docs: change osu! capitalization inside the document

fix: nodemailer imports

apps/dev/README.md

@@ -3,4 +3,4 @@
 This folder contains a Next.js app using NextAuth.js for local development. See the following section on how to start:
 
 [Setting up local environment
-](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md#setting-up-local-environment)
+](https://github.com/nextauthjs/.github/blob/main/CONTRIBUTING.md#setting-up-local-environment)

apps/dev/pages/api/auth-old/[...nextauth].ts

@@ -1,132 +0,0 @@
-import NextAuth, { NextAuthOptions } from "next-auth"
-
-// Providers
-import Apple from "next-auth/providers/apple"
-import Auth0 from "next-auth/providers/auth0"
-import AzureAD from "next-auth/providers/azure-ad"
-import AzureB2C from "next-auth/providers/azure-ad-b2c"
-import BoxyHQSAML from "next-auth/providers/boxyhq-saml"
-// import Cognito from "next-auth/providers/cognito"
-import Credentials from "next-auth/providers/credentials"
-import Discord from "next-auth/providers/discord"
-import DuendeIDS6 from "next-auth/providers/duende-identity-server6"
-// import Email from "next-auth/providers/email"
-import Facebook from "next-auth/providers/facebook"
-import Foursquare from "next-auth/providers/foursquare"
-import Freshbooks from "next-auth/providers/freshbooks"
-import GitHub from "next-auth/providers/github"
-import Gitlab from "next-auth/providers/gitlab"
-import Google from "next-auth/providers/google"
-// import IDS4 from "next-auth/providers/identity-server4"
-import Instagram from "next-auth/providers/instagram"
-// import Keycloak from "next-auth/providers/keycloak"
-import Line from "next-auth/providers/line"
-import LinkedIn from "next-auth/providers/linkedin"
-import Mailchimp from "next-auth/providers/mailchimp"
-// import Okta from "next-auth/providers/okta"
-import Osu from "next-auth/providers/osu"
-import Patreon from "next-auth/providers/patreon"
-import Slack from "next-auth/providers/slack"
-import Spotify from "next-auth/providers/spotify"
-import Trakt from "next-auth/providers/trakt"
-import Twitch from "next-auth/providers/twitch"
-import Twitter from "next-auth/providers/twitter"
-import Vk from "next-auth/providers/vk"
-import Wikimedia from "next-auth/providers/wikimedia"
-import WorkOS from "next-auth/providers/workos"
-
-// // Prisma
-// import { PrismaClient } from "@prisma/client"
-// import { PrismaAdapter } from "@next-auth/prisma-adapter"
-// const client = globalThis.prisma || new PrismaClient()
-// if (process.env.NODE_ENV !== "production") globalThis.prisma = client
-// const adapter = PrismaAdapter(client)
-
-// // Fauna
-// import { Client as FaunaClient } from "faunadb"
-// import { FaunaAdapter } from "@next-auth/fauna-adapter"
-// const opts = { secret: process.env.FAUNA_SECRET, domain: process.env.FAUNA_DOMAIN }
-// const client = globalThis.fauna || new FaunaClient(opts)
-// if (process.env.NODE_ENV !== "production") globalThis.fauna = client
-// const adapter = FaunaAdapter(client)
-
-// // TypeORM
-// import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-// const adapter = TypeORMLegacyAdapter({
-//   type: "sqlite",
-//   name: "next-auth-test-memory",
-//   database: "./typeorm/dev.db",
-//   synchronize: true,
-// })
-
-// // Supabase
-// import { SupabaseAdapter } from "@next-auth/supabase-adapter"
-// const adapter = SupabaseAdapter({
-//   url: process.env.NEXT_PUBLIC_SUPABASE_URL,
-//   secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
-// })
-
-export const authOptions: NextAuthOptions = {
-  // adapter,
-  // debug: process.env.NODE_ENV !== "production",
-  theme: {
-    logo: "https://next-auth.js.org/img/logo/logo-sm.png",
-    brandColor: "#1786fb",
-  },
-  providers: [
-    Credentials({
-      credentials: { password: { label: "Password", type: "password" } },
-      async authorize(credentials) {
-        if (credentials.password !== "pw") return null
-        return { name: "Fill Murray", email: "bill@fillmurray.com", image: "https://www.fillmurray.com/64/64", id: "1", foo: "" }
-      },
-    }),
-    Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
-    Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
-    AzureAD({
-      clientId: process.env.AZURE_AD_CLIENT_ID,
-      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
-      tenantId: process.env.AZURE_AD_TENANT_ID,
-    }),
-    AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
-    BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
-    // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
-    Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
-    DuendeIDS6({ clientId: "interactive.confidential", clientSecret: "secret", issuer: "https://demo.duendesoftware.com" }),
-    Facebook({ clientId: process.env.FACEBOOK_ID, clientSecret: process.env.FACEBOOK_SECRET }),
-    Foursquare({ clientId: process.env.FOURSQUARE_ID, clientSecret: process.env.FOURSQUARE_SECRET }),
-    Freshbooks({ clientId: process.env.FRESHBOOKS_ID, clientSecret: process.env.FRESHBOOKS_SECRET }),
-    GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
-    Gitlab({ clientId: process.env.GITLAB_ID, clientSecret: process.env.GITLAB_SECRET }),
-    Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
-    // IDS4({ clientId: process.env.IDS4_ID, clientSecret: process.env.IDS4_SECRET, issuer: process.env.IDS4_ISSUER }),
-    Instagram({ clientId: process.env.INSTAGRAM_ID, clientSecret: process.env.INSTAGRAM_SECRET }),
-    // Keycloak({ clientId: process.env.KEYCLOAK_ID, clientSecret: process.env.KEYCLOAK_SECRET, issuer: process.env.KEYCLOAK_ISSUER }),
-    Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
-    LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
-    Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
-    // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
-    Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
-    Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),
-    Slack({ clientId: process.env.SLACK_ID, clientSecret: process.env.SLACK_SECRET }),
-    Spotify({ clientId: process.env.SPOTIFY_ID, clientSecret: process.env.SPOTIFY_SECRET }),
-    Trakt({ clientId: process.env.TRAKT_ID, clientSecret: process.env.TRAKT_SECRET }),
-    Twitch({ clientId: process.env.TWITCH_ID, clientSecret: process.env.TWITCH_SECRET }),
-    Twitter({ clientId: process.env.TWITTER_ID, clientSecret: process.env.TWITTER_SECRET }),
-    // TwitterLegacy({ clientId: process.env.TWITTER_LEGACY_ID, clientSecret: process.env.TWITTER_LEGACY_SECRET }),
-    Vk({ clientId: process.env.VK_ID, clientSecret: process.env.VK_SECRET }),
-    Wikimedia({ clientId: process.env.WIKIMEDIA_ID, clientSecret: process.env.WIKIMEDIA_SECRET }),
-    WorkOS({ clientId: process.env.WORKOS_ID, clientSecret: process.env.WORKOS_SECRET }),
-  ],
-}
-
-if (authOptions.adapter) {
-  // TODO:
-  // authOptions.providers.unshift(
-  //   // NOTE: You can start a fake e-mail server with `pnpm email`
-  //   // and then go to `http://localhost:1080` in the browser
-  //   Email({ server: "smtp://127.0.0.1:1025?tls.rejectUnauthorized=false" })
-  // )
-}
-
-export default NextAuth(authOptions)

