chore(release): bump version [skip ci]

fix(next): returns correct status for signing in with redirect: false for route handler (#8775 )
* fix: returns status for signing in with credentials provider `redirect: false` * chore: format cookie.ts
2026-05-01 10:55:20 +00:00 · 2023-10-02 18:57:37 +07:00 · 2023-10-02 18:48:36 +07:00 · 2023-10-02 01:03:25 +01:00 · 2023-10-02 01:37:14 +02:00 · 2023-10-02 01:34:55 +02:00
107 changed files with 1550 additions and 3302 deletions
--- a/.github/pr-labeler.yml
+++ b/.github/pr-labeler.yml
@@ -54,7 +54,7 @@ upstash-redis:
 xata:
  - packages/adapter-xata/**

-core:
+legacy:
  - packages/next-auth/src/**/*

 style:
--- a/.github/sync.yml
+++ b/.github/sync.yml
@@ -1,7 +0,0 @@
-# This is a legacy example pushed from the v4 branch
-nextauthjs/next-auth-example:
-  - source: apps/example-nextjs
-    dest: .
-    deleteOrphaned: true
-  - .github/FUNDING.yml
-  - LICENSE
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,11 +32,16 @@ jobs:
        run: pnpm install
      - name: Build
        run: pnpm build
+        env:
+          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+          TURBO_TEAM: ${{ vars.TURBO_TEAM }}
      - name: Run tests
        run: pnpm test
        env:
          UPSTASH_REDIS_URL: ${{ secrets.UPSTASH_REDIS_URL }}
          UPSTASH_REDIS_KEY: ${{ secrets.UPSTASH_REDIS_KEY }}
+          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+          TURBO_TEAM: ${{ vars.TURBO_TEAM }}
      # - name: Coverage
      #   uses: codecov/codecov-action@v1
      #   with:
--- a/.github/workflows/sync-examples.yml
+++ b/.github/workflows/sync-examples.yml
@@ -1,18 +0,0 @@
-name: Sync Example Repositories
-on:
-  push:
-    branches:
-      - v4
-  workflow_dispatch:
-jobs:
-  sync:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-      - name: Run GitHub File Sync
-        # Can update to v1 when https://github.com/BetaHuhn/repo-file-sync-action/issues/168 is resolved
-        uses: BetaHuhn/repo-file-sync-action@v1.16.5
-        with:
-          GH_PAT: ${{ secrets.GH_PAT_CLASSIC }}
-          SKIP_PR: true
--- a/.gitignore
+++ b/.gitignore
@@ -34,13 +34,9 @@ packages/next-auth/utils
 packages/next-auth/core
 packages/next-auth/jwt
 packages/next-auth/react
-packages/next-auth/adapters.d.ts
-packages/next-auth/adapters.js
-packages/next-auth/index.d.ts
-packages/next-auth/index.js
+packages/next-auth/*.d.ts*
+packages/next-auth/*.js
 packages/next-auth/next
-packages/next-auth/middleware.d.ts
-packages/next-auth/middleware.js

 # Development app
 apps/dev/src/css
--- a/apps/dev/app/api/auth/[...nextauth]/route.ts
+++ b/apps/dev/app/api/auth/[...nextauth]/route.ts
@@ -0,0 +1,25 @@
+import NextAuth, { type NextAuthOptions } from "next-auth"
+import GitHub from "next-auth/providers/github"
+// import { NextRequest } from "next/server"
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    GitHub({
+      clientId: process.env.GITHUB_ID as string,
+      clientSecret: process.env.GITHUB_SECRET as string,
+    }),
+  ],
+}
+
+/**
+ * Advanced Initialization - route handler
+ */
+// const handler = async (
+//   req: NextRequest,
+//   routeContext: { params: { nextauth: string[] } }
+// ): Promise<any> => {
+//   return NextAuth(req, routeContext, authOptions)
+// }
+
+const handler = NextAuth(authOptions)
+export { handler as GET, handler as POST }
--- a/apps/dev/next-env.d.ts
+++ b/apps/dev/next-env.d.ts
@@ -1,5 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
+/// <reference types="next/navigation-types/compat/navigation" />

