next-auth
 ```
 
+:::info
+We are working on a new `@auth/nextjs` package that will make it easier to set up Auth.js with Next.js. Stay tuned! For now, you can use the `next-auth` package.
+:::
+
 ### Creating the server config
 
 Create the following [API route](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes) file. This route contains the necessary configuration for NextAuth.js, as well as the dynamic route handler:
@@ -239,10 +243,13 @@ http://localhost:5173/auth/callback/github
 TODO Core
   </TabItem>
 </Tabs>
+
 :::info
 The last part of the URL, `[provider]`, is the ID of the provider you're using. In this case, we're using GitHub, so it's `github`. If you're using Google, it'll be `google`, etc... We keep track of the provider IDs internally.
+
 The same id is used in the `signIn()` method we saw earlier.
 :::
+
 To register, tap on "Register application" button.
 
 The next screen shows all the configurations for your newly created OAuth app. For now, we need two things from it - the **Client ID** and **Client Secret**:
@@ -266,7 +273,7 @@ Note that, for each provider, the configuration process will be similar to what
 2. Create create your OAuth application within it
 3. Set the callback URL
 4. Get the Client ID and Generate a Client Secret
-   :::
+:::
 
 ## 3. Wiring all together
 

docs/docs/guides/testing/testing-with-cypress.md

@@ -110,10 +110,6 @@ describe("Login page", () => {
             secure: cookie.secure,
           })
 
-          Cypress.Cookies.defaults({
-            preserve: cookieName,
-          })
-
           // remove the two lines below if you need to stay logged in
           // for your remaining tests
           cy.visit("/api/auth/signout")

docs/docs/reference/adapters/index.md

@@ -96,8 +96,13 @@ erDiagram
       string type
       string provider
       string providerAccountId
+      string refresh_token
       string access_token
+      int expires_at
+      string token_type
+      string scope
       string id_token
+      string session_state
     }
     VerificationToken {
       string identifier
@@ -137,7 +142,7 @@ The Account model is for information about OAuth accounts associated with a User
 
 A single User can have multiple Accounts, but each Account can only have one User.
 
-Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `refresh_token`, `id_token` and `expires_at`. You can save other fields by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
+Account creation in the database is automatic and happens when the user is logging in for the first time with a provider, or the [`Adapter.linkAccount`](/reference/core/adapters#linkaccount) method is invoked. The default data saved is `access_token`, `expires_at`, `refresh_token`, `id_token`, `token_type`, `scope` and `session_state`. You can save other fields or remove the ones you don't need by returning them in the [OAuth provider](/guides/providers/custom-provider)'s [`account()`](/reference/core/providers#account) callback.
 
 Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/concepts/faq#security) for more information on why this is a requirement.
 

docs/docs/reference/nextjs/client.md

@@ -0,0 +1,7 @@
+---
+title: Client
+---
+
+:::warning WIP
+`@auth/nextjs/client` is work in progress. For now, please use [NextAuth.js Client API](https://next-auth.js.org/getting-started/client).
+:::

docs/docs/reference/nextjs/index.md

@@ -0,0 +1,7 @@
+---
+title: Next.js Auth
+---
+
+:::warning WIP
+`@auth/nextjs` is work in progress. For now, please use [NextAuth.js](https://next-auth.js.org).
+:::

docs/docusaurus.config.js

@@ -38,22 +38,6 @@ function typedocAdapter(name) {
   ]
 }
 
-function typedocFramework(id, entrypoints) {
-  return [
-    "docusaurus-plugin-typedoc",
-    {
-      ...typedocConfig,
-      id: id.replace("frameworks-", ""),
-      plugin: [require.resolve("./typedoc-mdn-links")],
-      watch: process.env.TYPEDOC_WATCH,
-      entryPoints: entrypoints.map((e) => `../packages/${id}/src/${e}`),
-      tsconfig: `../packages/${id}/tsconfig.json`,
-      out: `reference/${id.replace("frameworks-", "")}`,
-      sidebar: { indexLabel: "index" },
-    },
-  ]
-}
-
 /** @type {import("@docusaurus/types").Config} */
 const docusaurusConfig = {
   markdown: {
@@ -247,9 +231,36 @@ const docusaurusConfig = {
     ],
   ],
   plugins: [
-    typedocFramework("core", ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"]),
-    typedocFramework("frameworks-sveltekit", ["lib/index.ts", "lib/client.ts"]),
-    typedocFramework("next-auth", ["index.ts", "react.tsx", "jwt.ts", "adapters.ts", "next.ts", "types.ts", "middleware.ts"]),
+    [
+      "docusaurus-plugin-typedoc",
+      {
+        ...typedocConfig,
+        id: "core",
+        plugin: [require.resolve("./typedoc-mdn-links")],
+        watch: process.env.TYPEDOC_WATCH,
+        entryPoints: ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"].map((e) => `${coreSrc}/${e}`).concat(providers),
+        tsconfig: "../packages/core/tsconfig.json",
+        out: "reference/core",
+        sidebar: {
+          indexLabel: "index",
+        },
+      },
+    ],
+    [
+      "docusaurus-plugin-typedoc",
+      {
+        ...typedocConfig,
+        id: "sveltekit",
+        plugin: [require.resolve("./typedoc-mdn-links")],
+        watch: process.env.TYPEDOC_WATCH,
+        entryPoints: ["index.ts", "client.ts"].map((e) => `../packages/frameworks-sveltekit/src/lib/${e}`),
+        tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
+        out: "reference/sveltekit",
+        sidebar: {
+          indexLabel: "index",
+        },
+      },
+    ],
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []
       : [

docs/sidebars.js

@@ -35,9 +35,16 @@ module.exports = {
     },
     {
       type: "category",
-      label: "next-auth",
-      link: { type: "doc", id: "reference/next-auth/index" },
-      items: [{ type: "autogenerated", dirName: "reference/next-auth" }],
+      label: "@auth/nextjs",
+      link: { type: "doc", id: "reference/nextjs/index" },
+      items: [
+        "reference/nextjs/client",
+        {
+          type: "link",
+          label: "NextAuth.js (next-auth)",
+          href: "https://next-auth.js.org",
+        },
+      ],
     },
     ...(process.env.TYPEDOC_SKIP_ADAPTERS
       ? []

docs/src/css/adapters.css

@@ -29,6 +29,7 @@ html[data-theme="dark"] .adapter-card {
   color: #f5f5f5;
 }
 
+html[data-theme="dark"] .adapter-card:hover,
 .adapter-card:hover {
   text-decoration: none;
   color: black;

package.json

@@ -9,7 +9,6 @@
     "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
     "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!@*upstash* --filter=!*dynamodb-*",
     "clean": "turbo run clean --no-cache",
-    "dev:example": "turbo run dev --parallel --continue --filter=nextjs-example-app... --filter=!./packages/adapter-*",
     "dev:db": "turbo run dev --parallel --continue --filter=next-auth-app...",
     "dev": "turbo run dev --parallel --continue --filter=next-auth-app... --filter=!./packages/adapter-*",
     "dev-v4:db": "turbo run dev --parallel --continue --filter=next-auth-app-v4...",
@@ -29,7 +28,7 @@
     "@actions/core": "^1.10.0",
     "@balazsorban/monorepo-release": "0.1.8",
     "@types/jest": "^28.1.3",
-    "@types/node": "^18.15.11",
+    "@types/node": "^17.0.25",
     "@typescript-eslint/eslint-plugin": "5.47.0",
     "@typescript-eslint/parser": "5.47.0",
     "eslint": "8.30.0",
@@ -97,6 +96,8 @@
     "packages/core/src/lib/pages/styles.ts",
     "packages/frameworks-sveltekit/package",
     "packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*",
+    "packages/next-auth/src/providers/oauth-types.ts",
+    "packages/next-auth/css/index.css",
     ".branches",
     "db.sqlite",
     "dev.db",
@@ -247,10 +248,8 @@
     "overrides": [
       {
         "files": [
-          "apps/dev/nextjs/pages/api/auth-old/[...nextauth].ts",
-          "apps/dev/nextjs/app/api/auth/[...nextauth]/route.ts",
-          "docs/{sidebars,docusaurus.config}.js",
-          "packages/next-auth/src/lib/env.ts"
+          "apps/dev/nextjs/pages/api/auth/[...nextauth].ts",
+          "docs/{sidebars,docusaurus.config}.js"
         ],
         "options": {
           "printWidth": 150

packages/adapter-prisma/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/prisma-adapter",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Prisma adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-prisma/src/index.ts

@@ -42,8 +42,6 @@ import type { Adapter, AdapterAccount } from "next-auth/adapters"
  * })
  * ```
  *
- * ## Advanced usage
- *
  * ### Create the Prisma schema from scratch
  *
  * You need to use at least Prisma 2.26.0. Create a schema file in `prisma/schema.prisma` similar to this one:

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/core",
-  "version": "0.7.1",
+  "version": "0.8.0",
   "description": "Authentication for the Web.",
   "keywords": [
     "authentication",

packages/core/src/errors.ts

@@ -125,7 +125,12 @@ export class MissingSecret extends AuthError {}
  */
 export class OAuthAccountNotLinked extends AuthError {}
 
-/** @todo */
+/**
+ * Thrown when an OAuth provider returns an error during the sign in process.
+ * This could happen for example if the user denied access to the application or there was a configuration error.
+ *
+ * For a full list of possible reasons, check out the specification [Authorization Code Grant: Error Response](https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1)
+ */
 export class OAuthCallbackError extends AuthError {}
 
 /** @todo */

packages/core/src/lib/callback-handler.ts

@@ -158,7 +158,7 @@ export async function handleLogin(
     const { provider: p } = options as InternalOptions<"oauth" | "oidc">
     const { type, provider, providerAccountId, userId, ...tokenSet } = account
     const defaults = { providerAccountId, provider, type, userId }
-    account = Object.assign(p.account(tokenSet), defaults)
+    account = Object.assign(p.account(tokenSet) ?? {}, defaults)
 
     if (user) {
       // If the user is already signed in and the OAuth account isn't already associated

packages/core/src/lib/index.ts

@@ -47,7 +47,7 @@ export async function AuthInternal<
       case "providers":
         return (await routes.providers(options.providers)) as any
       case "session": {
-        const session = await routes.session(sessionStore, options)
+        const session = await routes.session({ sessionStore, options })
         if (session.cookies) cookies.push(...session.cookies)
         // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
         return { ...session, cookies } as any
@@ -110,7 +110,6 @@ export async function AuthInternal<
         if (
           [
             "Signin",
-            "OAuthCallback",
             "OAuthCreateAccount",
             "EmailCreateAccount",
             "Callback",
@@ -178,6 +177,22 @@ export async function AuthInternal<
           return { ...callback, cookies }
         }
         break
+      case "session": {
+        if (options.csrfTokenVerified) {
+          const session = await routes.session({
+            options,
+            sessionStore,
+            newSession: request.body?.data,
+            isUpdate: true,
+          })
+          if (session.cookies) cookies.push(...session.cookies)
+          return { ...session, cookies } as any
+        }
+
+        // If CSRF token is invalid, return a 400 status code
+        // we should not redirect to a page as this is an API route
+        return { status: 400, cookies }
+      }
       default:
     }
   }

packages/core/src/lib/oauth/callback.ts

@@ -89,11 +89,9 @@ export async function handleOAuth(
 
   /** https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1 */
   if (o.isOAuth2Error(codeGrantParams)) {
-    logger.debug("OAuthCallbackError", {
-      providerId: provider.id,
-      ...codeGrantParams,
-    })
-    throw new OAuthCallbackError(codeGrantParams.error)
+    const cause = { providerId: provider.id, ...codeGrantParams }
+    logger.debug("OAuthCallbackError", cause)
+    throw new OAuthCallbackError("OAuth Provider returned an error", cause)
   }
 
   const codeVerifier = await checks.pkce.use(cookies, resCookies, options)
@@ -173,18 +171,18 @@ export async function handleOAuth(
       Math.floor(Date.now() / 1000) + Number(tokens.expires_in)
   }
 
-  const profileResult = await getUserAndProfile(
+  const profileResult = await getUserAndAccount(
     profile,
     provider,
     tokens,
     logger
   )
 
-  return { ...profileResult, cookies: resCookies }
+  return { ...profileResult, profile, cookies: resCookies }
 }
 