apps/dev/pages/api/examples/protected.js

@@ -1,6 +1,6 @@
 // This is an example of to protect an API route
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 
 export default async (req, res) => {
   const session = await getServerSession(req, res, authOptions)

apps/dev/pages/api/examples/session.js

@@ -1,6 +1,6 @@
 // This is an example of how to access a session from an API route
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 
 export default async (req, res) => {
   const session = await getServerSession(req, res, authOptions)

apps/dev/pages/api/examples/supabase-rls.js

@@ -1,7 +1,7 @@
 // This is an example of how to query data from Supabase with RLS.
 // Learn more about Row Levele Security (RLS): https://supabase.com/docs/guides/auth/row-level-security
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 import { createClient } from "@supabase/supabase-js"
 
 export default async (req, res) => {

apps/dev/pages/protected-ssr.js

@@ -1,6 +1,6 @@
 // This is an example of how to protect content using server rendering
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "./api/auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 import Layout from "../components/layout"
 import AccessDenied from "../components/access-denied"
 

apps/dev/pages/server.js

@@ -1,6 +1,6 @@
 import { getServerSession } from "next-auth/next"
 import Layout from "../components/layout"
-import { authOptions } from "./api/auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 
 export default function Page() {
   // As this page uses Server Side Rendering, the `session` will be already

apps/dev/pages/supabase-ssr.js

@@ -1,7 +1,7 @@
 // This is an example of how to protect content using server rendering
 // and fetching data from Supabase with RLS enabled.
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "./api/auth/[...nextauth]"
+import { authOptions } from "/app/api/auth/[...nextauth]/route"
 import { createClient } from "@supabase/supabase-js"
 import Layout from "../components/layout"
 import AccessDenied from "../components/access-denied"

docs/docs/adapters.md

@@ -3,7 +3,7 @@ id: adapters
 title: Adapters
 ---
 
-Visit the [authjs.dev](https://authjs.dev/reference/adapters) page for the up-to-date documentation.
+Visit the [authjs.dev](https://authjs.dev/getting-started/adapters) page for the up-to-date documentation.
 
 - [Dgraph](https://authjs.dev/reference/adapter/dgraph)
 - [Drizzle](https://authjs.dev/reference/adapter/drizzle)

docs/docs/configuration/databases.md

@@ -3,7 +3,7 @@ id: databases
 title: Databases
 ---
 
-NextAuth.js offers multiple database adapters. Check out [the overview](https://authjs.dev/reference/adapters).
+NextAuth.js offers multiple database adapters. Check out [the overview](https://authjs.dev/getting-started/adapters).
 
 > As of **v4** NextAuth.js no longer ships with an adapter included by default. If you would like to persist any information, you need to install one of the many available adapters yourself. See the individual adapter documentation pages for more details.
 
@@ -13,4 +13,4 @@ To learn more about databases in NextAuth.js and how they are used, check out [d
 
 ## How to use a database
 
-See the [documentation for adapters](https://authjs.dev/reference/adapters) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).
+See the [documentation for adapters](https://authjs.dev/getting-started/adapters) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).

docs/docs/configuration/initialization.md

@@ -5,7 +5,6 @@ title: Initialization
 
 The main entry point of NextAuth.js is the `NextAuth` method that you import from `next-auth`. It handles different types of requests, as defined in the [REST API](../getting-started/rest-api.md) section.
 
-
 :::info
 NextAuth.js cannot use the run [Edge Runtime](https://nextjs.org/docs/api-reference/edge-runtime) for initialization. The upcoming [`@auth/nextjs` library](https://authjs.dev/reference/nextjs) (which will replace `next-auth`) on the other hand will be fully compatible.
 :::
@@ -13,6 +12,7 @@ NextAuth.js cannot use the run [Edge Runtime](https://nextjs.org/docs/api-refere
 You can initialize NextAuth.js in a few different ways.
 
 ## Simple initialization
+
 ### API Routes (`pages`)
 
 In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).
@@ -62,7 +62,6 @@ Instead, `NextAuth` will receive the first two arguments of a Route Handler, and
 
 If you have a specific use case and need to make NextAuth.js do something slightly different than what it is designed for, keep in mind, the `[...nextauth].ts` config file is just **a regular [API Route](https://nextjs.org/docs/api-routes/introduction)**.
 
-
 That said, you can initialize NextAuth.js like this:
 
 ```ts title="/pages/api/auth/[...nextauth].ts"
@@ -148,7 +147,7 @@ export default async function auth(req, res) {
 }
 ```
 
-For more details on all available actions and which methods are supported, please check out the [REST API documentation](/getting-started/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/index.ts)
+For more details on all available actions and which methods are supported, please check out the [REST API documentation](/getting-started/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/index.ts)
 
 This way of initializing `NextAuth` is very powerful, but should be used sparingly.
 

docs/docs/configuration/options.md

@@ -27,7 +27,7 @@ Using [System Environment Variables](https://vercel.com/docs/concepts/projects/e
 
 ### NEXTAUTH_SECRET
 
-Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](https://authjs.dev/reference/adapters#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).
+Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](https://authjs.dev/getting-started/adapters#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).
 
 
 ### NEXTAUTH_URL_INTERNAL
@@ -310,7 +310,7 @@ events: {
 
 #### Description
 
-By default NextAuth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](https://authjs.dev/reference/adapters).
+By default NextAuth.js does not include an adapter any longer. If you would like to persist user / account data, please install one of the many available adapters. More information can be found in the [adapter documentation](https://authjs.dev/getting-started/adapters).
 
 ---
 
@@ -472,7 +472,7 @@ cookies: {
       httpOnly: true,
       sameSite: 'lax',
       path: '/',
-      secure: useSecureCookies,
+      secure: true,
       maxAge: 900
     }
   },
@@ -482,7 +482,7 @@ cookies: {
       httpOnly: true,
       sameSite: "lax",
       path: "/",
-      secure: useSecureCookies,
+      secure: true,
       maxAge: 900
     },
   },
@@ -492,7 +492,7 @@ cookies: {
       httpOnly: true,
       sameSite: "lax",
       path: "/",
-      secure: useSecureCookies,
+      secure: true,
     },
   },
 }

docs/docs/configuration/pages.md

@@ -44,11 +44,11 @@ Example: `/auth/error?error=Configuration`
 
 The following errors are passed as error query parameters to the default or overridden sign-in page:
 