 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/basic-features/typescript for more information.
--- a/apps/dev/package.json
+++ b/apps/dev/package.json
@@ -21,7 +21,7 @@
    "@prisma/client": "^3",
    "@supabase/supabase-js": "^2.0.5",
    "faunadb": "^4",
-    "next": "13.0.6",
+    "next": "13.4.12",
    "next-auth": "workspace:*",
    "nodemailer": "^6",
    "react": "^18",
@@ -29,7 +29,7 @@
  },
  "devDependencies": {
    "@types/jsonwebtoken": "^8.5.5",
-    "@types/react": "^18.0.15",
+    "@types/react": "^18.0.37",
    "@types/react-dom": "^18.0.6",
    "fake-smtp-server": "^0.8.0",
    "pg": "^8.7.3",
--- a/apps/dev/pages/api/auth-old/[...nextauth].ts
+++ b/apps/dev/pages/api/auth-old/[...nextauth].ts
--- a/apps/dev/tsconfig.json
+++ b/apps/dev/tsconfig.json
@@ -23,7 +23,8 @@
      {
        "name": "next"
      }
-    ]
+    ],
+    "strictNullChecks": true
  },
  "include": [
    "next-env.d.ts",
--- a/apps/example-nextjs/package.json
+++ b/apps/example-nextjs/package.json
@@ -26,7 +26,7 @@
  },
  "devDependencies": {
    "@types/node": "^17",
-    "@types/react": "^18.0.15",
+    "@types/react": "^18.0.37",
    "typescript": "^4"
  }
 }
--- a/docs/docs/adapters.md
+++ b/docs/docs/adapters.md
@@ -0,0 +1,23 @@
+---
+id: adapters
+title: Adapters
+---
+
+Visit the [authjs.dev](https://authjs.dev/reference/adapters) page for the up-to-date documentation.
+
+- [Dgraph](https://authjs.dev/reference/adapter/dgraph)
+- [Drizzle](https://authjs.dev/reference/adapter/drizzle)
+- [DynamoDB](https://authjs.dev/reference/adapter/dynamodb)
+- [Fauna](https://authjs.dev/reference/adapter/fauna)
+- [Firebase](https://authjs.dev/reference/adapter/firebase)
+- [kysely](https://authjs.dev/reference/adapter/kysely)
+- [MikroORM](https://authjs.dev/reference/adapter/mikro-orm)
+- [MongoDB](https://authjs.dev/reference/adapter/mongodb)
+- [neo4j](https://authjs.dev/reference/adapter/neo4j)
+- [Prisma](https://authjs.dev/reference/adapter/prisma)
+- [PouchDB](https://authjs.dev/reference/adapter/pouchdb)
+- [Sequelize](https://authjs.dev/reference/adapter/sequelize)
+- [Supabase](https://authjs.dev/reference/adapter/supabase)
+- [TypeORM](https://authjs.dev/reference/adapter/typeorm)
+- [Upstash Redis](https://authjs.dev/reference/adapter/upstash-redis)
+- [Xata](https://authjs.dev/reference/adapter/xata)
--- a/docs/docs/adapters/dgraph.md
+++ b/docs/docs/adapters/dgraph.md
@@ -1,250 +0,0 @@
---
-id: dgraph
-title: Dgraph
---
-
-# Dgraph
-
-This is the Dgraph Adapter for [`next-auth`](https://next-auth.js.org).
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/dgraph-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { DgraphAdapter } from "@next-auth/dgraph-adapter"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [],
-  adapter: DgraphAdapter({
-    endpoint: process.env.DGRAPH_GRAPHQL_ENDPOINT,
-    authToken: process.env.DGRAPH_GRAPHQL_KEY,
-
-    // you can omit the following properties if you are running an unsecure schema
-    authHeader: process.env.AUTH_HEADER, // default: "Authorization",
-    jwtSecret: process.env.SECRET,
-  }),
-})
-```
-
-## Quick start with the unsecure schema
-
-The quickest way to use Dgraph is by applying the unsecure schema to your [local](https://dgraph.io/docs/graphql/admin/#modifying-a-schema) Dgraph instance or if using Dgraph [cloud](https://dgraph.io/docs/cloud/cloud-quick-start/#the-schema) you can paste the schema in the codebox to update.
-
-:::warning
-This approach is not secure or for production use, and does not require a `jwtSecret`.
-:::
-
-> This schema is adapted for use in Dgraph and based upon our main [schema](/adapters/models)
-
-#### Unsecure schema
-
-```graphql
-type Account {
-  id: ID
-  type: String
-  provider: String @search(by: [hash])
-  providerAccountId: String @search(by: [hash])
-  refreshToken: String
-  expires_at: Int64
-  accessToken: String
-  token_type: String
-  refresh_token: String
-  access_token: String
-  scope: String
-  id_token: String
-  session_state: String
-  user: User @hasInverse(field: "accounts")
-}
-type Session {
-  id: ID
-  expires: DateTime
-  sessionToken: String @search(by: [hash])
-  user: User @hasInverse(field: "sessions")
-}
-type User {
-  id: ID
-  name: String
-  email: String @search(by: [hash])
-  emailVerified: DateTime
-  image: String
-  accounts: [Account] @hasInverse(field: "user")
-  sessions: [Session] @hasInverse(field: "user")
-}
-
-type VerificationToken {
-  id: ID
-  identifier: String @search(by: [hash])
-  token: String @search(by: [hash])
-  expires: DateTime
-}
-```
-
-## Securing your database
-
-For production deployments you will want to restrict the access to the types used
-by next-auth. The main form of access control used in Dgraph is via `@auth` directive alongide types in the schema.
-
-#### Secure schema
-
-```graphql
-type Account
-  @auth(
-    delete: { rule: "{$nextAuth: { eq: true } }" }
-    add: { rule: "{$nextAuth: { eq: true } }" }
-    query: { rule: "{$nextAuth: { eq: true } }" }
-    update: { rule: "{$nextAuth: { eq: true } }" }
-  ) {
-  id: ID
-  type: String
-  provider: String @search(by: [hash])
-  providerAccountId: String @search(by: [hash])
-  refreshToken: String
-  expires_at: Int64
-  accessToken: String
-  token_type: String
-  refresh_token: String
-  access_token: String
-  scope: String
-  id_token: String
-  session_state: String
-  user: User @hasInverse(field: "accounts")
-}
-type Session
-  @auth(
-    delete: { rule: "{$nextAuth: { eq: true } }" }
-    add: { rule: "{$nextAuth: { eq: true } }" }
-    query: { rule: "{$nextAuth: { eq: true } }" }
-    update: { rule: "{$nextAuth: { eq: true } }" }
-  ) {
-  id: ID
-  expires: DateTime
-  sessionToken: String @search(by: [hash])
-  user: User @hasInverse(field: "sessions")
-}
-type User
-  @auth(
-    query: {
-      or: [
-        {
-          rule: """
-          query ($userId: String!) {queryUser(filter: { id: { eq: $userId } } ) {id}}
-          """
-        }
-        { rule: "{$nextAuth: { eq: true } }" }
-      ]
-    }
-    delete: { rule: "{$nextAuth: { eq: true } }" }
-    add: { rule: "{$nextAuth: { eq: true } }" }
-    update: {
-      or: [
-        {
-          rule: """
-          query ($userId: String!) {queryUser(filter: { id: { eq: $userId } } ) {id}}
-          """
-        }
-        { rule: "{$nextAuth: { eq: true } }" }
-      ]
-    }
-  ) {
-  id: ID
-  name: String
-  email: String @search(by: [hash])
-  emailVerified: DateTime
-  image: String
-  accounts: [Account] @hasInverse(field: "user")
-  sessions: [Session] @hasInverse(field: "user")
-}
-
-type VerificationToken
-  @auth(
-    delete: { rule: "{$nextAuth: { eq: true } }" }
-    add: { rule: "{$nextAuth: { eq: true } }" }
-    query: { rule: "{$nextAuth: { eq: true } }" }
-    update: { rule: "{$nextAuth: { eq: true } }" }
-  ) {
-  id: ID
-  identifier: String @search(by: [hash])
-  token: String @search(by: [hash])
-  expires: DateTime
-}
-
-# Dgraph.Authorization {"VerificationKey":"<YOUR JWT SECRET HERE>","Header":"<YOUR AUTH HEADER HERE>","Namespace":"<YOUR CUSTOM NAMESPACE HERE>","Algo":"HS256"}
-```
-
-#### Dgraph.Authorization
-
-In order to secure your graphql backend define the `Dgraph.Authorization` object at the
-bottom of your schema and provide `authHeader` and `jwtSecret` values to the DgraphClient.
-
-```js
-# Dgraph.Authorization {"VerificationKey":"<YOUR JWT SECRET HERE>","Header":"<YOUR AUTH HEADER HERE>","Namespace":"YOUR CUSTOM NAMESPACE HERE","Algo":"HS256"}
-```
-
-#### VerificationKey and jwtSecret
-
-This is the key used to sign the JWT. Ex. `process.env.SECRET` or `process.env.APP_SECRET`.
-
-#### Header and authHeader
-
-The `Header` tells Dgraph where to lookup a JWT within the headers of the incoming requests made to the dgraph server.
-You have to configure it at the bottom of your schema file. This header is the same as the `authHeader` property you
-provide when you instantiate the `DgraphClient`.
-
-#### The nextAuth secret
-
-The `$nextAuth` secret is securely generated using the `jwtSecret` and injected by the DgraphAdapter in order to allow interacting with the JWT DgraphClient for anonymous user requests made within the system `ie. login, register`. This allows
-secure interactions to be made with all the auth types required by next-auth. You have to specify it for each auth rule of
-each type defined in your secure schema.
-
-```js
-type VerificationRequest
-  @auth(
-    delete: { rule: "{$nextAuth: { eq: true } }" },
-    add: { rule: "{$nextAuth: { eq: true } }" },
-    query: { rule: "{$nextAuth: { eq: true } }" },
-    update: { rule: "{$nextAuth: { eq: true } }" }
-  ) {
- ...
-}
-```
-
-## Working with JWT session and @auth directive
-
-Dgraph only works with HS256 or RS256 algorithms. If you want to use session jwt to securely interact with your dgraph
-database you must customize next-auth `encode` and `decode` functions, as the default algorithm is HS512. You can
-further customize the jwt with roles if you want to implement [`RBAC logic`](https://dgraph.io/docs/graphql/authorization/directive/#role-based-access-control).
-
-```js
-import * as jwt from "jsonwebtoken"
-export default NextAuth({
-  session: {
-    strategy: "jwt",
-  },
-  jwt: {
-    secret: process.env.SECRET,
-    encode: async ({ secret, token }) => {
-      return jwt.sign({ ...token, userId: token.id }, secret, {
-        algorithm: "HS256",
-        expiresIn: 30 * 24 * 60 * 60, // 30 days
-      })
-    },
-    decode: async ({ secret, token }) => {
-      return jwt.verify(token, secret, { algorithms: ["HS256"] })
-    },
-  },
-})
-```
-
-Once your `Dgraph.Authorization` is defined in your schema and the JWT settings are set, this will allow you to define
-[`@auth rules`](https://dgraph.io/docs/graphql/authorization/authorization-overview/) for every part of your schema.
--- a/docs/docs/adapters/dynamodb.md
+++ b/docs/docs/adapters/dynamodb.md
@@ -1,147 +0,0 @@
---
-id: dynamodb
-title: DynamoDB
---
-
-# DynamoDB
-
-This is the AWS DynamoDB Adapter for next-auth. This package can only be used in conjunction with the primary next-auth package. It is not a standalone package.
-
-By default, the adapter expects a table with a partition key `pk` and a sort key `sk`, as well as a global secondary index named `GSI1` with `GSI1PK` as partition key and `GSI1SK` as sorting key. To automatically delete sessions and verification requests after they expire using [dynamodb TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) you should [enable the TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-how-to.html) with attribute name 'expires'. You can set whatever you want as the table name and the billing method.
-
-You can find the full schema in the table structure section below.
-
-## Getting Started
-
-1. Install `next-auth` and `@next-auth/dynamodb-adapter`
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/dynamodb-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-You need to pass `DynamoDBDocument` client from the modular [`aws-sdk`](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/dynamodb-example-dynamodb-utilities.html) v3 to the adapter.
-The default table name is `next-auth`, but you can customise that by passing `{ tableName: 'your-table-name' }` as the second parameter in the adapter.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import { DynamoDB } from "@aws-sdk/client-dynamodb"
-import { DynamoDBDocument } from "@aws-sdk/lib-dynamodb"
-import NextAuth from "next-auth";
-import Providers from "next-auth/providers";
-import { DynamoDBAdapter } from "@next-auth/dynamodb-adapter"
-
-const config: DynamoDBClientConfig = {
-  credentials: {
-    accessKeyId: process.env.NEXT_AUTH_AWS_ACCESS_KEY as string,
-    secretAccessKey: process.env.NEXT_AUTH_AWS_SECRET_KEY as string,
-  },
-  region: process.env.NEXT_AUTH_AWS_REGION,
-};
-
-const client = DynamoDBDocument.from(new DynamoDB(config), {
-  marshallOptions: {
-    convertEmptyValues: true,
-    removeUndefinedValues: true,
-    convertClassInstanceToMap: true,
-  },
-})
-
-export default NextAuth({
-  // Configure one or more authentication providers
-  providers: [
-    Providers.GitHub({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    Providers.Email({
-      server: process.env.EMAIL_SERVER,
-      from: process.env.EMAIL_FROM,
-    }),
-    // ...add more providers here
-  ],
-  adapter: DynamoDBAdapter(
-    client
-  ),
-  ...
-});
-```
-
-(AWS secrets start with `NEXT_AUTH_` in order to not conflict with [Vercel's reserved environment variables](https://vercel.com/docs/environment-variables#reserved-environment-variables).)
-
-## Schema
-
-The table respects the single table design pattern. This has many advantages:
-
- Only one table to manage, monitor and provision.
- Querying relations is faster than with multi-table schemas (for eg. retrieving all sessions for a user).
- Only one table needs to be replicated, if you want to go multi-region.
-
-> This schema is adapted for use in DynamoDB and based upon our main [schema](/adapters/models)
-
-![DynamoDB Table](https://i.imgur.com/hGZtWDq.png)
-
-You can create this table with infrastructure as code using [`aws-cdk`](https://github.com/aws/aws-cdk) with the following table definition:
-
-```javascript title=stack.ts
-new dynamodb.Table(this, `NextAuthTable`, {
-  tableName: "next-auth",
-  partitionKey: { name: "pk", type: dynamodb.AttributeType.STRING },
-  sortKey: { name: "sk", type: dynamodb.AttributeType.STRING },
-  timeToLiveAttribute: "expires",
-}).addGlobalSecondaryIndex({
-  indexName: "GSI1",
-  partitionKey: { name: "GSI1PK", type: dynamodb.AttributeType.STRING },
-  sortKey: { name: "GSI1SK", type: dynamodb.AttributeType.STRING },
-})
-```
-
-Alternatively you can use this cloudformation template:
-
-```yaml title=cloudformation.yaml
-NextAuthTable:
-  Type: "AWS::DynamoDB::Table"
-  Properties:
-    TableName: next-auth
-    AttributeDefinitions:
-      - AttributeName: pk
-        AttributeType: S
-      - AttributeName: sk
-        AttributeType: S
-      - AttributeName: GSI1PK
-        AttributeType: S
-      - AttributeName: GSI1SK
-        AttributeType: S
-    KeySchema:
-      - AttributeName: pk
-        KeyType: HASH
-      - AttributeName: sk
-        KeyType: RANGE
-    GlobalSecondaryIndexes:
-      - IndexName: GSI1
-        Projection:
-          ProjectionType: ALL
-        KeySchema:
-          - AttributeName: GSI1PK
-            KeyType: HASH
-          - AttributeName: GSI1SK
-            KeyType: RANGE
-    TimeToLiveSpecification:
-      AttributeName: expires
-      Enabled: true
-```
-
-## Custom Schema
-
-You can configure your custom table schema by passing the `options` key to the adapter constructor:
-
-```
-const adapter = DynamoDBAdapter(client, {
-  tableName: "custom-table-name",
-  partitionKey: "custom-pk",
-  sortKey: "custom-sk",
-  indexName: "custom-index-name",
-  indexPartitionKey: "custom-index-pk",
-  indexSortKey: "custom-index-sk",
-})
-```
--- a/docs/docs/adapters/fauna.md
+++ b/docs/docs/adapters/fauna.md
@@ -1,85 +0,0 @@
---
-id: fauna
-title: FaunaDB
---
-
-# FaunaDB
-
-This is the Fauna Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-You can find the Fauna schema and seed information in the docs at [next-auth.js.org/adapters/fauna](https://next-auth.js.org/adapters/fauna).
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/fauna-adapter faunadb
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { Client as FaunaClient } from "faunadb"
-import { FaunaAdapter } from "@next-auth/fauna-adapter"
-
-const client = new FaunaClient({
-  secret: "secret",
-  scheme: "http",
-  domain: "localhost",
-  port: 8443,
-})
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: FaunaAdapter(client)
-  ...
-})
-```
-
-## Schema
-
-Run the following commands inside of the `Shell` tab in the Fauna dashboard to setup the appropriate collections and indexes.
-
-```javascript
-CreateCollection({ name: "accounts" })
-CreateCollection({ name: "sessions" })
-CreateCollection({ name: "users" })
-CreateCollection({ name: "verification_tokens" })
-```
-
-```javascript
-CreateIndex({
-  name: "account_by_provider_and_provider_account_id",
-  source: Collection("accounts"),
-  unique: true,
-  terms: [
-    { field: ["data", "provider"] },
-    { field: ["data", "providerAccountId"] },
-  ],
-})
-CreateIndex({
-  name: "session_by_session_token",
-  source: Collection("sessions"),
-  unique: true,
-  terms: [{ field: ["data", "sessionToken"] }],
-})
-CreateIndex({
-  name: "user_by_email",
-  source: Collection("users"),
-  unique: true,
-  terms: [{ field: ["data", "email"] }],
-})
-CreateIndex({
-  name: "verification_token_by_identifier_and_token",
-  source: Collection("verification_tokens"),
-  unique: true,
-  terms: [{ field: ["data", "identifier"] }, { field: ["data", "token"] }],
-})
-```
-
-> This schema is adapted for use in Fauna and based upon our main [schema](/adapters/models)
--- a/docs/docs/adapters/firebase.md
+++ b/docs/docs/adapters/firebase.md
@@ -1,91 +0,0 @@
---
-id: firebase
-title: Firebase
---
-
-# Firebase
-
-This is the Firebase (Firestore) Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/firebase-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { FirestoreAdapter } from "@next-auth/firebase-adapter"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-  ],
-  adapter: FirestoreAdapter({
-    apiKey: process.env.FIREBASE_API_KEY,
-    appId: process.env.FIREBASE_APP_ID,
-    authDomain: process.env.FIREBASE_AUTH_DOMAIN,
-    databaseURL: process.env.FIREBASE_DATABASE_URL,
-    projectId: process.env.FIREBASE_PROJECT_ID,
-    storageBucket: process.env.FIREBASE_STORAGE_BUCKET,
-    messagingSenderId: process.env.FIREBASE_MESSAGING_SENDER_ID,
-    // Optional emulator config (see below for options)
-    emulator: {},
-  }),
-  // ...
-});
-```
-
-## Options
-
-When initializing the firestore adapter, you must pass in the firebase config object with the details from your project. More details on how to obtain that config object can be found [here](https://support.google.com/firebase/answer/7015592).
-
-An example firebase config looks like this:
-
-```js
-const firebaseConfig = {
-  apiKey: "AIzaSyDOCAbC123dEf456GhI789jKl01-MnO",
-  authDomain: "myapp-project-123.firebaseapp.com",
-  databaseURL: "https://myapp-project-123.firebaseio.com",
-  projectId: "myapp-project-123",
-  storageBucket: "myapp-project-123.appspot.com",
-  messagingSenderId: "65211879809",
-  appId: "1:65211879909:web:3ae38ef1cdcb2e01fe5f0c",
-  measurementId: "G-8GSGZQ44ST",
-}
-```
-
-See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
-
-You can optionally pass in emulator options to automatically connect to your local Firebase emulator.
-
-```js
-FirestoreAdapter({
-  // ...
-  // Passing in an enable object will enable the emulator
-  emulator: {
-    // Optional host, defaults to `localhost`
-    host: 'localhost',
-  // Optional port, defaults to `3001`
-    port: 3001,
-  },
-}),
-```
-
-:::tip **From Firebase**
-
-**Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.
-
-For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object).
-:::
--- a/docs/docs/adapters/mikro-orm.md
+++ b/docs/docs/adapters/mikro-orm.md
@@ -1,113 +0,0 @@
---
-id: mikro-orm
-title: MikroORM
---
-
-To use this Adapter, you need to install Mikro ORM, the driver that suits your database, and the separate `@next-auth/mikro-orm-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/mikro-orm-adapter @mikro-orm/core @mikro-orm/[YOUR DRIVER]
-```
-
-Configure NextAuth.js to use the MikroORM Adapter:
-
-```typescript title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import { MikroOrmAdapter } from "@next-auth/mikro-orm-adapter"
-
-export default NextAuth({
-  adapter: MikroOrmAdapter({
-    // MikroORM options object. Ref: https://mikro-orm.io/docs/next/configuration#driver
-    dbName: "./db.sqlite",
-    type: "sqlite",
-    debug: process.env.DEBUG === "true" || process.env.DEBUG?.includes("db"),
-  }),
-  providers: [],
-})
-```
-
-## Setup
-
-### Passing custom entities
-
-The MikroORM adapter ships with its own set of entities. If you'd like to extend them, you can optionally pass them to the adapter.
-
-> This schema is adapted for use in MikroORM and based upon our main [schema](/adapters/models)
-
-```typescript title="pages/api/auth/[...nextauth].ts"
-import config from "config/mikro-orm.ts"
-import {
-  Cascade,
-  Collection,
-  Entity,
-  OneToMany,
-  PrimaryKey,
-  Property,
-  Unique,
-} from "@mikro-orm/core"
-import { defaultEntities } from "@next-auth/mikro-orm-adapter"
-
-const { Account, Session } = defaultEntities
-
-@Entity()
-export class User implements defaultEntities.User {
-  @PrimaryKey()
-  id: string = randomUUID()
-
-  @Property({ nullable: true })
-  name?: string
-
-  @Property({ nullable: true })
-  @Unique()
-  email?: string
-
-  @Property({ type: "Date", nullable: true })
-  emailVerified: Date | null = null
-
-  @Property({ nullable: true })
-  image?: string
-
-  @OneToMany({
-    entity: () => Session,
-    mappedBy: (session) => session.user,
-    hidden: true,
-    orphanRemoval: true,
-    cascade: [Cascade.ALL],
-  })
-  sessions = new Collection<Session>(this)
-
-  @OneToMany({
-    entity: () => Account,
-    mappedBy: (account) => account.user,
-    hidden: true,
-    orphanRemoval: true,
-    cascade: [Cascade.ALL],
-  })
-  accounts = new Collection<Account>(this)
-
-  @Enum({ hidden: true })
-  role = "ADMIN"
-}
-
-export default NextAuth({
-  adapter: MikroOrmAdapter(config, { entities: { User } }),
-})
-```
-
-### Including the default entities in your MikroORM config
-
-You may want to include the defaultEntities in your MikroORM configuration to include them in Migrations etc.
-
-To achieve that include them in your "entities" array:
-
-```typescript title="config/mikro-orm.ts"
-import { Options } from "@mikro-orm/core";
-import { defaultEntities } from "@next-auth/mikro-orm-adapter"
-
-const config: Options = {
-  ...
-  entities: [VeryImportantEntity, ...Object.values(defaultEntities)],
-};
-
-export default config;
-```
--- a/docs/docs/adapters/models.md
+++ b/docs/docs/adapters/models.md
@@ -1,118 +0,0 @@
---
-id: models
-title: Models
---
-
-NextAuth.js can be used with any database. Models tell you what structures NextAuth.js expects from your database. Models will vary slightly depending on which adapter you use, but in general, will look something like this. Each adapter's model/schema will be slightly adapted for its needs, but will look very much like this schema below:
-
-```mermaid
-erDiagram
-  User ||--|{ Account : ""
-  User {
-  string id
-  string name
-  string email
-  timestamp emailVerified
-  string image
-  }
-  User ||--|{ Session : ""
-  Session {
-  string id
-  timestamp expires
-  string sessionToken
-  string userId
-  }
-  Account {
-  string id
-  string userId
-  string type
-  string provider
-  string providerAccountId
-  string refresh_token
-  string access_token
-  int expires_at
-  string token_type
-  string scope
-  string id_token
-  string session_state
-  string oauth_token_secret
-  string oauth_token
-  }
-  VerificationToken {
-  string identifier
-  string token
-  timestamp expires
-  }
-```
-
-More information about each Model / Table can be found below.
-
-:::note
-You can [create your own adapter](/tutorials/creating-a-database-adapter) if you want to use NextAuth.js with a database that is not supported out of the box, or you have to change fields on any of the models.
-:::
-
---
-
-## User
-
-The User model is for information such as the user's name and email address.
-
-Email address is optional, but if one is specified for a User then it must be unique.
-
-:::note
-If a user first signs in with OAuth then their email address is automatically populated using the one from their OAuth profile, if the OAuth provider returns one.
-
-This provides a way to contact users and for users to maintain access to their account and sign in using email in the event they are unable to sign in with the OAuth provider in future (if the [Email Provider](/providers/email) is configured).
-:::
-
-User creation in the database is automatic, and happens when the user is logging in for the first time with a provider. The default data saved is `id`, `name`, `email` and `image`. You can add more profile data by returning extra fields in your [OAuth provider's `profile()`](/configuration/providers/oauth#options) callback.
-
-## Account
-
-The Account model is for information about OAuth accounts associated with a User. It will usually contain `access_token`, `id_token` and other OAuth specific data. [`TokenSet`](https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-tokensetinput) from `openid-client` might give you an idea of all the fields.
-
-:::note
-In case of an OAuth 1.0 provider (like Twitter), you will have to look for `oauth_token` and `oauth_token_secret` string fields. GitHub also has an extra `refresh_token_expires_in` integer field. You have to make sure that your database schema includes these fields.
-:::
-
-A single User can have multiple Accounts, but each Account can only have one User.
-
-Linking Accounts to Users happen automatically, only when they have the same e-mail address, and the user is currently signed in. Check the [FAQ](/faq#security) for more information why this is a requirement.
-
-:::tip
-You can manually unlink accounts, if your adapter implements the `unlinkAccount` method. Make sure to take all the necessary security steps to avoid data loss.
-:::
-
-:::note
-Linking and unlinking accounts through an API is a planned feature: https://github.com/nextauthjs/next-auth/issues/230
-:::
-
-## Session
-
-The Session model is used for database sessions. It is not used if JSON Web Tokens are enabled. Keep in mind, that you can use a database to persist Users and Accounts, and still use JWT for sessions. See the [`session.strategy`](/configuration/options#session) option.
-
-A single User can have multiple Sessions, each Session can only have one User.
-
-:::tip
-When a Session is read, we check if it's `expires` field indicates an invalid session, and delete it from the database. You can also do this clean-up periodically in the background to avoid our extra delete call to the database during an active session retrieval. This might result in a slight performance increase in a few cases.
-:::
-
-## Verification Token
-
-The Verification Token model is used to store tokens for passwordless sign in.
-
-A single User can have multiple open Verification Tokens (e.g. to sign in to different devices).
-
-It has been designed to be extendable for other verification purposes in the future (e.g. 2FA / short codes).
-
-:::note
-NextAuth.js makes sure that every token is usable only once, and by default has a short (1 day, can be configured by [`maxAge`](/configuration/providers/email#options)) lifetime. If your user did not manage to finish the sign-in flow in time, they will have to start the sign-in process again.
-:::
-
-:::tip
-Due to users forgetting or failing at the sign-in flow, you might end up with unwanted rows in your database, that you might have to periodically clean up to avoid filling the database up with unnecessary data.
-:::
-
-## RDBMS Naming Convention
-
-In the NextAuth.js v4 some schemas for the providers which support classic RDBMS type databases, like Prisma and TypeORM, have ended up with column names with mixed casing, i.e. snake_case and camelCase. If this is an issue for you or your underlying database system, please take a look at the "Naming Convention" section in the Prisma or TypeORM page.
--- a/docs/docs/adapters/mongodb.md
+++ b/docs/docs/adapters/mongodb.md
@@ -1,66 +0,0 @@
---
-id: mongodb
-title: MongoDB
---
-
-# MongoDB
-
-The MongoDB adapter does not handle connections automatically, so you will have to make sure that you pass the Adapter a `MongoClient` that is connected already. Below you can see an example how to do this.
-
-## Usage
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/mongodb-adapter mongodb
-```
-
-2. Add `lib/mongodb.ts`
-
-```ts
-// This approach is taken from https://github.com/vercel/next.js/tree/canary/examples/with-mongodb
-import { MongoClient } from 'mongodb'
-
-if (!process.env.MONGODB_URI) {
-  throw new Error('Invalid/Missing environment variable: "MONGODB_URI"')
-}
-
-const uri = process.env.MONGODB_URI
-const options = {}
-
-let client
-let clientPromise: Promise<MongoClient>
-
-if (process.env.NODE_ENV === 'development') {
-  // In development mode, use a global variable so that the value
-  // is preserved across module reloads caused by HMR (Hot Module Replacement).
-  if (!global._mongoClientPromise) {
-    client = new MongoClient(uri, options)
-    global._mongoClientPromise = client.connect()
-  }
-  clientPromise = global._mongoClientPromise
-} else {
-  // In production mode, it's best to not use a global variable.
-  client = new MongoClient(uri, options)
-  clientPromise = client.connect()
-}
-
-// Export a module-scoped MongoClient promise. By doing this in a
-// separate module, the client can be shared across functions.
-export default clientPromise
-```
-
-3. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```js
-import NextAuth from "next-auth"
-import { MongoDBAdapter } from "@next-auth/mongodb-adapter"
-import clientPromise from "../../../lib/mongodb"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  adapter: MongoDBAdapter(clientPromise),
-  ...
-})
-```
--- a/docs/docs/adapters/neo4j.md
+++ b/docs/docs/adapters/neo4j.md
@@ -1,117 +0,0 @@
---
-id: neo4j
-title: Neo4j
---
-
-# Neo4j
-
-This is the Neo4j Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/neo4j-adapter neo4j-driver
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import neo4j from "neo4j-driver"
-import { Neo4jAdapter } from "@next-auth/neo4j-adapter"
-
-const driver = neo4j.driver(
-  "bolt://localhost",
-  neo4j.auth.basic("neo4j", "password")
-)
-
-const neo4jSession = driver.session()
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [],
-  adapter: Neo4jAdapter(neo4jSession),
-  ...
-})
-```
-
-## Schema
-
-### Node labels
-
-The following node labels are used.
-
- User
- Account
- Session
- VerificationToken
-
-### Relationships
-
-The following relationships and relationship labels are used.
-
- (:User)-[:HAS_ACCOUNT]->(:Account)
- (:User)-[:HAS_SESSION]->(:Session)
-
-### Properties
-
-This schema is adapted for use in Neo4J and is based upon our main [models](/adapters/models). Please check there for the node properties. Relationships have no properties.
-
-### Indexes
-
-Optimum indexes will vary on your edition of Neo4j i.e. community or enterprise, and in case you have your own additional data on the nodes. Below are basic suggested indexes.
-
-1. For **both** Community Edition & Enterprise Edition create constraints and indexes
-
-```cypher
-
-CREATE CONSTRAINT user_id_constraint IF NOT EXISTS
-ON (u:User) ASSERT u.id IS UNIQUE;
-
-CREATE INDEX user_id_index IF NOT EXISTS
-FOR (u:User) ON (u.id);
-
-CREATE INDEX user_email_index IF NOT EXISTS
-FOR (u:User) ON (u.email);
-
-CREATE CONSTRAINT session_session_token_constraint IF NOT EXISTS
-ON (s:Session) ASSERT s.sessionToken IS UNIQUE;
-
-CREATE INDEX session_session_token_index IF NOT EXISTS
-FOR (s:Session) ON (s.sessionToken);
-```
-
-2.a. For Community Edition **only** create single-property indexes
-
-```cypher
-CREATE INDEX account_provider_index IF NOT EXISTS
-FOR (a:Account) ON (a.provider);
-
-CREATE INDEX account_provider_account_id_index IF NOT EXISTS
-FOR (a:Account) ON (a.providerAccountId);
-
-CREATE INDEX verification_token_identifier_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.identifier);
-
-CREATE INDEX verification_token_token_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.token);
-```
-
-2.b. For Enterprise Edition **only** create composite node key constraints and indexes
-
-```cypher
-CREATE CONSTRAINT account_provider_composite_constraint IF NOT EXISTS
-ON (a:Account) ASSERT (a.provider, a.providerAccountId) IS NODE KEY;
-
-CREATE INDEX account_provider_composite_index IF NOT EXISTS
-FOR (a:Account) ON (a.provider, a.providerAccountId);
-
-CREATE CONSTRAINT verification_token_composite_constraint IF NOT EXISTS
-ON (v:VerificationToken) ASSERT (v.identifier, v.token) IS NODE KEY;
-
-CREATE INDEX verification_token_composite_index IF NOT EXISTS
-FOR (v:VerificationToken) ON (v.identifier, v.token);
-```
--- a/docs/docs/adapters/overview.md
+++ b/docs/docs/adapters/overview.md
@@ -1,54 +0,0 @@
---
-id: overview
-title: Overview
---
-
-An **Adapter** in NextAuth.js connects your application to whatever database or backend system you want to use to store data for users, their accounts, sessions, etc. Adapters are optional, unless you need to persist user information in your own database, or you want to implement certain flows. The [Email Provider](/providers/email) requires an adapter to be able to save [Verification Tokens](/adapters/models#verification-token).
-
-:::tip
-When using a database, you can still use JWT for session handling for fast access. See the [`session.strategy`](/configuration/options#session) option. Read about the trade-offs of JWT in the [FAQ](/faq#json-web-tokens).
-:::
-
-We have a list of official adapters that are distributed as their own packages under the `@next-auth/{name}-adapter` namespace. Their source code is available in their various adapters package directories at [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth/tree/main/packages).
-
- [`xata`](./xata)
- [`prisma`](./prisma)
- [`fauna`](./fauna)
- [`dynamodb`](./dynamodb)
- [`firebase`](./firebase)
- [`pouchdb`](./pouchdb)
- [`mongodb`](./mongodb)
- [`neo4j`](./neo4j)
- [`typeorm-legacy`](./typeorm)
- [`sequelize`](./sequelize)
- [`supabase`](./supabase)
- [`dgraph`](./dgraph)
- [`upstash-redis`](./upstash-redis)
-
-## Custom Adapter
-
-If you have a database/backend that we don't officially support, you can create your own adapter.
-See the tutorial for [creating a database Adapter](/tutorials/creating-a-database-adapter) for more information.
-
-:::tip
-If you would like to see a new adapter in the official repository, please [open a PR](https://github.com/nextauthjs/next-auth/issues/new) and we will help you to get it merged. Tell us if you are interested in becoming one of the maintainers of any of the official adapters.
-:::
-
-### Editor integration
-
-Adapters are strongly typed, and they rely on the single `Adapter` interface imported from `next-auth/adapters`.
-
-When writing your own custom Adapter in plain JavaScript, note that you can use **JSDoc** to get helpful editor hints and auto-completion like so:
-
-```js
-/** @return { import("next-auth/adapters").Adapter } */
-function MyAdapter() {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-:::note
-This will work in code editors with a strong TypeScript integration like VSCode or WebStorm. It might not work if you're using more lightweight editors like VIM or Atom.
-:::
--- a/docs/docs/adapters/pouchdb.md
+++ b/docs/docs/adapters/pouchdb.md
@@ -1,65 +0,0 @@
---
-id: pouchdb
-title: PouchDB
---
-
-# PouchDB
-
-:::warning
-This adapter is still experimental and does not work with NextAuth.js 4 or newer. If you would like to help out upgrading it, please [open a PR](https://github.com/nextauthjs/next-auth/tree/main/packages)
-:::
-
-This is the PouchDB Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-Depending on your architecture you can use PouchDB's http adapter to reach any database compliant with the CouchDB protocol (CouchDB, Cloudant, ...) or use any other PouchDB compatible adapter (leveldb, in-memory, ...)
-
-## Getting Started
-