-/** Returns profile, raw profile and auth provider details */
-async function getUserAndProfile(
+/** Returns the user and account that is going to be created in the database. */
+async function getUserAndAccount(
   OAuthProfile: Profile,
   provider: OAuthConfigInternal<any>,
   tokens: TokenSet,
@@ -208,7 +206,6 @@ async function getUserAndProfile(
         providerAccountId: user.id.toString(),
         ...tokens,
       },
-      OAuthProfile,
     }
   } catch (e) {
     // If we didn't get a response either there was a problem with the provider

packages/core/src/lib/pages/signin.tsx

@@ -11,7 +11,7 @@ const signinErrors: Record<
   default: "Unable to sign in.",
   signin: "Try signing in with a different account.",
   oauthsignin: "Try signing in with a different account.",
-  oauthcallback: "Try signing in with a different account.",
+  oauthcallbackerror: "Try signing in with a different account.",
   oauthcreateaccount: "Try signing in with a different account.",
   emailcreateaccount: "Try signing in with a different account.",
   callback: "Try signing in with a different account.",

packages/core/src/lib/providers.ts

@@ -1,3 +1,4 @@
+import { OAuthProfileParseError } from "../errors.js"
 import { merge } from "./utils/merge.js"
 
 import type {
@@ -90,8 +91,10 @@ function normalizeOAuth(
  * @see https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
  */
 const defaultProfile: ProfileCallback<Profile> = (profile) => {
+  const id = profile.sub ?? profile.id
+  if (!id) throw new OAuthProfileParseError("Missing user id")
   return stripUndefined({
-    id: profile.sub ?? profile.id,
+    id: id.toString(),
     name: profile.name ?? profile.nickname ?? profile.preferred_username,
     email: profile.email,
     image: profile.picture,
@@ -103,14 +106,16 @@ const defaultProfile: ProfileCallback<Profile> = (profile) => {
  * @see https://www.ietf.org/rfc/rfc6749.html#section-5.1
  * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
  * @see https://authjs.dev/reference/adapters#account
- *
- * @todo Return `refresh_token` and `expires_at` as well when built-in
- * refresh token support is added. (Can make it opt-in first with a flag).
  */
 const defaultAccount: AccountCallback = (account) => {
   return stripUndefined({
     access_token: account.access_token,
     id_token: account.id_token,
+    refresh_token: account.refresh_token,
+    expires_at: account.expires_at,
+    scope: account.scope,
+    token_type: account.token_type,
+    session_state: account.session_state,
   })
 }
 

packages/core/src/lib/routes/callback.ts

@@ -1,4 +1,8 @@
-import { CallbackRouteError, Verification } from "../../errors.js"
+import {
+  CallbackRouteError,
+  OAuthCallbackError,
+  Verification,
+} from "../../errors.js"
 import { handleLogin } from "../callback-handler.js"
 import { handleOAuth } from "../oauth/callback.js"
 import { handleState } from "../oauth/handle-state.js"
@@ -71,7 +75,7 @@ export async function callback(params: {
       const {
         user: userFromProvider,
         account,
-        OAuthProfile,
+        profile: OAuthProfile,
       } = authorizationResult
 
       // If we don't have a profile object then either something went wrong
@@ -130,6 +134,7 @@ export async function callback(params: {
           account,
           profile: OAuthProfile,
           isNewUser,
+          trigger: isNewUser ? "signUp" : "signIn",
         })
 
         // Clear cookies if token is null
@@ -240,6 +245,7 @@ export async function callback(params: {
           user: loggedInUser,
           account,
           isNewUser,
+          trigger: isNewUser ? "signUp" : "signIn",
         })
 
         // Clear cookies if token is null
@@ -336,6 +342,7 @@ export async function callback(params: {
         // @ts-expect-error
         account,
         isNewUser: false,
+        trigger: "signIn",
       })
 
       // Clear cookies if token is null
@@ -368,6 +375,15 @@ export async function callback(params: {
       cookies,
     }
   } catch (e) {
+    if (e instanceof OAuthCallbackError) {
+      logger.error(e)
+      // REVIEW: Should we expose original error= and error_description=
+      // Should we use a different name for error= then, since we already use it for all kind of errors?
+      url.searchParams.set("error", OAuthCallbackError.name)
+      url.pathname += "/signin"
+      return { redirect: url.toString(), cookies }
+    }
+
     const error = new CallbackRouteError(e as Error, { provider: provider.id })
 
     logger.debug("callback route error details", { method, query, body })

packages/core/src/lib/routes/session.ts

@@ -6,10 +6,13 @@ import type { InternalOptions, ResponseInternal, Session } from "../../types.js"
 import type { SessionStore } from "../cookie.js"
 
 /** Return a session object filtered via `callbacks.session` */
-export async function session(
-  sessionStore: SessionStore,
+export async function session(params: {
   options: InternalOptions
-): Promise<ResponseInternal<Session | null>> {
+  sessionStore: SessionStore
+  isUpdate?: boolean
+  newSession?: any
+}): Promise<ResponseInternal<Session | null>> {
+  const { options, sessionStore, newSession, isUpdate } = params
   const {
     adapter,
     jwt,
@@ -33,23 +36,24 @@ export async function session(
     try {
       const decodedToken = await jwt.decode({ ...jwt, token: sessionToken })
 
-      const newExpires = fromDate(sessionMaxAge)
-
-      // By default, only exposes a limited subset of information to the client
-      // as needed for presentation purposes (e.g. "you are logged in as...").
-      const session = {
-        user: {
-          name: decodedToken?.name,
-          email: decodedToken?.email,
-          image: decodedToken?.picture,
-        },
-        expires: newExpires.toISOString(),
-      }
+      if (!decodedToken) throw new Error("Invalid JWT")
 
       // @ts-expect-error
-      const token = await callbacks.jwt({ token: decodedToken })
+      const token = await callbacks.jwt({
+        token: decodedToken,
+        ...(isUpdate && { trigger: "update" }),
+        session: newSession,
+      })
+
+      const newExpires = fromDate(sessionMaxAge)
 
       if (token !== null) {
+        // By default, only exposes a limited subset of information to the client
+        // as needed for presentation purposes (e.g. "you are logged in as...").
+        const session = {
+          user: { name: token.name, email: token.email, image: token.picture },
+          expires: newExpires.toISOString(),
+        }
         // @ts-expect-error
         const newSession = await callbacks.session({ session, token })
 
@@ -125,14 +129,12 @@ export async function session(
         // By default, only exposes a limited subset of information to the client
         // as needed for presentation purposes (e.g. "you are logged in as...").
         session: {
-          user: {
-            name: user.name,
-            email: user.email,
-            image: user.image,
-          },
+          user: { name: user.name, email: user.email, image: user.image },
           expires: session.expires.toISOString(),
         },
         user,
+        newSession,
+        ...(isUpdate ? { trigger: "update" } : {}),
       })
 
       // Return session payload as response

packages/core/src/providers/credentials.ts

@@ -32,12 +32,14 @@ export interface CredentialsConfig<
    * @example
    * ```ts
    * //...
-   * async authorize(, request) {
+   * async authorize(credentials, request) {
+   *   if(!isValidCredentials(credentials)) return null
    *   const response = await fetch(request)
    *   if(!response.ok) return null
    *   return await response.json() ?? null
    * }
    * //...
+   * ```
    */
   authorize: (
     /**

packages/core/src/providers/github.ts

@@ -65,6 +65,7 @@ export interface GitHubProfile {
     space: number
     private_repos: number
   }
+  [claim: string]: unknown
 }
 