-- **OAuthSignin**: Error in constructing an authorization URL ([1](https://github.com/nextauthjs/next-auth/blob/457952bb5abf08b09861b0e5da403080cd5525be/src/server/lib/signin/oauth.js), [2](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/state-handler.ts)),
-- **OAuthCallback**: Error in handling the response ([1](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/callback.ts), [2](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/state-handler.ts)) from an OAuth provider.
+- **OAuthSignin**: Error in constructing an authorization URL ([1](https://github.com/nextauthjs/next-auth/blob/457952bb5abf08b09861b0e5da403080cd5525be/src/server/lib/signin/oauth.js), [2](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/lib/oauth/state-handler.ts)),
+- **OAuthCallback**: Error in handling the response ([1](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/lib/oauth/callback.ts), [2](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/lib/oauth/state-handler.ts)) from an OAuth provider.
 - **OAuthCreateAccount**: Could not create OAuth provider user in the database.
 - **EmailCreateAccount**: Could not create email provider user in the database.
-- **Callback**: Error in the [OAuth callback handler route](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/routes/callback.ts)
+- **Callback**: Error in the [OAuth callback handler route](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/routes/callback.ts)
 - **OAuthAccountNotLinked**: If the email on the account is already linked, but not with this OAuth account
 - **EmailSignin**: Sending the e-mail with the verification token failed
 - **CredentialsSignin**: The `authorize` callback returned `null` in the [Credentials provider](/providers/credentials). We don't recommend providing information about which part of the credentials were wrong, as it might be abused by malicious hackers.
@@ -78,12 +78,17 @@ In addition, you can define a `theme.brandColor` to define a custom accent color
 In order to get the available authentication providers and the URLs to use for them, you can make a request to the API endpoint `/api/auth/providers`:
 
 ```tsx title="pages/auth/signin.tsx"
-import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
+import type {
+  GetServerSidePropsContext,
+  InferGetServerSidePropsType,
+} from "next"
 import { getProviders, signIn } from "next-auth/react"
 import { getServerSession } from "next-auth/next"
-import { authOptions } from "../api/auth/[...nextauth]";
+import { authOptions } from "../api/auth/[...nextauth]"
 
-export default function SignIn({ providers }: InferGetServerSidePropsType<typeof getServerSideProps>) {
+export default function SignIn({
+  providers,
+}: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <>
       {Object.values(providers).map((provider) => (
@@ -98,17 +103,17 @@ export default function SignIn({ providers }: InferGetServerSidePropsType<typeof
 }
 
 export async function getServerSideProps(context: GetServerSidePropsContext) {
-  const session = await getServerSession(context.req, context.res, authOptions);
-  
+  const session = await getServerSession(context.req, context.res, authOptions)
+
   // If the user is already logged in, redirect.
   // Note: Make sure not to redirect to the same page
   // To avoid an infinite loop!
   if (session) {
-    return { redirect: { destination: "/" } };
+    return { redirect: { destination: "/" } }
   }
 
-  const providers = await getProviders();
-  
+  const providers = await getProviders()
+
   return {
     props: { providers: providers ?? [] },
   }
@@ -122,10 +127,15 @@ There is another, more fully styled example signin page available [here](https:/
 If you create a custom sign in form for email sign in, you will need to submit both fields for the **email** address and **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/signin/email**.
 
 ```tsx title="pages/auth/email-signin.tsx"
-import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
+import type {
+  GetServerSidePropsContext,
+  InferGetServerSidePropsType,
+} from "next"
 import { getCsrfToken } from "next-auth/react"
 
-export default function SignIn({ csrfToken }: InferGetServerSidePropsType<typeof getServerSideProps>) {
+export default function SignIn({
+  csrfToken,
+}: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <form method="post" action="/api/auth/signin/email">
       <input name="csrfToken" type="hidden" defaultValue={csrfToken} />
@@ -157,10 +167,15 @@ signIn("email", { email: "jsmith@example.com" })
 If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/callback/credentials**.
 
 ```tsx title="pages/auth/credentials-signin.tsx"
-import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
+import type {
+  GetServerSidePropsContext,
+  InferGetServerSidePropsType,
+} from "next"
 import { getCsrfToken } from "next-auth/react"
 
-export default function SignIn({ csrfToken }: InferGetServerSidePropsType<typeof getServerSideProps>) {
+export default function SignIn({
+  csrfToken,
+}: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <form method="post" action="/api/auth/callback/credentials">
       <input name="csrfToken" type="hidden" defaultValue={csrfToken} />

docs/docs/configuration/providers/oauth.md

@@ -359,7 +359,7 @@ providers: [
 
 ## Built-in providers
 
-NextAuth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers). Each built-in provider has its own documentation page:
+NextAuth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/v4/packages/next-auth/src/providers). Each built-in provider has its own documentation page:
 
 <div className="provider-name-list">
 {Object.entries(require("../../../providers.json"))

docs/docs/getting-started/client.md

@@ -172,18 +172,14 @@ export default function Page() {
     return (
       <>
         <p>Signed in as {session.user.name}</p>
-        
+
         {/* Update the value by sending it to the backend. */}
-        <button onClick={() => update({ name: "John Doe" })}>
-          Edit name
-        </button>
+        <button onClick={() => update({ name: "John Doe" })}>Edit name</button>
         {/*
-          * Only trigger a session update, assuming you already updated the value server-side.
-          * All `useSession().data` references will be updated.
-          */}
-        <button onClick={() => update()}>
-          Edit name
-        </button>
+         * Only trigger a session update, assuming you already updated the value server-side.
+         * All `useSession().data` references will be updated.
+         */}
+        <button onClick={() => update()}>Edit name</button>
       </>
     )
   }
@@ -245,7 +241,7 @@ The `update()` method won't sync between tabs as the `refetchInterval` and `refe
 :::
 
 ```tsx title="pages/profile.tsx"
-import {useEffect} from "react"
+import { useEffect } from "react"
 import { useSession } from "next-auth/react"
 
 export default function Page() {
@@ -263,18 +259,17 @@ export default function Page() {
   // Listen for when the page is visible, if the user switches tabs
   // and makes our tab visible again, re-fetch the session
   useEffect(() => {
-    const visibilityHandler = () => document.visibilityState === "visible" && update()
+    const visibilityHandler = () =>
+      document.visibilityState === "visible" && update()
     window.addEventListener("visibilitychange", visibilityHandler, false)
-    return () => window.removeEventListener("visibilitychange", visibilityHandler, false)
+    return () =>
+      window.removeEventListener("visibilitychange", visibilityHandler, false)
   }, [update])
 
-  return (
-    <pre>
-      {JSON.stringify(session, null, 2)}
-    </pre>
-  )
+  return <pre>{JSON.stringify(session, null, 2)}</pre>
 }
 ```
+
 ---
 
 ## getSession()
@@ -288,7 +283,7 @@ On the server side, **this is still available to use**, however, we recommend us
 
 This helper is helpful in case you want to read the session outside of the context of React.
 
-When called, `getSession()` will send a request to `/api/auth/session` and returns a promise with a [session object](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/types.ts#L407-L425), or `null` if no session exists.
+When called, `getSession()` will send a request to `/api/auth/session` and returns a promise with a [session object](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/core/types.ts#L407-L425), or `null` if no session exists.
 
 ```js
 async function myFunction() {
@@ -520,7 +515,7 @@ where `data.url` is the validated URL you can redirect the user to without any f
 ## SessionProvider
 
 :::note
-If you are using the App Router, we encourage you to use [`getServerSession`](/configuration/nextjs#getserversession) in server contexts instead. (`SessionProvider` *can* be used in the App Router, which might be the easier choice if you are migrating from pages.)
+If you are using the App Router, we encourage you to use [`getServerSession`](/configuration/nextjs#getserversession) in server contexts instead. (`SessionProvider` _can_ be used in the App Router, which might be the easier choice if you are migrating from pages.)
 :::
 
 Using the supplied `<SessionProvider>` allows instances of `useSession()` to share the session object across components, by using [React Context](https://react.dev/learn/passing-data-deeply-with-context) under the hood. It also takes care of keeping the session updated and synced between tabs/windows.
@@ -579,8 +574,8 @@ export default function App({
   return (
     <SessionProvider
       session={session}
-      // In case you use a custom path and your app lives at "/cool-app" rather than at the root "/"
-      basePath="cool-app"
+      // Default base path if your app lives at the root "/"
+      basePath="/"
       // Re-fetch session every 5 minutes
       refetchInterval={5 * 60}
       // Re-fetches session when window is focused
@@ -633,11 +628,13 @@ See [**the Next.js documentation**](https://nextjs.org/docs/advanced-features/cu
 :::
 
 ### Custom base path
+
 When your Next.js application uses a custom base path, set the `NEXTAUTH_URL` environment variable to the route to the API endpoint in full - as in the example below and as explained [here](/configuration/options#nextauth_url).
 