-> **Prerequisites**: Your PouchDB instance MUST provide the `pouchdb-find` plugin since it is used internally by the adapter to build and manage indexes
-
-1. Install `next-auth` and `@next-auth/pouchdb-adapter`
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/pouchdb-adapter
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { PouchDBAdapter } from "@next-auth/pouchdb-adapter"
-import PouchDB from "pouchdb"
-
-// Setup your PouchDB instance and database
-PouchDB.plugin(require("pouchdb-adapter-leveldb")) // Any other adapter
-  .plugin(require("pouchdb-find")) // Don't forget the `pouchdb-find` plugin
-
-const pouchdb = new PouchDB("auth_db", { adapter: "leveldb" })
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-  ],
-  adapter: PouchDBAdapter(pouchdb),
-  // ...
-})
-```
-
-## Advanced
-
-### Memory-First Caching Strategy
-
-If you need to boost your authentication layer performance, you may use PouchDB's powerful sync features and various adapters, to build a memory-first caching strategy.
-
-Use an in-memory PouchDB as your main authentication database, and synchronize it with any other persisted PouchDB. You may do a one way, one-off replication at startup from the persisted PouchDB into the in-memory PouchDB, then two-way, continuous, retriable sync.
-
-This will most likely not increase performance much in a serverless environment due to various reasons such as concurrency, function startup time increases, etc.
-
-For more details, please see https://pouchdb.com/api.html#sync
--- a/docs/docs/adapters/prisma.md
+++ b/docs/docs/adapters/prisma.md
@@ -1,226 +0,0 @@
---
-id: prisma
-title: Prisma
---
-
-# Prisma
-
-To use this Adapter, you need to install Prisma Client, Prisma CLI, and the separate `@next-auth/prisma-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install next-auth @prisma/client @next-auth/prisma-adapter
-npm install prisma --save-dev
-```
-
-Create a file with your Prisma Client:
-
-```typescript title="lib/prismadb.ts"
-import { PrismaClient } from "@prisma/client"
-
-declare global {
-  var prisma: PrismaClient | undefined
-}
-
-const client = globalThis.prisma || new PrismaClient()
-if (process.env.NODE_ENV !== "production") globalThis.prisma = client
-
-export default client
-```
-
-Configure your NextAuth.js to use the Prisma Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { PrismaAdapter } from "@next-auth/prisma-adapter"
-import prisma from "../../../lib/prismadb"
-
-export default NextAuth({
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-Schema for the Prisma Adapter (`@next-auth/prisma-adapter`)
-
-## Setup
-
-### Create the Prisma schema
-
-You need to use at least Prisma 2.26.0. Create a schema file in `prisma/schema.prisma` similar to this one:
-
-> This schema is adapted for use in Prisma and based upon our main [schema](/adapters/models)
-
-```json title="schema.prisma"
-datasource db {
-  provider = "postgresql"
-  url      = env("DATABASE_URL")
-  shadowDatabaseUrl = env("SHADOW_DATABASE_URL") // Only needed when using a cloud provider that doesn't support the creation of new databases, like Heroku. Learn more: https://pris.ly/migrate-shadow
-}
-
-generator client {
-  provider        = "prisma-client-js"
-  previewFeatures = ["referentialActions"] // You won't need this in Prisma 3.X or higher.
-}
-
-model Account {
-  id                 String  @id @default(cuid())
-  userId             String
-  type               String
-  provider           String
-  providerAccountId  String
-  refresh_token      String?  @db.Text
-  access_token       String?  @db.Text
-  expires_at         Int?
-  token_type         String?
-  scope              String?
-  id_token           String?  @db.Text
-  session_state      String?
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@unique([provider, providerAccountId])
-}
-
-model Session {
-  id           String   @id @default(cuid())
-  sessionToken String   @unique
-  userId       String
-  expires      DateTime
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-}
-
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  accounts      Account[]
-  sessions      Session[]
-}
-
-model VerificationToken {
-  identifier String
-  token      String   @unique
-  expires    DateTime
-
-  @@unique([identifier, token])
-}
-```
-
-:::note
-When using the MySQL connector for Prisma, the [Prisma `String` type](https://www.prisma.io/docs/reference/api-reference/prisma-schema-reference#string) gets mapped to `varchar(191)` which may not be long enough to store fields such as `id_token` in the `Account` model. This can be avoided by explicitly using the `Text` type with `@db.Text`.
-:::
-
-### Create the database schema with Prisma Migrate
-
-**Warning:** Make sure to back up your database before running using Prisma Migrate.
-
-```
-npx prisma migrate dev
-```
-
-This will create an SQL migration file and execute it.
-
-Note that you will need to specify your database connection string in the environment variable `DATABASE_URL`. You can do this by setting it in a `.env` file at the root of your project.
-
-To learn more about [Prisma Migrate](https://www.prisma.io/migrate), check out the [Migrate docs](https://www.prisma.io/docs/concepts/components/prisma-migrate).
-
-### Generate Client
-
-Once you have saved your schema, use the Prisma CLI to generate the Prisma Client:
-
-```
-npx prisma generate
-```
-
-To configure your database to use the new schema (i.e. create tables and columns) use the `prisma migrate` command:
-
-```
-npx prisma migrate dev
-```
-
-### MongoDB
-
-Prisma supports MongoDB, and so does NextAuth.js. Following the instructions of the [Prisma documentation](https://www.prisma.io/docs/concepts/database-connectors/mongodb) on the MongoDB connector, things you have to change are:
-
-1. Make sure that the id fields are mapped correctly
-
-```prisma
-id  String  @id @default(auto()) @map("_id") @db.ObjectId
-```
-
-2. The Native database type attribute to `@db.String` from `@db.Text`.
-
-```prisma
-refresh_token      String?  @db.String
-access_token       String?  @db.String
-id_token           String?  @db.String
-```
-
-Everything else should be the same.
-
-## Naming Conventions
-
-If mixed snake_case and camelCase column names is an issue for you and/or your underlying database system, we recommend using Prisma's `@map()`([see the documentation here](https://www.prisma.io/docs/concepts/components/prisma-schema/names-in-underlying-database)) feature to change the field names. This won't affect NextAuth.js, but will allow you to customize the column names to whichever naming convention you wish.
-
-For example, moving to `snake_case` and plural table names.
-
-```json title="schema.prisma"
-model Account {
-  id                 String  @id @default(cuid())
-  userId             String  @map("user_id")
-  type               String
-  provider           String
-  providerAccountId  String  @map("provider_account_id")
-  refresh_token      String? @db.Text
-  access_token       String? @db.Text
-  expires_at         Int?
-  token_type         String?
-  scope              String?
-  id_token           String? @db.Text
-  session_state      String?
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@unique([provider, providerAccountId])
-  @@map("accounts")
-}
-
-model Session {
-  id           String   @id @default(cuid())
-  sessionToken String   @unique @map("session_token")
-  userId       String   @map("user_id")
-  expires      DateTime
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@map("sessions")
-}
-
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime? @map("email_verified")
-  image         String?
-  accounts      Account[]
-  sessions      Session[]
-
-  @@map("users")
-}
-
-model VerificationToken {
-  identifier String
-  token      String   @unique
-  expires    DateTime
-
-  @@unique([identifier, token])
-  @@map("verificationtokens")
-}
-```
--- a/docs/docs/adapters/sequelize.md
+++ b/docs/docs/adapters/sequelize.md
@@ -1,88 +0,0 @@
---
-id: sequelize
-title: Sequelize
---
-
-# Sequelize
-
-This is the Sequelize Adapter for [`next-auth`](https://next-auth.js.org).
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/sequelize-adapter sequelize
-```
-
-:::warning
-You'll also have to manually install [the driver for your database](https://sequelize.org/master/manual/getting-started.html) of choice.
-:::
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import SequelizeAdapter from "@next-auth/sequelize-adapter"
-import { Sequelize } from "sequelize"
-
-// https://sequelize.org/master/manual/getting-started.html#connecting-to-a-database
-const sequelize = new Sequelize("yourconnectionstring")
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: SequelizeAdapter(sequelize),
-})
-```
-
-## Updating the database schema
-
-By default, the sequelize adapter will not create tables in your database. In production, best practice is to create the [required tables](https://next-auth.js.org/adapters/models) in your database via [migrations](https://sequelize.org/master/manual/migrations.html). In development, you are able to call [`sequelize.sync()`](https://sequelize.org/master/manual/model-basics.html#model-synchronization) to have sequelize create the necessary tables, foreign keys and indexes:
-
-> This schema is adapted for use in Sequelize and based upon our main [schema](/adapters/models)
-
-```js
-import NextAuth from "next-auth"
-import SequelizeAdapter from "@next-auth/sequelize-adapter"
-import Sequelize from 'sequelize'
-
-const sequelize = new Sequelize("sqlite::memory:")
-const adapter = SequelizeAdapter(sequelize)
-
-// Calling sync() is not recommended in production
-sequelize.sync()
-
-export default NextAuth({
-  ...
-  adapter
-  ...
-})
-```
-
-## Using custom models
-
-Sequelize models are option to customization like so:
-
-```js
-import NextAuth from "next-auth"
-import SequelizeAdapter, { models } from "@next-auth/sequelize-adapter"
-import Sequelize, { DataTypes } from "sequelize"
-
-const sequelize = new Sequelize("sqlite::memory:")
-
-export default NextAuth({
-  // https://next-auth.js.org/providers/overview
-  providers: [],
-  adapter: SequelizeAdapter(sequelize, {
-    models: {
-      User: sequelize.define("user", {
-        ...models.User,
-        phoneNumber: DataTypes.STRING,
-      }),
-    },
-  }),
-})
-```
--- a/docs/docs/adapters/supabase.md
+++ b/docs/docs/adapters/supabase.md
@@ -1,309 +0,0 @@
---
-id: supabase
-title: Supabase
---
-
-# Supabase
-
-This is the Supabase Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-:::note
-This adapter is developed by the community and not officially maintained or supported by Supabase. It uses the Supabase Database to store user and session data in a separate `next_auth` schema. It is a standalone Auth server that does not interface with Supabase Auth and therefore provides a different feature set.
-
-If you’re looking for an officially maintained Auth server with additional features like [built-in email server](https://supabase.com/docs/guides/auth/auth-email#configure-email-settings?utm_source=next-auth-docs&medium=referral&campaign=next-auth), [phone auth](https://supabase.com/docs/guides/auth/auth-twilio?utm_source=next-auth-docs&medium=referral&campaign=next-auth), and [Multi Factor Authentication (MFA / 2FA)](https://supabase.com/contact/mfa?utm_source=next-auth-docs&medium=referral&campaign=next-auth), please use [Supabase Auth](https://supabase.com/auth) with the [Auth Helpers for Next.js](https://supabase.com/docs/guides/auth/auth-helpers/nextjs?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
-:::
-
-## Getting Started
-
-1. Install `@supabase/supabase-js`, `next-auth` and `@next-auth/supabase-adapter`.
-
-```bash npm2yarn2pnpm
-npm install @supabase/supabase-js next-auth @next-auth/supabase-adapter
-```
-
-2. Add this adapter to your `pages/api/[...nextauth].js` next-auth configuration object.
-
-```js title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { SupabaseAdapter } from "@next-auth/supabase-adapter"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [...],
-  adapter: SupabaseAdapter({
-    url: process.env.NEXT_PUBLIC_SUPABASE_URL,
-    secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
-  }),
-  // ...
-})
-```
-
-## Setup
-
-### Create the `next_auth` schema in Supabase
-
-Setup your database as described in our main [schema](/adapters/models), by copying the SQL schema below in the Supabase [SQL Editor](https://app.supabase.com/project/_/sql).
-
-Alternatively you can select the NextAuth Quickstart card on the [SQL Editor page](https://app.supabase.com/project/_/sql), or [create a migration with the Supabase CLI](https://supabase.com/docs/guides/cli/local-development#database-migrations?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
-
-```sql
--
-- Name: next_auth; Type: SCHEMA;
--
-CREATE SCHEMA next_auth;
-
-GRANT USAGE ON SCHEMA next_auth TO service_role;
-GRANT ALL ON SCHEMA next_auth TO postgres;
-
--
-- Create users table
--
-CREATE TABLE IF NOT EXISTS next_auth.users
-(
-    id uuid NOT NULL DEFAULT uuid_generate_v4(),
-    name text,
-    email text,
-    "emailVerified" timestamp with time zone,
-    image text,
-    CONSTRAINT users_pkey PRIMARY KEY (id),
-    CONSTRAINT email_unique UNIQUE (email)
-);
-
-GRANT ALL ON TABLE next_auth.users TO postgres;
-GRANT ALL ON TABLE next_auth.users TO service_role;
-
--- uid() function to be used in RLS policies
-CREATE FUNCTION next_auth.uid() RETURNS uuid
-    LANGUAGE sql STABLE
-    AS $$
-  select
-  	coalesce(
-		nullif(current_setting('request.jwt.claim.sub', true), ''),
-		(nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub')
-	)::uuid
-$$;
-
--
-- Create sessions table
--
-CREATE TABLE IF NOT EXISTS  next_auth.sessions
-(
-    id uuid NOT NULL DEFAULT uuid_generate_v4(),
-    expires timestamp with time zone NOT NULL,
-    "sessionToken" text NOT NULL,
-    "userId" uuid,
-    CONSTRAINT sessions_pkey PRIMARY KEY (id),
-    CONSTRAINT sessionToken_unique UNIQUE ("sessionToken"),
-    CONSTRAINT "sessions_userId_fkey" FOREIGN KEY ("userId")
-        REFERENCES  next_auth.users (id) MATCH SIMPLE
-        ON UPDATE NO ACTION
-        ON DELETE CASCADE
-);
-
-GRANT ALL ON TABLE next_auth.sessions TO postgres;
-GRANT ALL ON TABLE next_auth.sessions TO service_role;
-
--
-- Create accounts table
--
-CREATE TABLE IF NOT EXISTS  next_auth.accounts
-(
-    id uuid NOT NULL DEFAULT uuid_generate_v4(),
-    type text NOT NULL,
-    provider text NOT NULL,
-    "providerAccountId" text NOT NULL,
-    refresh_token text,
-    access_token text,
-    expires_at bigint,
-    token_type text,
-    scope text,
-    id_token text,
-    session_state text,
-    oauth_token_secret text,
-    oauth_token text,
-    "userId" uuid,
-    CONSTRAINT accounts_pkey PRIMARY KEY (id),
-    CONSTRAINT provider_unique UNIQUE (provider, "providerAccountId"),
-    CONSTRAINT "accounts_userId_fkey" FOREIGN KEY ("userId")
-        REFERENCES  next_auth.users (id) MATCH SIMPLE
-        ON UPDATE NO ACTION
-        ON DELETE CASCADE
-);
-
-GRANT ALL ON TABLE next_auth.accounts TO postgres;
-GRANT ALL ON TABLE next_auth.accounts TO service_role;
-
--
-- Create verification_tokens table
--
-CREATE TABLE IF NOT EXISTS  next_auth.verification_tokens
-(
-    identifier text,
-    token text,
-    expires timestamp with time zone NOT NULL,
-    CONSTRAINT verification_tokens_pkey PRIMARY KEY (token),
-    CONSTRAINT token_unique UNIQUE (token),
-    CONSTRAINT token_identifier_unique UNIQUE (token, identifier)
-);
-
-GRANT ALL ON TABLE next_auth.verification_tokens TO postgres;
-GRANT ALL ON TABLE next_auth.verification_tokens TO service_role;
-```
-
-### Expose the `next_auth` schema in Supabase
-
-Expose the `next_auth` schema via the Serverless API in the [API settings](https://app.supabase.com/project/_/settings/api) by adding `next_auth` to the "Exposed schemas" list.
-
-When developing locally add `next_auth` to the `schemas` array in the `config.toml` file in the `supabase` folder that was generated by the [Supabase CLI](https://supabase.com/docs/guides/cli/local-development#initialize-your-project?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
-
-## Enabling Row Level Security (RLS)
-
-Postgres provides a powerful feature called [Row Level Security (RLS)](https://supabase.com/docs/guides/auth/row-level-security?utm_source=next-auth-docs&medium=referral&campaign=next-auth) to limit access to data.
-
-This works by sending a signed JWT to your [Supabase Serverless API](https://supabase.com/docs/guides/api?utm_source=next-auth-docs&medium=referral&campaign=next-auth). There is two steps to make this work with NextAuth:
-
-### 1. Generate the Supabase `access_token` JWT in the session callback
-
-To sign the JWT use the `jsonwebtoken` package:
-
-```bash npm2yarn2pnpm
-npm install jsonwebtoken
-```
-
-Using the [NexthAuth Session callback](https://next-auth.js.org/configuration/callbacks#session-callback) create the Supabase `access_token` and append it to the `session` object.
-
-To sign the JWT use the Supabase JWT secret which can be found in the [API settings](https://app.supabase.com/project/_/settings/api)
-
-```js title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { SupabaseAdapter } from "@next-auth/supabase-adapter"
-import jwt from "jsonwebtoken"
-
-// For more information on each option (and a full list of options) go to
-// https://next-auth.js.org/configuration/options
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [...],
-  adapter: SupabaseAdapter({
-    url: process.env.NEXT_PUBLIC_SUPABASE_URL,
-    secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
-  }),
-	callbacks: {
-    async session({ session, user }) {
-      const signingSecret = process.env.SUPABASE_JWT_SECRET
-      if (signingSecret) {
-        const payload = {
-          aud: "authenticated",
-          exp: Math.floor(new Date(session.expires).getTime() / 1000),
-          sub: user.id,
-          email: user.email,
-          role: "authenticated",
-        }
-        session.supabaseAccessToken = jwt.sign(payload, signingSecret)
-      }
-      return session
-    },
-  },
-  // ...
-})
-```
-
-### 2. Inject the Supabase `access_token` JWT into the Supabase Client
-
-For example, given the following public schema:
-
-```sql
-/**
-* USERS
-* Note: This table contains user data. Users should only be able to view and update their own data.
-*/
-create table users (
-  -- UUID from next_auth.users
-  id uuid not null primary key,
-  name text,
-  email text,
-  image text,
-  constraint "users_id_fkey" foreign key ("id")
-        references  next_auth.users (id) match simple
-        on update no action
-        on delete cascade -- if user is deleted in NextAuth they will also be deleted in our public table.
-);
-alter table users enable row level security;
-create policy "Can view own user data." on users for select using (next_auth.uid() = id);
-create policy "Can update own user data." on users for update using (next_auth.uid() = id);
-
-/**
-* This trigger automatically creates a user entry when a new user signs up via NextAuth.
-*/
-create function public.handle_new_user()
-returns trigger as $$
-begin
-  insert into public.users (id, name, email, image)
-  values (new.id, new.name, new.email, new.image);
-  return new;
-end;
-$$ language plpgsql security definer;
-create trigger on_auth_user_created
-  after insert on next_auth.users
-  for each row execute procedure public.handle_new_user();
-```
-
-The `supabaseAccessToken` is now available on the `session` object and can be passed to the supabase-js client. This works in any environment: client-side, server-side (API routes, SSR), as well as in middleware edge functions!
-
-```js
-// ...
-// Use `useSession()` or `getServerSession()` to get the NextAuth session.
-
-const { supabaseAccessToken } = session
-
-const supabase = createClient(
-  process.env.NEXT_PUBLIC_SUPABASE_URL,
-  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
-  {
-    global: {
-      headers: {
-        Authorization: `Bearer ${supabaseAccessToken}`,
-      },
-    },
-  }
-)
-// Now you can query with RLS enabled.
-const { data, error } = await supabase.from("users").select("*")
-```
-
-## Usage with TypeScript
-
-You can pass types that were [generated with the Supabase CLI](https://supabase.com/docs/reference/javascript/typescript-support#generating-types) to the Supabase Client to get enhanced type safety and auto completion.
-
-Creating a new supabase client object:
-
-```tsx
-import { createClient } from "@supabase/supabase-js"
-import { Database } from "../database.types"
-
-const supabase = createClient<Database>()
-```
-
-### Extend the session type with the `supabaseAccessToken`
-
-In order to extend the `session` object with the `supabaseAccessToken` we need to extend the `session` interface in a `types/next-auth.d.ts` file:
-
-```ts title="types/next-auth.d.ts"
-import NextAuth, { DefaultSession } from "next-auth"
-
-declare module "next-auth" {
-  /**
-   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
-   */
-  interface Session {
-    // A JWT which can be used as Authorization header with supabase-js for RLS.
-    supabaseAccessToken?: string
-    user: {
-      /** The user's postal address. */
-      address: string
-    } & DefaultSession["user"]
-  }
-}
-```
--- a/docs/docs/adapters/typeorm.md
+++ b/docs/docs/adapters/typeorm.md
@@ -1,237 +0,0 @@
---
-id: typeorm
-title: TypeORM
---
-
-# TypeORM
-
-This Adapter is used to support SQL-flavored databases (like SQLite, MySQL, MSSQL, MariaDB, CockroachDB, etc.) through [TypeORM](https://typeorm.io).
-
-:::note
-If you previously used this Adapter with MongoDB, check out the [MongoDB Adapter](/adapters/mongodb) instead.
-:::
-
-:::note
-In the future, we might split up this adapter to support single flavors of SQL for easier maintenance and reduced bundle size.
-:::
-
-## Usage
-
-:::warning
-[`typeorm`](https://github.com/typeorm/typeorm) is still in active development and has not yet published a stable release. Because of this, you can expect breaking changes in minor versions. This adapter expects `typeorm@0.3.7` and is not validated against previous or future releases.
-:::
-
-To use this Adapter, you need to install the following packages:
-
-```bash npm2yarn2pnpm
-npm install next-auth @next-auth/typeorm-legacy-adapter typeorm
-```
-
-Configure your NextAuth.js to use the TypeORM Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter("yourconnectionstring"),
-  ...
-})
-```
-
-`TypeORMLegacyAdapter` takes either a connection string, or a [`DataSourceOptions`](https://github.com/typeorm/typeorm/blob/master/docs/data-source-options.md) object as its first parameter.
-
-## Custom models
-
-The TypeORM adapter uses [`Entity` classes](https://github.com/typeorm/typeorm/blob/master/docs/entities.md) to define the shape of your data.
-
-If you want to override the default entities (for example to add a `role` field to your `UserEntity`), you will have to do the following:
-
-> This schema is adapted for use in TypeORM and based upon our main [schema](/adapters/models)
-
-1. Create a file containing your modified entities:
-
-(The file below is based on the [default entities](https://github.com/nextauthjs/next-auth/blob/main/packages/adapter-typeorm-legacy/src/entities.ts))
-
-```diff title="lib/entities.ts"
-import {
-  Entity,
-  PrimaryGeneratedColumn,
-  Column,
-  ManyToOne,
-  OneToMany,
-  ValueTransformer,
-} from "typeorm"
-
-const transformer: Record<"date" | "bigint", ValueTransformer> = {
-  date: {
-    from: (date: string | null) => date && new Date(parseInt(date, 10)),
-    to: (date?: Date) => date?.valueOf().toString(),
-  },
-  bigint: {
-    from: (bigInt: string | null) => bigInt && parseInt(bigInt, 10),
-    to: (bigInt?: number) => bigInt?.toString(),
-  },
-}
-
-@Entity({ name: "users" })
-export class UserEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ type: "varchar", nullable: true })
-  name!: string | null
-
-  @Column({ type: "varchar", nullable: true, unique: true })
-  email!: string | null
-
-  @Column({ type: "varchar", nullable: true, transformer: transformer.date })
-  emailVerified!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  image!: string | null
-
-+ @Column({ type: "varchar", nullable: true })
-+ role!: string | null
-
-  @OneToMany(() => SessionEntity, (session) => session.userId)
-  sessions!: SessionEntity[]
-
-  @OneToMany(() => AccountEntity, (account) => account.userId)
-  accounts!: AccountEntity[]
-}
-
-@Entity({ name: "accounts" })
-export class AccountEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ type: "uuid" })
-  userId!: string
-
-  @Column()
-  type!: string
-
-  @Column()
-  provider!: string
-
-  @Column()
-  providerAccountId!: string
-
-  @Column({ type: "varchar", nullable: true })
-  refresh_token!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  access_token!: string | null
-
-  @Column({
-    nullable: true,
-    type: "bigint",
-    transformer: transformer.bigint,
-  })
-  expires_at!: number | null
-
-  @Column({ type: "varchar", nullable: true })
-  token_type!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  scope!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  id_token!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  session_state!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  oauth_token_secret!: string | null
-
-  @Column({ type: "varchar", nullable: true })
-  oauth_token!: string | null
-
-  @ManyToOne(() => UserEntity, (user) => user.accounts, {
-    createForeignKeyConstraints: true,
-  })
-  user!: UserEntity
-}
-
-@Entity({ name: "sessions" })
-export class SessionEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column({ unique: true })
-  sessionToken!: string
-
-  @Column({ type: "uuid" })
-  userId!: string
-
-  @Column({ transformer: transformer.date })
-  expires!: string
-
-  @ManyToOne(() => UserEntity, (user) => user.sessions)
-  user!: UserEntity
-}
-
-@Entity({ name: "verification_tokens" })
-export class VerificationTokenEntity {
-  @PrimaryGeneratedColumn("uuid")
-  id!: string
-
-  @Column()
-  token!: string
-
-  @Column()
-  identifier!: string
-
-  @Column({ transformer: transformer.date })
-  expires!: string
-}
-```
-
-2. Pass them to `TypeORMLegacyAdapter`
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-import * as entities from "lib/entities"
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter("yourconnectionstring", { entities }),
-  ...
-})
-```
-
-:::tip Synchronize your database ♻
-The `synchronize: true` option in TypeORM will generate SQL that exactly matches the entities. This will automatically apply any changes it finds in the entity model. This is a useful option in development.
-:::
-
-:::warning Using synchronize in production
-`synchronize: true` should not be enabled against production databases as it may cause data loss if the configured schema does not match the expected schema! We recommend that you synchronize/migrate your production database at build-time.
-:::
-
-## Naming Conventions
-
-If mixed snake_case and camelCase column names are an issue for you and/or your underlying database system, we recommend using TypeORM's naming strategy feature to change the target field names. There is a package called `typeorm-naming-strategies` which includes a `snake_case` strategy which will translate the fields from how NextAuth.js expects them, to snake_case in the actual database.
-
-For example, you can add the naming convention option to the connection object in your NextAuth config.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-import { SnakeNamingStrategy } from 'typeorm-naming-strategies'
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter({
-    type: "mysql",
-    host: "localhost",
-    port: 3306,
-    username: "test",
-    password: "test",
-    database: "test",
-    namingStrategy: new SnakeNamingStrategy()
-  }),
-  ...
-})
-```
--- a/docs/docs/adapters/upstash-redis.md
+++ b/docs/docs/adapters/upstash-redis.md
@@ -1,69 +0,0 @@
---
-id: upstash-redis
-title: Upstash Redis
---
-
-# Upstash Redis
-
-To use this Adapter, you need to install `@upstash/redis` and `@next-auth/upstash-redis-adapter` package:
-
-```bash npm2yarn2pnpm
-npm install @upstash/redis @next-auth/upstash-redis-adapter
-```
-
-Configure your NextAuth.js to use the Upstash Redis Adapter:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { UpstashRedisAdapter } from "@next-auth/upstash-redis-adapter"
-import { Redis } from "@upstash/redis"
-
-const redis = new Redis({
-  url: process.env.UPSTASH_REDIS_URL,
-  token: process.env.UPSTASH_REDIS_TOKEN
-})
-
-export default NextAuth({
-  adapter: UpstashRedisAdapter(redis),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-## Using Multiple Apps with a Single Upstash Redis Instance
-
-The Upstash free-tier allows for only one Redis instance. If you have multiple Next-Auth connected apps using this instance, you need different key prefixes for every app.
-
-You can change the prefixes by passing an `options` object as the second argument to the adapter factory function.
-
-The default values for this object are:
-
-```js
-const defaultOptions = {
-  baseKeyPrefix: "",
-  accountKeyPrefix: "user:account:",
-  accountByUserIdPrefix: "user:account:by-user-id:",
-  emailKeyPrefix: "user:email:",
-  sessionKeyPrefix: "user:session:",
-  sessionByUserIdKeyPrefix: "user:session:by-user-id:",
-  userKeyPrefix: "user:",
-  verificationTokenKeyPrefix: "user:token:",
-}
-```
-
-Usually changing the `baseKeyPrefix` should be enough for this scenario, but for more custom setups, you can also change the prefixes of every single key.
-
-Example:
-
-```js
-export default NextAuth({
-  ...
-  adapter: UpstashRedisAdapter(redis, {baseKeyPrefix: "app2:"})
-  ...
-})
-```
--- a/docs/docs/adapters/xata.md
+++ b/docs/docs/adapters/xata.md
@@ -1,242 +0,0 @@
---
-id: xata
-title: Xata
---
-
-# Xata
-
-This adapter allows using next-auth with Xata as a database to store users, sessions, and more. The preferred way to create a Xata project and use Xata databases is using the [Xata Command Line Interface (CLI)](https://docs.xata.io/cli/getting-started). The CLI allows generating a `XataClient` that will help you work with Xata in a safe way, and that this adapter depends on.
-
-<!-- @todo add GIFs -->
-
-## Getting Started
-
-Let's first make sure we have everything installed and configured. We're going to need:
-
- next-auth + adapter
- the Xata CLI
- to configure the CLI
-
-We can do this like so:
-
-```bash npm2yarn2pnpm
-# Install next-auth + adapter
-npm install next-auth @next-auth/xata-adapter
-
-# Install the Xata CLI globally if you don't already have it
-npm install --location=global @xata.io/cli
-
-# Login
-xata auth login
-```
-
-Now that we're ready, let's create a new Xata project using our next-auth schema that the Xata adapter can work with. To do that, copy and paste this schema file into your project's directory:
-
-```json title="schema.json"
-{
-  "formatVersion": "",
-  "tables": [
-    {
-      "name": "nextauth_users",
-      "columns": [
-        {
-          "name": "email",
-          "type": "email"
-        },
-        {
-          "name": "emailVerified",
-          "type": "datetime"
-        },
-        {
-          "name": "name",
-          "type": "string"
-        },
-        {
-          "name": "image",
-          "type": "string"
-        }
-      ]
-    },
-    {
-      "name": "nextauth_accounts",
-      "columns": [
-        {
-          "name": "user",
-          "type": "link",
-          "link": {
-            "table": "nextauth_users"
-          }
-        },
-        {
-          "name": "type",
-          "type": "string"
-        },
-        {
-          "name": "provider",
-          "type": "string"
-        },
-        {
-          "name": "providerAccountId",
-          "type": "string"
-        },
-        {
-          "name": "refresh_token",
-          "type": "string"
-        },
-        {
-          "name": "access_token",
-          "type": "string"
-        },
-        {
-          "name": "expires_at",
-          "type": "int"
-        },
-        {
-          "name": "token_type",
-          "type": "string"
-        },
-        {
-          "name": "scope",
-          "type": "string"
-        },
-        {
-          "name": "id_token",
-          "type": "text"
-        },
-        {
-          "name": "session_state",
-          "type": "string"
-        }
-      ]
-    },
-    {
-      "name": "nextauth_verificationTokens",
-      "columns": [
-        {
-          "name": "identifier",
-          "type": "string"
-        },
-        {
-          "name": "token",
-          "type": "string"
-        },
-        {
-          "name": "expires",
-          "type": "datetime"
-        }
-      ]
-    },
-    {
-      "name": "nextauth_users_accounts",
-      "columns": [
-        {
-          "name": "user",
-          "type": "link",
-          "link": {
-            "table": "nextauth_users"
-          }
-        },
-        {
-          "name": "account",
-          "type": "link",
-          "link": {
-            "table": "nextauth_accounts"
-          }
-        }
-      ]
-    },
-    {
-      "name": "nextauth_users_sessions",
-      "columns": [
-        {
-          "name": "user",
-          "type": "link",
-          "link": {
-            "table": "nextauth_users"
-          }
-        },
-        {
-          "name": "session",
-          "type": "link",
-          "link": {
-            "table": "nextauth_sessions"
-          }
-        }
-      ]
-    },
-    {
-      "name": "nextauth_sessions",
-      "columns": [
-        {
-          "name": "sessionToken",
-          "type": "string"
-        },
-        {
-          "name": "expires",
-          "type": "datetime"
-        },
-        {
-          "name": "user",
-          "type": "link",
-          "link": {
-            "table": "nextauth_users"
-          }
-        }
-      ]
-    }
-  ]
-}
-```
-
-Now, run the following command:
-
-```bash
-xata init --schema=./path/to/your/schema.json
-```
-
-The CLI will walk you through a setup process where you choose a [workspace](https://docs.xata.io/concepts/workspaces) (kind of like a GitHub org or a Vercel team) and an appropriate database. We recommend using a fresh database for this, as we'll augment it with tables that next-auth needs.
-
-Once you're done, you can continue using next-auth in your project as expected, like creating a `./pages/api/auth/[...nextauth]` route.
-
-```typescript title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-
-const client = new XataClient()
-
-export default NextAuth({
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-Now to Xata-fy this route, let's add the Xata client and adapter:
-
-```diff
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-+import { XataAdapter } from "@next-auth/xata-adapter"
-+import { XataClient } from "../../../xata" // or wherever you've chosen to create the client
-
-+const client = new XataClient()
-
-export default NextAuth({
-+ adapter: XataAdapter(client),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }),
-  ],
-})
-```
-
-This fully sets up your next-auth site to work with Xata.
-
-## Contributing
-
-This is an open-source project created by humans, and as such, might have a few issues. If you experience any of these, we recommend [opening issues](https://github.com/nextauthjs/next-auth/issues/new?assignees=&labels=triage&template=1_bug_framework.yml&title=Issue%20on%20Xata%20adapter&description=I%20experienced%20this%20issue:\n##%20Reproduction%20Steps:\n\n-) that can help us solve problems and build reliable software.
--- a/docs/docs/configuration/databases.md
+++ b/docs/docs/configuration/databases.md
@@ -3,7 +3,7 @@ id: databases
 title: Databases
 ---