 /**

packages/core/src/providers/oauth.ts

@@ -95,7 +95,7 @@ export type ProfileCallback<Profile> = (
   tokens: TokenSet
 ) => Awaitable<User>
 
-export type AccountCallback = (account: TokenSet) => TokenSet
+export type AccountCallback = (tokens: TokenSet) => TokenSet | undefined | void
 
 export interface OAuthProviderButtonStyles {
   logo: string
@@ -155,7 +155,31 @@ export interface OAuth2Config<Profile>
    * Receives the full {@link TokenSet} returned by the OAuth provider, and returns a subset.
    * It is used to create the account associated with a user in the database.
    *
-   * Defaults to: `access_token` and `id_token`
+   * :::note
+   * You need to adjust your database's [Account model](https://authjs.dev/reference/adapters#account) to match the returned properties.
+   * Check out the documentation of your [database adapter](https://authjs.dev/reference/adapters) for more information.
+   * :::
+   *
+   * Defaults to: `access_token`, `id_token`, `refresh_token`, `expires_at`, `scope`, `token_type`, `session_state`
+   *
+   * @example
+   * ```ts
+   * import GitHub from "@auth/core/providers/github"
+   * // ...
+   * GitHub({
+   *   account(account) {
+   *     // https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens#refreshing-a-user-access-token-with-a-refresh-token
+   *     const refresh_token_expires_at =
+   *       Math.floor(Date.now() / 1000) + Number(account.refresh_token_expires_in)
+   *     return {
+   *       access_token: account.access_token,
+   *       expires_at: account.expires_at,
+   *       refresh_token: account.refresh_token,
+   *       refresh_token_expires_at
+   *     }
+   *   }
+   * })
+   * ```
    *
    * @see [Database Adapter: Account model](https://authjs.dev/reference/adapters#account)
    * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
@@ -263,11 +287,9 @@ export type OIDCConfigInternal<Profile> = OAuthConfigInternal<Profile> & {
 export type OAuthUserConfig<Profile> = Omit<
   Partial<OAuthConfig<Profile>>,
   "options" | "type"
-> &
-  Required<Pick<OAuthConfig<Profile>, "clientId" | "clientSecret">>
+>
 
 export type OIDCUserConfig<Profile> = Omit<
   Partial<OIDCConfig<Profile>>,
   "options" | "type"
-> &
-  Required<Pick<OIDCConfig<Profile>, "clientId" | "clientSecret">>
+>

packages/core/src/providers/twitter.ts

@@ -99,6 +99,7 @@ export interface TwitterProfile {
       text: string
     }>
   }
+  [claims: string]: unknown
 }
 
 /**

packages/core/src/types.ts

@@ -98,7 +98,15 @@ export interface Theme {
  */
 export type TokenSet = Partial<
   OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse
->
+> & {
+  /**
+   * Date of when the `access_token` expires in seconds.
+   * This value is calculated from the `expires_in` value.
+   *
+   * @see https://www.ietf.org/rfc/rfc6749.html#section-4.2.2
+   */
+  expires_at?: number
+}
 
 /**
  * Usually contains information about the provider being used
@@ -141,32 +149,32 @@ export interface Account extends Partial<OpenIDTokenEndpointResponse> {
  * @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
  */
 export interface Profile {
-  sub: string
-  name?: string
-  given_name?: string
-  family_name?: string
-  middle_name?: string
-  nickname?: string
-  preferred_username?: string
-  profile?: string
-  picture?: string
-  website?: string
-  email?: string
-  email_verified?: boolean
-  gender?: string
-  birthdate?: string
-  zoneinfo?: string
-  locale?: string
-  phone_number?: string
-  updated_at?: number
+  sub?: string | null
+  name?: string | null
+  given_name?: string | null
+  family_name?: string | null
+  middle_name?: string | null
+  nickname?: string | null
+  preferred_username?: string | null
+  profile?: string | null
+  picture?: string | null | any
+  website?: string | null
+  email?: string | null
+  email_verified?: boolean | null
+  gender?: string | null
+  birthdate?: string | null
+  zoneinfo?: string | null
+  locale?: string | null
+  phone_number?: string | null
+  updated_at?: Date | string | number | null
   address?: {
-    formatted?: string
-    street_address?: string
-    locality?: string
-    region?: string
-    postal_code?: string
-    country?: string
-  }
+    formatted?: string | null
+    street_address?: string | null
+    locality?: string | null
+    region?: string | null
+    postal_code?: string | null
+    country?: string | null
+  } | null
   [claim: string]: unknown
 }
 
@@ -230,40 +238,86 @@ export interface CallbacksOptions<P = Profile, A = Account> {
    * If you want to make something available you added to the token through the `jwt` callback,
    * you have to explicitly forward it here to make it available to the client.
    *
-   * [Documentation](https://authjs.dev/guides/basics/callbacks#session-callback) |
-   * [`jwt` callback](https://authjs.dev/guides/basics/callbacks#jwt-callback) |
-   * [`useSession`](https://authjs.dev/reference/react/#usesession) |
-   * [`getSession`](https://authjs.dev/reference/utilities/#getsession) |
-   *
+   * @see [`jwt` callback](https://authjs.dev/reference/core/types#jwt)
    */
-  session: (params: {
-    session: Session
-    user: User | AdapterUser
-    token: JWT
-  }) => Awaitable<Session>
+  session: (
+    params:
+      | {
+          session: Session
+          /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */
+          token: JWT
+          /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */
+          user: AdapterUser
+        } & {
+          /**
+           * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session.
+           *
+           * :::note
+           * You should validate this data before using it.
+           * :::
+           */
+          newSession: any
+          trigger: "update"
+        }
+  ) => Awaitable<Session | DefaultSession>
   /**
    * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
    * or updated (i.e whenever a session is accessed in the client).
    * Its content is forwarded to the `session` callback,
    * where you can control what should be returned to the client.
-   * Anything else will be kept inaccessible from the client.
+   * Anything else will be kept from your front-end.
    *
-   * Returning `null` will invalidate the JWT session by clearing
-   * the user's cookies. You'll still have to monitor and invalidate
-   * unexpired tokens from future requests yourself to prevent
-   * unauthorized access.
+   * The JWT is encrypted by default.
    *
-   * By default the JWT is encrypted.
-   *
-   * [Documentation](https://authjs.dev/guides/basics/callbacks#jwt-callback) |
-   * [`session` callback](https://authjs.dev/guides/basics/callbacks#session-callback)
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+   * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback)
    */
   jwt: (params: {
+    /**
+     * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT},
+     * `name`, `email` and `image` will be included.
+     *
+     * Otherwise, it will be the full {@link JWT} for subsequent calls.
+     */
     token: JWT
-    user?: User | AdapterUser
-    account?: A | null
+    /**
+     * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback.
+     * @note available when `trigger` is `"signIn"` or `"signUp"`.
+     *
+     * Resources:
+     * - [Credentials Provider](https://authjs.dev/reference/core/providers_credentials)
+     * - [User database model](https://authjs.dev/reference/adapters#user)
+     */
+    user: User | AdapterUser
+    /**
+     * Contains information about the provider that was used to sign in.
+     * Also includes {@link TokenSet}
+     * @note available when `trigger` is `"signIn"` or `"signUp"`
+     */
+    account: A | null
+    /**
+     * The OAuth profile returned from your provider.
+     * (In case of OIDC it will be the decoded ID Token or /userinfo response)
+     * @note available when `trigger` is `"signIn"`.
+     */
     profile?: P
+    /**
+     * Check why was the jwt callback invoked. Possible reasons are:
+     * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present.
+     * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`)
+     * - update event: Triggered by the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+     * In case of the latter, `trigger` will be `undefined`.
+     */
+    trigger?: "signIn" | "signUp" | "update"
+    /** @deprecated use `trigger === "signUp"` instead */
     isNewUser?: boolean
+    /**
+     * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data
+     * sent from the client via the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+     *
+     * ⚠ Note, you should validate this data before using it.
+     */
+    session?: any
   }) => Awaitable<JWT | null>
 }
 
