chore(release): bump version

fixes #6495

.eslintrc.js

@@ -18,6 +18,7 @@ module.exports = {
       parserOptions: {
         project: [
           path.resolve(__dirname, "./packages/**/tsconfig.eslint.json"),
+          path.resolve(__dirname, "./packages/frameworks/**/tsconfig.json"),
           path.resolve(__dirname, "./apps/**/tsconfig.json"),
         ],
       },

.github/ISSUE_TEMPLATE/3_bug_adapter.yml

@@ -31,6 +31,7 @@ body:
         - "@next-auth/pouchdb-adapter"
         - "@next-auth/prisma-adapter"
         - "@next-auth/sequelize-adapter"
+        - "@next-auth/supabase-adapter"
         - "@next-auth/typeorm-legacy-adapter"
         - "@next-auth/upstash-redis-adapter"
         - "@next-auth/xata-adapter"

.github/actions/issue-validator/.gitignore

@@ -0,0 +1,2 @@
+!dist
+!package-lock.json

.github/actions/issue-validator/licenses.txt

@@ -0,0 +1,652 @@
+@actions/core
+MIT
+The MIT License (MIT)
+
+Copyright 2019 GitHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+@actions/github
+MIT
+The MIT License (MIT)
+
+Copyright 2019 GitHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+@actions/http-client
+MIT
+Actions Http Client for Node.js
+
+Copyright (c) GitHub, Inc.
+
+All rights reserved.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+@octokit/auth-token
+MIT
+The MIT License
+
+Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@octokit/core
+MIT
+The MIT License
+
+Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@octokit/endpoint
+MIT
+The MIT License
+
+Copyright (c) 2018 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@octokit/graphql
+MIT
+The MIT License
+
+Copyright (c) 2018 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@octokit/plugin-paginate-rest
+MIT
+MIT License Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+@octokit/plugin-rest-endpoint-methods
+MIT
+MIT License Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+@octokit/request
+MIT
+The MIT License
+
+Copyright (c) 2018 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@octokit/request-error
+MIT
+The MIT License
+
+Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+@vercel/ncc
+MIT
+Copyright 2018 ZEIT, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+before-after-hook
+Apache-2.0
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2018 Gregor Martynus and other contributors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+deprecation
+ISC
+The ISC License
+
+Copyright (c) Gregor Martynus and contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+is-plain-object
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2014-2017, Jon Schlinkert.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+node-fetch
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2016 David Frank
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
+
+once
+ISC
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+root
+ISC License
+
+Copyright (c) 2018-2021, Iain Collins
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+tr46
+MIT
+
+tunnel
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2012 Koichi Kobayashi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+universal-user-agent
+ISC
+# [ISC License](https://spdx.org/licenses/ISC)
+
+Copyright (c) 2018, Gregor Martynus (https://github.com/gr2m)
+
+Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+uuid
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+webidl-conversions
+BSD-2-Clause
+# The BSD 2-Clause License
+
+Copyright (c) 2014, Domenic Denicola
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+whatwg-url
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2015–2016 Sebastian Mayr
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+wrappy
+ISC
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