-NextAuth.js offers multiple database adapters. Check out [the overview](/adapters/overview).
+NextAuth.js offers multiple database adapters. Check out [the overview](https://authjs.dev/reference/adapters).

 > As of **v4** NextAuth.js no longer ships with an adapter included by default. If you would like to persist any information, you need to install one of the many available adapters yourself. See the individual adapter documentation pages for more details.

@@ -13,4 +13,4 @@ To learn more about databases in NextAuth.js and how they are used, check out [d

 ## How to use a database

-See the [documentation for adapters](/adapters/overview) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).
+See the [documentation for adapters](https://authjs.dev/reference/adapters) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).
--- a/docs/docs/configuration/initialization.md
+++ b/docs/docs/configuration/initialization.md
@@ -3,17 +3,23 @@ id: initialization
 title: Initialization
 ---

+The main entry point of NextAuth.js is the `NextAuth` method that you import from `next-auth`. It handles different types of requests, as defined in the [REST API](../getting-started/rest-api.md) section.
+
+
+:::info
+NextAuth.js cannot use the run [Edge Runtime](https://nextjs.org/docs/api-reference/edge-runtime) for initialization. The upcoming [`@auth/nextjs` library](https://authjs.dev/reference/nextjs) (which will replace `next-auth`) on the other hand will be fully compatible.
+:::
+
+You can initialize NextAuth.js in a few different ways.
+
+## Simple initialization
+### API Routes (`pages`)
+
 In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).

 When you define a `/pages/api/auth/[...nextauth]` JS/TS file, you instruct NextAuth.js that every API request beginning with `/api/auth/*` should be handled by the code written in the `[...nextauth]` file.

-Depending on your use case, you can initialize NextAuth.js in two different ways:
-
-## Simple initialization
-
-In most cases, you won't need to worry about what `NextAuth.js` does, and you will get by just fine with the following initialization:
-
-```ts title="/pages/api/auth/[...nextauth].js"
+```ts title="/pages/api/auth/[...nextauth].ts"
 import NextAuth from "next-auth"

 export default NextAuth({
@@ -25,9 +31,37 @@ Here, you only need to pass your [options](/configuration/options) to `NextAuth`

 This is the preferred initialization in tutorials/other parts of the documentation, as it simplifies the code and reduces potential errors in the authentication flow.

+### Route Handlers (`app/`)
+
+[Next.js 13.2](https://nextjs.org/blog/next-13-2#custom-route-handlers) introduced [Route Handlers](https://beta.nextjs.org/docs/routing/route-handlers), the preferred way to handle REST-like requests in App Router (`app/`).
+
+You can initialize NextAuth.js with a Route Handler too, very similar to API Routes.
+
+```ts title="/app/api/auth/[...nextauth]/route.ts"
+import NextAuth from "next-auth"
+
+const handler = NextAuth({
+  ...
+})
+
+export { handler as GET, handler as POST }
+```
+
+Internally, NextAuth.js detects that it is being initialized in a Route Handler (by understanding that it is passed a Web [`Request` instance](https://developer.mozilla.org/en-US/docs/Web/API/Request)), and will return a handler that returns a [`Response` instance](https://developer.mozilla.org/en-US/docs/Web/API/Response). A Route Handler file expects you to export some named handler functions that handle a request and return a response. NextAuth.js needs the `GET` and `POST` handlers to function properly, so we export those two.
+
+:::info
+Technically, in a Route Handler, the `api/` prefix is not necessary, but we decided to keep it required for an easier migration.
+:::
+
 ## Advanced initialization

-If you have a specific use case and need to make NextAuth.js do something slightly different than what it is designed for, keep in mind, the `[...nextauth].js` config file is still just **a regular [API Route](https://nextjs.org/docs/api-routes/introduction)** at the end of the day.
+:::info
+The following describes the advanced initialization with API Routes, but everything will apply similarily when using [Route Handlers](https://beta.nextjs.org/docs/routing/route-handlers) too.
+Instead, `NextAuth` will receive the first two arguments of a Route Handler, and the third argument will be the [auth options](../configuration/options.md)
+:::
+
+If you have a specific use case and need to make NextAuth.js do something slightly different than what it is designed for, keep in mind, the `[...nextauth].ts` config file is just **a regular [API Route](https://nextjs.org/docs/api-routes/introduction)**.
+

 That said, you can initialize NextAuth.js like this:

@@ -91,7 +125,7 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {

 A practical example could be to not show a certain provider on the default sign-in page, but still be able to sign in with it. (The idea is taken from [this discussion](https://github.com/nextauthjs/next-auth/discussions/3133)):

-```js title="/pages/api/auth/[...nextauth].js"
+```js title="/pages/api/auth/[...nextauth].ts"
 import NextAuth from "next-auth"
 import CredentialsProvider from "next-auth/providers/credentials"
 import GoogleProvider from "next-auth/providers/google"
--- a/docs/docs/configuration/nextjs.md
+++ b/docs/docs/configuration/nextjs.md
@@ -1,14 +1,29 @@
 # Next.js

-## `unstable_getServerSession`
-
-This method was renamed to `getServerSession`. See the documentation below.
-
 ## `getServerSession`

-When calling from server-side i.e. in API routes or in `getServerSideProps`, we recommend using this function instead of `getSession` to retrieve the `session` object. This method is especially useful when you are using NextAuth.js with a database. This method can _drastically_ reduce response time when used over `getSession` on server-side, due to avoiding an extra `fetch` to an API Route (this is generally [not recommended in Next.js](https://nextjs.org/docs/basic-features/data-fetching/get-server-side-props#getserversideprops-or-api-routes)). In addition, `getServerSession` will correctly update the cookie expiry time and update the session content if `callbacks.jwt` or `callbacks.session` changed something.
+:::tip
+You can create a helper function so you don't need to pass `authOptions` around:

-Otherwise, if you only want to get the session token, see [`getToken`](/tutorials/securing-pages-and-api-routes#using-gettoken).
+```ts title=auth.ts
+import type { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from "next"
+import type { NextAuthOptions } from "next-auth"
+import { getServerSession } from "next-auth"
+
+// You'll need to import and pass this
+// to `NextAuth` in `app/api/auth/[...nextauth]/route.ts`
+export const config = {
+  providers: [], // rest of your config
+} satisfies NextAuthOptions
+
+// Use it in server contexts
+export function auth(...args: [GetServerSidePropsContext["req"], GetServerSidePropsContext["res"]] | [NextApiRequest, NextApiResponse] | []) {
+  return getServerSession(...args, config)
+}
+```
+:::
+
+When calling from the server-side i.e. in Route Handlers, React Server Components, API routes or in `getServerSideProps`, we recommend using this function instead of `getSession` to retrieve the `session` object. This method is especially useful when you are using NextAuth.js with a database. This method can _drastically_ reduce response time when used over `getSession` on server-side, due to avoiding an extra `fetch` to an API Route (this is generally [not recommended in Next.js](https://nextjs.org/docs/basic-features/data-fetching/get-server-side-props#getserversideprops-or-api-routes)). In addition, `getServerSession` will correctly update the cookie expiry time and update the session content if `callbacks.jwt` or `callbacks.session` changed something.

 `getServerSession` requires passing the same object you would pass to `NextAuth` when initializing NextAuth.js. To do so, you can export your NextAuth.js options in the following way:

@@ -55,7 +70,7 @@ import { authOptions } from 'pages/api/auth/[...nextauth]'
 import { getServerSession } from "next-auth/next"


-export async function handler(req, res) {
+export default async function handler(req, res) {
  const session = await getServerSession(req, res, authOptions)

  if (!session) {
@@ -69,7 +84,7 @@ export async function handler(req, res) {
 }
 ```

-### In `app/` directory:
+### In App Router:

 You can also use `getServerSession` in Next.js' server components:

@@ -87,6 +102,15 @@ export default async function Page() {
 Currently, the underlying Next.js `cookies()` method [only provides read access](https://beta.nextjs.org/docs/api-reference/cookies) to the request cookies. This means that the `expires` value is stripped away from `session` in Server Components. Furthermore, there is a hard expiry on sessions, after which the user will be required to sign in again. (The default expiry is 30 days).
 :::

+### Caching
+
+Note that using this function implies personalized data and that you should not store pages or APIs using this in a [public cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control). For example a host like [Vercel](https://vercel.com/docs/concepts/functions/serverless-functions/edge-caching) will implicitly prevent you from caching publicly due to the `set-cookie` header set by this function.
+
+
+## `unstable_getServerSession`
+
+This method was renamed to `getServerSession`. See the documentation above.
+
 ## Middleware

 You can use a Next.js Middleware with NextAuth.js to protect your site.
@@ -154,22 +178,27 @@ Callbacks are asynchronous functions you can use to control what happens when an

 #### Description

-Specify URLs to be used if you want to create custom sign in, and error pages. Pages specified will override the corresponding built-in page.
+Specify URLs to be used if you want to create custom sign-in and error pages. The pages specified will override the corresponding built-in page.

-:::note
-This should match the `pages` configuration that's found in `[...nextauth].ts`.
+:::info
+The `pages` configuration should match the same configuration in `[...nextauth].ts`. This is so that the `next-auth` Middleware is aware of your custom pages, so it won't end up redirecting to itself when an unauthenticated condition is met.
 :::

 #### Example (default value)

 ```js
-pages: {
-  signIn: '/api/auth/signin',
-  error: '/api/auth/error',
-}
+import { withAuth } from "next-auth/middleware"
+
+export default withAuth({
+  // Matches the pages config in `[...nextauth]`
+  pages: {
+    signIn: '/login',
+    error: '/error',
+  }
+})
 ```

-See the documentation for the [pages option](/configuration/pages) for more information.
+For more information, see the documentation for the [pages option](/configuration/pages).

 ---

@@ -179,7 +208,7 @@ See the documentation for the [pages option](/configuration/pages) for more info

 #### Description

-The same `secret` used in the [NextAuth.js config](/configuration/options#options).
+The same `secret` is used in the [NextAuth.js config](/configuration/options#options).

 #### Example (default value)

@@ -225,7 +254,6 @@ The `middleware` function will only be invoked if the `authorized` callback retu

 If you have a custom jwt decode method set in `[...nextauth].ts`, you must also pass the same `decode` method to `withAuth` in order to read the custom-signed JWT correctly. You may want to extract the encode/decode logic to a separate function for consistency.

-``
 ```ts title="/api/auth/[...nextauth].ts"
 import type { NextAuthOptions } from "next-auth"
 import NextAuth from "next-auth"
@@ -253,7 +281,7 @@ import withAuth from "next-auth/middleware"
 import { authOptions } from "pages/api/auth/[...nextauth]";

 export default withAuth({
-  jwt: { decode: authOptions.jwt },
+  jwt: { decode: authOptions.jwt?.decode },
  callbacks: {
    authorized: ({ token }) => !!token,
  },
--- a/docs/docs/configuration/options.md
+++ b/docs/docs/configuration/options.md
@@ -27,7 +27,7 @@ Using [System Environment Variables](https://vercel.com/docs/concepts/projects/e

 ### NEXTAUTH_SECRET

-Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](/adapters/models#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).
+Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](https://authjs.dev/reference/adapters#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).


 ### NEXTAUTH_URL_INTERNAL
@@ -310,7 +310,7 @@ events: {

 #### Description

-By default NextAuth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](/adapters/overview).
+By default NextAuth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](https://authjs.dev/reference/adapters).

 ---

--- a/docs/docs/configuration/providers/credentials.md
+++ b/docs/docs/configuration/providers/credentials.md
@@ -22,7 +22,7 @@ providers: [
    // You can pass any HTML attribute to the <input> tag through the object.
    credentials: {
      username: { label: "Username", type: "text", placeholder: "jsmith" },
-      password: {  label: "Password", type: "password" }
+      password: { label: "Password", type: "password" }
    },
    async authorize(credentials, req) {
      // You need to provide your own logic here that takes the credentials
--- a/docs/docs/configuration/providers/email.md
+++ b/docs/docs/configuration/providers/email.md
@@ -3,6 +3,12 @@ id: email
 title: Email
 ---

+### Install nodemailer
+
+```bash npm2yarn2pnpm
+npm install nodemailer
+```
+
 ### How to

 The Email provider sends "magic links" via email that the user can click on to sign in.
@@ -35,10 +41,10 @@ The email provider requires a database, it cannot be used without one.

 |          Name           |                                     Description                                     |               Type               | Required |
 | :---------------------: | :---------------------------------------------------------------------------------: | :------------------------------: | :------: |
-|           id            |                             Unique ID for the provider                              |             `string`             |   Yes    |
-|          name           |                          Descriptive name for the provider                          |             `string`             |   Yes    |
-|          type           |                       Type of provider, in this case `email`                        |            `"email"`             |   Yes    |
-|         server          |                     Path or object pointing to the email server                     |       `string` or `Object`       |   Yes    |
-| sendVerificationRequest |               Callback to execute when a verification request is sent               | `(params) => Promise<undefined>` |   Yes    |
+|           id            |                             Unique ID for the provider                              |             `string`             |    No    |
+|          name           |                          Descriptive name for the provider                          |             `string`             |    No    |
+|          type           |                       Type of provider, in this case `email`                        |            `"email"`             |    No    |
+|         server          |                     Path or object pointing to the email server                     |       `string` or `Object`       |   No    |
+| sendVerificationRequest |     Callback to execute to send a verification request, default uses nodemailer     | `(params) => Promise<undefined>` |    No    |
 |          from           |   The email address from which emails are sent, default: "<no-reply@example.com>"   |             `string`             |    No    |
 |         maxAge          | How long until the e-mail can be used to log the user in seconds. Defaults to 1 day |             `number`             |    No    |
--- a/docs/docs/deployment.md
+++ b/docs/docs/deployment.md
@@ -18,8 +18,8 @@ See below for more detailed provider settings.

 1. Make sure to expose the Vercel [System Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) in your project settings.
 2. Create a `NEXTAUTH_SECRET` environment variable for all environments.
-   a. You can use `openssl rand -base64 32` or https://generate-secret.vercel.app/32 to generate a random value.
-   b. You **do not** need the `NEXTAUTH_URL` environment variable in Vercel.
+    - You can use `openssl rand -base64 32` or https://generate-secret.vercel.app/32 to generate a random value.
+    - You **do not** need the `NEXTAUTH_URL` environment variable in Vercel.
 3. Add your provider's client ID and client secret to environment variables. _(Skip this step if not using an [OAuth Provider](/configuration/providers/oauth))_
 4. Deploy!

--- a/docs/docs/errors.md
+++ b/docs/docs/errors.md
@@ -21,7 +21,7 @@ This error occurs when the `SessionProvider` Context has a problem fetching sess

 #### CLIENT_FETCH_ERROR

-If you see `CLIENT_FETCH_ERROR` make sure you have configured the `NEXTAUTH_URL` environment variable.
+This can happen for multiple reasons. Make sure that you [configured](/configuration/initialization) NextAuth.js correctly, and if you used [`NEXTAUTH_URL`](https://next-auth.js.org/configuration/options#nextauth_url) that it's correctly set.

 ---

--- a/docs/docs/faq.md
+++ b/docs/docs/faq.md
@@ -207,7 +207,7 @@ NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by

 You can then look them up from the database or persist them to the JSON Web Token.

-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.
+Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](https://authjs.dev/guides/basics/refresh-token-rotation) if you want to implement it.

 We also have an [example repository](https://github.com/nextauthjs/next-auth-refresh-token-example) / project based upon NextAuth.js v4 where we demonstrate how to use a refresh token to refresh the provided access token.

@@ -289,7 +289,7 @@ Ultimately if your request is not accepted or is not actively in development, yo
 </summary>
 <p>

-NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/adapters/overview), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/configuration/options#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
+NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](https://authjs.dev/reference/adapters), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/configuration/options#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.

 </p>
 </details>
--- a/docs/docs/getting-started/client.md
+++ b/docs/docs/getting-started/client.md
@@ -148,10 +148,133 @@ Because of how `_app` is written, it won't unnecessarily contact the `/api/auth/

 More information can be found in the following [GitHub Issue](https://github.com/nextauthjs/next-auth/issues/1210).

-### NextAuth.js + React Query
+### Updating the session

-You can create your own session management solution using data fetching libraries like [React Query](https://tanstack.com/query/v4/docs/adapters/react-query) or [SWR](https://swr.vercel.app). You can use the [original implementation of `@next-auth/react-query`](https://github.com/nextauthjs/react-query) and look at the [`next-auth/react` source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/react/index.tsx) as a starting point.
+The `useSession()` hook exposes a `update(data?: any): Promise<Session | null>` method that can be used to update the session, without reloading the page.

+You can optionally pass an arbitrary object as the first argument, which will be accessible on the server to merge with the session object.
+
+If you are not passing any argument, the session will be reloaded from the server. (This is useful if you want to update the session after a server-side mutation, like updating in the database.)
+
+:::caution
+The data object is coming from the client, so it needs to be validated on the server before saving.
+:::
+
+#### Example
+
+```tsx title="pages/profile.tsx"
+import { useSession } from "next-auth/react"
+
+export default function Page() {
+  const { data: session, status, update } = useSession()
+
+  if (status === "authenticated") {
+    return (
+      <>
+        <p>Signed in as {session.user.name}</p>
+        
+        {/* Update the value by sending it to the backend. */}
+        <button onClick={() => update({ name: "John Doe" })}>
+          Edit name
+        </button>
+        {/*
+          * Only trigger a session update, assuming you already updated the value server-side.
+          * All `useSession().data` references will be updated.
+          */}
+        <button onClick={() => update()}>
+          Edit name
+        </button>
+      </>
+    )
+  }
+
+  return <a href="/api/auth/signin">Sign in</a>
+}
+```
+
+Assuming a `strategy: "jwt"` is used, the `update()` method will trigger a `jwt` callback with the `trigger: "update"` option. You can use this to update the session object on the server.
+
+```ts title="pages/api/auth/[...nextauth].ts"
+...
+export default NextAuth({
+  ...
+  callbacks: {
+    // Using the `...rest` parameter to be able to narrow down the type based on `trigger`
+    jwt({ token, trigger, session }) {
+      if (trigger === "update" && session?.name) {
+        // Note, that `session` can be any arbitrary object, remember to validate it!
+        token.name = session.name
+      }
+      return token
+    }
+  }
+})
+```
+
+Assuming a `strategy: "database"` is used, the `update()` method will trigger the `session` callback with the `trigger: "update"` option. You can use this to update the session object on the server.
+
+```ts title="pages/api/auth/[...nextauth].ts"
+...
+const adapter = PrismaAdapter(prisma)
+export default NextAuth({
+  ...
+  adapter,
+  callbacks: {
+    // Using the `...rest` parameter to be able to narrow down the type based on `trigger`
+    async session({ session, trigger, newSession }) {
+      // Note, that `rest.session` can be any arbitrary object, remember to validate it!
+      if (trigger === "update" && newSession?.name) {
+        // You can update the session in the database if it's not already updated.
+        // await adapter.updateUser(session.user.id, { name: newSession.name })
+
+        // Make sure the updated value is reflected on the client
+        session.name = newSession.name
+      }
+      return session
+    }
+  }
+})
+```
+
+### Refetching the session
+
+[`SessionProvider#refetchInterval`](#refetch-interval) and [`SessionProvider#refetchOnWindowFocus`](#refetch-on-window-focus) can be replaced with the `update()` method too.
+
+:::note
+The `update()` method won't sync between tabs as the `refetchInterval` and `refetchOnWindowFocus` options do.
+:::
+
+```tsx title="pages/profile.tsx"
+import {useEffect} from "react"
+import { useSession } from "next-auth/react"
+
+export default function Page() {
+  const { data: session, status, update } = useSession()
+
+  // Polling the session every 1 hour
+  useEffect(() => {
+    // TIP: You can also use `navigator.onLine` and some extra event handlers
+    // to check if the user is online and only update the session if they are.
+    // https://developer.mozilla.org/en-US/docs/Web/API/Navigator/onLine
+    const interval = setInterval(() => update(), 1000 * 60 * 60)
+    return () => clearInterval(interval)
+  }, [update])
+
+  // Listen for when the page is visible, if the user switches tabs
+  // and makes our tab visible again, re-fetch the session
+  useEffect(() => {
+    const visibilityHandler = () => document.visibilityState === "visible" && update()
+    window.addEventListener("visibilitychange", visibilityHandler, false)
+    return () => window.removeEventListener("visibilitychange", visibilityHandler, false)
+  }, [update])
+
+  return (
+    <pre>
+      {JSON.stringify(session, null, 2)}
+    </pre>
+  )
+}
+```
 ---

 ## getSession()
@@ -236,7 +359,7 @@ export default async (req, res) => {
 ```

 :::note
-Unlike and `getCsrfToken()`, when calling `getProviders()` server side, you don't need to pass anything, just as calling it client side.
+Unlike `getCsrfToken()`, when calling `getProviders()` server side, you don't need to pass anything, just as calling it client side.
 :::

 ---
@@ -396,7 +519,11 @@ where `data.url` is the validated URL you can redirect the user to without any f

 ## SessionProvider

-Using the supplied `<SessionProvider>` allows instances of `useSession()` to share the session object across components, by using [React Context](https://reactjs.org/docs/context.html) under the hood. It also takes care of keeping the session updated and synced between tabs/windows.
+:::note
+If you are using the App Router, we encourage you to use [`getServerSession`](/configuration/nextjs#getserversession) in server contexts instead. (`SessionProvider` *can* be used in the App Router, which might be the easier choice if you are migrating from pages.)
+:::
+
+Using the supplied `<SessionProvider>` allows instances of `useSession()` to share the session object across components, by using [React Context](https://react.dev/learn/passing-data-deeply-with-context) under the hood. It also takes care of keeping the session updated and synced between tabs/windows.

 ```jsx title="pages/_app.js"
 import { SessionProvider } from "next-auth/react"
@@ -479,6 +606,8 @@ If you are using a custom base path, and your application entry point is not at

 #### Refetch interval

+See [Session Refetching](#refetching-the-session) for an alternative option.
+
 The `refetchInterval` option can be used to contact the server to avoid a session expiring.

 When `refetchInterval` is set to `0` (the default) there will be no session polling.
@@ -491,6 +620,8 @@ By default, session polling will keep trying, even when the device has no intern

 #### Refetch On Window Focus

+See [Session Refetching](#refetching-the-session) for an alternative option.
+
 The `refetchOnWindowFocus` option can be used to control whether it automatically updates the session state when you switch a focus on tabs/windows.

 When `refetchOnWindowFocus` is set to `true` (the default) tabs/windows will be updated and initialize the components' state when they gain or lose focus.
--- a/docs/docs/getting-started/example.md
+++ b/docs/docs/getting-started/example.md
@@ -26,6 +26,8 @@ If you are using TypeScript, NextAuth.js comes with its types definitions within

 To add NextAuth.js to a project create a file called `[...nextauth].js` in `pages/api/auth`. This contains the dynamic route handler for NextAuth.js which will also contain all of your global NextAuth.js configurations.