 Also, make sure to pass the `basePath` page prop to the `<SessionProvider>` – as in the example below – so your custom base path is fully configured and used by NextAuth.js.
 
 #### Example
+
 In this example, the custom base path used is `/custom-route`.
 
 ```

docs/docs/getting-started/introduction.md

@@ -16,7 +16,7 @@ It is designed from the ground up to support Next.js and Serverless.
 - Designed to work with any [OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect](/providers)
 - Built-in support for [many popular sign-in services](/configuration/providers/oauth)
 - Supports [email / passwordless authentication](/providers/email)
-- Supports stateless authentication with [any backend](https://authjs.dev/reference/adapters) (Active Directory, LDAP, etc)
+- Supports stateless authentication with [any backend](https://authjs.dev/getting-started/adapters) (Active Directory, LDAP, etc)
 - Supports both JSON Web Tokens and database sessions
 - Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
 

docs/docs/getting-started/upgrade-to-v4.md

@@ -319,7 +319,7 @@ Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8
 
 **This does not require any changes from the user - these are adapter specific changes only**
 
-The Adapter API has been rewritten and significantly simplified in NextAuth.js v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](https://authjs.dev/reference/adapters#verification-token).
+The Adapter API has been rewritten and significantly simplified in NextAuth.js v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](https://authjs.dev/getting-started/adapters#verification-token).
 
 If you are an adapter maintainer or are interested in writing your own adapter, you can find more information about this change in https://github.com/nextauthjs/next-auth/pull/2361 and release https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.22.
 

docs/docs/providers/42.md

@@ -19,7 +19,7 @@ https://profile.intra.42.fr/oauth/applications/new
 
 The **42 School Provider** comes with a set of default options:
 
-- [42 School Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/42-school.ts)
+- [42 School Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/42-school.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/apple.md

@@ -15,7 +15,7 @@ https://developer.apple.com/account/resources/identifiers/list/serviceId
 
 The **Apple Provider** comes with a set of default options:
 
-- [Apple Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/apple.ts)
+- [Apple Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/apple.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/atlassian.md

@@ -11,7 +11,7 @@ https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-g
 
 The **Atlassian Provider** comes with a set of default options:
 
-- [Atlassian Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/atlassian.ts)
+- [Atlassian Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/atlassian.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/auth0.md

@@ -15,7 +15,7 @@ https://manage.auth0.com/dashboard
 
 The **Auth0 Provider** comes with a set of default options:
 
-- [Auth0 Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/auth0.ts)
+- [Auth0 Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/auth0.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/authentik.md

@@ -11,7 +11,7 @@ https://goauthentik.io/docs/providers/oauth2
 
 The **Authentik Provider** comes with a set of default options:
 
-- [Authentik Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/authentik.ts)
+- [Authentik Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/authentik.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/azure-ad-b2c.md

@@ -26,7 +26,7 @@ https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-tenant
 
 The **Azure Active Directory Provider** comes with a set of default options:
 
-- [Azure Active Directory Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/azure-ad-b2c.ts)
+- [Azure Active Directory Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/azure-ad-b2c.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/azure-ad.md

@@ -11,7 +11,7 @@ Azure Active Directory returns the following fields on `Account`:
 - `ext_expires_in` (number)
 - `access_token` (string).
 
-Remember to add these fields to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+Remember to add these fields to your database schema, in case if you are using an [Adapter](https://authjs.dev/getting-started/adapters).
 :::
 
 ## Documentation

docs/docs/providers/battlenet.md

@@ -15,7 +15,7 @@ https://develop.battle.net/access/clients
 
 The **Battle.net Provider** comes with a set of default options:
 
-- [Battle.net Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/battlenet.js)
+- [Battle.net Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/battlenet.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/box.md

@@ -15,7 +15,7 @@ https://developer.box.com/guides/sso-identities-and-app-users/connect-okta-to-ap
 
 The **Box Provider** comes with a set of default options:
 
-- [Box Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/box.js)
+- [Box Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/box.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/boxyhq-saml.md

@@ -19,7 +19,7 @@ Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-c
 
 The **BoxyHQ SAML Provider** comes with a set of default options:
 
-- [BoxyHQ Provider options](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers/boxyhq-saml.ts)
+- [BoxyHQ Provider options](https://github.com/nextauthjs/next-auth/tree/v4/packages/next-auth/src/providers/boxyhq-saml.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/bungie.md

@@ -15,7 +15,7 @@ https://www.bungie.net/en/Application
 
 The **Bungie Provider** comes with a set of default options:
 
-- [Bungie Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/bungie.js)
+- [Bungie Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/bungie.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/cognito.md

@@ -17,7 +17,7 @@ You need to select your AWS region to go the the Cognito dashboard.
 
 The **Amazon Cognito Provider** comes with a set of default options:
 
-- [Amazon Cognito Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/cognito.ts)
+- [Amazon Cognito Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/cognito.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/coinbase.md

@@ -15,7 +15,7 @@ https://www.coinbase.com/settings/api
 
 The **Coinbase Provider** comes with a set of default options:
 
-- [Coinbase Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/coinbase.js)
+- [Coinbase Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/coinbase.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/credentials.md

@@ -19,7 +19,7 @@ The functionality provided for credentials based authentication is intentionally
 
 The **Credentials Provider** comes with a set of default options:
 
-- [Credentials Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/credentials.ts)
+- [Credentials Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/credentials.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/discord.md

@@ -15,7 +15,7 @@ https://discord.com/developers/applications
 
 The **Discord Provider** comes with a set of default options:
 
-- [Discord Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/discord.ts)
+- [Discord Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/discord.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/dropbox.md

@@ -15,7 +15,7 @@ https://www.dropbox.com/developers/apps
 
 The **Dropbox Provider** comes with a set of default options:
 
-- [Dropbox Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/dropbox.js)
+- [Dropbox Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/dropbox.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/email.md

@@ -15,7 +15,6 @@ The Email provider can be used in conjunction with (or instead of) one or more O
 
 On initial sign in, a **Verification Token** is sent to the email address provided. By default this token is valid for 24 hours. If the Verification Token is used within that time (i.e. by clicking on the link in the email) an account is created for the user and they are signed in.
 
-
 If someone provides the email address of an _existing account_ when signing in, an email is sent and they are signed into the account associated with that email address when they follow the link in the email.
 
 :::tip
@@ -26,7 +25,7 @@ The Email Provider can be used with both JSON Web Tokens and database sessions,
 
 The **Email Provider** comes with a set of default options:
 
-- [Email Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/email.ts)
+- [Email Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/email.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -100,7 +99,7 @@ providers: [
 ],
 ```
 
-3. Do not forget to setup one of the database [adapters](https://authjs.dev/reference/adapters) for storing the Email verification token.
+3. Do not forget to setup one of the database [adapters](https://authjs.dev/getting-started/adapters) for storing the Email verification token.
 
