chore(release): bump version [skip ci]

Use `default` submodules export in `package.json` to ensure compatibility, as specified in https://nodejs.org/api/packages.html#conditional-exports

docs/docs/providers/gitlab.md

@@ -3,6 +3,10 @@ id: gitlab
 title: GitLab
 ---
 
+:::note
+GitLab returns a field on `Account` called `created_at` which is a number. See their [docs](https://docs.gitlab.com/ee/api/oauth2.html). Remember to add this field as optional to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+:::
+
 ## Documentation
 
 https://docs.gitlab.com/ee/api/oauth2.html

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.22.5",
+  "version": "4.23.1",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -27,19 +27,42 @@
     "nextauth"
   ],
   "exports": {
-    ".": "./index.js",
-    "./jwt": "./jwt/index.js",
-    "./react": "./react/index.js",
-    "./core": "./core/index.js",
-    "./next": "./next/index.js",
-    "./middleware": "./middleware.js",
-    "./client/_utils": "./client/_utils.js",
-    "./providers/*": "./providers/*.js"
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./index.js"
+    },
+    "./adapters": {
+      "types": "./adapters.d.ts"
+    },
+    "./jwt": {
+      "types": "./jwt/index.d.ts",
+      "default": "./jwt/index.js"
+    },
+    "./react": {
+      "types": "./react/index.d.ts",
+      "default": "./react/index.js"
+    },
+    "./next": {
+      "types": "./next/index.d.ts",
+      "default": "./next/index.js"
+    },
+    "./middleware": {
+      "types": "./middleware.d.ts",
+      "default": "./middleware.js"
+    },
+    "./client/_utils": {
+      "types": "./client/_utils.d.ts",
+      "default": "./client/_utils.js"
+    },
+    "./providers/*": {
+      "types": "./providers/*.d.ts",
+      "default": "./providers/*.js"
+    }
   },
   "scripts": {
     "build": "pnpm clean && pnpm build:js && pnpm build:css",
     "build:js": "pnpm clean && pnpm generate-providers && pnpm tsc --project tsconfig.json && babel --config-file ./config/babel.config.js src --out-dir . --extensions \".tsx,.ts,.js,.jsx\"",
-    "clean": "rm -rf coverage client css utils providers core jwt react next index.d.ts index.js adapters.d.ts middleware.d.ts middleware.js",
+    "clean": "rm -rf coverage client css utils providers core jwt react next lib ./*.js ./*.ts*",
     "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir . && node config/wrap-css.js",
     "dev": "pnpm clean && pnpm generate-providers && concurrently \"pnpm watch:css\" \"pnpm watch:ts\"",
     "watch:ts": "pnpm tsc --project tsconfig.dev.json",

packages/next-auth/src/core/lib/cookie.ts

@@ -161,9 +161,22 @@ export class SessionStore {
     }
   }
 
-  get value() {
-    return Object.values(this.#chunks)?.join("")
-  }
+ /**
+   * The JWT Session or database Session ID
+   * constructed from the cookie chunks.
+   */
+ get value() {
+  // Sort the chunks by their keys before joining
+  const sortedKeys = Object.keys(this.#chunks).sort((a, b) => {
+    const aSuffix = parseInt(a.split(".").pop() || "0")
+    const bSuffix = parseInt(b.split(".").pop() || "0")
+
+    return aSuffix - bSuffix
+  });
+
+  // Use the sorted keys to join the chunks in the correct order
+  return sortedKeys.map(key => this.#chunks[key]).join("")
+}
 
   /** Given a cookie, return a list of cookies, chunked to fit the allowed cookie size. */
   #chunk(cookie: Cookie): Cookie[] {

packages/next-auth/src/providers/passage.ts

@@ -0,0 +1,56 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+/** @see [Supported Scopes](https://docs.passage.id/hosted-login/oidc-client-configuration#supported-scopes) */
+export interface PassageProfile {
+  iss: string
+  /** Unique identifer in Passage for the user */
+  sub: string
+  aud: string[]
+  exp: number
+  iat: number
+  auth_time: number
+  azp: string
+  client_id: string
+  at_hash: string
+  c_hash: string
+  /** The user's email address */
+  email: string
+  /** Whether the user has verified their email address */
+  email_verified: boolean
+  /** The user's phone number */
+  phone: string
+  /** Whether the user has verified their phone number */
+  phone_number_verified: boolean
+}
+
+export default function Passage(
+  config: OAuthUserConfig<PassageProfile>
+): OAuthConfig<PassageProfile> {
+  config.issuer = config.issuer?.replace(/\/$/, "")
+  return {
+    id: "passage",
+    name: "Passage",
+    type: "oauth",
+    wellKnown: `${config.issuer}/.well-known/openid-configuration`,
+    authorization: { params: { scope: "openid email" } },
+    client: { token_endpoint_auth_method: "client_secret_basic" },
+    checks: ["pkce", "state"],
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: null,
+        email: profile.email,
+        image: null,
+      }
+    },
+    style: {
+      logo: "/passage.svg",
+      logoDark: "/passage.svg",
+      bg: "#fff",
+      bgDark: "#fff",
+      text: "#000",
+      textDark: "#000",
+    },
+    options: config,
+  }
+}