.github/actions/issue-validator/package-lock.json

@@ -0,0 +1,445 @@
+{
+  "name": "issue-validator",
+  "lockfileVersion": 2,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "@actions/core": "1.10.0",
+        "@actions/github": "5.1.1"
+      },
+      "devDependencies": {
+        "@vercel/ncc": "0.34.0"
+      }
+    },
+    "node_modules/@actions/core": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
+      "dependencies": {
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
+    },
+    "node_modules/@actions/github": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
+      "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
+      "dependencies": {
+        "@actions/http-client": "^2.0.1",
+        "@octokit/core": "^3.6.0",
+        "@octokit/plugin-paginate-rest": "^2.17.0",
+        "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
+      }
+    },
+    "node_modules/@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+      "dependencies": {
+        "tunnel": "^0.0.6"
+      }
+    },
+    "node_modules/@octokit/auth-token": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
+      "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
+      "dependencies": {
+        "@octokit/types": "^6.0.3"
+      }
+    },
+    "node_modules/@octokit/core": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
+      "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
+      "dependencies": {
+        "@octokit/auth-token": "^2.4.4",
+        "@octokit/graphql": "^4.5.8",
+        "@octokit/request": "^5.6.3",
+        "@octokit/request-error": "^2.0.5",
+        "@octokit/types": "^6.0.3",
+        "before-after-hook": "^2.2.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "node_modules/@octokit/endpoint": {
+      "version": "6.0.12",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
+      "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
+      "dependencies": {
+        "@octokit/types": "^6.0.3",
+        "is-plain-object": "^5.0.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "node_modules/@octokit/graphql": {
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
+      "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
+      "dependencies": {
+        "@octokit/request": "^5.6.0",
+        "@octokit/types": "^6.0.3",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "node_modules/@octokit/openapi-types": {
+      "version": "12.10.1",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.10.1.tgz",
+      "integrity": "sha512-P+SukKanjFY0ZhsK6wSVnQmxTP2eVPPE8OPSNuxaMYtgVzwJZgfGdwlYjf4RlRU4vLEw4ts2fsE2icG4nZ5ddQ=="
+    },
+    "node_modules/@octokit/plugin-paginate-rest": {
+      "version": "2.21.3",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
+      "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
+      "dependencies": {
+        "@octokit/types": "^6.40.0"
+      },
+      "peerDependencies": {
+        "@octokit/core": ">=2"
+      }
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods": {
+      "version": "5.16.2",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
+      "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
+      "dependencies": {
+        "@octokit/types": "^6.39.0",
+        "deprecation": "^2.3.1"
+      },
+      "peerDependencies": {
+        "@octokit/core": ">=3"
+      }
+    },
+    "node_modules/@octokit/request": {
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
+      "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
+      "dependencies": {
+        "@octokit/endpoint": "^6.0.1",
+        "@octokit/request-error": "^2.1.0",
+        "@octokit/types": "^6.16.1",
+        "is-plain-object": "^5.0.0",
+        "node-fetch": "^2.6.7",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "node_modules/@octokit/request-error": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
+      "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
+      "dependencies": {
+        "@octokit/types": "^6.0.3",
+        "deprecation": "^2.0.0",
+        "once": "^1.4.0"
+      }
+    },
+    "node_modules/@octokit/types": {
+      "version": "6.40.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.40.0.tgz",
+      "integrity": "sha512-MFZOU5r8SwgJWDMhrLUSvyJPtVsqA6VnbVI3TNbsmw+Jnvrktzvq2fYES/6RiJA/5Ykdwq4mJmtlYUfW7CGjmw==",
+      "dependencies": {
+        "@octokit/openapi-types": "^12.10.0"
+      }
+    },
+    "node_modules/@vercel/ncc": {
+      "version": "0.34.0",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
+      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
+      "dev": true,
+      "bin": {
+        "ncc": "dist/ncc/cli.js"
+      }
+    },
+    "node_modules/before-after-hook": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz",
+      "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ=="
+    },
+    "node_modules/deprecation": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
+      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
+    },
+    "node_modules/is-plain-object": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
+      "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/node-fetch": {
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
+    },
+    "node_modules/tunnel": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
+      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "engines": {
+        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
+      }
+    },
+    "node_modules/universal-user-agent": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
+      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
+    },
+    "node_modules/uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
+    "node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
+    },
+    "node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
+    }
+  },
+  "dependencies": {
+    "@actions/core": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
+      "requires": {
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
+    },
+    "@actions/github": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
+      "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
+      "requires": {
+        "@actions/http-client": "^2.0.1",
+        "@octokit/core": "^3.6.0",
+        "@octokit/plugin-paginate-rest": "^2.17.0",
+        "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
+      }
+    },
+    "@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+      "requires": {
+        "tunnel": "^0.0.6"
+      }
+    },
+    "@octokit/auth-token": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
+      "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
+      "requires": {
+        "@octokit/types": "^6.0.3"
+      }
+    },
+    "@octokit/core": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
+      "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
+      "requires": {
+        "@octokit/auth-token": "^2.4.4",
+        "@octokit/graphql": "^4.5.8",
+        "@octokit/request": "^5.6.3",
+        "@octokit/request-error": "^2.0.5",
+        "@octokit/types": "^6.0.3",
+        "before-after-hook": "^2.2.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/endpoint": {
+      "version": "6.0.12",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
+      "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
+      "requires": {
+        "@octokit/types": "^6.0.3",
+        "is-plain-object": "^5.0.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/graphql": {
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
+      "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
+      "requires": {
+        "@octokit/request": "^5.6.0",
+        "@octokit/types": "^6.0.3",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/openapi-types": {
+      "version": "12.10.1",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.10.1.tgz",
+      "integrity": "sha512-P+SukKanjFY0ZhsK6wSVnQmxTP2eVPPE8OPSNuxaMYtgVzwJZgfGdwlYjf4RlRU4vLEw4ts2fsE2icG4nZ5ddQ=="
+    },
+    "@octokit/plugin-paginate-rest": {
+      "version": "2.21.3",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
+      "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
+      "requires": {
+        "@octokit/types": "^6.40.0"
+      }
+    },
+    "@octokit/plugin-rest-endpoint-methods": {
+      "version": "5.16.2",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
+      "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
+      "requires": {
+        "@octokit/types": "^6.39.0",
+        "deprecation": "^2.3.1"
+      }
+    },
+    "@octokit/request": {
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
+      "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
+      "requires": {
+        "@octokit/endpoint": "^6.0.1",
+        "@octokit/request-error": "^2.1.0",
+        "@octokit/types": "^6.16.1",
+        "is-plain-object": "^5.0.0",
+        "node-fetch": "^2.6.7",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/request-error": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
+      "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
+      "requires": {
+        "@octokit/types": "^6.0.3",
+        "deprecation": "^2.0.0",
+        "once": "^1.4.0"
+      }
+    },
+    "@octokit/types": {
+      "version": "6.40.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.40.0.tgz",
+      "integrity": "sha512-MFZOU5r8SwgJWDMhrLUSvyJPtVsqA6VnbVI3TNbsmw+Jnvrktzvq2fYES/6RiJA/5Ykdwq4mJmtlYUfW7CGjmw==",
+      "requires": {
+        "@octokit/openapi-types": "^12.10.0"
+      }
+    },
+    "@vercel/ncc": {
+      "version": "0.34.0",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
+      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
+      "dev": true
+    },
+    "before-after-hook": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz",
+      "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ=="
+    },
+    "deprecation": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
+      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
+    },
+    "is-plain-object": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
+      "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
+    },
+    "node-fetch": {
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "requires": {
+        "whatwg-url": "^5.0.0"
+      }
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
+    },
+    "tunnel": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
+      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
+    },
+    "universal-user-agent": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
+      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
+    },
+    "uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
+    },
+    "webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
+    },
+    "whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "requires": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
+    }
+  }
+}