+If you're using [Next.js 13.2](https://nextjs.org/blog/next-13-2#custom-route-handlers) or above with the new App Router (`app/`), you can initialize the configuration using the new [Route Handlers](https://nextjs.org/docs/app/building-your-application/routing/router-handlers) by following our [guide](https://next-auth.js.org/configuration/initialization#route-handlers-app).
+
 ```javascript title="pages/api/auth/[...nextauth].js" showLineNumbers
 import NextAuth from "next-auth"
 import GithubProvider from "next-auth/providers/github"
@@ -74,6 +76,7 @@ Instances of `useSession` will then have access to the session data and status.

 :::tip
 Check out the [client documentation](/getting-started/client) to see how you can improve the user experience and page performance by using the NextAuth.js client.
+If you are using the Next.js App Router, please note that `<SessionProvider />` requires a client component and therefore cannot be put inside the root layout. For more details, check out the [Next.js documentation](https://nextjs.org/docs/app/building-your-application/routing/pages-and-layouts).
 :::

 ### Frontend - Add React Hook
--- a/docs/docs/getting-started/introduction.md
+++ b/docs/docs/getting-started/introduction.md
@@ -16,7 +16,7 @@ It is designed from the ground up to support Next.js and Serverless.
 - Designed to work with any [OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect](/providers)
 - Built-in support for [many popular sign-in services](/configuration/providers/oauth)
 - Supports [email / passwordless authentication](/providers/email)
- Supports stateless authentication with [any backend](/adapters/overview) (Active Directory, LDAP, etc)
+- Supports stateless authentication with [any backend](https://authjs.dev/reference/adapters) (Active Directory, LDAP, etc)
 - Supports both JSON Web Tokens and database sessions
 - Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)

--- a/docs/docs/getting-started/typescript.md
+++ b/docs/docs/getting-started/typescript.md
@@ -6,7 +6,7 @@ title: TypeScript
 NextAuth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.

 Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-typescript-example
+https://github.com/nextauthjs/next-auth-example

 ---

--- a/docs/docs/getting-started/upgrade-to-v4.md
+++ b/docs/docs/getting-started/upgrade-to-v4.md
@@ -311,7 +311,7 @@ export default NextAuth({

 3. The `typeorm-legacy` adapter has been upgraded to use the newer adapter API, but has retained the `typeorm-legacy` name. We aim to migrate this to individual lighter weight adapters for each database type in the future, or switch out `typeorm`.

-4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](/adapters/mongodb).
+4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](https://authjs.dev/reference/adapter/mongodb).

 Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8 and https://github.com/nextauthjs/next-auth/pull/2361

@@ -319,7 +319,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8

 **This does not require any changes from the user - these are adapter specific changes only**

-The Adapter API has been rewritten and significantly simplified in NextAuth.js v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](/adapters/models/#verification-token).
+The Adapter API has been rewritten and significantly simplified in NextAuth.js v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](https://authjs.dev/reference/adapters#verification-token).

 If you are an adapter maintainer or are interested in writing your own adapter, you can find more information about this change in https://github.com/nextauthjs/next-auth/pull/2361 and release https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.22.

@@ -351,8 +351,8 @@ User {
  id
  name
  email
- emailVerified
-+ email_verified
+ emailVerified
+- email_verified
  image
 -  created_at
 -  updated_at
@@ -405,7 +405,7 @@ VerificationToken {
 </pre>
 </details>

-For more info, see the [Models page](/adapters/models).
+For more info, see the [Models page](https://authjs.dev/reference/adapters#models).

 ### Database migration

--- a/docs/docs/guides/fullstack.md
+++ b/docs/docs/guides/fullstack.md
@@ -3,7 +3,7 @@ id: fullstack
 title: Fullstack
 ---

-### [Refresh Token Rotation](/tutorials/refresh-token-rotation)
+### [Refresh Token Rotation](https://authjs.dev/guides/basics/refresh-token-rotation)

 - How to implement refresh token rotation.

@@ -21,7 +21,7 @@ title: Fullstack

 ## Database

-### [Custom models with TypeORM](/adapters/typeorm#custom-models)
+### [Custom models with TypeORM](https://authjs.dev/reference/adapter/typeorm#custom-models)

 - How to use models with custom properties using the TypeORM adapter.

@@ -29,6 +29,6 @@ title: Fullstack

 - How to create a custom adapter, to use any database to fetch and store user / account data.

-### [Adding role based login to database session strategy](/tutorials/role-based-login-strategy)
+### [Adding role based login to database session strategy](https://authjs.dev/guides/basics/role-based-access-control)

 - Implement a role based login system by adding a custom session callback.
--- a/docs/docs/providers/42.md
+++ b/docs/docs/providers/42.md
@@ -4,7 +4,7 @@ title: 42 School
 ---

 :::note
-42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](/adapters/overview).
+42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
 :::

 ## Documentation
--- a/docs/docs/providers/azure-ad-b2c.md
+++ b/docs/docs/providers/azure-ad-b2c.md
@@ -11,7 +11,7 @@ Azure AD B2C returns the following fields on `Account`:
 - `id_token_expires_in` (number)
 - `profile_info` (string).

-See their [docs](https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens). Remember to add these fields to your database schema, in case if you are using an [Adapter](/adapters/overview).
+See their [docs](https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens). Remember to add these fields to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
 :::

 ## Documentation
--- a/docs/docs/providers/azure-ad.md
+++ b/docs/docs/providers/azure-ad.md
@@ -3,6 +3,17 @@ id: azure-ad
 title: Azure Active Directory
 ---

+:::note
+Azure Active Directory returns the following fields on `Account`:
+
+- `token_type` (string)
+- `expires_in` (number)
+- `ext_expires_in` (number)
+- `access_token` (string).
+
+Remember to add these fields to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+:::
+
 ## Documentation

 https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
@@ -20,7 +31,7 @@ https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-regis
 - Pay close attention to "Who can use this application or access this API?"
  - This allows you to scope access to specific types of user accounts
  - Only your tenant, all azure tenants, or all azure tenants and public Microsoft accounts (Skype, Xbox, Outlook.com, etc.)
- When asked for a redirection URL, use `https://yourapplication.com/api/auth/callback/azure-ad` or for development `http://localhost:3000/api/auth/callback/azure-ad`.
+- When asked for a redirection URL, select the platform type "Web" and use `https://yourapplication.com/api/auth/callback/azure-ad` or for development `http://localhost:3000/api/auth/callback/azure-ad`.
 - After your App Registration is created, under "Client Credential" create your Client secret.
 - Now copy your:
  - Application (client) ID
@@ -37,6 +48,10 @@ AZURE_AD_TENANT_ID=<copy the tenant id here>

 That will default the tenant to use the `common` authorization endpoint. [For more details see here](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints).

+:::note
+When you see `ResourceNotFound` error code while accessing an API, make sure to use the correct tenant ID. For instance, when the intended access is for a personal account, the tenant ID should not be provided.
+:::
+
 :::note
 Azure AD returns the profile picture in an ArrayBuffer, instead of just a URL to the image, so our provider converts it to a base64 encoded image string and returns that instead. See: https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples. The default image size is 48x48 to avoid [running out of space](https://next-auth.js.org/faq#:~:text=What%20are%20the%20disadvantages%20of%20JSON%20Web%20Tokens%3F) in case the session is saved as a JWT.
 :::
--- a/docs/docs/providers/credentials.md
+++ b/docs/docs/providers/credentials.md
@@ -125,7 +125,7 @@ providers: [
      return user
    },
    credentials: {
-      email: { label: "Username", type: "text ", placeholder: "jsmith" },
+      username: { label: "Username", type: "text ", placeholder: "jsmith" },
      "2fa-key": { label: "2FA Key" },
    },
  }),
--- a/docs/docs/providers/email.md
+++ b/docs/docs/providers/email.md
@@ -32,11 +32,19 @@ You can override any of the options to suit your own use case.

 ## Configuration

+NextAuth.js lets you send emails either via HTTP or SMTP.
+
+### HTTP
+
+Check out our [HTTP-based Email Provider](https://authjs.dev/guides/providers/email-http) guide.
+
+### SMTP
+
 1. NextAuth.js does not include `nodemailer` as a dependency, so you'll need to install it yourself if you want to use the Email Provider. Run `npm install nodemailer` or `yarn add nodemailer`.
 2. You will need an SMTP account; ideally for one of the [services known to work with `nodemailer`](https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/).
 3. There are two ways to configure the SMTP server connection.

-You can either use a connection string or a `nodemailer` configuration object.
+You can either use a connection string or a `nodemailer` configuration object or transport.

 2.1 **Using a connection string**

@@ -92,7 +100,7 @@ providers: [
 ],
 ```

-3. Do not forget to setup one of the database [adapters](/adapters/overview) for storing the Email verification token.
+3. Do not forget to setup one of the database [adapters](https://authjs.dev/reference/adapters) for storing the Email verification token.

 4. You can now sign in with an email address at `/api/auth/signin`.

@@ -252,3 +260,27 @@ By default, NextAuth.js will normalize the email address. It treats values as ca
 :::warning
 Always make sure this returns a single e-mail address, even if multiple ones were passed in.
 :::
+
+
+## Sending Magic Links To Existing Users
+
+You can ensure that only existing users are sent a magic login link. You will need to grab the email the user entered and check your database to see if the email already exists in the "User" collection in your database. If it exists, it will send the user a magic link but otherwise, you can send the user to another page, such as "/register". 
+
+  ```js title="pages/api/auth/[...nextauth].js"
+  import User from "../../../models/User"; 
+  import db from "../../../utils/db"; 
+  ...
+  callbacks: {
+    async signIn({ user, account, email }) { 
+      await db.connect(); 
+      const userExists = await User.findOne({ 
+        email: user.email,  //the user object has an email property, which contains the email the user entered.
+      });
+      if (userExists) {
+        return true;   //if the email exists in the User collection, email them a magic login link
+      } else {
+        return "/register"; 
+      }
+    },
+   ...
+  ``` 
--- a/docs/docs/providers/github.md
+++ b/docs/docs/providers/github.md
@@ -4,7 +4,7 @@ title: GitHub
 ---

 :::note
-GitHub returns a field on `Account` called `refresh_token_expires_in` which is a number. See their [docs](https://docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens#response). Remember to add this field to your database schema, in case if you are using an [Adapter](/adapters/overview).
+GitHub returns a field on `Account` called `refresh_token_expires_in` which is a number. See their [docs](https://docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens#response). Remember to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
 :::

 ## Documentation
--- a/docs/docs/providers/gitlab.md
+++ b/docs/docs/providers/gitlab.md
@@ -3,6 +3,10 @@ id: gitlab
 title: GitLab
 ---

+:::note
+GitLab returns a field on `Account` called `created_at` which is a number. See their [docs](https://docs.gitlab.com/ee/api/oauth2.html). Remember to add this field as optional to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+:::
+
 ## Documentation

 https://docs.gitlab.com/ee/api/oauth2.html
--- a/docs/docs/providers/kakao.md
+++ b/docs/docs/providers/kakao.md
@@ -15,7 +15,7 @@ https://developers.kakao.com/docs/latest/en/kakaologin/common

 The **Kakao Provider** comes with a set of default options:

- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/kakao.js)
+- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/kakao.ts)

 You can override any of the options to suit your own use case.

--- a/docs/docs/providers/salesforce.md
+++ b/docs/docs/providers/salesforce.md
@@ -11,7 +11,7 @@ https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=5

 The **Salesforce Provider** comes with a set of default options:

- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/salesforce.js)
+- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/salesforce.ts)

 You can override any of the options to suit your own use case.

--- a/docs/docs/providers/twitter.md
+++ b/docs/docs/providers/twitter.md
@@ -4,7 +4,7 @@ title: Twitter
 ---

 :::note
-Twitter is currently the only built-in provider using the OAuth 1.0 spec. This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](/adapters/overview).
+Twitter is currently the only built-in provider using the OAuth 1.0 spec. This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
 :::

 ## Documentation
--- a/docs/docs/providers/vk.md
+++ b/docs/docs/providers/vk.md
@@ -15,7 +15,7 @@ https://vk.com/apps?act=manage

 The **VK Provider** comes with a set of default options:

- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/vk.js)
+- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/vk.ts)

 You can override any of the options to suit your own use case.

@@ -34,7 +34,7 @@ providers: [
 ```

 :::note
-By default the provider uses `5.126` version of the API. See https://vk.com/dev/versions for more info.
+By default the provider uses `5.131` version of the API. See https://vk.com/dev/versions for more info.
 :::

 If you want to use a different version, you can pass it to provider's options object:
@@ -42,7 +42,7 @@ If you want to use a different version, you can pass it to provider's options ob
 ```js
 // pages/api/auth/[...nextauth].js

-const apiVersion = "5.126"
+const apiVersion = "5.131"
 ...
 providers: [
  VkProvider({
--- a/docs/docs/providers/zoho.md
+++ b/docs/docs/providers/zoho.md
@@ -3,6 +3,10 @@ id: zoho
 title: Zoho
 ---

+:::note
+Zoho returns a field on `Account` called `api_domain` which is a string. See their [docs](https://www.zoho.com/accounts/protocol/oauth/web-apps/access-token.html). Remember to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+:::
+
 ## Documentation

 https://www.zoho.com/accounts/protocol/oauth/web-server-applications.html
--- a/docs/docs/tutorials/avoid-corporate-link-checking-email-provider.md
+++ b/docs/docs/tutorials/avoid-corporate-link-checking-email-provider.md
@@ -30,7 +30,7 @@ import NextAuth from "next-auth"
 export default async function auth(req: NextApiRequest, res: NextApiResponse) {

  if(req.method === "HEAD") {
-     return res.status(200)
+     return res.status(200).end()
  }

  ...
--- a/docs/docs/tutorials/creating-a-database-adapter.md
+++ b/docs/docs/tutorials/creating-a-database-adapter.md
@@ -7,7 +7,7 @@ Using a custom adapter you can connect to any database back-end or even several

 ## How to create an adapter

-For more information about the data these methods need to manage see [models](/adapters/models).
+For more information about the data these methods need to manage see [models](https://authjs.dev/reference/adapters#models).

 _See the code below for practical example._

--- a/docs/docs/tutorials/refresh-token-rotation.md
+++ b/docs/docs/tutorials/refresh-token-rotation.md
@@ -1,137 +0,0 @@
---
-id: refresh-token-rotation
-title: Refresh Token Rotation
---
-
-While NextAuth.js doesn't automatically handle access token rotation for OAuth providers yet, this functionality can be implemented using [callbacks](https://next-auth.js.org/configuration/callbacks).
-
-## Source Code
-
-A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
-
-## Implementation
-
-### Server Side
-
-Using a [JWT callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) and a [session callback](https://next-auth.js.org/configuration/callbacks#session-callback), we can persist OAuth tokens and refresh them when they expire.
-
-Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
-
-```js title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-
-const GOOGLE_AUTHORIZATION_URL =
-  "https://accounts.google.com/o/oauth2/v2/auth?" +
-  new URLSearchParams({
-    prompt: "consent",
-    access_type: "offline",
-    response_type: "code",
-  })
-
-/**
- * Takes a token, and returns a new token with updated
- * `accessToken` and `accessTokenExpires`. If an error occurs,
- * returns the old token and an error property
- */
-async function refreshAccessToken(token) {
-  try {
-    const url =
-      "https://oauth2.googleapis.com/token?" +
-      new URLSearchParams({
-        client_id: process.env.GOOGLE_CLIENT_ID,
-        client_secret: process.env.GOOGLE_CLIENT_SECRET,
-        grant_type: "refresh_token",
-        refresh_token: token.refreshToken,
-      })
-
-    const response = await fetch(url, {
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      method: "POST",
-    })
-
-    const refreshedTokens = await response.json()
-
-    if (!response.ok) {
-      throw refreshedTokens
-    }
-
-    return {
-      ...token,
-      accessToken: refreshedTokens.access_token,
-      accessTokenExpires: Date.now() + refreshedTokens.expires_at * 1000,
-      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
-    }
-  } catch (error) {
-    console.log(error)
-
-    return {
-      ...token,
-      error: "RefreshAccessTokenError",
-    }
-  }
-}
-
-export default NextAuth({
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      authorization: GOOGLE_AUTHORIZATION_URL,
-    }),
-  ],
-  callbacks: {
-    async jwt({ token, user, account }) {
-      // Initial sign in
-      if (account && user) {
-        return {
-          accessToken: account.access_token,
-          accessTokenExpires: Date.now() + account.expires_at * 1000,
-          refreshToken: account.refresh_token,
-          user,
-        }
-      }
-
-      // Return previous token if the access token has not expired yet
-      if (Date.now() < token.accessTokenExpires) {
-        return token
-      }
-
-      // Access token has expired, try to update it
-      return refreshAccessToken(token)
-    },
-    async session({ session, token }) {
-      session.user = token.user
-      session.accessToken = token.accessToken
-      session.error = token.error
-
-      return session
-    },
-  },
-})
-```
-
-### Client Side
-
-The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed all the way to the client. This means that you can direct the user to the sign in flow if we cannot refresh their token.
-
-We can handle this functionality as a side effect:
-
-```js title="pages/home.js"
-import { signIn, useSession } from "next-auth/react";
-import { useEffect } from "react";
-
-const HomePage() {
-  const { data: session } = useSession();
-
-  useEffect(() => {
-    if (session?.error === "RefreshAccessTokenError") {
-      signIn(); // Force sign in to hopefully resolve error
-    }
-  }, [session]);
-
-return (...)
-}
-```
--- a/docs/docs/tutorials/role-based-login-strategy.md
+++ b/docs/docs/tutorials/role-based-login-strategy.md
@@ -1,61 +0,0 @@
-To add role based authentication to your application, you must do three things.
-
-1. Update your database schema
-2. Add the `role` to the session object
-3. Check for `role` in your pages/components
-
-First modify the `user` table and add a `role` column with the type of `String?`.
-
-Below is an example Prisma schema file.
-
-```javascript title="/prisma/schema.prisma"
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  role          String?  // New Column
-  accounts      Account[]
-  sessions      Session[]
-}
-
-```
-
-Next, implement a custom session callback in the `[...nextauth].js` file, as shown below.
-
-```javascript title="/pages/api/auth/[...nextauth].js"
-callbacks: {
-  async session({ session, token, user }) {
-    session.user.role = user.role; // Add role value to user object so it is passed along with session
-    return session;
-  }
-},
-```
-
-Going forward, when using the `getSession` hook, check that `session.user.role` matches the required role. The example below assumes the role `'admin'` is required.
-
-```javascript title="/pages/admin.js"
-import { getSession } from "next-auth/react"
-
-export default function Page() {
-  const session = await getSession({ req })
-
-  if (session && session.user.role === "admin") {
-    return (
-      <div>
-        <h1>Admin</h1>
-        <p>Welcome to the Admin Portal!</p>
-      </div>
-    )
-  } else {
-    return (
-      <div>
-        <h1>You are not authorized to view this page!</h1>
-      </div>
-    )
-  }
-}
-```
-
-Then it is up to you how you manage your roles, either through direct database access or building your own role update API.
--- a/docs/package.json
+++ b/docs/package.json
@@ -7,7 +7,7 @@
  "name": "next-auth-docs",
  "version": "0.2.0",
  "scripts": {
-    "start": "npm run generate-providers && docusaurus start --no-open --port 8000",
+    "start": "npm run generate-providers && docusaurus start --no-open",
    "dev": "npm run start",
    "build": "npm run generate-providers && docusaurus build",
    "docusaurus": "docusaurus",
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -49,28 +49,7 @@ module.exports = {
        },
      ],
    },
-    {
-      type: "category",
-      label: "Adapters",
-      link: { type: "doc", id: "adapters/overview" },
-      collapsed: true,
-      items: [
-        "adapters/models",
-        "adapters/prisma",
-        "adapters/fauna",
-        "adapters/dynamodb",
-        "adapters/firebase",
-        "adapters/pouchdb",
-        "adapters/mongodb",
-        "adapters/neo4j",
-        "adapters/typeorm",
-        "adapters/sequelize",
-        "adapters/supabase",
-        "adapters/mikro-orm",
-        "adapters/dgraph",
-        "adapters/upstash-redis",
-      ],
-    },
+    "adapters",
    "warnings",
    "errors",
    "deployment",
--- a/docs/vercel.json
+++ b/docs/vercel.json
@@ -4,28 +4,14 @@
    {
      "source": "/(.*)",
      "headers": [
-        {
-          "key": "X-Content-Type-Options",
-          "value": "nosniff"
-        },
-        {
-          "key": "X-Frame-Options",
-          "value": "DENY"
-        },
-        {
-          "key": "X-XSS-Protection",
-          "value": "1; mode=block"
-        }
+        { "key": "X-Content-Type-Options", "value": "nosniff" },
+        { "key": "X-Frame-Options", "value": "DENY" },
+        { "key": "X-XSS-Protection", "value": "1; mode=block" }
      ]
    },
    {
      "source": "/beta(.*)",
-      "headers": [
-        {
-          "key": "X-Robots-Tag",
-          "value": "noindex"
-        }
-      ]
+      "headers": [{ "key": "X-Robots-Tag", "value": "noindex" }]
    }
  ],
  "redirects": [
@@ -69,6 +55,51 @@
      "destination": "https://authjs.dev/reference/adapter/firebase",
      "permanent": true
    },
+    {
+      "source": "/adapters/dgraph",
+      "destination": "https://authjs.dev/reference/adapter/dgraph",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/prisma",
+      "destination": "https://authjs.dev/reference/adapter/prisma",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/typeorm",
+      "destination": "https://authjs.dev/reference/adapter/typeorm",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/mongodb",
+      "destination": "https://authjs.dev/reference/adapter/mongodb",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/dynamodb",
+      "destination": "https://authjs.dev/reference/adapter/dynamodb",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/fauna",
+      "destination": "https://authjs.dev/reference/adapter/fauna",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/pouchdb",
+      "destination": "https://authjs.dev/reference/adapter/pouchdb",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/overview",
+      "destination": "https://authjs.dev/reference/adapters",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/models",
+      "destination": "https://authjs.dev/reference/adapters#models",
+      "permanent": true
+    },
    {
      "source": "/tutorials/refresh-token-rotation",
      "destination": "https://authjs.dev/guides/basics/refresh-token-rotation",
--- a/docs/versioned_docs/version-v3/adapters/prisma.md
+++ b/docs/versioned_docs/version-v3/adapters/prisma.md
@@ -118,7 +118,7 @@ Once you have saved your schema, use the Prisma CLI to generate the Prisma Clien
 npx prisma generate
 ```

-To configure you database to use the new schema (i.e. create tables and columns) use the `prisma migrate` command:
+To configure your database to use the new schema (i.e. create tables and columns) use the `prisma migrate` command:

 ```
 npx prisma migrate dev
--- a/docs/versioned_docs/version-v3/configuration/databases.md
+++ b/docs/versioned_docs/version-v3/configuration/databases.md
@@ -18,7 +18,7 @@ NextAuth.js comes with multiple ways of connecting to a database:

 **This document covers the default adapter (TypeORM).**

-See the [documentation for adapters](/adapters/overview) to learn more about using Prisma adapter or using a custom adapter.
+See the [documentation for adapters](https://authjs.dev/reference/adapters) to learn more about using Prisma adapter or using a custom adapter.

 To learn more about databases in NextAuth.js and how they are used, check out [databases in the FAQ](/faq#databases).

@@ -218,4 +218,4 @@ database: "sqlite://localhost/:memory:"

 ## Other databases

-See the [documentation for adapters](/adapters/overview) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).
+See the [documentation for adapters](https://authjs.dev/reference/adapters) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).
--- a/docs/versioned_docs/version-v3/configuration/options.md
+++ b/docs/versioned_docs/version-v3/configuration/options.md
@@ -309,7 +309,7 @@ By default NextAuth.js uses a database adapter that uses TypeORM and supports My

 You can use the `adapter` option to use the Prisma adapter - or pass in your own adapter if you want to use a database that is not supported by one of the built-in adapters.

-See the [adapter documentation](/adapters/overview) for more information.
+See the [adapter documentation](https://authjs.dev/reference/adapters) for more information.

 :::note
 If the `adapter` option is specified it overrides the `database` option, only specify one or the other.
--- a/docs/versioned_docs/version-v3/faq.md
+++ b/docs/versioned_docs/version-v3/faq.md
@@ -117,7 +117,7 @@ NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by

 You can then look them up from the database or persist them to the JSON Web Token.

-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.
+Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](https://authjs.dev/guides/basics/refresh-token-rotation) if you want to implement it.

 ### When I sign in with another account with the same email address, why are accounts not linked automatically?

--- a/docs/versioned_docs/version-v3/tutorials/refresh-token-rotation.md
+++ b/docs/versioned_docs/version-v3/tutorials/refresh-token-rotation.md
@@ -121,7 +121,7 @@ The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()`

 We can handle this functionality as a side effect:

-```js title="pages/api/auth/[...nextauth].js"
+```js title="pages/index.js"
 import { signIn, useSession } from "next-auth/client";
 import { useEffect } from "react";

--- a/docs/versioned_docs/version-v3/tutorials/typeorm-custom-models.md
+++ b/docs/versioned_docs/version-v3/tutorials/typeorm-custom-models.md
@@ -3,7 +3,7 @@ id: typeorm-custom-models
 title: Custom models with TypeORM
 ---

-NextAuth.js provides a set of [models and schemas](/adapters/models) for the built-in TypeORM adapter that you can easily extend.
+NextAuth.js provides a set of [models and schemas](https://authjs.dev/reference/adapters#models) for the built-in TypeORM adapter that you can easily extend.

 You can use these models with MySQL, MariaDB, Postgres, MongoDB and SQLite.

--- a/packages/next-auth/README.md
+++ b/packages/next-auth/README.md
@@ -41,7 +41,7 @@ This is a monorepo containing the following packages / projects:
 ## Getting Started

 ```
-npm install --save next-auth
+npm install next-auth
 ```

 The easiest way to continue getting started, is to follow the [getting started](https://next-auth.js.org/getting-started/example) section in our docs.
@@ -168,7 +168,7 @@ export default function App({

 ## Security

-If you think you have found a vulnerability (or not sure) in NextAuth.js or any of the related packages (i.e. Adapters), we ask you to have a read of our [Security Policy](https://github.com/nextauthjs/next-auth/blob/main/SECURITY.md) to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.
+If you think you have found a vulnerability (or not sure) in NextAuth.js or any of the related packages (i.e. Adapters), we ask you to have a read of our [Security Policy](https://github.com/nextauthjs/next-auth/security/policy) to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.

 ## Acknowledgments

@@ -204,8 +204,8 @@ We're happy to announce we've recently created an [OpenCollective](https://openc
        <sub>🥉 Bronze Financial Sponsor</sub>
      </td>
      <td align="center" valign="top">
-        <a href="https://clerk.dev" target="_blank">
-          <img width="128px" src="https://avatars.githubusercontent.com/u/49538330?s=200&v=4" alt="Prisma Logo" />
+        <a href="https://clerk.com" target="_blank">
+          <img width="128px" src="https://avatars.githubusercontent.com/u/49538330?s=200&v=4" alt="Clerk Logo" />
        </a><br />
        <div>Clerk</div><br />
        <sub>🥉 Bronze Financial Sponsor</sub>
@@ -247,7 +247,7 @@ We're happy to announce we've recently created an [OpenCollective](https://openc
 ## Contributing

 We're open to all community contributions! If you'd like to contribute in any way, please first read
-our [Contributing Guide](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md).
+our [Contributing Guide](https://github.com/nextauthjs/.github/blob/main/CONTRIBUTING.md).