 4. You can now sign in with an email address at `/api/auth/signin`.
 
@@ -161,7 +160,7 @@ async function sendVerificationRequest(params) {
  *
  * @note We don't add the email address to avoid needing to escape it, if you do, remember to sanitize it!
  */
-function html(params: { url: string; host: string; theme: Theme }) {
+function html(params: { url: string, host: string, theme: Theme }) {
   const { url, host, theme } = params
 
   const escapedHost = host.replace(/\./g, "​.")
@@ -210,7 +209,7 @@ function html(params: { url: string; host: string; theme: Theme }) {
 }
 
 /** Email Text body (fallback for email clients that don't render HTML, e.g. feature phones) */
-function text({ url, host }: { url: string; host: string }) {
+function text({ url, host }: { url: string, host: string }) {
   return `Sign in to ${host}\n${url}\n\n`
 }
 ```
@@ -236,51 +235,51 @@ providers: [
 ## Normalizing the email address
 
 By default, NextAuth.js will normalize the email address. It treats values as case-insensitive (which is technically not compliant to the [RFC 2821 spec](https://datatracker.ietf.org/doc/html/rfc2821), but in practice this causes more problems than it solves, eg. when looking up users by e-mail from databases.) and also removes any secondary email address that was passed in as a comma-separated list. You can apply your own normalization via the `normalizeIdentifier` method on the `EmailProvider`. The following example shows the default behavior:
-```ts
-  EmailProvider({
-    // ...
-    normalizeIdentifier(identifier: string): string {
-      // Get the first two elements only,
-      // separated by `@` from user input.
-      let [local, domain] = identifier.toLowerCase().trim().split("@")
-      // The part before "@" can contain a ","
-      // but we remove it on the domain part
-      domain = domain.split(",")[0]
-      return `${local}@${domain}`
 
-      // You can also throw an error, which will redirect the user
-      // to the error page with error=EmailSignin in the URL
-      // if (identifier.split("@").length > 2) {
-      //   throw new Error("Only one email allowed")
-      // }
-    },
-  })
+```ts
+EmailProvider({
+  // ...
+  normalizeIdentifier(identifier: string): string {
+    // Get the first two elements only,
+    // separated by `@` from user input.
+    let [local, domain] = identifier.toLowerCase().trim().split("@")
+    // The part before "@" can contain a ","
+    // but we remove it on the domain part
+    domain = domain.split(",")[0]
+    return `${local}@${domain}`
+
+    // You can also throw an error, which will redirect the user
+    // to the error page with error=EmailSignin in the URL
+    // if (identifier.split("@").length > 2) {
+    //   throw new Error("Only one email allowed")
+    // }
+  },
+})
 ```
 
 :::warning
 Always make sure this returns a single e-mail address, even if multiple ones were passed in.
 :::
 
-
 ## Sending Magic Links To Existing Users
 
-You can ensure that only existing users are sent a magic login link. You will need to grab the email the user entered and check your database to see if the email already exists in the "User" collection in your database. If it exists, it will send the user a magic link but otherwise, you can send the user to another page, such as "/register". 
+You can ensure that only existing users are sent a magic login link. You will need to grab the email the user entered and check your database to see if the email already exists in the "User" collection in your database. If it exists, it will send the user a magic link but otherwise, you can send the user to another page, such as "/register".
 
-  ```js title="pages/api/auth/[...nextauth].js"
-  import User from "../../../models/User"; 
-  import db from "../../../utils/db"; 
-  ...
-  callbacks: {
-    async signIn({ user, account, email }) { 
-      await db.connect(); 
-      const userExists = await User.findOne({ 
-        email: user.email,  //the user object has an email property, which contains the email the user entered.
-      });
-      if (userExists) {
-        return true;   //if the email exists in the User collection, email them a magic login link
-      } else {
-        return "/register"; 
-      }
-    },
-   ...
-  ``` 
+```js title="pages/api/auth/[...nextauth].js"
+import User from "../../../models/User";
+import db from "../../../utils/db";
+...
+callbacks: {
+  async signIn({ user, account, email }) {
+    await db.connect();
+    const userExists = await User.findOne({
+      email: user.email,  //the user object has an email property, which contains the email the user entered.
+    });
+    if (userExists) {
+      return true;   //if the email exists in the User collection, email them a magic login link
+    } else {
+      return "/register";
+    }
+  },
+ ...
+```

docs/docs/providers/eveonline.md

@@ -15,7 +15,7 @@ https://developers.eveonline.com/
 
 The **EVE Online Provider** comes with a set of default options:
 
-- [EVE Online Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/eveonline.ts)
+- [EVE Online Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/eveonline.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/facebook.md

@@ -15,7 +15,7 @@ https://developers.facebook.com/apps/
 
 The **Facebook Provider** comes with a set of default options:
 
-- [Facebook Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/facebook.ts)
+- [Facebook Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/facebook.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/faceit.md

@@ -19,7 +19,7 @@ Scopes to have basic infos (email, nickname, guid and avatar) : `openid`, `email
 
 The **FACEIT Provider** comes with a set of default options:
 
-- [FACEIT Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/faceit.js)
+- [FACEIT Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/faceit.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/foursquare.md

@@ -19,7 +19,7 @@ Foursquare requires an additional `apiVersion` parameter in [`YYYYMMDD` format](
 
 The **Foursquare Provider** comes with a set of default options:
 
-- [Foursquare Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/foursquare.js)
+- [Foursquare Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/foursquare.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/fusionauth.md

@@ -11,7 +11,7 @@ https://fusionauth.io/docs/v1/tech/oauth/
 
 The **FusionAuth Provider** comes with a set of default options:
 
-- [FusionAuth Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/fusionauth.ts)
+- [FusionAuth Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/fusionauth.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -50,7 +50,7 @@ For more information, follow the [FusionAuth 5-minute setup guide](https://fusio
 In the OAuth settings for your application, configure the following.
 
 - Redirect URL
-  - https://localhost:3000/api/auth/callback/fusionauth
+  - http://localhost:3000/api/auth/callback/fusionauth
 - Enabled grants
   - Make sure _Authorization Code_ is enabled.
 

docs/docs/providers/github.md

@@ -4,7 +4,7 @@ title: GitHub
 ---
 
 :::note
-GitHub returns a field on `Account` called `refresh_token_expires_in` which is a number. See their [docs](https://docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens#response). Remember to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+GitHub returns a field on `Account` called `refresh_token_expires_in` which is a number. See their [docs](https://docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens#response). Remember to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/getting-started/adapters).
 :::
 
 ## Documentation
@@ -19,7 +19,7 @@ https://github.com/settings/apps
 
 The **GitHub Provider** comes with a set of default options:
 
-- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/github.ts)
+- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/github.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/gitlab.md

@@ -19,7 +19,7 @@ https://gitlab.com/-/profile/applications
 
 The **Gitlab Provider** comes with a set of default options:
 
-- [Gitlab Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/gitlab.ts)
+- [Gitlab Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/gitlab.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/google.md

@@ -20,7 +20,7 @@ The "Authorized redirect URIs" used when creating the credentials must include y
 
 The **Google Provider** comes with a set of default options:
 
-- [Google Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/google.ts)
+- [Google Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/google.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/hubspot.md

@@ -19,7 +19,7 @@ You need to have an APP in your Developer Account as described at https://develo
 
 The **HubSpot Provider** comes with a set of default options:
 
-- [HubSpot Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/hubspot.ts)
+- [HubSpot Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/hubspot.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -40,4 +40,3 @@ providers: [
 :::warning
 The **Redirect URL** under the **Auth** tab on the HubSpot App Settings page must match the callback url which would be http://localhost:3000/api/auth/callback/hubspot for local development. Only one callback URL per Client ID and Client Secret pair is allowed, so it might be easier to create a new app for local development then fiddle with the url changes.  
 :::
-

docs/docs/providers/identity-server4.md

@@ -15,7 +15,7 @@ https://identityserver4.readthedocs.io/en/latest/
 
 The **IdentityServer4 Provider** comes with a set of default options:
 