.github/actions/issue-validator/package.json

@@ -0,0 +1,14 @@
+{
+  "private": true,
+  "exports": "./index.mjs",
+  "scripts": {
+    "build": "ncc -m -o . build src/index.mjs --license licenses.txt"
+  },
+  "devDependencies": {
+    "@vercel/ncc": "0.34.0"
+  },
+  "dependencies": {
+    "@actions/core": "1.10.0",
+    "@actions/github": "5.1.1"
+  }
+}

.github/actions/issue-validator/repro.md

@@ -0,0 +1,38 @@
+We cannot recreate the issue with the provided information. **Please add a reproduction in order for us to be able to investigate.**
+
+### **Why was this issue marked with the `incomplete` label?**
+
+To be able to investigate, we need access to a reproduction to identify what triggered the issue. We prefer a link to a public GitHub repository ([template](https://github.com/nextauthjs/next-auth-example)), but you can also use a tool like [CodeSandbox](https://codesandbox.io/s/github/nextauthjs/next-auth-example/tree/main) or [StackBlitz](https://stackblitz.com/fork/github/nextauthjs/next-auth-example).
+
+To make sure the issue is resolved as quickly as possible, please make sure that the reproduction is as **minimal** as possible. This means that you should **remove unnecessary code, files, and dependencies** that do not contribute to the issue.
+
+Please test your reproduction against the latest version of NextAuth.js (`next-auth@latest`) to make sure your issue has not already been fixed.
+
+### **I added a link, why was it still marked?**
+
+Ensure the link is pointing to a codebase that is accessible (e.g. not a private repository). "[example.com](http://example.com/)", "n/a", "will add later", etc. are not acceptable links -- we need to see a public codebase. See the above section for accepted links.
+
+### **What happens if I don't provide a sufficient minimal reproduction?**
+
+Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.
+
+If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.
+
+### **I did not open this issue, but it is relevant to me, what can I do to help?**
+
+Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps. Furthermore, you can upvote the issue using the :+1: reaction on the topmost comment (please **do not** comment "I have the same issue" without repro steps). Then, we can sort issues by votes to prioritize.
+
+### **I think my reproduction is good enough, why aren't you looking into it quicker?**
+
+We look into every NextAuth.js issue and constantly monitor open issues for new comments.
+
+However, sometimes we might miss one or two. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.
+
+Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.
+
+### **Useful Resources**
+
+- [How to create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve)
+- [Reporting a NextAuth.js bug](https://github.com/nextauthjs/next-auth/blob/main/.github/ISSUE_TEMPLATE/1_bug_framework.yml)
+- [How to Contribute to Open Source (Next.js)](https://www.youtube.com/watch?v=cuoNzXFLitc)
+