@@ -337,7 +391,7 @@ export type ErrorPageParam = "Configuration" | "AccessDenied" | "Verification"
 export type SignInPageErrorParam =
   | "Signin"
   | "OAuthSignin"
-  | "OAuthCallback"
+  | "OAuthCallbackError"
   | "OAuthCreateAccount"
   | "EmailCreateAccount"
   | "Callback"
@@ -443,7 +497,9 @@ export type InternalProvider<T = ProviderType> = (T extends "oauth"
  * :::
  * - **`"error"`**: Renders the built-in error page.
  * - **`"providers"`**: Returns a client-safe list of all configured providers.
- * - **`"session"`**: Returns the user's session if it exists, otherwise `null`.
+ * - **`"session"`**:
+ *   - **`GET**`: Returns the user's session if it exists, otherwise `null`.
+ *   - **`POST**`: Updates the user's session and returns the updated session.
  * - **`"signin"`**:
  *   - **`GET`**: Renders the built-in sign-in page.
  *   - **`POST`**: Initiates the sign-in flow.

packages/frameworks-solid-start/src/client.ts

@@ -51,7 +51,7 @@ export async function signIn<
       "Content-Type": "application/x-www-form-urlencoded",
       "X-Auth-Return-Redirect": "1",
     },
-    // @ts-expect-error -- ignore
+    // @ts-ignore
     body: new URLSearchParams({
       ...options,
       csrfToken,

packages/frameworks-sveltekit/src/lib/client.ts

@@ -52,7 +52,7 @@ export async function signIn<
       "Content-Type": "application/x-www-form-urlencoded",
       "X-Auth-Return-Redirect": "1",
     },
-    // @ts-expect-error -- ignore
+    // @ts-ignore
     body: new URLSearchParams({
       ...options,
       csrfToken,