-- [IdentityServer4 Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/identity-server4.js)
+- [IdentityServer4 Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/identity-server4.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/instagram.md

@@ -15,7 +15,7 @@ https://developers.facebook.com/apps/
 
 The **Instagram Provider** comes with a set of default options:
 
-- [Instagram Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/instagram.js)
+- [Instagram Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/instagram.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/kakao.md

@@ -15,7 +15,7 @@ https://developers.kakao.com/docs/latest/en/kakaologin/common
 
 The **Kakao Provider** comes with a set of default options:
 
-- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/kakao.ts)
+- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/kakao.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/keycloak.md

@@ -17,7 +17,7 @@ Create an openid-connect client in Keycloak with "confidential" as the "Access T
 
 The **Keycloak Provider** comes with a set of default options:
 
-- [Keycloak Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/keycloak.ts)
+- [Keycloak Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/keycloak.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/line.md

@@ -15,7 +15,7 @@ https://developers.line.biz/console/
 
 The **Line Provider** comes with a set of default options:
 
-- [Line Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/line.ts)
+- [Line Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/line.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/linkedin.md

@@ -19,7 +19,7 @@ From the Auth tab get the client ID and client secret. On the same tab, add redi
 
 The **LinkedIn Provider** comes with a set of default options:
 
-- [LinkedIn Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/linkedin.ts)
+- [LinkedIn Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/linkedin.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/mailchimp.md

@@ -15,7 +15,7 @@ https://admin.mailchimp.com/account/oauth2/client/
 
 The **Mailchimp Provider** comes with a set of default options:
 
-- [Mailchimp Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/mailchimp.js)
+- [Mailchimp Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/mailchimp.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/mailru.md

@@ -15,7 +15,7 @@ https://o2.mail.ru/app/
 
 The **Mail.ru Provider** comes with a set of default options:
 
-- [Mail.ru Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/mailru.js)
+- [Mail.ru Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/mailru.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/medium.md

@@ -15,7 +15,7 @@ https://medium.com/me/applications
 
 The **Medium Provider** comes with a set of default options:
 
-- [Medium Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/medium.js)
+- [Medium Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/medium.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/naver.md

@@ -15,7 +15,7 @@ https://developers.naver.com/docs/login/api/api.md
 
 The **Naver Provider** comes with a set of default options:
 
-- [Naver Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/naver.js)
+- [Naver Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/naver.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/netlify.md

@@ -15,7 +15,7 @@ https://github.com/netlify/netlify-oauth-example
 
 The **Netlify Provider** comes with a set of default options:
 
-- [Netlify Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/netlify.js)
+- [Netlify Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/netlify.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/okta.md

@@ -11,7 +11,7 @@ https://developer.okta.com/docs/reference/api/oidc
 
 The **Okta Provider** comes with a set of default options:
 
-- [Okta Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/okta.ts)
+- [Okta Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/okta.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/onelogin.md

@@ -15,7 +15,7 @@ https://developers.onelogin.com/openid-connect/connect-to-onelogin
 
 The **OneLogin Provider** comes with a set of default options:
 
-- [OneLogin Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/onelogin.js)
+- [OneLogin Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/onelogin.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/osso.md

@@ -21,7 +21,7 @@ See Osso's complete configuration and testing documentation at https://ossoapp.c
 
 The **Osso Provider** comes with a set of default options:
 
-- [Osso Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/osso.js)
+- [Osso Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/osso.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/osu.md

@@ -1,6 +1,6 @@
 ---
 id: osu
-title: Osu!
+title: osu!
 ---
 
 ## Documentation
@@ -13,14 +13,14 @@ https://osu.ppy.sh/home/account/edit#new-oauth-application
 
 ## Options
 
-The **Osu Provider** comes with a set of default options:
+The **osu! Provider** comes with a set of default options:
 
-- [Osu Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/osu.ts)
+- [osu! Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/osu.ts)
 
 You can override any of the options to suit your own use case.
 
 :::note
-Osu! does **not** provide a user email!
+osu! does **not** provide a user email!
 :::
 
 ## Example

docs/docs/providers/patreon.md

@@ -17,7 +17,7 @@ Create a API v2 client on [Patreon Platform](https://www.patreon.com/portal/regi
 
 The **Patreon Provider** comes with a set of default options:
 
-- [Patreon Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/patreon.ts)
+- [Patreon Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/patreon.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/pinterest.md

@@ -15,7 +15,7 @@ https://developers.pinterest.com/apps/
 
 The **Pinterest Provider** comes with a set of default options:
 
-- [Pinterest Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/pinterest.ts)
+- [Pinterest Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/pinterest.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -35,3 +35,4 @@ providers: [
 :::tip
 To use in production, make sure the app has standard API access and not trial access
 :::
+```

docs/docs/providers/pipedrive.md

@@ -11,7 +11,7 @@ https://pipedrive.readme.io/docs/marketplace-oauth-authorization
 
 The **Pipedrive Provider** comes with a set of default options:
 
-- [Pipedrive Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/pipedrive.ts)
+- [Pipedrive Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/pipedrive.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/reddit.md

@@ -22,7 +22,7 @@ https://www.reddit.com/dev/api/
 
 The **Reddit Provider** comes with a set of default options:
 
-- [Reddit Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/reddit.js)
+- [Reddit Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/reddit.js)
 
 You can override any of the options to suit your own use case.
 
@@ -58,7 +58,7 @@ providers: [
     clientSecret: process.env.REDDIT_CLIENT_SECRET,
     authorization: {
       params: {
-        duration: 'permanent',
+        duration: "permanent",
       },
     },
   }),

docs/docs/providers/salesforce.md

@@ -11,7 +11,7 @@ https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=5
 
 The **Salesforce Provider** comes with a set of default options:
 
-- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/salesforce.ts)
+- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/salesforce.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/slack.md

@@ -22,7 +22,7 @@ Slack requires that the redirect URL of your app uses `https`, even for local de
 
 The **Slack Provider** comes with a set of default options:
 
-- [Slack Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/slack.ts)
+- [Slack Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/slack.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/spotify.md

@@ -15,7 +15,7 @@ https://developer.spotify.com/dashboard/applications
 
 The **Spotify Provider** comes with a set of default options:
 
-- [Spotify Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/spotify.ts)
+- [Spotify Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/spotify.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/strava.md

@@ -11,7 +11,7 @@ http://developers.strava.com/docs/reference/
 
 The **Strava Provider** comes with a set of default options:
 
-- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/strava.ts)
+- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/strava.ts)
 
 You can override any of the options to suit your own use case. Ensure the redirect_uri configuration fits your needs accordingly.
 

docs/docs/providers/todoist.md

@@ -15,7 +15,7 @@ https://developer.todoist.com/appconsole.html
 
 The **Todoist Provider** comes with a set of default options:
 
-- [Todoist Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/todoist.ts)
+- [Todoist Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/todoist.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/trakt.md

@@ -17,7 +17,7 @@ Start by creating an OAuth app on Trakt for [production](https://trakt.tv/oauth/
 
 The **Trakt Provider** comes with a set of default options:
 
-- [Trakt Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/trakt.ts)
+- [Trakt Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/trakt.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/twitch.md

@@ -17,7 +17,7 @@ Add the following redirect URL into the console `http://<your-next-app-url>/api/
 
 The **Twitch Provider** comes with a set of default options:
 