.github/actions/issue-validator/src/index.mjs

@@ -0,0 +1,88 @@
+// @ts-check
+// @ts-expect-error
+import * as github from "@actions/github"
+// @ts-expect-error
+import * as core from "@actions/core"
+import { readFileSync } from "node:fs"
+import { join } from "node:path"
+
+const addReproductionLabel = "incomplete"
+const __dirname =
+  "/home/runner/work/nextauthjs/next-auth/.github/actions/issue-validator"
+
+/**
+ * @typedef {{
+ *  id :number
+ *  node_id :string
+ *  url :string
+ *  name :string
+ *  description :string
+ *  color :string
+ *  default :boolean
+ * }} Label
+ *
+ * @typedef {{
+ *  pull_request: any
+ *  issue?: {body: string, number: number, labels: Label[]}
+ *  label: Label
+ * }} Payload
+ *
+ * @typedef {{
+ *  payload: Payload
+ *  repo: any
+ * }} Context
+ */
+
+async function run() {
+  try {
+    /** @type {Context} */
+    const { payload, repo } = github.context
+    const {
+      issue,
+      pull_request,
+      label: { name: newLabel },
+    } = payload
+
+    if (pull_request || !issue?.body || !process.env.GITHUB_TOKEN) return
+
+    const labels = issue.labels.map((l) => l.name)
+    // const isBugReport =
+    //   labels.includes(bugLabel) || newLabel === bugLabel || !labels.length
+
+    if (
+      // !(isBugReport && issue.number > 43554) &&
+      ![addReproductionLabel].includes(newLabel) &&
+      !labels.includes(addReproductionLabel)
+    ) {
+      return core.info(
+        "Not a bug report or not manually labeled or already labeled."
+      )
+    }
+
+    const client = github.getOctokit(process.env.GITHUB_TOKEN).rest
+    const issueCommon = { ...repo, issue_number: issue.number }
+
+    if (
+      newLabel === addReproductionLabel
+      // || !hasValidRepro
+    ) {
+      await Promise.all([
+        client.issues.addLabels({
+          ...issueCommon,
+          labels: [addReproductionLabel],
+        }),
+        client.issues.createComment({
+          ...issueCommon,
+          body: readFileSync(join(__dirname, "repro.md"), "utf8"),
+        }),
+      ])
+      return core.info(
+        "Commented on issue, because it did not have a sufficient reproduction."
+      )
+    }
+  } catch (error) {
+    core.setFailed(error.message)
+  }
+}
+
+run()

.github/issue-labeler.yml

@@ -30,6 +30,9 @@ prisma:
 sequelize:
   - "@next-auth/sequelize-adapter"
 
+supabase:
+  - "@next-auth/supabase-adapter"
+
 typeorm-legacy:
   - "@next-auth/typeorm-legacy-adapter"
 

.github/pr-labeler.yml

@@ -42,6 +42,9 @@ prisma:
 sequelize:
   - packages/adapter-sequelize/**
 
+supabase:
+  - packages/adapter-supabase/**
+
 typeorm-legacy:
   - packages/adapter-typeorm-legacy/**
 

.github/sync.yml

@@ -1,13 +1,7 @@
+# This is a legacy example pushed from the v4 branch
 nextauthjs/next-auth-example:
   - source: apps/example-nextjs
     dest: .
     deleteOrphaned: true
   - .github/FUNDING.yml
   - LICENSE
-
-nextauthjs/next-auth-gatsby-example:
-  - source: apps/example-gatsby
-    dest: .
-    deleteOrphaned: true
-  - .github/FUNDING.yml
-  - LICENSE