 ## License

--- a/packages/next-auth/package.json
+++ b/packages/next-auth/package.json
@@ -1,6 +1,6 @@
 {
  "name": "next-auth",
-  "version": "4.20.1",
+  "version": "4.23.2",
  "description": "Authentication for Next.js",
  "homepage": "https://next-auth.js.org",
  "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -9,7 +9,7 @@
    "Balázs Orbán <info@balazsorban.com>",
    "Nico Domino <yo@ndo.dev>",
    "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>"
+    "Thang Huu Vu <hi@thvu.dev>"
  ],
  "main": "index.js",
  "module": "index.js",
@@ -27,19 +27,42 @@
    "nextauth"
  ],
  "exports": {
-    ".": "./index.js",
-    "./jwt": "./jwt/index.js",
-    "./react": "./react/index.js",
-    "./core": "./core/index.js",
-    "./next": "./next/index.js",
-    "./middleware": "./middleware.js",
-    "./client/_utils": "./client/_utils.js",
-    "./providers/*": "./providers/*.js"
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./index.js"
+    },
+    "./adapters": {
+      "types": "./adapters.d.ts"
+    },
+    "./jwt": {
+      "types": "./jwt/index.d.ts",
+      "default": "./jwt/index.js"
+    },
+    "./react": {
+      "types": "./react/index.d.ts",
+      "default": "./react/index.js"
+    },
+    "./next": {
+      "types": "./next/index.d.ts",
+      "default": "./next/index.js"
+    },
+    "./middleware": {
+      "types": "./middleware.d.ts",
+      "default": "./middleware.js"
+    },
+    "./client/_utils": {
+      "types": "./client/_utils.d.ts",
+      "default": "./client/_utils.js"
+    },
+    "./providers/*": {
+      "types": "./providers/*.d.ts",
+      "default": "./providers/*.js"
+    }
  },
  "scripts": {
    "build": "pnpm clean && pnpm build:js && pnpm build:css",
    "build:js": "pnpm clean && pnpm generate-providers && pnpm tsc --project tsconfig.json && babel --config-file ./config/babel.config.js src --out-dir . --extensions \".tsx,.ts,.js,.jsx\"",
-    "clean": "rm -rf coverage client css utils providers core jwt react next index.d.ts index.js adapters.d.ts middleware.d.ts middleware.js",
+    "clean": "rm -rf coverage client css utils providers core jwt react next lib ./*.js ./*.ts*",
    "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir . && node config/wrap-css.js",
    "dev": "pnpm clean && pnpm generate-providers && concurrently \"pnpm watch:css\" \"pnpm watch:ts\"",
    "watch:ts": "pnpm tsc --project tsconfig.dev.json",
@@ -50,20 +73,18 @@
    "lint": "eslint src config tests"
  },
  "files": [
-    "lib",
+    "client",
+    "core",
    "css",
    "jwt",
-    "react",
+    "lib",
    "next",
-    "client",
    "providers",
-    "core",
-    "index.d.ts",
-    "index.js",
-    "adapters.d.ts",
-    "middleware.d.ts",
-    "middleware.js",
-    "utils"
+    "react",
+    "src",
+    "utils",
+    "*.d.ts*",
+    "*.js"
  ],
  "license": "ISC",
  "dependencies": {
@@ -109,7 +130,7 @@
    "@types/node": "^17.0.42",
    "@types/nodemailer": "^6.4.4",
    "@types/oauth": "^0.9.1",
-    "@types/react": "^18.0.15",
+    "@types/react": "18.0.37",
    "@types/react-dom": "^18.0.6",
    "autoprefixer": "^10.4.7",
    "babel-plugin-jsx-pragmatic": "^1.0.2",
@@ -120,7 +141,7 @@
    "jest-environment-jsdom": "^28.1.1",
    "jest-watch-typeahead": "^1.1.0",
    "msw": "^0.42.3",
-    "next": "13.0.6",
+    "next": "13.3.0",
    "postcss": "^8.4.14",
    "postcss-cli": "^9.1.0",
    "postcss-nested": "^5.0.6",
--- a/packages/next-auth/src/adapters.ts
+++ b/packages/next-auth/src/adapters.ts
@@ -59,37 +59,22 @@ export interface VerificationToken {
 * [Adapters Overview](https://next-auth.js.org/adapters/overview) |
 * [Create a custom adapter](https://next-auth.js.org/tutorials/creating-a-database-adapter)
 */
-export type Adapter<WithVerificationToken = boolean> = DefaultAdapter &
-  (WithVerificationToken extends true
-    ? {
-        createVerificationToken: (
-          verificationToken: VerificationToken
-        ) => Awaitable<VerificationToken | null | undefined>
-        /**
-         * Return verification token from the database
-         * and delete it so it cannot be used again.
-         */
-        useVerificationToken: (params: {
-          identifier: string
-          token: string
-        }) => Awaitable<VerificationToken | null>
-      }
-    : {})
-
-export interface DefaultAdapter {
-  createUser: (user: Omit<AdapterUser, "id">) => Awaitable<AdapterUser>
-  getUser: (id: string) => Awaitable<AdapterUser | null>
-  getUserByEmail: (email: string) => Awaitable<AdapterUser | null>
+export interface Adapter {
+  createUser?: (user: Omit<AdapterUser, "id">) => Awaitable<AdapterUser>
+  getUser?: (id: string) => Awaitable<AdapterUser | null>
+  getUserByEmail?: (email: string) => Awaitable<AdapterUser | null>
  /** Using the provider id and the id of the user for a specific account, get the user. */
-  getUserByAccount: (
+  getUserByAccount?: (
    providerAccountId: Pick<AdapterAccount, "provider" | "providerAccountId">
  ) => Awaitable<AdapterUser | null>
-  updateUser: (user: Partial<AdapterUser>) => Awaitable<AdapterUser>
+  updateUser?: (
+    user: Partial<AdapterUser> & Pick<AdapterUser, "id">
+  ) => Awaitable<AdapterUser>
  /** @todo Implement */
  deleteUser?: (
    userId: string
  ) => Promise<void> | Awaitable<AdapterUser | null | undefined>
-  linkAccount: (
+  linkAccount?: (
    account: AdapterAccount
  ) => Promise<void> | Awaitable<AdapterAccount | null | undefined>
  /** @todo Implement */
@@ -97,15 +82,15 @@ export interface DefaultAdapter {
    providerAccountId: Pick<AdapterAccount, "provider" | "providerAccountId">
  ) => Promise<void> | Awaitable<AdapterAccount | undefined>
  /** Creates a session for the user and returns it. */
-  createSession: (session: {
+  createSession?: (session: {
    sessionToken: string
    userId: string
    expires: Date
  }) => Awaitable<AdapterSession>
-  getSessionAndUser: (
+  getSessionAndUser?: (
    sessionToken: string
  ) => Awaitable<{ session: AdapterSession; user: AdapterUser } | null>
-  updateSession: (
+  updateSession?: (
    session: Partial<AdapterSession> & Pick<AdapterSession, "sessionToken">
  ) => Awaitable<AdapterSession | null | undefined>
  /**
@@ -113,7 +98,7 @@ export interface DefaultAdapter {
   * It is preferred that this method also returns the session
   * that is being deleted for logging purposes.
   */
-  deleteSession: (
+  deleteSession?: (
    sessionToken: string
  ) => Promise<void> | Awaitable<AdapterSession | null | undefined>
  createVerificationToken?: (
--- a/packages/next-auth/src/client/_utils.ts
+++ b/packages/next-auth/src/client/_utils.ts
@@ -18,8 +18,8 @@ export interface AuthClientConfig {
 }

 export interface CtxOrReq {
-  req?: IncomingMessage
-  ctx?: { req: IncomingMessage }
+  req?: Partial<IncomingMessage> & { body?: any }
+  ctx?: { req: Partial<IncomingMessage> & { body?: any } }
 }

 /**
@@ -37,9 +37,18 @@ export async function fetchData<T = any>(
 ): Promise<T | null> {
  const url = `${apiBaseUrl(__NEXTAUTH)}/${path}`
  try {
-    const options = req?.headers.cookie
-      ? { headers: { cookie: req.headers.cookie } }
-      : {}
+    const options: RequestInit = {
+      headers: {
+        "Content-Type": "application/json",
+        ...(req?.headers?.cookie ? { cookie: req.headers.cookie } : {}),
+      },
+    }
+
+    if (req?.body) {
+      options.body = JSON.stringify(req.body)
+      options.method = "POST"
+    }
+
    const res = await fetch(url, options)
    const data = await res.json()
    if (!res.ok) throw data
--- a/packages/next-auth/src/core/errors.ts
+++ b/packages/next-auth/src/core/errors.ts
@@ -1,4 +1,4 @@
-import type { EventCallbacks, LoggerInstance } from ".."
+import type { EventCallbacks, InternalOptions, LoggerInstance } from ".."

 /**
 * Same as the default `Error`, but it is JSON serializable.
@@ -106,7 +106,7 @@ export function eventsErrorHandler(
 export function adapterErrorHandler<TAdapter>(
  adapter: TAdapter | undefined,
  logger: LoggerInstance
-): TAdapter | undefined {
+): InternalOptions["adapter"] | undefined {
  if (!adapter) return

  return Object.keys(adapter).reduce<any>((acc, name) => {
--- a/packages/next-auth/src/core/index.ts
+++ b/packages/next-auth/src/core/index.ts
@@ -1,5 +1,5 @@
 import logger, { setLogger } from "../utils/logger"
-import { detectHost } from "../utils/detect-host"
+import { detectOrigin } from "../utils/detect-origin"
 import * as routes from "./routes"
 import renderPage from "./pages"
 import { init } from "./init"
@@ -13,7 +13,7 @@ import { parse as parseCookie } from "cookie"

 export interface RequestInternal {
  /** @default "http://localhost:3000" */
-  host?: string
+  origin?: string
  method?: string
  cookies?: Partial<Record<string, string>>
  headers?: Record<string, any>
@@ -70,10 +70,18 @@ async function toInternalRequest(
      cookies: parseCookie(req.headers.get("cookie") ?? ""),
      providerId: nextauth[1],
      error: url.searchParams.get("error") ?? nextauth[1],
-      host: detectHost(headers["x-forwarded-host"] ?? headers.host),
+      origin: detectOrigin(
+        headers["x-forwarded-host"] ?? headers.host,
+        headers["x-forwarded-proto"]
+      ),
      query,
    }
  }
+
+  const { headers } = req
+  const host = headers?.["x-forwarded-host"] ?? headers?.host
+  req.origin = detectOrigin(host, headers?.["x-forwarded-proto"])
+
  return req
 }

@@ -132,7 +140,7 @@ export async function AuthHandler<
    authOptions,
    action,
    providerId,
-    host: req.host,
+    origin: req.origin,
    callbackUrl: req.body?.callbackUrl ?? req.query?.callbackUrl,
    csrfToken: req.body?.csrfToken,
    cookies: req.cookies,
@@ -231,7 +239,7 @@ export async function AuthHandler<
  } else if (method === "POST") {
    switch (action) {
      case "signin":
-        // Verified CSRF Token required for all sign in routes
+        // Verified CSRF Token required for all sign-in routes
        if (options.csrfTokenVerified && options.provider) {
          const signin = await routes.signin({
            query: req.query,
@@ -274,7 +282,7 @@ export async function AuthHandler<
          return { ...callback, cookies }
        }
        break
-      case "_log":
+      case "_log": {
        if (authOptions.logger) {
          try {
            const { code, level, ...metadata } = req.body ?? {}
@@ -285,6 +293,24 @@ export async function AuthHandler<
          }
        }
        return {}
+      }
+      case "session": {
+        // Verified CSRF Token required for session updates
+        if (options.csrfTokenVerified) {
+          const session = await routes.session({
+            options,
+            sessionStore,
+            newSession: req.body?.data,
+            isUpdate: true,
+          })
+          if (session.cookies) cookies.push(...session.cookies)
+          return { ...session, cookies } as any
+        }
+
+        // If CSRF token is invalid, return a 400 status code
+        // we should not redirect to a page as this is an API route
+        return { status: 400, body: {} as any, cookies }
+      }
      default:
    }
  }
--- a/packages/next-auth/src/core/init.ts
+++ b/packages/next-auth/src/core/init.ts
@@ -15,7 +15,7 @@ import type { InternalOptions } from "./types"
 import parseUrl from "../utils/parse-url"

 interface InitParams {
-  host?: string
+  origin?: string
  authOptions: AuthOptions
  providerId?: string
  action: InternalOptions["action"]
@@ -33,7 +33,7 @@ export async function init({
  authOptions,
  providerId,
  action,
-  host,
+  origin,
  cookies: reqCookies,
  callbackUrl: reqCallbackUrl,
  csrfToken: reqCsrfToken,
@@ -42,7 +42,7 @@ export async function init({
  options: InternalOptions
  cookies: cookie.Cookie[]
 }> {
-  const url = parseUrl(host)
+  const url = parseUrl(origin)

  const secret = createSecret({ authOptions, url })

--- a/packages/next-auth/src/core/lib/assert.ts
+++ b/packages/next-auth/src/core/lib/assert.ts
@@ -48,7 +48,7 @@ export function assertConfig(params: {
  const warnings: WarningCode[] = []

  if (!warned) {
-    if (!req.host) warnings.push("NEXTAUTH_URL")
+    if (!req.origin) warnings.push("NEXTAUTH_URL")

    // TODO: Make this throw an error in next major. This will also get rid of `NODE_ENV`
    if (!options.secret && process.env.NODE_ENV !== "production")
@@ -70,7 +70,7 @@ export function assertConfig(params: {

  const callbackUrlParam = req.query?.callbackUrl as string | undefined

-  const url = parseUrl(req.host)
+  const url = parseUrl(req.origin)

  if (callbackUrlParam && !isValidHttpUrl(callbackUrlParam, url.base)) {
    return new InvalidCallbackUrl(
--- a/packages/next-auth/src/core/lib/cookie.ts
+++ b/packages/next-auth/src/core/lib/cookie.ts
@@ -114,7 +114,7 @@ export function defaultCookies(useSecureCookies: boolean): CookiesOptions {
        path: "/",
        secure: useSecureCookies,
      },
-    }
+    },
  }
 }

@@ -161,8 +161,21 @@ export class SessionStore {
    }
  }

+  /**
+   * The JWT Session or database Session ID
+   * constructed from the cookie chunks.
+   */
  get value() {
-    return Object.values(this.#chunks)?.join("")
+    // Sort the chunks by their keys before joining
+    const sortedKeys = Object.keys(this.#chunks).sort((a, b) => {
+      const aSuffix = parseInt(a.split(".").pop() ?? "0")
+      const bSuffix = parseInt(b.split(".").pop() ?? "0")
+
+      return aSuffix - bSuffix
+    })
+
+    // Use the sorted keys to join the chunks in the correct order
+    return sortedKeys.map((key) => this.#chunks[key]).join("")
  }

  /** Given a cookie, return a list of cookies, chunked to fit the allowed cookie size. */
--- a/packages/next-auth/src/core/lib/email/getUserFromEmail.ts
+++ b/packages/next-auth/src/core/lib/email/getUserFromEmail.ts
@@ -12,6 +12,7 @@ export default async function getAdapterUserFromEmail({
  email: string
  adapter: InternalOptions<"email">["adapter"]
 }): Promise<AdapterUser> {
+  // @ts-expect-error -- adapter is checked to be defined in `init`
  const { getUserByEmail } = adapter
  const adapterUser = email ? await getUserByEmail(email) : null
  if (adapterUser) return adapterUser
--- a/packages/next-auth/src/core/lib/email/signin.ts
+++ b/packages/next-auth/src/core/lib/email/signin.ts
@@ -36,7 +36,8 @@ export default async function email(
      theme,
    }),
    // Save in database
-    adapter.createVerificationToken({
+    // @ts-expect-error -- adapter is checked to be defined in `init`
+    adapter.createVerificationToken?.({
      identifier,
      token: hashToken(token, options),
      expires,
--- a/packages/next-auth/src/core/lib/oauth/checks.ts
+++ b/packages/next-auth/src/core/lib/oauth/checks.ts
@@ -6,9 +6,9 @@ import {
 import * as jwt from "../../../jwt"

 import type { RequestInternal } from "../.."
+import type { OAuthChecks } from "../../../providers"
 import type { CookiesOptions, InternalOptions } from "../../types"
 import type { Cookie } from "../cookie"
-import { OAuthChecks } from "src/providers"

 /** Returns a signed cookie. */
 export async function signCookie(
--- a/packages/next-auth/src/core/lib/oauth/client.ts
+++ b/packages/next-auth/src/core/lib/oauth/client.ts
@@ -25,6 +25,7 @@ export async function openidClient(
      authorization_endpoint: provider.authorization?.url,
      token_endpoint: provider.token?.url,
      userinfo_endpoint: provider.userinfo?.url,
+      jwks_uri: provider.jwks_endpoint,
    })
  }

--- a/packages/next-auth/src/core/lib/providers.ts
+++ b/packages/next-auth/src/core/lib/providers.ts
@@ -1,11 +1,7 @@
 import { merge } from "../../utils/merge"

-import type { InternalProvider } from "../types"
-import type {
-  OAuthConfigInternal,
-  OAuthConfig,
-  Provider,
-} from "../../providers"
+import type { InternalProvider, OAuthConfigInternal } from "../types"
+import type { OAuthConfig, Provider } from "../../providers"
 import type { InternalUrl } from "../../utils/parse-url"

 /**
--- a/packages/next-auth/src/core/routes/callback.ts
+++ b/packages/next-auth/src/core/routes/callback.ts
@@ -130,6 +130,7 @@ export default async function callback(params: {
            account,
            profile: OAuthProfile,
            isNewUser,
+            trigger: isNewUser ? "signUp" : "signIn",
          })

          // Encode token
@@ -219,7 +220,6 @@ export default async function callback(params: {

      const profile = await getAdapterUserFromEmail({
        email: identifier,
-        // @ts-expect-error -- Verified in `assertConfig`. adapter: Adapter<true>
        adapter,
      })

@@ -269,6 +269,7 @@ export default async function callback(params: {
          user,
          account,
          isNewUser,
+          trigger: isNewUser ? "signUp" : "signIn",
        })

        // Encode token
@@ -393,6 +394,7 @@ export default async function callback(params: {
      // @ts-expect-error
      account,
      isNewUser: false,
+      trigger: "signIn",
    })

    // Encode token
--- a/packages/next-auth/src/core/routes/session.ts
+++ b/packages/next-auth/src/core/routes/session.ts
@@ -1,6 +1,5 @@
 import { fromDate } from "../lib/utils"

-import type { Adapter } from "../../adapters"
 import type { InternalOptions } from "../types"
 import type { ResponseInternal } from ".."
 import type { Session } from "../.."
@@ -9,6 +8,8 @@ import type { SessionStore } from "../lib/cookie"
 interface SessionParams {
  options: InternalOptions
  sessionStore: SessionStore
+  isUpdate?: boolean
+  newSession?: any
 }

 /**
@@ -19,7 +20,7 @@ interface SessionParams {
 export default async function session(
  params: SessionParams
 ): Promise<ResponseInternal<Session | {}>> {
-  const { options, sessionStore } = params
+  const { options, sessionStore, newSession, isUpdate } = params
  const {
    adapter,
    jwt,
@@ -41,31 +42,37 @@ export default async function session(

  if (sessionStrategy === "jwt") {
    try {
-      const decodedToken = await jwt.decode({
-        ...jwt,
-        token: sessionToken,
+      const decodedToken = await jwt.decode({ ...jwt, token: sessionToken })
+
+      if (!decodedToken) throw new Error("JWT invalid")
+
+      // @ts-expect-error
+      const token = await callbacks.jwt({
+        token: decodedToken,
+        ...(isUpdate && { trigger: "update" }),
+        session: newSession,
      })

      const newExpires = fromDate(sessionMaxAge)

      // By default, only exposes a limited subset of information to the client
      // as needed for presentation purposes (e.g. "you are logged in as...").
-      const session = {
-        user: {
-          name: decodedToken?.name,
-          email: decodedToken?.email,
-          image: decodedToken?.picture,
-        },
-        expires: newExpires.toISOString(),
-      }

-      // @ts-expect-error
-      const token = await callbacks.jwt({ token: decodedToken })
-      // @ts-expect-error
-      const newSession = await callbacks.session({ session, token })
+      // @ts-expect-error Property 'user' is missing in type
+      const updatedSession = await callbacks.session({
+        session: {
+          user: {
+            name: decodedToken?.name,
+            email: decodedToken?.email,
+            image: decodedToken?.picture,
+          },
+          expires: newExpires.toISOString(),
+        },
+        token,
+      })

      // Return session payload as response
-      response.body = newSession
+      response.body = updatedSession

      // Refresh JWT expiry by re-signing it, with an updated expiry date
      const newToken = await jwt.encode({
@@ -81,7 +88,7 @@ export default async function session(

      response.cookies?.push(...sessionCookies)

-      await events.session?.({ session: newSession, token })
+      await events.session?.({ session: updatedSession, token })
    } catch (error) {
      // If JWT not verifiable, make sure the cookie for it is removed and return empty object
      logger.error("JWT_SESSION_ERROR", error as Error)
@@ -90,8 +97,9 @@ export default async function session(
    }
  } else {
    try {
+      // @ts-expect-error -- adapter is checked to be defined in `init`
      const { getSessionAndUser, deleteSession, updateSession } =
-        adapter as Adapter
+        adapter
      let userAndSession = await getSessionAndUser(sessionToken)

      // If session has expired, clean up the database
@@ -123,19 +131,18 @@ export default async function session(
        }

        // Pass Session through to the session callback
-        // @ts-expect-error
+
+        // @ts-expect-error Property 'token' is missing in type
        const sessionPayload = await callbacks.session({
          // By default, only exposes a limited subset of information to the client
          // as needed for presentation purposes (e.g. "you are logged in as...").
          session: {
-            user: {
-              name: user.name,
-              email: user.email,
-              image: user.image,
-            },
+            user: { name: user.name, email: user.email, image: user.image },
            expires: session.expires.toISOString(),
          },
          user,
+          newSession,
+          ...(isUpdate ? { trigger: "update" } : {}),
        })

        // Return session payload as response
--- a/packages/next-auth/src/core/routes/signin.ts
+++ b/packages/next-auth/src/core/routes/signin.ts
@@ -57,7 +57,6 @@ export default async function signin(params: {

    const user = await getAdapterUserFromEmail({
      email,
-      // @ts-expect-error -- Verified in `assertConfig`. adapter: Adapter<true>
      adapter: options.adapter,
    })

--- a/packages/next-auth/src/core/routes/signout.ts
+++ b/packages/next-auth/src/core/routes/signout.ts
@@ -1,4 +1,3 @@
-import type { Adapter } from "../../adapters"
 import type { InternalOptions } from "../types"
 import type { ResponseInternal } from ".."
 import type { SessionStore } from "../lib/cookie"
@@ -28,7 +27,8 @@ export default async function signout(params: {
    }
  } else {
    try {
-      const session = await (adapter as Adapter).deleteSession(sessionToken)
+      // @ts-expect-error -- adapter is checked to be defined in `init`
+      const session = await adapter.deleteSession(sessionToken)
      // Dispatch signout event
      // @ts-expect-error
      await events.signOut?.({ session })
--- a/packages/next-auth/src/core/types.ts
+++ b/packages/next-auth/src/core/types.ts
@@ -5,7 +5,10 @@ import type {
  ProviderType,
  EmailConfig,
  CredentialsConfig,
-  OAuthConfigInternal,
+  OAuthConfig,
+  AuthorizationEndpointHandler,
+  TokenEndpointHandler,
+  UserinfoEndpointHandler,
 } from "../providers"
 import type { TokenSetParameters } from "openid-client"
 import type { JWT, JWTOptions } from "../jwt"
@@ -49,8 +52,8 @@ export interface AuthOptions {
   */
  secret?: string
  /**
-   * Configure your session like if you want to use JWT or a database,
-   * how long until an idle session expires, or to throttle write operations in case you are using a database.
+   * Configure your session settings, such as determining whether to use JWT or a database,
+   * setting the idle session expiration duration, or implementing write operation throttling for database usage.
   * * **Default value**: See the documentation page
   * * **Required**: No
   *
@@ -313,11 +316,25 @@ export interface CallbacksOptions<P = Profile, A = Account> {
   * [`getSession`](https://next-auth.js.org/getting-started/client#getsession) |
   *
   */
-  session: (params: {
-    session: Session
-    user: User | AdapterUser
-    token: JWT
-  }) => Awaitable<Session>
+  session: (
+    params:
+      | {
+          session: Session
+          /** Available when {@link SessionOptions.strategy} is set to `"jwt"` */
+          token: JWT
+          /** Available when {@link SessionOptions.strategy} is set to `"database"`. */
+          user: AdapterUser
+        } & {
+          /**
+           * Available when using {@link SessionOptions.strategy} `"database"`, this is the data
+           * sent from the client via the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+           *
+           * ⚠ Note, you should validate this data before using it.
+           */
+          newSession: any
+          trigger: "update"
+        }
+  ) => Awaitable<Session | DefaultSession>
  /**
   * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
   * or updated (i.e whenever a session is accessed in the client).
@@ -325,18 +342,61 @@ export interface CallbacksOptions<P = Profile, A = Account> {
   * where you can control what should be returned to the client.
   * Anything else will be kept from your front-end.
   *
-   * ⚠ By default the JWT is signed, but not encrypted.
+   * The JWT is encrypted by default.
   *
   * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
   * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback)
   */
-  jwt: (params: {
-    token: JWT
-    user?: User | AdapterUser
-    account?: A | null
-    profile?: P
-    isNewUser?: boolean
-  }) => Awaitable<JWT>
+  jwt: (
+    // TODO: remove in `@auth/core` in favor of `trigger: "signUp"`
+    params: {
+      /**
+       * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT},
+       * `name`, `email` and `picture` will be included.
+       *
+       * Otherwise, it will be the full {@link JWT} for subsequent calls.
+       */
+      token: JWT
+      /**
+       * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback.
+       * @note available when `trigger` is `"signIn"` or `"signUp"`.
+       *
+       * Resources:
+       * - [Credentials Provider](https://next-auth.js.org/providers/credentials)
+       * - [User database model](https://authjs.dev/reference/adapters#user)
+       */
+      user: User | AdapterUser
+      /**
+       * Contains information about the provider that was used to sign in.
+       * Also includes {@link TokenSet}
+       * @note available when `trigger` is `"signIn"` or `"signUp"`
+       */
+      account: A | null
+      /**
+       * The OAuth profile returned from your provider.
+       * (In case of OIDC it will be the decoded ID Token or /userinfo response)
+       * @note available when `trigger` is `"signIn"`.
+       */
+      profile?: P
+      /**
+       * Check why was the jwt callback invoked. Possible reasons are:
+       * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present.
+       * - user sign-up: a user is created for the first time in the database (when {@link SessionOptions.strategy} is set to `"database"`})
+       * - update event: Triggered by the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+       * In case of the latter, `trigger` will be `undefined`.
+       */
+      trigger?: "signIn" | "signUp" | "update"
+      /** @deprecated use `trigger === "signUp"` instead */
+      isNewUser?: boolean
+      /**
+       * When using {@link SessionOptions.strategy} `"jwt"`, this is the data
+       * sent from the client via the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method.
+       *
+       * ⚠ Note, you should validate this data before using it.
+       */
+      session?: any
+    }
+  ) => Awaitable<JWT>
 }