-- [Twitch Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/twitch.ts)
+- [Twitch Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/twitch.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/twitter.md

@@ -4,7 +4,7 @@ title: Twitter
 ---
 
 :::note
-Twitter is currently the only built-in provider using the OAuth 1.0 spec. This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/adapters).
+Twitter is currently the only built-in provider using the OAuth 1.0 spec. This means that you won't receive an `access_token` or `refresh_token`, but an `oauth_token` and `oauth_token_secret` respectively. Remember to add these to your database schema, in case if you are using an [Adapter](https://authjs.dev/getting-started/adapters).
 :::
 
 ## Documentation
@@ -19,7 +19,7 @@ https://developer.twitter.com/en/apps
 
 The **Twitter Provider** comes with a set of default options:
 
-- [Twitter Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/twitter.ts)
+- [Twitter Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/twitter.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -58,5 +58,5 @@ TwitterProvider({
 Keep in mind that although this change is easy, it changes how and with which of [Twitter APIs](https://developer.twitter.com/en/docs/api-reference-index) you can interact with. Read the official [Twitter OAuth 2 documentation](https://developer.twitter.com/en/docs/authentication/oauth-2-0) for more details.
 
 :::note
-Email is currently not supported by Twitter OAuth 2.0. 
+Email is currently not supported by Twitter OAuth 2.0.
 :::

docs/docs/providers/united-effects.md

@@ -15,7 +15,7 @@ https://core.unitedeffects.com
 
 The **United Effects Provider** comes with a set of default options:
 
-- [United Effects Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/united-effects.ts)
+- [United Effects Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/united-effects.ts)
 
 You can override any of the options to suit your own use case.
 
@@ -40,4 +40,4 @@ providers: [
 
 :::warning
 The United Effects API does not return the user name or image by design, so this provider will return null for both. United Effects prioritizes user personal information security above all and has built a secured profile access request system separate from the provider API.
-:::
+:::

docs/docs/providers/vk.md

@@ -15,7 +15,7 @@ https://vk.com/apps?act=manage
 
 The **VK Provider** comes with a set of default options:
 
-- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/vk.ts)
+- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/vk.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/wikimedia.md

@@ -21,9 +21,9 @@ Please be aware that Wikimedia accounts do not have to have an associated email
 
 1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
 2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
-  2a. Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/wikimedia`
-  2b. Do not check the box next to `This consumer is only for [your username]`
-  2c. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.`
+   2a. Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/wikimedia`
+   2b. Do not check the box next to `This consumer is only for [your username]`
+   2c. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.`
 
 After registration, you can initally test your application only with your own Wikimedia account. You may have to wait several days for the application to be approved for it to be used by everyone.
 
@@ -31,7 +31,7 @@ After registration, you can initally test your application only with your own Wi
 
 The **Wikimedia Provider** comes with a set of default options:
 
-- [Wikimedia Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/wikimedia.ts)
+- [Wikimedia Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/wikimedia.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/wordpress.md

@@ -15,7 +15,7 @@ https://developer.wordpress.com/apps/
 
 The **Wordpress Provider** comes with a set of default options:
 
-- [Wordpress Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/wordpress.js)
+- [Wordpress Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/wordpress.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/workos.md

@@ -15,7 +15,7 @@ https://dashboard.workos.com
 
 The **WorkOS Provider** comes with a set of default options:
 
-- [WorkOS Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/workos.ts)
+- [WorkOS Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/workos.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/yandex.md

@@ -15,7 +15,7 @@ https://oauth.yandex.com/client/new
 
 The **Yandex Provider** comes with a set of default options:
 
-- [Yandex Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/yandex.js)
+- [Yandex Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/yandex.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/zitadel.md

@@ -22,7 +22,7 @@ Make sure to enable **dev mode** in ZITADEL console to allow redirects for local
 
 The **ZITADEL Provider** comes with a set of default options:
 
-- [ZITADEL Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/zitadel.ts)
+- [ZITADEL Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/zitadel.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/zoho.md

@@ -19,7 +19,7 @@ https://api-console.zoho.com/
 
 The **Zoho Provider** comes with a set of default options:
 
-- [Zoho Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/zoho.js)
+- [Zoho Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/zoho.js)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/zoom.md

@@ -15,7 +15,7 @@ https://marketplace.zoom.us
 
 The **Zoom Provider** comes with a set of default options:
 
-- [Zoom Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/zoom.ts)
+- [Zoom Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/zoom.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/tutorials/creating-a-database-adapter.md

@@ -7,7 +7,7 @@ Using a custom adapter you can connect to any database back-end or even several
 
 ## How to create an adapter
 
-For more information about the data these methods need to manage see [models](https://authjs.dev/reference/adapters#models).
+For more information about the data these methods need to manage see [models](https://authjs.dev/getting-started/adapters#models).
 
 _See the code below for practical example._
 

package.json

@@ -5,7 +5,7 @@
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "scripts": {
     "build:app": "turbo run build --filter=next-auth-app",
-    "build": "turbo run build --filter=next-auth --filter=@next-auth/* --no-deps",
+    "build": "turbo run build --filter=next-auth --no-deps",
     "lint": "turbo run lint --filter=!next-auth-docs --parallel",
     "test": "turbo run test --concurrency=1 --filter=!@next-auth/pouchdb-adapter --filter=!@next-auth/upstash-redis-adapter --filter=!next-auth-* --filter=[HEAD^1]",
     "clean": "turbo run clean --no-cache",

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.24.0",
+  "version": "4.24.5",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -99,7 +99,7 @@
     "uuid": "^8.3.2"
   },
   "peerDependencies": {
-    "next": "^12.2.5 || ^13",
+    "next": "^12.2.5 || ^13 || ^14",
     "nodemailer": "^6.6.5",
     "react": "^17.0.2 || ^18",
     "react-dom": "^17.0.2 || ^18"

packages/next-auth/src/core/lib/oauth/checks.ts

@@ -21,11 +21,17 @@ export async function signCookie(
 
   logger.debug(`CREATE_${type.toUpperCase()}`, { value, maxAge })
 
+  const { name } = cookies[type]
   const expires = new Date()
   expires.setTime(expires.getTime() + maxAge * 1000)
   return {
-    name: cookies[type].name,
-    value: await jwt.encode({ ...options.jwt, maxAge, token: { value } }),
+    name,
+    value: await jwt.encode({
+      ...options.jwt,
+      maxAge,
+      token: { value },
+      salt: name,
+    }),
     options: { ...cookies[type].options, expires },
   }
 }
@@ -71,16 +77,18 @@ export const pkce = {
     if (!codeVerifier)
       throw new TypeError("PKCE code_verifier cookie was missing.")
 
+    const { name } = options.cookies.pkceCodeVerifier
     const value = (await jwt.decode({
       ...options.jwt,
       token: codeVerifier,
+      salt: name,
     })) as any
 
     if (!value?.value)
       throw new TypeError("PKCE code_verifier value could not be parsed.")
 
     resCookies.push({
-      name: options.cookies.pkceCodeVerifier.name,
+      name,
       value: "",
       options: { ...options.cookies.pkceCodeVerifier.options, maxAge: 0 },
     })
@@ -121,12 +129,17 @@ export const state = {
 
     if (!state) throw new TypeError("State cookie was missing.")
 