.github/workflows/codeql-analysis.yml

@@ -18,10 +18,10 @@ jobs:
         language: ["javascript"]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/issue-labeler.yml

@@ -11,7 +11,7 @@ jobs:
     name: Triage
     runs-on: ubuntu-latest
     steps:
-      - uses: github/issue-labeler@v2.4.1
+      - uses: github/issue-labeler@v2.5
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           configuration-path: ".github/issue-labeler.yml"

.github/workflows/issue-validator.yml

@@ -0,0 +1,17 @@
+name: Validate issue
+on:
+  issues:
+    types: [labeled]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+      - name: 'Run issue validator'
+        run: node ./.github/actions/issue-validator/index.mjs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-labeler.yml

@@ -10,7 +10,7 @@ jobs:
     name: Triage
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v3
+      - uses: actions/labeler@v4
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           configuration-path: ".github/pr-labeler.yml"

.github/workflows/release.yml

@@ -7,6 +7,7 @@ on:
       - "beta"
       - "next"
       - "3.x"
+      - "v4"
   pull_request:
 
 jobs:
@@ -15,11 +16,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Init
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 2
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.2.1
+        uses: pnpm/action-setup@v2.2.4
         with:
           version: 7.5.1
       - name: Setup Node
@@ -49,11 +50,11 @@ jobs:
     environment: Production
     steps:
       - name: Init
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.2.1
+        uses: pnpm/action-setup@v2.2.4
         with:
           version: 7.5.1
       - name: Setup Node
@@ -81,9 +82,9 @@ jobs:
     environment: Preview
     steps:
       - name: Init
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.2.1
+        uses: pnpm/action-setup@v2.2.4
         with:
           version: 7.5.1
       - name: Setup Node
@@ -106,7 +107,7 @@ jobs:
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN_PKG }}
       - name: Comment version on PR
-        uses: NejcZdovc/comment-pr@v1
+        uses: NejcZdovc/comment-pr@v2
         with:
           message:
             "🎉 Experimental release [published 📦️ on npm](https://npmjs.com/package/next-auth/v/${{ env.VERSION }})!\n \

.github/workflows/sync-examples.yml

@@ -2,17 +2,17 @@ name: Sync Example Repositories
 on:
   push:
     branches:
-      - main
+      - v4
   workflow_dispatch:
 jobs:
   sync:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run GitHub File Sync
         # Can update to v1 when https://github.com/BetaHuhn/repo-file-sync-action/issues/168 is resolved
         uses: BetaHuhn/repo-file-sync-action@v1.16.5
         with:
-          GH_PAT: ${{ secrets.SYNC_EXAMPLE_PAT }}
+          GH_PAT: ${{ secrets.GH_PAT_CLASSIC }}
           SKIP_PR: true

.gitignore

@@ -65,6 +65,7 @@ dev.db*
 packages/adapter-prisma/prisma/dev.db
 packages/adapter-prisma/prisma/migrations
 db.sqlite
+packages/adapter-supabase/supabase/.branches
 
 # Tests
 coverage
@@ -77,4 +78,20 @@ test.schema.gql
 
 # docusaurus
 docs/.docusaurus
-docs/providers.json
+docs/providers.json
+
+# Core
+packages/core/adapters.*
+packages/core/index.*
+packages/core/jwt
+packages/core/lib
+packages/core/providers
+
+
+# SvelteKit
+packages/frameworks-sveltekit/index.*
+packages/frameworks-sveltekit/client.*
+packages/frameworks-sveltekit/.svelte-kit
+packages/frameworks-sveltekit/package
+packages/frameworks-sveltekit/vite.config.js.timestamp-*
+packages/frameworks-sveltekit/vite.config.ts.timestamp-*

CHANGELOG.md

@@ -1,5 +0,0 @@
-# CHANGELOG
-
-The changelog is automatically updated using
-[scripts/release/index.ts](https://github.com/nextauthjs/next-auth/tree/main/scripts/index.ts). You
-can see it on the [releases page](../../releases).