packages/next-auth/.npmrc

@@ -0,0 +1 @@
+//registry.npmjs.org/:_authToken=${NPM_TOKEN}

packages/next-auth/README.md

@@ -0,0 +1,261 @@
+<p align="center">
+   <br/>
+   <a href="https://next-auth.js.org" target="_blank"><img width="150px" src="https://next-auth.js.org/img/logo/logo-sm.png" /></a>
+   <h3 align="center">NextAuth.js</h3>
+   <p align="center">Authentication for Next.js</p>
+   <p align="center">
+   Open Source. Full Stack. Own Your Data.
+   </p>
+   <p align="center" style="align: center;">
+      <a href="https://github.com/nextauthjs/next-auth/actions/workflows/release.yml?query=workflow%3ARelease">
+        <img src="https://github.com/nextauthjs/next-auth/actions/workflows/release.yml/badge.svg" alt="Release" />
+      </a>
+      <a href="https://packagephobia.com/result?p=next-auth">
+        <img src="https://packagephobia.com/badge?p=next-auth" alt="Bundle Size"/>
+      </a>
+      <a href="https://www.npmtrends.com/next-auth">
+        <img src="https://img.shields.io/npm/dm/next-auth" alt="Downloads" />
+      </a>
+      <a href="https://github.com/nextauthjs/next-auth/stargazers">
+        <img src="https://img.shields.io/github/stars/nextauthjs/next-auth" alt="Github Stars" />
+      </a>
+      <a href="https://www.npmjs.com/package/next-auth">
+        <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?label=latest" alt="Github Stable Release" />
+      </a>
+   </p>
+</p>
+
+## Overview
+
+NextAuth.js is a complete open source authentication solution for [Next.js](http://nextjs.org/) applications.
+
+It is designed from the ground up to support Next.js and Serverless.
+
+This is a monorepo containing the following packages / projects:
+
+1. The primary `next-auth` package
+2. A development test application
+3. All `@next-auth/*-adapter` packages
+4. The documentation site
+
+## Getting Started
+
+```
+npm install next-auth
+```
+
+The easiest way to continue getting started, is to follow the [getting started](https://next-auth.js.org/getting-started/example) section in our docs.
+
+We also have a section of [tutorials](https://next-auth.js.org/tutorials) for those looking for more specific examples.
+
+See [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
+
+## Features
+
+### Flexible and easy to use
+
+- Designed to work with any OAuth service, it supports OAuth 1.0, 1.0A and 2.0
+- Built-in support for [many popular sign-in services](https://next-auth.js.org/providers)
+- Supports email / passwordless authentication
+- Supports stateless authentication with any backend (Active Directory, LDAP, etc)
+- Supports both JSON Web Tokens and database sessions
+- Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
+
+### Own your own data
+
+NextAuth.js can be used with or without a database.
+
+- An open source solution that allows you to keep control of your data
+- Supports Bring Your Own Database (BYOD) and can be used with any database
+- Built-in support for [MySQL, MariaDB, Postgres, Microsoft SQL Server, MongoDB and SQLite](https://next-auth.js.org/configuration/databases)
+- Works great with databases from popular hosting providers
+- Can also be used _without a database_ (e.g. OAuth + JWT)
+
+### Secure by default
+
+- Promotes the use of passwordless sign-in mechanisms
+- Designed to be secure by default and encourage best practices for safeguarding user data
+- Uses Cross-Site Request Forgery (CSRF) Tokens on POST routes (sign in, sign out)
+- Default cookie policy aims for the most restrictive policy appropriate for each cookie
+- When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM
+- Auto-generates symmetric signing and encryption keys for developer convenience
+- Features tab/window syncing and session polling to support short lived sessions
+- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org)
+
+Advanced options allow you to define your own routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who is able to sign in and how often sessions have to be re-validated.
+
+### TypeScript
+
+NextAuth.js comes with built-in types. For more information and usage, check out
+the [TypeScript section](https://next-auth.js.org/getting-started/typescript) in the documentation.
+
+## Example
+
+### Add API Route
+
+```javascript
+// pages/api/auth/[...nextauth].js
+import NextAuth from "next-auth"
+import AppleProvider from "next-auth/providers/apple"
+import GoogleProvider from "next-auth/providers/google"
+import EmailProvider from "next-auth/providers/email"
+
+export default NextAuth({
+  secret: process.env.SECRET,
+  providers: [
+    // OAuth authentication providers
+    AppleProvider({
+      clientId: process.env.APPLE_ID,
+      clientSecret: process.env.APPLE_SECRET,
+    }),
+    GoogleProvider({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+    }),
+    // Sign in with passwordless email link
+    EmailProvider({
+      server: process.env.MAIL_SERVER,
+      from: "<no-reply@example.com>",
+    }),
+  ],
+})
+```
+
+### Add React Hook
+
+The `useSession()` React Hook in the NextAuth.js client is the easiest way to check if someone is signed in.
+
+```javascript
+import { useSession, signIn, signOut } from "next-auth/react"
+
+export default function Component() {
+  const { data: session } = useSession()
+  if (session) {
+    return (
+      <>
+        Signed in as {session.user.email} <br />
+        <button onClick={() => signOut()}>Sign out</button>
+      </>
+    )
+  }
+  return (
+    <>
+      Not signed in <br />
+      <button onClick={() => signIn()}>Sign in</button>
+    </>
+  )
+}
+```
+
+### Share/configure session state
+
+Use the `<SessionProvider>` to allow instances of `useSession()` to share the session object across components. It also takes care of keeping the session updated and synced between tabs/windows.
+
+```jsx title="pages/_app.js"
+import { SessionProvider } from "next-auth/react"
+
+export default function App({
+  Component,
+  pageProps: { session, ...pageProps },
+}) {
+  return (
+    <SessionProvider session={session}>
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}
+```
+
+## Security
+
+If you think you have found a vulnerability (or not sure) in NextAuth.js or any of the related packages (i.e. Adapters), we ask you to have a read of our [Security Policy](https://github.com/nextauthjs/next-auth/blob/main/SECURITY.md) to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.
+
+## Acknowledgments
+
+[NextAuth.js is made possible thanks to all of its contributors.](https://next-auth.js.org/contributors)
+
+<a href="https://github.com/nextauthjs/next-auth/graphs/contributors">
+  <img width="500px" src="https://contrib.rocks/image?repo=nextauthjs/next-auth" />
+</a>
+<div>
+<a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss"></a>
+</div>
+
+### Support
+
+We're happy to announce we've recently created an [OpenCollective](https://opencollective.com/nextauth) for individuals and companies looking to contribute financially to the project!
+
+<!--sponsors start-->
+<table>
+  <tbody>
+    <tr>
+      <td align="center" valign="top">
+        <a href="https://vercel.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/14985020?v=4" alt="Vercel Logo" />
+        </a><br />
+        <div>Vercel</div><br />
+        <sub>🥉 Bronze Financial Sponsor <br /> ☁️ Infrastructure Support</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://prisma.io" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/17219288?v=4" alt="Prisma Logo" />
+        </a><br />
+        <div>Prisma</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://clerk.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/49538330?s=200&v=4" alt="Clerk Logo" />
+        </a><br />
+        <div>Clerk</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://lowdefy.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/47087496?s=200&v=4" alt="Lowdefy Logo" />
+        </a><br />
+        <div>Lowdefy</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://workos.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/47638084?s=200&v=4" alt="WorkOS Logo" />
+        </a><br />
+        <div>WorkOS</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://www.descope.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/97479186?v=4" alt="Descope Logo" />
+        </a><br />
+        <div>Descope</div><br />
+        <sub>🥉 Bronze Financial Sponsor</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://checklyhq.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/25982255?v=4" alt="Checkly Logo" />
+        </a><br />
+        <div>Checkly</div><br />
+        <sub>☁️ Infrastructure Support</sub>
+      </td>
+      <td align="center" valign="top">
+        <a href="https://superblog.ai/" target="_blank">
+          <img width="128px" src="https://d33wubrfki0l68.cloudfront.net/cdc4a3833bd878933fcc131655878dbf226ac1c5/10cd6/images/logo_bolt_small.png" alt="superblog Logo" />
+        </a><br />
+        <div>superblog</div><br />
+        <sub>☁️ Infrastructure Support</sub>
+      </td>
+    </tr><tr></tr>
+  </tbody>
+</table>
+<br />
+<!--sponsors end-->
+
+## Contributing
+
+We're open to all community contributions! If you'd like to contribute in any way, please first read
+our [Contributing Guide](https://github.com/nextauthjs/.github/blob/main/CONTRIBUTING.md).
+
+## License
+
+ISC

packages/next-auth/config/babel.config.js

@@ -0,0 +1,62 @@
+// @ts-check
+// We aim to have the same support as Next.js
+// https://nextjs.org/docs/getting-started#system-requirements
+// https://nextjs.org/docs/basic-features/supported-browsers-features
+
+/** @type {import("@babel/core").ConfigFunction} */
+module.exports = (api) => {
+  const isTest = api.env("test")
+  if (isTest) {
+    return {
+      presets: [
+        "@babel/preset-env",
+        ["@babel/preset-react", { runtime: "automatic" }],
+        ["@babel/preset-typescript", { isTSX: true, allExtensions: true }],
+      ],
+    }
+  }
+  return {
+    presets: [
+      ["@babel/preset-env", { targets: { node: 12 } }],
+      "@babel/preset-typescript",
+    ],
+    plugins: [
+      "@babel/plugin-proposal-optional-catch-binding",
+      "@babel/plugin-transform-runtime",
+    ],
+    ignore: [
+      "../src/**/__tests__/**",
+      "../src/adapters.ts",
+      "../src/providers/oauth-types.ts",
+    ],
+    comments: false,
+    overrides: [
+      {
+        test: [
+          "../src/react/index.tsx",
+          "../src/utils/logger.ts",
+          "../src/core/errors.ts",
+          "../src/client/**",
+        ],
+        presets: [
+          ["@babel/preset-env", { targets: { ie: 11 } }],
+          ["@babel/preset-react", { runtime: "automatic" }],
+        ],
+      },
+      {
+        test: ["../src/core/pages/*.tsx"],
+        presets: ["preact"],
+        plugins: [
+          [
+            "jsx-pragmatic",
+            {
+              module: "preact",
+              export: "h",
+              import: "h",
+            },
+          ],
+        ],
+      },
+    ],
+  }
+}