 /** [Documentation](https://next-auth.js.org/configuration/options#cookies) */
@@ -489,6 +549,14 @@ export interface User extends DefaultUser {}

 // Below are types that are only supposed be used by next-auth internally

+/** @internal */
+export interface OAuthConfigInternal<P>
+  extends Omit<OAuthConfig<P>, "authorization" | "token" | "userinfo"> {
+  authorization?: AuthorizationEndpointHandler
+  token?: TokenEndpointHandler
+  userinfo?: UserinfoEndpointHandler
+}
+
 /** @internal */
 export type InternalProvider<T = ProviderType> = (T extends "oauth"
  ? OAuthConfigInternal<any>
@@ -512,14 +580,15 @@ export type AuthAction =
  | "error"
  | "_log"

+type NonNullableFields<T> = {
+  [P in keyof T]-?: NonNullable<T[P]>
+}
+
 /** @internal */
-export interface InternalOptions<
-  TProviderType = ProviderType,
-  WithVerificationToken = TProviderType extends "email" ? true : false
-> {
+export interface InternalOptions<TProviderType = ProviderType> {
  providers: InternalProvider[]
  /**
-   * Parsed from `NEXTAUTH_URL` or `x-forwarded-host` on Vercel.
+   * Parsed from `NEXTAUTH_URL` or `x-forwarded-host` and `x-forwarded-proto` if the host is trusted.
   * @default "http://localhost:3000/api/auth"
   */
  url: InternalUrl
@@ -535,9 +604,7 @@ export interface InternalOptions<
  pages: Partial<PagesOptions>
  jwt: JWTOptions
  events: Partial<EventCallbacks>
-  adapter: WithVerificationToken extends true
-    ? Adapter<WithVerificationToken>
-    : Adapter<WithVerificationToken> | undefined
+  adapter?: NonNullableFields<Adapter>
  callbacks: CallbacksOptions
  cookies: CookiesOptions
  callbackUrl: string
--- a/packages/next-auth/src/jwt/types.ts
+++ b/packages/next-auth/src/jwt/types.ts
@@ -21,7 +21,7 @@ export interface JWTEncodeParams {
  secret: string | Buffer
  /**
   * The maximum age of the NextAuth.js issued JWT in seconds.
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
   */
  maxAge?: number
 }
@@ -36,13 +36,13 @@ export interface JWTDecodeParams {
 export interface JWTOptions {
  /**
   * The secret used to encode/decode the NextAuth.js issued JWT.
-   * @deprecated  Set the `NEXTAUTH_SECRET` environment vairable or
+   * @deprecated  Set the `NEXTAUTH_SECRET` environment variable or
   * use the top-level `secret` option instead
   */
  secret: string
  /**
   * The maximum age of the NextAuth.js issued JWT in seconds.
-   * @default 30 * 24 * 30 * 60 // 30 days
+   * @default 30 * 24 * 60 * 60 // 30 days
   */
  maxAge: number
  /** Override this method to control the NextAuth.js issued JWT encoding. */
--- a/packages/next-auth/src/next/index.ts
+++ b/packages/next-auth/src/next/index.ts
@@ -1,12 +1,12 @@
 import { AuthHandler } from "../core"
-import { detectHost } from "../utils/detect-host"
-import { setCookie } from "./utils"
+import { setCookie, getBody, toResponse } from "./utils"

 import type {
  GetServerSidePropsContext,
  NextApiRequest,
  NextApiResponse,
 } from "next"
+import { type NextRequest } from "next/server"
 import type { AuthOptions, Session } from ".."
 import type {
  CallbacksOptions,
@@ -15,19 +15,21 @@ import type {
  NextAuthResponse,
 } from "../core/types"

-async function NextAuthHandler(
+interface RouteHandlerContext {
+  params: { nextauth: string[] }
+}
+
+async function NextAuthApiHandler(
  req: NextApiRequest,
  res: NextApiResponse,
  options: AuthOptions
 ) {
  const { nextauth, ...query } = req.query

-  options.secret =
-    options.secret ?? options.jwt?.secret ?? process.env.NEXTAUTH_SECRET
+  options.secret ??= options.jwt?.secret ?? process.env.NEXTAUTH_SECRET

  const handler = await AuthHandler({
    req: {
-      host: detectHost(req.headers["x-forwarded-host"]),
      body: req.body,
      query,
      cookies: req.cookies,
@@ -53,7 +55,8 @@ async function NextAuthHandler(
      // Could chain. .end() when lowest target is Node 14
      // https://github.com/nodejs/node/issues/33148
      res.status(302).setHeader("Location", handler.redirect)
-      return res.end()
+      res.end()
+      return
    }
    return res.json({ url: handler.redirect })
  }
@@ -61,6 +64,51 @@ async function NextAuthHandler(
  return res.send(handler.body)
 }

+// @see https://beta.nextjs.org/docs/routing/route-handlers
+async function NextAuthRouteHandler(
+  req: NextRequest,
+  context: RouteHandlerContext,
+  options: AuthOptions
+) {
+  options.secret ??= process.env.NEXTAUTH_SECRET
+
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const { headers, cookies } = require("next/headers")
+  const nextauth = context.params?.nextauth
+  const query = Object.fromEntries(req.nextUrl.searchParams)
+  const body = await getBody(req)
+  const internalResponse = await AuthHandler({
+    req: {
+      body,
+      query,
+      cookies: Object.fromEntries(
+        cookies()
+          .getAll()
+          .map((c) => [c.name, c.value])
+      ),
+      headers: Object.fromEntries(headers() as Headers),
+      method: req.method,
+      action: nextauth?.[0] as AuthAction,
+      providerId: nextauth?.[1],
+      error: query.error ?? nextauth?.[1],
+    },
+    options,
+  })
+
+  const response = toResponse(internalResponse)
+  const redirect = response.headers.get("Location")
+  if (body?.json === "true" && redirect) {
+    response.headers.delete("Location")
+    response.headers.set("Content-Type", "application/json")
+    return new Response(JSON.stringify({ url: redirect }), {
+      status: internalResponse.status,
+      headers: response.headers,
+    })
+  }
+
+  return response
+}
+
 function NextAuth(options: AuthOptions): any
 function NextAuth(
  req: NextApiRequest,
@@ -68,22 +116,50 @@ function NextAuth(
  options: AuthOptions
 ): any

+function NextAuth(
+  req: NextRequest,
+  res: RouteHandlerContext,
+  options: AuthOptions
+): any
+
 /** The main entry point to next-auth */
 function NextAuth(
-  ...args: [AuthOptions] | [NextApiRequest, NextApiResponse, AuthOptions]
+  ...args:
+    | [AuthOptions]
+    | Parameters<typeof NextAuthRouteHandler>
+    | Parameters<typeof NextAuthApiHandler>
 ) {
  if (args.length === 1) {
-    return async (req: NextAuthRequest, res: NextAuthResponse) =>
-      await NextAuthHandler(req, res, args[0])
+    return async (
+      req: NextAuthRequest | NextRequest,
+      res: NextAuthResponse | RouteHandlerContext
+    ) => {
+      if ((res as any)?.params) {
+        return await NextAuthRouteHandler(
+          req as NextRequest,
+          res as RouteHandlerContext,
+          args[0]
+        )
+      }
+      return await NextAuthApiHandler(
+        req as NextApiRequest,
+        res as NextApiResponse,
+        args[0]
+      )
+    }
  }

-  return NextAuthHandler(args[0], args[1], args[2])
+  if ((args[1] as any)?.params) {
+    return NextAuthRouteHandler(
+      ...(args as Parameters<typeof NextAuthRouteHandler>)
+    )
+  }
+
+  return NextAuthApiHandler(...(args as Parameters<typeof NextAuthApiHandler>))
 }

 export default NextAuth

-let experimentalRSCWarningShown = false
-
 type GetServerSessionOptions = Partial<Omit<AuthOptions, "callbacks">> & {
  callbacks?: Omit<AuthOptions["callbacks"], "session"> & {
    session?: (...args: Parameters<CallbacksOptions["session"]>) => any
@@ -103,19 +179,6 @@ export async function getServerSession<
    : Session
 >(...args: GetServerSessionParams<O>): Promise<R | null> {
  const isRSC = args.length === 0 || args.length === 1
-  if (
-    !experimentalRSCWarningShown &&
-    isRSC &&
-    process.env.NODE_ENV !== "production"
-  ) {
-    console.warn(
-      "[next-auth][warn][EXPERIMENTAL_API]",
-      "\n`getServerSession` is used in a React Server Component.",
-      `\nhttps://next-auth.js.org/configuration/nextjs#getServerSession}`,
-      `\nhttps://next-auth.js.org/warnings#EXPERIMENTAL_API`
-    )
-    experimentalRSCWarningShown = true
-  }

  let req, res, options: AuthOptions
  if (isRSC) {
@@ -138,12 +201,11 @@ export async function getServerSession<
    options = Object.assign({}, args[2], { providers: [] })
  }

-  options.secret = options.secret ?? process.env.NEXTAUTH_SECRET
+  options.secret ??= process.env.NEXTAUTH_SECRET

  const session = await AuthHandler<Session | {} | string>({
    options,
    req: {
-      host: detectHost(req.headers["x-forwarded-host"]),
      action: "session",
      method: "GET",
      cookies: req.cookies,
--- a/packages/next-auth/src/next/middleware.ts
+++ b/packages/next-auth/src/next/middleware.ts
@@ -186,7 +186,39 @@ export type WithAuthArgs =
 * ---
 * [Documentation](https://next-auth.js.org/configuration/nextjs#middleware)
 */
-export function withAuth(...args: WithAuthArgs) {
+
+export function withAuth(): ReturnType<NextMiddlewareWithAuth>
+
+export function withAuth(
+  req: NextRequestWithAuth
+): ReturnType<NextMiddlewareWithAuth>
+
+export function withAuth(
+  req: NextRequestWithAuth,
+  event: NextFetchEvent
+): ReturnType<NextMiddlewareWithAuth>
+
+export function withAuth(
+  req: NextRequestWithAuth,
+  options: NextAuthMiddlewareOptions
+): ReturnType<NextMiddlewareWithAuth>
+
+export function withAuth(
+  middleware: NextMiddlewareWithAuth,
+  options: NextAuthMiddlewareOptions
+): NextMiddlewareWithAuth
+
+export function withAuth(
+  middleware: NextMiddlewareWithAuth
+): NextMiddlewareWithAuth
+
+export function withAuth(
+  options: NextAuthMiddlewareOptions
+): NextMiddlewareWithAuth
+
+export function withAuth(
+  ...args: WithAuthArgs
+): ReturnType<NextMiddlewareWithAuth> | NextMiddlewareWithAuth {
  if (!args.length || args[0] instanceof Request) {
    // @ts-expect-error
    return handleMiddleware(...args)
--- a/packages/next-auth/src/next/utils.ts
+++ b/packages/next-auth/src/next/utils.ts
@@ -1,5 +1,6 @@
 import { serialize } from "cookie"
 import { Cookie } from "../core/lib/cookie"
+import { type ResponseInternal } from "../core"

 export function setCookie(res, cookie: Cookie) {
  // Preserve any existing cookies that have already been set in the same session
@@ -13,3 +14,47 @@ export function setCookie(res, cookie: Cookie) {
  setCookieHeader.push(cookieHeader)
  res.setHeader("Set-Cookie", setCookieHeader)
 }
+
+export async function getBody(
+  req: Request
+): Promise<Record<string, any> | undefined> {
+  if (!("body" in req) || !req.body || req.method !== "POST") return
+
+  const contentType = req.headers.get("content-type")
+  if (contentType?.includes("application/json")) {
+    return await req.json()
+  } else if (contentType?.includes("application/x-www-form-urlencoded")) {
+    const params = new URLSearchParams(await req.text())
+    return Object.fromEntries(params)
+  }
+}
+
+export function toResponse(res: ResponseInternal): Response {
+  const headers = new Headers(
+    res.headers?.reduce((acc, { key, value }) => {
+      acc[key] = value
+      return acc
+    }, {})
+  )
+
+  res.cookies?.forEach((cookie) => {
+    const { name, value, options } = cookie
+    const cookieHeader = serialize(name, value, options)
+    if (headers.has("Set-Cookie")) headers.append("Set-Cookie", cookieHeader)
+    else headers.set("Set-Cookie", cookieHeader)
+  })
+
+  let body = res.body
+
+  if (headers.get("content-type") === "application/json")
+    body = JSON.stringify(res.body)
+  else if (headers.get("content-type") === "application/x-www-form-urlencoded")
+    body = new URLSearchParams(res.body).toString()
+
+  const status = res.redirect ? 302 : res.status ?? 200
+  const response = new Response(body, { headers, status })
+
+  if (res.redirect) response.headers.set("Location", res.redirect)
+
+  return response
+}
--- a/packages/next-auth/src/providers/email.ts
+++ b/packages/next-auth/src/providers/email.ts
@@ -1,10 +1,17 @@
-import { createTransport } from "nodemailer"
-
-import type { CommonProviderOptions } from "."
-import type { Options as SMTPTransportOptions } from "nodemailer/lib/smtp-transport"
+import { Transport, TransportOptions, createTransport } from "nodemailer"
+import * as JSONTransport from "nodemailer/lib/json-transport.js"
+import * as SendmailTransport from "nodemailer/lib/sendmail-transport/index.js"
+import * as SESTransport from "nodemailer/lib/ses-transport.js"
+import * as SMTPPool from "nodemailer/lib/smtp-pool/index.js"
+import * as SMTPTransport from "nodemailer/lib/smtp-transport.js"
+import * as StreamTransport from "nodemailer/lib/stream-transport.js"
 import type { Awaitable } from ".."
+import type { CommonProviderOptions } from "."
 import type { Theme } from "../core/types"

+// TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html for the string
+type AllTransportOptions = string | SMTPTransport | SMTPTransport.Options | SMTPPool | SMTPPool.Options | SendmailTransport | SendmailTransport.Options | StreamTransport | StreamTransport.Options | JSONTransport | JSONTransport.Options | SESTransport | SESTransport.Options | Transport<any> | TransportOptions
+
 export interface SendVerificationRequestParams {
  identifier: string
  url: string
@@ -14,10 +21,9 @@ export interface SendVerificationRequestParams {
  theme: Theme
 }

-export interface EmailConfig extends CommonProviderOptions {
-  type: "email"
-  // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
-  server: string | SMTPTransportOptions
+export interface EmailUserConfig {
+  server?: AllTransportOptions
+  type?: "email"
  /** @default "NextAuth <no-reply@example.com>" */
  from?: string
  /**
@@ -27,7 +33,7 @@ export interface EmailConfig extends CommonProviderOptions {
   */
  maxAge?: number
  /** [Documentation](https://next-auth.js.org/providers/email#customizing-emails) */
-  sendVerificationRequest: (
+  sendVerificationRequest?: (
    params: SendVerificationRequestParams
  ) => Awaitable<void>
  /**
@@ -61,10 +67,31 @@ export interface EmailConfig extends CommonProviderOptions {
   * [Documentation](https://next-auth.js.org/providers/email#normalizing-the-e-mail-address) | [RFC 2821](https://tools.ietf.org/html/rfc2821) | [Email syntax](https://en.wikipedia.org/wiki/Email_address#Syntax)
   */
  normalizeIdentifier?: (identifier: string) => string
-  options: EmailUserConfig
 }

-export type EmailUserConfig = Partial<Omit<EmailConfig, "options">>
+export interface EmailConfig extends CommonProviderOptions {
+  // defaults
+  id: "email"
+  type: "email"
+  name: "Email"
+  server: AllTransportOptions
+  from: string
+  maxAge: number
+  sendVerificationRequest: (
+    params: SendVerificationRequestParams
+  ) => Awaitable<void>
+
+  /**
+   * This is copied into EmailConfig in parseProviders() don't use elsewhere
+   */
+  options: EmailUserConfig
+
+  // user options
+  // TODO figure out a better way than copying from EmailUserConfig
+  secret?: string
+  generateVerificationToken?: () => Awaitable<string>
+  normalizeIdentifier?: (identifier: string) => string
+}

 export type EmailProvider = (options: EmailUserConfig) => EmailConfig

--- a/packages/next-auth/src/providers/index.ts
+++ b/packages/next-auth/src/providers/index.ts
@@ -18,7 +18,7 @@ export interface CommonProviderOptions {
  id: string
  name: string
  type: ProviderType
-  options?: Record<string, unknown>
+  options?: any
 }

 export type Provider = OAuthConfig<any> | EmailConfig | CredentialsConfig
--- a/packages/next-auth/src/providers/oauth.ts
+++ b/packages/next-auth/src/providers/oauth.ts
@@ -74,7 +74,7 @@ export type TokenEndpointHandler = EndpointHandler<
    params: CallbackParamsType
    /**
     * When using this custom flow, make sure to do all the necessary security checks.
-     * Thist object contains parameters you have to match against the request to make sure it is valid.
+     * This object contains parameters you have to match against the request to make sure it is valid.
     */
    checks: OAuthChecks
  },
@@ -109,6 +109,7 @@ export interface OAuthConfig<P> extends CommonProviderOptions, PartialIssuer {
   * [Authorization Server Metadata](https://datatracker.ietf.org/doc/html/rfc8414#section-3)
   */
  wellKnown?: string
+  jwks_endpoint?: string
  /**
   * The login process will be initiated by sending the user to this URL.
   *
@@ -159,14 +160,6 @@ export interface OAuthConfig<P> extends CommonProviderOptions, PartialIssuer {
  allowDangerousEmailAccountLinking?: boolean
 }

-/** @internal */
-export interface OAuthConfigInternal<P>
-  extends Omit<OAuthConfig<P>, "authorization" | "token" | "userinfo"> {
-  authorization?: AuthorizationEndpointHandler
-  token?: TokenEndpointHandler
-  userinfo?: UserinfoEndpointHandler
-}
-
 export type OAuthUserConfig<P> = Omit<
  Partial<OAuthConfig<P>>,
  "options" | "type"
--- a/packages/next-auth/src/providers/passage.ts
+++ b/packages/next-auth/src/providers/passage.ts
@@ -0,0 +1,56 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+/** @see [Supported Scopes](https://docs.passage.id/hosted-login/oidc-client-configuration#supported-scopes) */
+export interface PassageProfile {
+  iss: string
+  /** Unique identifer in Passage for the user */
+  sub: string
+  aud: string[]
+  exp: number
+  iat: number
+  auth_time: number
+  azp: string
+  client_id: string
+  at_hash: string
+  c_hash: string
+  /** The user's email address */
+  email: string
+  /** Whether the user has verified their email address */
+  email_verified: boolean
+  /** The user's phone number */
+  phone: string
+  /** Whether the user has verified their phone number */
+  phone_number_verified: boolean
+}
+
+export default function Passage(
+  config: OAuthUserConfig<PassageProfile>
+): OAuthConfig<PassageProfile> {
+  config.issuer = config.issuer?.replace(/\/$/, "")
+  return {
+    id: "passage",
+    name: "Passage",
+    type: "oauth",
+    wellKnown: `${config.issuer}/.well-known/openid-configuration`,
+    authorization: { params: { scope: "openid email" } },
+    client: { token_endpoint_auth_method: "client_secret_basic" },
+    checks: ["pkce", "state"],
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: null,
+        email: profile.email,
+        image: null,
+      }
+    },
+    style: {
+      logo: "/passage.svg",
+      logoDark: "/passage.svg",
+      bg: "#fff",
+      bgDark: "#fff",
+      text: "#000",
+      textDark: "#000",
+    },
+    options: config,
+  }
+}
--- a/packages/next-auth/src/providers/yandex.js
+++ b/packages/next-auth/src/providers/yandex.js
@@ -1,23 +0,0 @@
-/** @type {import(".").OAuthProvider} */
-export default function Yandex(options) {
-  return {
-    id: "yandex",
-    name: "Yandex",
-    type: "oauth",
-    authorization:
-      "https://oauth.yandex.ru/authorize?scope=login:email+login:info",
-    token: "https://oauth.yandex.ru/token",
-    userinfo: "https://login.yandex.ru/info?format=json",
-    profile(profile) {
-      return {
-        id: profile.id,
-        name: profile.real_name,
-        email: profile.default_email,
-        image: profile.is_avatar_empty
-          ? null
-          : `https://avatars.yandex.net/get-yapic/${profile.default_avatar_id}/islands-200`,
-      }
-    },
-    options,
-  }
-}
--- a/packages/next-auth/src/providers/yandex.ts
+++ b/packages/next-auth/src/providers/yandex.ts
@@ -0,0 +1,155 @@
+/**
+ * <div style={{backgroundColor: "#ffcc00", display: "flex", justifyContent: "space-between", color: "#000", padding: 16}}>
+ * <span>Built-in <b>Yandex</b> integration.</span>
+ * <a href="https://github.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/yandex.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * ---
+ * @module providers/yandex
+ */
+
+import { OAuthConfig, OAuthUserConfig } from "."
+
+/**
+ * @see [Getting information about the user](https://yandex.com/dev/id/doc/en/user-information)
+ * @see [Access to email address](https://yandex.com/dev/id/doc/en/user-information#email-access)
+ * @see [Access to the user's profile picture](https://yandex.com/dev/id/doc/en/user-information#avatar-access)
+ * @see [Access to the date of birth](https://yandex.com/dev/id/doc/en/user-information#birthday-access)
+ * @see [Access to login, first name, last name, and gender](https://yandex.com/dev/id/doc/en/user-information#name-access)
+ * @see [Access to the phone number](https://yandex.com/dev/id/doc/en/user-information#phone-access)
+ */
+export interface YandexProfile {
+  /** User's Yandex login. */
+  login: string
+  /** Yandex user's unique ID. */
+  id: string
+  /**
+   * The ID of the app the OAuth token in the request was issued for.
+   * Available in the [app properties](https://oauth.yandex.com/). To open properties, click the app name.
+   */
+  client_id: string
+  /** Authorized Yandex user ID. It is formed on the Yandex side based on the `client_id` and `user_id` pair. */
+  psuid: string
+  /** An array of the user's email addresses. Currently only includes the default email address. */
+  emails?: string[]
+  /** The default email address for contacting the user. */
+  default_email?: string
+  /**
+   * Indicates that the stub (profile picture that is automatically assigned when registering in Yandex)
+   * ID is specified in the `default_avatar_id` field.
+   */
+  is_avatar_empty?: boolean
+  /**
+   * ID of the Yandex user's profile picture.
+   * The profile picture with this ID can be downloaded via a link that looks like this:
+   * @example "https://avatars.yandex.net/get-yapic/31804/BYkogAC6AoB17bN1HKRFAyKiM4-1/islands-200"
+   */
+  default_avatar_id?:
+    | "islands-small"
+    | "islands-34"
+    | "islands-middle"
+    | "islands-50"
+    | "islands-retina-small"
+    | "islands-68"
+    | "islands-75"
+    | "islands-retina-middle"
+    | "islands-retina-50"
+    | "islands-200"
+  /**
+   * The user's date of birth in YYYY-MM-DD format.
+   * Unknown elements of the date are filled in with zeros, such as: `0000-12-23`.
+   * If the user's date of birth is unknow, birthday will be `null`
+   */
+  birthday?: string | null
+  first_name?: string
+  last_name?: string
+  display_name?: string
+  /**
+   * The first and last name that the user specified in Yandex ID.
+   * Non-Latin characters of the first and last names are presented in Unicode format.
+   */
+  real_name?: string
+  /** User's gender. Possible values: Male: `male', Female: `female`, Unknown gender: `null` */
+  sex?: string
+  /**
+   * The default phone number for contacting the user.
+   * The API can exclude the user's phone number from the response at its discretion.
+   * The field contains the following parameters:
+   * id: Phone number ID.
+   * number: The user's phone number.
+   */
+  default_phone?: { id: number; number: string }
+}
+
+/**
+ * Add Yandex login to your page
+ *
+ * ## Example
+ *
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Yandex from "@auth/core/providers/yandex"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await Auth(request, {
+ *  providers: [Yandex({ clientId: "", clientSecret: "" })],
+ * })
+ * ```
+ *
+ * ## Resources
+ *
+ * @see [Yandex - Creating an OAuth app](https://yandex.com/dev/id/doc/en/register-client#create)
+ * @see [Yandex - Manage OAuth apps](https://oauth.yandex.com/)
+ * @see [Yandex - OAuth documentation](https://yandex.com/dev/id/doc/en/)
+ * @see [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * @see [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/yandex.ts)
+ *
+ *:::tip
+ * The Yandex provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/yandex.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ * :::
+ *
+ * :::info **Disclaimer**
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ * :::
+ */
+export default function Yandex(
+  options: OAuthUserConfig<YandexProfile>
+): OAuthConfig<YandexProfile> {
+  return {
+    id: "yandex",
+    name: "Yandex",
+    type: "oauth",
+    /** @see [Data access](https://yandex.com/dev/id/doc/en/register-client#access) */
+    authorization:
+      "https://oauth.yandex.ru/authorize?scope=login:info+login:email+login:avatar",
+    token: "https://oauth.yandex.ru/token",
+    userinfo: "https://login.yandex.ru/info?format=json",
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.display_name ?? profile.real_name ?? profile.first_name,
+        email: profile.default_email ?? profile.emails?.[0] ?? null,
+        image:
+          !profile.is_avatar_empty && profile.default_avatar_id
+            ? `https://avatars.yandex.net/get-yapic/${profile.default_avatar_id}/islands-200`
+            : null,
+      }
+    },
+    style: {
+      logo: "/yandex.svg",
+      logoDark: "/yandex.svg",
+      bg: "#ffcc00",
+      text: "#000",
+      bgDark: "#ffcc00",
+      textDark: "#000",
+    },
+    options,
+  }
+}
--- a/packages/next-auth/src/react/index.tsx
+++ b/packages/next-auth/src/react/index.tsx
@@ -87,13 +87,19 @@ function useOnline() {
  return isOnline
 }