CODE_OF_CONDUCT.md

@@ -1,76 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-- Using welcoming and inclusive language
-- Being respectful of differing viewpoints and experiences
-- Gracefully accepting constructive criticism
-- Focusing on what is best for the community
-- Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-- The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-- Trolling, insulting/derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting hi@thvu.dev, info@balazsorban.com, yo@ndo.dev and me@iaincollins.com.
-All complaints will be reviewed and investigated and will result in a response
-that is deemed necessary and appropriate to the circumstances. The project team
-is obligated to maintain confidentiality with regard to the reporter of an
-incident. Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq

CONTRIBUTING.md

@@ -1,119 +0,0 @@
-# Contributing guide
-
-Contributions and feedback on your experience of using this software are welcome.
-
-This includes bug reports, feature requests, ideas, pull requests, and examples of how you have used this software.
-
-Please see the [Code of Conduct](CODE_OF_CONDUCT.md) and follow any templates configured in GitHub when reporting bugs, requesting enhancements, or contributing code.
-
-Please raise any significant new functionality or breaking change an issue for discussion before raising a Pull Request for it.
-
-## For contributors
-
-Anyone can be a contributor. Either you found a typo, or you have an awesome feature request you could implement, we encourage you to create a Pull Request.
-
-### Pull Requests
-
-- The latest changes are always in `main`, so please make your Pull Request against that branch.
-- Pull Requests should be raised for any change
-- Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-- We use ESLint/Prettier for linting/formatting, so please run `pnpm lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
-- We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
-- If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request
-
-### Setting up local environment
-
-
-A quick guide on how to setup _next-auth_ locally to work on it and test out any changes:
-
-1. Clone the repo:
-
-```sh
-git clone git@github.com:nextauthjs/next-auth.git
-cd next-auth
-```
-
-2. Set up the correct pnpm version, using [Corepack](https://nodejs.org/api/corepack.html). Run the following in the project'a root:
-
-```sh
-corepack enable pnpm
-```
-
-(Now, if you run `pnpm --version`, it should print the same verion as the `packageManager` property in the [`package.json` file](https://github.com/nextauthjs/next-auth/blob/main/package.json))
-
-3. Install packages. Developing requires Node.js v18:
-
-```sh
-pnpm install
-```
-
-4. Populate `.env.local`:
-
-Copy `apps/dev/.env.local.example` to `apps/dev/.env.local`, and add your env variables for each provider you want to test.
-
-```sh
-cd apps/dev
-cp .env.local.example .env.local
-```
-
-> NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
-> You can find the next-auth config under`apps/dev/pages/api/auth/[...nextauth].js`.
-
-5. Start the developer application/server:
-
-```sh
-pnpm dev
-```
-
-Your developer application will be available on `http://localhost:3000`
-
-That's it! 🎉
-
-If you need an example project to link to, you can use [next-auth-example](https://github.com/iaincollins/next-auth-example).
-
-#### Hot reloading
-
-When running `pnpm dev`, you start a Next.js developer server on `http://localhost:3000`, which includes hot reloading out-of-the-box. Make changes on any of the files in `src` and see the changes immediately.
-
-> NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered (using API routes). (Improving this through a PR is very welcome!)
-
-> NOTE: The setup is as follows: The development application lives inside the `app` folder, and whenever you make a change to the `src` folder in the root (where next-auth is), it gets copied into `app` every time (gitignored), so Next.js can pick them up and apply hot reloading. This is to avoid some annoying issues with how symlinks are working with different React builds, and also to provide a super-fast feedback loop while developing core features.
-
-#### Providers
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
-
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
-2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
-
-That's it! 🎉 Others will be able to discover this provider much more easily now!
-
-You can look at the existing built-in providers for inspiration.
-
-#### Databases
-
-If you would like to contribute to an existing database adapter or help create a new one, head over to the [nextauthjs/adapters](https://www.github.com/nextauthjs/adapters) repository and follow the instructions provided there.
-
-#### Testing
-
-Tests can be run with `pnpm test`.
-
-Automated tests are currently crude and limited in functionality, but improvements are in development.
-
-## For maintainers
-
-We use [a custom script](https://github.com/nextauthjs/next-auth/blob/main/scripts/release/index.ts) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone. Please study the "Conventional Commits" site to understand how to write a good commit message.
-
-When accepting Pull Requests, make sure the following:
-
-- Use "Squash and merge"
-- Make sure you merge contributor PRs into `main`
-- Rewrite the commit message to conform to the `Conventional Commits` style.
-  - Using `fix` releases a patch (x.x.1)
-  - Using `feat` releases a minor (x.1.x)
-  - Using `feat` when `BREAKING CHANGE` is present in the commit message releases a major (1.x.x)
-- Optionally link issues the PR will resolve (You can add "close" in front of the issue numbers to close the issues automatically, when the PR is merged. `semantic-release` will also comment back to connected issues and PRs, notifying the users that a feature is added/bug fixed, etc.)
-
-### Skipping a release
-
-If a commit contains `[skip release]` in their message, it will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.