packages/next-auth/config/generate-providers.js

@@ -0,0 +1,18 @@
+const path = require("path")
+const fs = require("fs")
+
+const providersPath = path.join(process.cwd(), "src/providers")
+
+const files = fs.readdirSync(providersPath, "utf8")
+
+const providers = files.map((file) => {
+  const strippedProviderName = file.substring(0, file.indexOf("."))
+  return `"${strippedProviderName}"`
+})
+
+const result = `
+// THIS FILE IS AUTOGENERATED. DO NOT EDIT.
+export type OAuthProviderType = 
+  | ${providers.join("\n  | ")}`
+
+fs.writeFileSync(path.join(providersPath, "oauth-types.ts"), result)

packages/next-auth/config/jest-setup.js

@@ -0,0 +1,3 @@
+import "regenerator-runtime/runtime"
+import "@testing-library/jest-dom"
+import "whatwg-fetch"

packages/next-auth/config/jest.config.js

@@ -0,0 +1,43 @@
+const swcConfig = require("./swc.config")
+
+/** @type {import('jest').Config} */
+module.exports = {
+  projects: [
+    {
+      displayName: "core",
+      testMatch: ["<rootDir>/tests/**/*.test.ts"],
+      rootDir: ".",
+      transform: {
+        "\\.(js|jsx|ts|tsx)$": ["@swc/jest", swcConfig],
+      },
+      coveragePathIgnorePatterns: ["tests"],
+      testEnvironment: "@edge-runtime/jest-environment",
+      transformIgnorePatterns: ["node_modules/(?!uuid)/"],
+      /** @type {import("@edge-runtime/vm").EdgeVMOptions} */
+      testEnvironmentOptions: {
+        codeGeneration: {
+          strings: true,
+        },
+      },
+    },
+    {
+      displayName: "client",
+      testMatch: ["<rootDir>/src/client/**/*.test.js"],
+      setupFilesAfterEnv: ["./config/jest-setup.js"],
+      rootDir: ".",
+      transform: {
+        "\\.(js|jsx|ts|tsx)$": ["@swc/jest", swcConfig],
+      },
+      testEnvironment: "jsdom",
+      coveragePathIgnorePatterns: ["__tests__"],
+    },
+  ],
+  watchPlugins: [
+    "jest-watch-typeahead/filename",
+    "jest-watch-typeahead/testname",
+  ],
+  collectCoverage: true,
+  coverageDirectory: "../coverage",
+  coverageReporters: ["html", "text-summary"],
+  collectCoverageFrom: ["src/**/*.(js|jsx|ts|tsx)"],
+}

packages/next-auth/config/postcss.config.js

@@ -0,0 +1,7 @@
+module.exports = {
+  plugins: [
+    require('autoprefixer'),
+    require('postcss-nested'),
+    require('cssnano')({ preset: 'default' })
+  ]
+}

packages/next-auth/config/swc.config.js

@@ -0,0 +1,18 @@
+/** @type {import("@swc/core").Config} */
+module.exports = {
+  jsc: {
+    parser: {
+      syntax: "typescript",
+      tsx: true,
+    },
+    transform: {
+      react: {
+        runtime: "automatic",
+        pragma: "React.createElement",
+        pragmaFrag: "React.Fragment",
+        throwIfNamespace: true,
+        useBuiltins: true,
+      },
+    },
+  },
+}

packages/next-auth/config/wrap-css.js

@@ -0,0 +1,17 @@
+// Serverless target in Next.js does not work if you try to read in files at runtime
+// that are not JavaScript or JSON (e.g. CSS files).
+// https://github.com/nextauthjs/next-auth/issues/281
+//
+// To work around this issue, this script is a manual step that wraps CSS in a
+// JavaScript file that has the compiled CSS embedded in it, and exports only
+// a function that returns the CSS as a string.
+const fs = require("fs")
+const path = require("path")
+
+const pathToCss = path.join(__dirname, "../css/index.css")
+const css = fs.readFileSync(pathToCss, "utf8")
+const cssWithEscapedQuotes = css.replace(/"/gm, '\\"')
+
+const js = `module.exports = function() { return "${cssWithEscapedQuotes}" }`
+const pathToCssJs = path.join(__dirname, "../css/index.js")
+fs.writeFileSync(pathToCssJs, js)