-    const value = (await jwt.decode({ ...options.jwt, token: state })) as any
+    const { name } = options.cookies.state
+    const value = (await jwt.decode({
+      ...options.jwt,
+      token: state,
+      salt: name,
+    })) as any
 
     if (!value?.value) throw new TypeError("State value could not be parsed.")
 
     resCookies.push({
-      name: options.cookies.state.name,
+      name,
       value: "",
       options: { ...options.cookies.state.options, maxAge: 0 },
     })
@@ -166,12 +179,17 @@ export const nonce = {
     const nonce = cookies?.[options.cookies.nonce.name]
     if (!nonce) throw new TypeError("Nonce cookie was missing.")
 
-    const value = (await jwt.decode({ ...options.jwt, token: nonce })) as any
+    const { name } = options.cookies.nonce
+    const value = (await jwt.decode({
+      ...options.jwt,
+      token: nonce,
+      salt: name,
+    })) as any
 
     if (!value?.value) throw new TypeError("Nonce value could not be parsed.")
 
     resCookies.push({
-      name: options.cookies.nonce.name,
+      name,
       value: "",
       options: { ...options.cookies.nonce.options, maxAge: 0 },
     })

packages/next-auth/src/css/index.css

@@ -50,10 +50,7 @@
     color: var(--provider-dark-color, var(--color-primary));
     background-color: var(--provider-dark-bg, var(--color-background));
     &:hover {
-      background-color: var(
-        --provider-dark-bg-hover,
-        var(--color-background-hover)
-      ) !important;
+      background-color: var(--provider-dark-bg-hover, var(--color-background-hover)) !important;
     }
   }
   #provider-logo {
@@ -170,11 +167,6 @@ a.button {
     background-color: var(--provider-bg-hover, var(--color-background-hover));
     cursor: pointer;
   }
-  /* &:focus {
-    outline: none;
-    border: 1px solid;
-    border-color: var(--color-info);
-  } */
   &:active {
     cursor: pointer;
   }
@@ -193,10 +185,7 @@ a.button {
   width: 100%;
 
   &:hover {
-    background-color: var(
-      --button-hover-bg,
-      var(--colo r-info-hover)
-    ) !important;
+    background-color: var(--button-hover-bg, var(--color-info-hover)) !important;
   }
 }
 

packages/next-auth/src/jwt/index.ts

@@ -15,8 +15,9 @@ const now = () => (Date.now() / 1000) | 0
 
 /** Issues a JWT. By default, the JWT is encrypted using "A256GCM". */
 export async function encode(params: JWTEncodeParams) {
-  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE } = params
-  const encryptionSecret = await getDerivedEncryptionKey(secret)
+  /** @note empty `salt` means a session token. See {@link JWTEncodeParams.salt}. */
+  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt = "" } = params
+  const encryptionSecret = await getDerivedEncryptionKey(secret, salt)
   return await new EncryptJWT(token)
     .setProtectedHeader({ alg: "dir", enc: "A256GCM" })
     .setIssuedAt()
@@ -27,9 +28,10 @@ export async function encode(params: JWTEncodeParams) {
 
 /** Decodes a NextAuth.js issued JWT. */
 export async function decode(params: JWTDecodeParams): Promise<JWT | null> {
-  const { token, secret } = params
+  /** @note empty `salt` means a session token. See {@link JWTDecodeParams.salt}. */
+  const { token, secret, salt = "" } = params
   if (!token) return null
-  const encryptionSecret = await getDerivedEncryptionKey(secret)
+  const encryptionSecret = await getDerivedEncryptionKey(secret, salt)
   const { payload } = await jwtDecrypt(token, encryptionSecret, {
     clockTolerance: 15,
   })
@@ -116,12 +118,15 @@ export async function getToken<R extends boolean = false>(
   }
 }
 
-async function getDerivedEncryptionKey(secret: string | Buffer) {
+async function getDerivedEncryptionKey(
+  keyMaterial: string | Buffer,
+  salt: string
+) {
   return await hkdf(
     "sha256",
-    secret,
-    "",
-    "NextAuth.js Generated Encryption Key",
+    keyMaterial,
+    salt,
+    `NextAuth.js Generated Encryption Key${salt ? ` (${salt})` : ""}`,
     32
   )
 }

packages/next-auth/src/jwt/types.ts

@@ -17,7 +17,13 @@ export interface JWT extends Record<string, unknown>, DefaultJWT {}
 export interface JWTEncodeParams {
   /** The JWT payload. */
   token?: JWT
-  /** The secret used to encode the NextAuth.js issued JWT. */
+  /**
+   * Used in combination with `secret` when deriving the encryption secret for the various NextAuth.js-issued JWTs.
+   * @note When no `salt` is passed, we assume this is a session token.
+   * This is for backwards-compatibility with currently active sessions, so they won't be invalidated when upgrading the package.
+   */
+  salt?: string
+  /** The key material used to encode the NextAuth.js issued JWTs. Defaults to `NEXTAUTH_SECRET`. */
   secret: string | Buffer
   /**
    * The maximum age of the NextAuth.js issued JWT in seconds.
@@ -29,7 +35,13 @@ export interface JWTEncodeParams {
 export interface JWTDecodeParams {
   /** The NextAuth.js issued JWT to be decoded */
   token?: string
-  /** The secret used to decode the NextAuth.js issued JWT. */
+  /**
+   * Used in combination with `secret` when deriving the encryption secret for the various NextAuth.js-issued JWTs.
+   * @note When no `salt` is passed, we assume this is a session token.
+   * This is for backwards-compatibility with currently active sessions, so they won't be invalidated when upgrading the package.
+   */
+  salt?: string
+  /** The key material used to decode the NextAuth.js issued JWTs. Defaults to `NEXTAUTH_SECRET`. */
   secret: string | Buffer
 }
 

packages/next-auth/src/providers/email.ts

@@ -1,16 +1,31 @@
 import { Transport, TransportOptions, createTransport } from "nodemailer"
-import * as JSONTransport from "nodemailer/lib/json-transport.js"
+import * as JSONTransport from "nodemailer/lib/json-transport/index.js"
 import * as SendmailTransport from "nodemailer/lib/sendmail-transport/index.js"
-import * as SESTransport from "nodemailer/lib/ses-transport.js"
+import * as SESTransport from "nodemailer/lib/ses-transport/index.js"
 import * as SMTPPool from "nodemailer/lib/smtp-pool/index.js"
-import * as SMTPTransport from "nodemailer/lib/smtp-transport.js"
-import * as StreamTransport from "nodemailer/lib/stream-transport.js"
+import * as SMTPTransport from "nodemailer/lib/smtp-transport/index.js"
+import * as StreamTransport from "nodemailer/lib/stream-transport/index.js"
 import type { Awaitable } from ".."
 import type { CommonProviderOptions } from "."
 import type { Theme } from "../core/types"
 
 // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html for the string
-type AllTransportOptions = string | SMTPTransport | SMTPTransport.Options | SMTPPool | SMTPPool.Options | SendmailTransport | SendmailTransport.Options | StreamTransport | StreamTransport.Options | JSONTransport | JSONTransport.Options | SESTransport | SESTransport.Options | Transport<any> | TransportOptions
+type AllTransportOptions =
+  | string
+  | SMTPTransport
+  | SMTPTransport.Options
+  | SMTPPool
+  | SMTPPool.Options
+  | SendmailTransport
+  | SendmailTransport.Options
+  | StreamTransport
+  | StreamTransport.Options
+  | JSONTransport
+  | JSONTransport.Options
+  | SESTransport
+  | SESTransport.Options
+  | Transport<any>
+  | TransportOptions
 
 export interface SendVerificationRequestParams {
   identifier: string