+type UpdateSession = (data?: any) => Promise<Session | null>
+
 export type SessionContextValue<R extends boolean = false> = R extends true
  ?
-      | { data: Session; status: "authenticated" }
-      | { data: null; status: "loading" }
+      | { update: UpdateSession; data: Session; status: "authenticated" }
+      | { update: UpdateSession; data: null; status: "loading" }
  :
-      | { data: Session; status: "authenticated" }
-      | { data: null; status: "unauthenticated" | "loading" }
+      | { update: UpdateSession; data: Session; status: "authenticated" }
+      | {
+          update: UpdateSession
+          data: null
+          status: "unauthenticated" | "loading"
+        }

 export const SessionContext = React.createContext?.<
  SessionContextValue | undefined
@@ -105,7 +111,9 @@ export const SessionContext = React.createContext?.<
 *
 * [Documentation](https://next-auth.js.org/getting-started/client#usesession)
 */
-export function useSession<R extends boolean>(options?: UseSessionOptions<R>) {
+export function useSession<R extends boolean>(
+  options?: UseSessionOptions<R>
+): SessionContextValue<R> {
  if (!SessionContext) {
    throw new Error("React Context is unavailable in Server Components")
  }
@@ -134,7 +142,11 @@ export function useSession<R extends boolean>(options?: UseSessionOptions<R>) {
  }, [requiredAndNotLoading, onUnauthenticated])

  if (requiredAndNotLoading) {
-    return { data: value.data, status: "loading" } as const
+    return {
+      data: value.data,
+      update: value.update,
+      status: "loading",
+    }
  }

  return value
@@ -235,7 +247,7 @@ export async function signIn<
    isCredentials ? "callback" : "signin"
  }/${provider}`

-  const _signInUrl = `${signInUrl}?${new URLSearchParams(authorizationParams)}`
+  const _signInUrl = `${signInUrl}${authorizationParams ? `?${new URLSearchParams(authorizationParams)}` : ""}`

  const res = await fetch(_signInUrl, {
    method: "post",
@@ -456,6 +468,22 @@ export function SessionProvider(props: SessionProviderProps) {
        : session
        ? "authenticated"
        : "unauthenticated",
+      async update(data) {
+        if (loading || !session) return
+        setLoading(true)
+        const newSession = await fetchData<Session>(
+          "session",
+          __NEXTAUTH,
+          logger,
+          { req: { body: { csrfToken: await getCsrfToken(), data } } }
+        )
+        setLoading(false)
+        if (newSession) {
+          setSession(newSession)
+          broadcast.post({ event: "session", data: { trigger: "getSession" } })
+        }
+        return newSession
+      },
    }),
    [session, loading]
  )
--- a/packages/next-auth/src/react/types.ts
+++ b/packages/next-auth/src/react/types.ts
@@ -35,7 +35,7 @@ export interface SignInOptions extends Record<string, unknown> {
 }

 export interface SignInResponse {
-  error: string | undefined
+  error: string | null
  status: number
  ok: boolean
  url: string | null
--- a/packages/next-auth/src/utils/detect-host.ts
+++ b/packages/next-auth/src/utils/detect-host.ts
@@ -1,13 +0,0 @@
-/** Extract the host from the environment */
-export function detectHost(forwardedHost: any) {
-  // if `NEXTAUTH_URL_INTERNAL` is set, it means NextAuth.js is deployed 
-  // behind a proxy - we prioritize it over `forwardedHost`.
-  if (process.env.NEXTAUTH_URL_INTERNAL) {
-    return process.env.NEXTAUTH_URL_INTERNAL
-  }
-  // If we detect a Vercel environment, we can trust the host
-  if (process.env.VERCEL ?? process.env.AUTH_TRUST_HOST)
-    return forwardedHost
-  // If `NEXTAUTH_URL` is `undefined` we fall back to "http://localhost:3000"
-  return process.env.NEXTAUTH_URL
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Thang Vu	2510f74809	chore(release): bump version [skip ci]	2023-10-02 18:57:37 +07:00
Thang Vu	27b2519b84	fix(next): returns correct status for signing in with `redirect: false` for route handler (#8775 ) * fix: returns status for signing in with credentials provider `redirect: false` * chore: format cookie.ts	2023-10-02 18:48:36 +07:00
Ahmed Abdelbaset	5f15b0704a	docs: fix typo (#8767 ) fix typo	2023-10-02 01:03:25 +01:00
Balázs Orbán	e4573ffff5	docs: typo	2023-10-02 01:37:14 +02:00
Balázs Orbán	4ce1951a2b	docs: close admonition	2023-10-02 01:34:55 +02:00
Balázs Orbán	c95531d651	docs: mention `auth()` convention under `getServerSession`	2023-10-02 01:32:35 +02:00
Balázs Orbán	654d52bb56	docs: mention `getServerSession` under `SessionProvider`	2023-10-02 01:27:35 +02:00
Herbie Vine	b72d7be9be	docs: set decode fn not jwt obj (#8742 ) Co-authored-by: Balázs Orbán <info@balazsorban.com>	2023-09-29 15:36:32 +02:00
Balázs Orbán	76fcc4e70c	chore: don't sync example from v4 branch	2023-09-27 12:49:25 +02:00
Balázs Orbán	4cacf504dd	docs: clarify `pages` in middleware	2023-09-26 13:23:04 +02:00
Balázs Orbán	50eb23f626	fix: update security policy link	2023-09-25 11:30:27 +02:00
Balázs Orbán	d813c00b3e	fix(ts): fix typo	2023-09-20 19:48:30 +01:00
Soheil Nazari	fc4448a85a	docs: add extra tips for next app router (#8227 ) * Update example.md * Update example.md * Update example.md * Update docs/docs/getting-started/example.md * Update docs/docs/getting-started/example.md * Update docs/docs/getting-started/example.md --------- Co-authored-by: Thang Vu <hi@thvu.dev>	2023-09-20 13:46:47 +07:00
Thang Vu	16f781c091	chore: update email	2023-09-16 12:07:27 +07:00
Jared Wyce	ebfdaece0e	fix: remove trailing `?` from signIn URL (#8466 ) * fix: 🎣 avoid phishing categorization by VPNs * Update packages/next-auth/src/react/index.tsx * Update packages/next-auth/src/react/index.tsx --------- Co-authored-by: Thang Vu <hi@thvu.dev>	2023-09-06 12:55:03 +07:00
Devdat Kumar	64a190e549	docs: Update adapters.md (#8397 ) "Drizzle" and "Kysely" links have been added to the list, and the list has been sorted. https://next-auth.js.org/adapters	2023-08-24 10:23:41 +01:00
Arif Shanji	e11f898c10	docs: typo (#8366 )	2023-08-21 13:53:35 +02:00
Balázs Orbán	dcb11da2e2	docs: update error page closes #8174	2023-08-18 09:22:25 +01:00
Thang Vu	9f900befe6	chore(release): bump version [skip ci]	2023-08-16 14:43:26 +07:00
Gabriel Villenave	09c2a89df8	fix: use `default` submodules export in `package.json` (#8330 ) Use `default` submodules export in `package.json` to ensure compatibility, as specified in https://nodejs.org/api/packages.html#conditional-exports	2023-08-16 09:33:07 +02:00
Balázs Orbán	20c3fe3331	fix(ts): correctly expose `next-auth/adapters` Fixes https://github.com/nextauthjs/next-auth/issues/8283#issuecomment-1675939280	2023-08-12 16:37:18 +02:00
Manuel Cattelan	e26f500d18	docs(providers): add warning for gitlab provider (#8292 )	2023-08-11 13:56:56 +02:00
Balázs Orbán	494d16e54d	chore(release): bump version [skip ci]	2023-08-11 13:43:03 +02:00
Balázs Orbán	5a8aa2e5e5	feat(providers): add Passage by 1Password	2023-08-11 13:39:52 +02:00
Balázs Orbán	05ff6ae221	fix(ts): correctly export submodule types	2023-08-11 11:31:35 +02:00
Jonathan Edenström	1fbc684f53	fix: sort cookie chunks correctly (#8284 )	2023-08-10 12:17:41 +01:00
Balázs Orbán	124be4fb1f	chore(release): bump version [skip ci]	2023-08-08 19:21:49 +02:00
Balázs Orbán	3b0128c3ca	fix(ts): match `next-auth/adapter` & `@auth/core/adapters`	2023-08-08 19:20:30 +02:00
Balázs Orbán	36b97aafb8	docs: amplify note	2023-08-08 18:00:41 +02:00
Thang Vu	175d37499b	chore(release): bump version [skip ci]	2023-08-06 22:52:13 +07:00
Thang Vu	08a6835a70	fix: don't return `res.end()` in api handler (#8244 ) Move #8069 to v4 branch co-authored by @maritz Co-authored-by: maritz <159633+maritz@users.noreply.github.com>	2023-08-06 22:38:57 +07:00
Thang Vu	448a11ff0a	chore: add turbo env vars	2023-08-06 21:47:08 +07:00
Thang Vu	f39f9708bd	fix(ts) : add missing function overload for Route Handler (#8236 ) Pick up https://github.com/nextauthjs/next-auth/pull/8211 & tweak some changes Co-authored-by: Max Quinn <max.t.quinn@gmail.com>	2023-08-05 19:57:29 +07:00
Matt Azlin	6d98b8b33c	docs: fixing broken link in documentation (#8208 )	2023-08-03 16:11:11 +02:00
Balázs Orbán	ef7ec044c5	docs: clarify `getServerSession`	2023-08-03 16:05:32 +02:00
Balázs Orbán	e89e3143d7	docs: move `unstable_getServerSession`	2023-08-03 16:03:48 +02:00
Noam Al Rifaï	12f0795a0a	docs: Typo fixed (#8206 )	2023-08-03 16:01:58 +02:00
Trent	9e0036bc73	docs(providers): mention HTTP-based Email guide (#8214 ) Co-authored-by: Balázs Orbán <info@balazsorban.com>	2023-08-03 15:57:57 +02:00
MohammadAli Saeidi	27aa5ef09b	docs: Update object key "email" to "username" (#8113 )	2023-07-25 14:45:38 +02:00
Thang Vu	903bd6fac9	fix: remove RSC warning in `getServerSession` (#8108 )	2023-07-25 12:13:51 +02:00
Ricardo van Noort	998b7a0db4	docs: Update upgrade-to-v4.md (#8123 )	2023-07-25 12:12:57 +02:00
Thang Vu	465644f9e4	fix(ts): SignInResponse.error type (#8109 ) Co-authored-by: smcg468 <49883535+smcg468@users.noreply.github.com>	2023-07-22 12:39:23 +07:00
GhibliMagic	d12bd5a799	doc: Add a guide on sending magic links to existing users only (#7663 )	2023-07-22 11:57:52 +07:00
Tony Worm	3897d47db2	docs: Update refresh-token-rotation.md - fix example client code filename (#8088 )	2023-07-20 01:09:06 +02:00
Doug	e44dccc42d	docs(providers): updated docs with missing account attribute (#8084 )	2023-07-19 15:24:41 +02:00
Balázs Orbán	733a81bd3a	chore(release): bump version [skip ci]	2023-07-18 22:53:27 +02:00
Balázs Orbán	f06f3bbc96	chore(release): bump version [skip ci]	2023-07-18 15:53:30 +02:00
Thang Vu	aea27a1fa8	fix: remove unused TS types	2023-07-16 22:32:55 +07:00
Thang Vu	bd37c55241	fix(ts): adapter interface (#8054 )	2023-07-16 20:47:18 +07:00
Rexford Essilfie	169a5230db	fix(ts): add overloads to withAuth middleware (#7999 ) * fix(ts): add overloads to withAuth middleware * fix: allow extends Request on returned middleware handler * chore: simplify return type for withAuth returning middleware * chore: remove withAuth overloads generics --------- Co-authored-by: Thang Vu <hi@thvu.dev>	2023-07-12 10:49:50 +07:00
Francis Gulotta	f48eb0478e	fix(providers): fix `nodemailer`/required types (#7950 ) Co-authored-by: Balázs Orbán <info@balazsorban.com>	2023-07-11 12:57:37 +02:00
Stephen Cronin	b25a090c17	docs: fix `getServerSession` API Routes example (#7978 ) * Fix Next.js getServerSession API Routes example Example API code threw an error in Next.js. Fixed the example to work. * Update docs/docs/configuration/nextjs.md --------- Co-authored-by: Balázs Orbán <info@balazsorban.com>	2023-07-09 14:03:02 +02:00
Matt Jared	0167e9368b	docs: Update example.md (#7879 )	2023-06-27 14:29:17 +02:00
Mikalai S	dcb576f01b	docs: Mention a possible cause of ResourceNotFound issue (#7758 )	2023-06-09 14:56:55 +02:00
Balázs Orbán	9417822a41	Update oauth.ts Closes #7608 Co-authored-by: aaazzz <akrm@hey.com>	2023-06-01 11:17:23 +01:00
Balázs Orbán	14f8f0cb58	docs: rephrase Closes #7531 Co-authored-by: Trey Speakman <100887275+treyspeakman@users.noreply.github.com>	2023-05-19 00:58:27 +01:00
Nick Radford	212272a839	docs: Update sub-bullet about vercel deployment specifics (#7537 )	2023-05-14 12:59:49 +02:00
Balázs Orbán	a8e8b7542c	docs: Update initialization.md	2023-05-11 23:30:53 +01:00
browny	14cecb9b73	docs: update react docs link (#7521 )	2023-05-11 14:45:39 +02:00
Ivan Medina	28bec0fbcc	docs: Update client.md (#7458 )	2023-05-06 12:09:10 +01:00
Thang Vu	bc683a5b72	chore: merge changes back to v4 (#7430 ) * docs: Remove --save from install command (#7277) Remove --save from install command --save is no longer needed on npm install. * chore: fix "Contributing guide" link (#7279) * fix: detect origin when `instanceof Request` check fails (#7303) * docs: Update Clerk sponsorship URL (#7305) - Change Clerk URL from `https://clerk.dev` to `https://clerk.com` - Fix alt from copy/paste * chore: bump react types * fix(docs): fix default `maxAge` formula (#7406) * Update pnpm-lock.yaml * sync package.json change --------- Co-authored-by: Chris Hayes <6013871+Christopher-Hayes@users.noreply.github.com> Co-authored-by: Raul <57044803+Leprekus@users.noreply.github.com> Co-authored-by: Balázs Orbán <info@balazsorban.com> Co-authored-by: Nick Parsons <nparsons08@gmail.com> Co-authored-by: Victor <saptefrativictor@gmail.com>	2023-05-04 20:05:33 +01:00
Sebastián Iturra	e7b8597f73	docs: Update email.md (#7391 )	2023-04-28 13:53:27 +01:00
Kjetil Hårtveit	5c89a21bfa	docs: mention caching in App Router (#7206 ) I spent at least a day figuring out why my tRPC caches were all [MISSing](https://vercel.com/docs/concepts/edge-network/caching#miss) even though I set the correct Cache-Control headers (my stack: NextAuth, NextJS, tRPC, Vercel). I wish information could be placed where appropriate so that others don't need to debug like I had too. I realise it's a bit convoluted as tRPC suggested I could fetch the session in the context and then use it throughout my routers. It was not obvious to me that this caused all the public caches to fail, even on query procedures that were not using the session. The caches were MISSing because `getServerSession` refreshes the cookies via the `set-cookie` header and [Vercel won't allow this](https://vercel.com/docs/concepts/functions/serverless-functions/edge-caching). I'm not saying the refreshing of cookies is wrong, it's a nice feature, and it's kind of handy this implicitly means Vercel doesn't cache. So how I got here has many causes and it's futile to find anyone to "blame". The factors are: - tRPC suggests `getSession()` in their [documentation for context](https://trpc.io/docs/server/context). - I see tRPC does not suggest `getSession()` in the page for [caching](https://trpc.io/docs/server/caching) which is correct but wasn't obvious to me what I had done wrong. - my misunderstanding about the link between session and personalized data (it makes sense to me now but it wasn't that obvious to see the link: get session means no public cache)	2023-04-26 13:05:01 +01:00
Andreas Jagiella	6e9c8b5b3c	docs(providers): mention non-standard properties (#7290 ) ~ needed database entries ~ type of redirect uri	2023-04-26 13:03:08 +01:00
Ilya	91a9e5f601	docs(providers): update default vk provider version and options link (#7354 ) Update version by default and options link Now by default VK provider uses `5.131` version. And provider options link changed to .ts.	2023-04-26 12:58:09 +01:00
Balázs Orbán	cb916f4848	docs: Update typescript.md closes #7288	2023-04-17 21:01:11 +01:00
muoi	8259cd4fc6	docs : fix typo (#7258 ) Update link to Kakao Provider options	2023-04-17 10:35:15 +01:00
Dorijan Hašpl	7a8c0068c4	docs: mention Route Handler initialization in getting started (#7213 ) Updated the Getting Started documentation file (section about adding NextAuth API routes) to refer to another documentation section where the NextAuth API routes are handled using the new App Router and Route Handlers	2023-04-12 11:39:09 +01:00
Balázs Orbán	6edb6ddaaf	fix: respect protocol too, when host is trusted (#7214 ) * fix: respect protocol too when host is trusted * simplify	2023-04-12 11:30:20 +01:00
Balázs Orbán	0711d32a00	chore(release): bump version [skip ci]	2023-04-09 11:54:51 +02:00
Balázs Orbán	c261af4695	feat: support Route Handlers (#6777 ) * feat: support Route Handlers * update dev app * init NextAuth via Route Handler in dev app * import as type * fix labeler * default secret to `NEXTAUTH_SECRET` * handle redirects * support advanced init in Route Handlers * use port 3000 for docs dev * document initialization with Route Handlers * upgrade to latest `next` * upgrade to 13.3.0 * remove workaround * cleanup	2023-04-09 10:51:49 +01:00
Balázs Orbán	d69f311ddc	chore(release): bump version [skip ci]	2023-04-03 12:15:24 +02:00
Julius Marminge	ec8a34308b	fix(ts): revert `session` callback type changes (#7136 ) Fixes https://github.com/t3-oss/create-t3-app/issues/1328	2023-04-03 12:14:24 +02:00
Balázs Orbán	c0bf2f15fb	chore(release): bump version [skip ci]	2023-04-02 11:30:53 +02:00
Thang Vu	d8901777bf	fix: revert #6814 (#7125 )	2023-04-02 11:27:52 +02:00
Balázs Orbán	319f2ce165	fix(ts): mark `id` in `updateUser` as always defined Closes #7027	2023-03-29 14:16:58 +02:00
Balázs Orbán	2d907f0004	feat: make it possible to update the session (#7056 )	2023-03-29 05:43:48 +02:00
JakobSchlichting	2954588be7	docs: fix typo (#7094 )	2023-03-29 05:39:57 +02:00
Balázs Orbán	4026183411	docs: fix adapters links	2023-03-27 01:48:23 +02:00
Abdulaziz Askaraliev	86d031faba	fix(providers): add types for yandex provider (#7073 ) * fix(providers): yandex add types * chore(providers): yandex added comments * Update yandex.ts --------- Co-authored-by: Balázs Orbán <info@balazsorban.com>	2023-03-27 00:39:54 +01:00
Thomas Knickman	1e3745d22a	chore(docs): update broken links (#7069 ) fix(docs): update broken links	2023-03-26 21:51:05 +02:00
Balázs Orbán	feaeda9e2a	chore: release with declaration maps	2023-03-25 16:18:38 +01:00
Balázs Orbán	e127600ad4	chore: fix tests	2023-03-25 15:37:17 +01:00
Balázs Orbán	cb3137133c	docs: fix title	2023-03-25 13:46:35 +01:00
Balázs Orbán	b3eaf6329e	docs: fix broken links	2023-03-25 13:22:56 +01:00
Peter	8aa1789697	fix(oauth): allow jwks_uri to be set for non-wellKnown (#7014 ) fix(oauth): allow jwks_uri to be set for non-wellKnown flow by passing jwks_endpoint Co-authored-by: Thang Vu <hi@thvu.dev>	2023-03-25 18:57:22 +07:00
Balázs Orbán	a7601d0b45	chore: redirect rest of the adapters	2023-03-24 01:57:41 +01:00
Balázs Orbán	bb8d826bc7	Update sidebars.js	2023-03-20 20:43:03 +00:00
Balázs Orbán	f787809cd4	Update overview.md	2023-03-20 20:36:47 +00:00
Balázs Orbán	7789fa17b5	Delete pouchdb.md	2023-03-20 20:36:34 +00:00
Balázs Orbán	740c505901	Update vercel.json	2023-03-20 20:36:06 +00:00
Balázs Orbán	1e579cbaa6	Merge branch 'v4' of github.com:nextauthjs/next-auth into v4	2023-03-16 03:21:37 +01:00
Balázs Orbán	65aacbe97a	docs: fix links	2023-03-16 03:21:33 +01:00
Balázs Orbán	7dbfa5da4d	docs: fix sidebar, remove duplicates	2023-03-16 03:13:36 +01:00
Balázs Orbán	98bd774b75	Update vercel.json	2023-03-16 01:51:34 +00:00
Norbert Hüthmayr	3661ca68b0	doca: Prevent Stalled Request Warning (#6967 ) Added call to end() Missing end causes `stalled request` warning	2023-03-16 01:30:12 +01:00
Balázs Orbán	7ba986b01e	Update vercel.json	2023-03-09 11:34:27 +00:00
Balázs Orbán	e638ec5eb1	chore: redirect to new reference page	2023-03-09 11:25:25 +00:00
Abheek Dhawan	7327468697	docs: remove incorrect space in MikroORM (#6886 )	2023-03-08 16:56:26 +00:00
Balázs Orbán	9a9c24897d	docs: redirect prisma	2023-03-05 17:20:30 +01:00
Balázs Orbán	e362653819	chore: format	2023-03-05 16:08:35 +01:00
Balázs Orbán	a92e348ed3	chore: remove duplicate articles	2023-03-05 15:56:43 +01:00
Balázs Orbán	ab0857a99e	chore: correct ts import	2023-03-02 20:32:28 +01:00