packages/next-auth/package.json

@@ -2,7 +2,7 @@
   "name": "next-auth",
   "version": "4.22.1",
   "description": "Authentication for Next.js",
-  "homepage": "https://nextjs.authjs.dev",
+  "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "author": "Iain Collins <me@iaincollins.com>",
   "contributors": [
@@ -11,6 +11,9 @@
     "Lluis Agusti <hi@llu.lu>",
     "Thang Huu Vu <thvu@hey.com>"
   ],
+  "main": "index.js",
+  "module": "index.js",
+  "types": "index.d.ts",
   "keywords": [
     "react",
     "nodejs",
@@ -23,59 +26,104 @@
     "oidc",
     "nextauth"
   ],
-  "type": "module",
-  "types": "./index.d.ts",
   "exports": {
-    ".": {
-      "types": "./index.d.ts",
-      "import": "./index.js"
-    },
-    "./adapters": {
-      "types": "./adapters.d.ts"
-    },
-    "./jwt": {
-      "types": "./jwt.d.ts",
-      "import": "./jwt.js"
-    },
-    "./middleware": {
-      "types": "./middleware.d.ts",
-      "import": "./middleware.js"
-    },
-    "./next": {
-      "types": "./next.d.ts",
-      "import": "./next.js"
-    },
-    "./providers": {
-      "types": "./providers.d.ts"
-    },
-    "./react": {
-      "types": "./react.d.ts",
-      "import": "./react.js"
-    },
-    "./package.json": "./package.json"
+    ".": "./index.js",
+    "./jwt": "./jwt/index.js",
+    "./react": "./react/index.js",
+    "./core": "./core/index.js",
+    "./next": "./next/index.js",
+    "./middleware": "./middleware.js",
+    "./client/_utils": "./client/_utils.js",
+    "./providers/*": "./providers/*.js"
   },
   "scripts": {
-    "dev": "tsc -w",
-    "clean": "rm -rf *.js *.d.ts lib",
-    "build": "pnpm clean && tsc"
+    "build": "pnpm clean && pnpm build:js && pnpm build:css",
+    "build:js": "pnpm clean && pnpm generate-providers && pnpm tsc --project tsconfig.json && babel --config-file ./config/babel.config.js src --out-dir . --extensions \".tsx,.ts,.js,.jsx\"",
+    "clean": "rm -rf coverage client css utils providers core jwt react next index.d.ts index.js adapters.d.ts middleware.d.ts middleware.js",
+    "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir . && node config/wrap-css.js",
+    "dev": "pnpm clean && pnpm generate-providers && concurrently \"pnpm watch:css\" \"pnpm watch:ts\"",
+    "watch:ts": "pnpm tsc --project tsconfig.dev.json",
+    "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir .",
+    "test": "jest --config ./config/jest.config.js",
+    "prepublishOnly": "pnpm build",
+    "generate-providers": "node ./config/generate-providers.js",
+    "lint": "eslint src config tests"
   },
   "files": [
-    "*.js",
-    "*.d.ts",
+    "client",
+    "core",
+    "css",
+    "jwt",
     "lib",
-    "src"
+    "next",
+    "providers",
+    "react",
+    "src",
+    "utils",
+    "*.d.ts*",
+    "*.js"
   ],
-  "devDependencies": {
-    "@types/react": "18.0.37",
-    "typescript": "^4",
-    "next": "13.3.3"
-  },
   "license": "ISC",
   "dependencies": {
-    "@auth/core": "workspace:*"
+    "@babel/runtime": "^7.20.13",
+    "@panva/hkdf": "^1.0.2",
+    "cookie": "^0.5.0",
+    "jose": "^4.11.4",
+    "oauth": "^0.9.15",
+    "openid-client": "^5.4.0",
+    "preact": "^10.6.3",
+    "preact-render-to-string": "^5.1.19",
+    "uuid": "^8.3.2"
   },
   "peerDependencies": {
-    "next": "^13.3.3",
-    "react": "^18.2.0"
+    "next": "^12.2.5 || ^13",
+    "nodemailer": "^6.6.5",
+    "react": "^17.0.2 || ^18",
+    "react-dom": "^17.0.2 || ^18"
+  },
+  "peerDependenciesMeta": {
+    "nodemailer": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@babel/cli": "^7.17.10",
+    "@babel/core": "^7.18.2",
+    "@babel/plugin-proposal-optional-catch-binding": "^7.16.7",
+    "@babel/plugin-transform-runtime": "^7.18.2",
+    "@babel/preset-env": "^7.18.2",
+    "@babel/preset-react": "^7.17.12",
+    "@babel/preset-typescript": "^7.17.12",
+    "@edge-runtime/jest-environment": "1.1.0-beta.35",
+    "@next-auth/tsconfig": "workspace:*",
+    "@swc/core": "^1.2.198",
+    "@swc/jest": "^0.2.21",
+    "@testing-library/dom": "^8.13.0",
+    "@testing-library/jest-dom": "^5.16.4",
+    "@testing-library/react": "^13.3.0",
+    "@testing-library/react-hooks": "^8.0.0",
+    "@testing-library/user-event": "^14.2.0",
+    "@types/jest": "^28.1.3",
+    "@types/node": "^17.0.42",
+    "@types/nodemailer": "^6.4.4",
+    "@types/oauth": "^0.9.1",
+    "@types/react": "18.0.37",
+    "@types/react-dom": "^18.0.6",
+    "autoprefixer": "^10.4.7",
+    "babel-plugin-jsx-pragmatic": "^1.0.2",
+    "babel-preset-preact": "^2.0.0",
+    "concurrently": "^7",
+    "cssnano": "^5.1.11",
+    "jest": "^28.1.1",
+    "jest-environment-jsdom": "^28.1.1",
+    "jest-watch-typeahead": "^1.1.0",
+    "msw": "^0.42.3",
+    "next": "13.3.0",
+    "postcss": "^8.4.14",
+    "postcss-cli": "^9.1.0",
+    "postcss-nested": "^5.0.6",
+    "react": "^18",
+    "react-dom": "^18",
+    "whatwg-fetch": "^3.6.2"
   }
 }

packages/next-auth/provider-logos/apple-dark.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="4 32 376.4 449.4" width="32" height="32">
+  <title>Apple icon</title>
+  <path fill="#fff" d="M318.7 268.7c-.2-36.7 16.4-64.4 50-84.8-18.8-26.9-47.2-41.7-84.7-44.6-35.5-2.8-74.3 20.7-88.5 20.7-15 0-49.4-19.7-76.4-19.7C63.3 141.2 4 184.8 4 273.5q0 39.3 14.4 81.2c12.8 36.7 59 126.7 107.2 125.2 25.2-.6 43-17.9 75.8-17.9 31.8 0 48.3 17.9 76.4 17.9 48.6-.7 90.4-82.5 102.6-119.3-65.2-30.7-61.7-90-61.7-91.9zm-56.6-164.2c27.3-32.4 24.8-61.9 24-72.5-24.1 1.4-52 16.4-67.9 34.9-17.5 19.8-27.8 44.3-25.6 71.9 26.1 2 49.9-11.4 69.5-34.3z"/>
+</svg>

packages/next-auth/provider-logos/apple.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="4 32 376.4 449.4" width="32" height="32">
+  <title>Apple icon</title>
+  <path d="M318.7 268.7c-.2-36.7 16.4-64.4 50-84.8-18.8-26.9-47.2-41.7-84.7-44.6-35.5-2.8-74.3 20.7-88.5 20.7-15 0-49.4-19.7-76.4-19.7C63.3 141.2 4 184.8 4 273.5q0 39.3 14.4 81.2c12.8 36.7 59 126.7 107.2 125.2 25.2-.6 43-17.9 75.8-17.9 31.8 0 48.3 17.9 76.4 17.9 48.6-.7 90.4-82.5 102.6-119.3-65.2-30.7-61.7-90-61.7-91.9zm-56.6-164.2c27.3-32.4 24.8-61.9 24-72.5-24.1 1.4-52 16.4-67.9 34.9-17.5 19.8-27.8 44.3-25.6 71.9 26.1 2 49.9-11.4 69.5-34.3z"/>
+</svg>