SECURITY.md

@@ -1,24 +0,0 @@
-# Security Policy
-
-NextAuth.js practices responsible disclosure.
-
-## Reporting a Vulnerability
-
-We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js.
-
-If you contact us regarding a serious issue:
-
-- We will endeavor to get back to you within 72 hours.
-- We will aim to publish a fix within 30 days.
-- We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
-- If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.
-
-The best way to report an issue is by contacting us via email at hi@thvu.dev, info@balazsorban.com, yo@ndo.dev and me@iaincollins.com, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.)
-
-> For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future) it is appropriate to submit these publicly as bug reports or feature requests or to raise a question to open a discussion around them.
-
-## Supported Versions
-
-Security updates are only released for the current version.
-
-Old releases are not maintained and do not receive updates.

apps/dev/.env.local.example

@@ -48,4 +48,11 @@ EMAIL_FROM=user@gmail.com
 DATABASE_URL=
 
 WIKIMEDIA_ID=
-WIKIMEDIA_SECRET=
+WIKIMEDIA_SECRET=
+
+# Supabase Example Configuration
+# Supabase Example Configuration
+# NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
+# SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSJ9.vI9obAHOGyVVKa3pD--kJlyxp-Z2zV9UUMAhKpNLAcU
+# SUPABASE_JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long
+# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs

apps/dev/components/header.js

@@ -90,6 +90,12 @@ export default function Header() {
           <li className={styles.navItem}>
             <Link href="/middleware-protected">Middleware protected</Link>
           </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-client-rls">Supabase RLS</Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href="/supabase-ssr">Supabase RLS(SSR)</Link>
+          </li>
         </ul>
       </nav>
     </header>

apps/dev/package.json

@@ -16,16 +16,19 @@
   "dependencies": {
     "@next-auth/fauna-adapter": "workspace:*",
     "@next-auth/prisma-adapter": "workspace:*",
+    "@next-auth/supabase-adapter": "workspace:*",
     "@next-auth/typeorm-legacy-adapter": "workspace:*",
     "@prisma/client": "^3",
+    "@supabase/supabase-js": "^2.0.5",
     "faunadb": "^4",
-    "next": "13.0.2",
+    "next": "13.0.6",
     "next-auth": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",
     "react-dom": "^18"
   },
   "devDependencies": {
+    "@types/jsonwebtoken": "^8.5.5",
     "@types/react": "^18.0.15",
     "@types/react-dom": "^18.0.6",
     "fake-smtp-server": "^0.8.0",

apps/dev/pages/api/auth/[...nextauth].ts

@@ -1,5 +1,4 @@
-import NextAuth from "next-auth"
-import type { NextAuthOptions } from "next-auth"
+import NextAuth, { NextAuthOptions } from "next-auth"
 
 // Providers
 import Apple from "next-auth/providers/apple"
@@ -7,39 +6,34 @@ import Auth0 from "next-auth/providers/auth0"
 import AzureAD from "next-auth/providers/azure-ad"
 import AzureB2C from "next-auth/providers/azure-ad-b2c"
 import BoxyHQSAML from "next-auth/providers/boxyhq-saml"
-import Cognito from "next-auth/providers/cognito"
+// import Cognito from "next-auth/providers/cognito"
 import Credentials from "next-auth/providers/credentials"
 import Discord from "next-auth/providers/discord"
 import DuendeIDS6 from "next-auth/providers/duende-identity-server6"
-import Email from "next-auth/providers/email"
+// import Email from "next-auth/providers/email"
 import Facebook from "next-auth/providers/facebook"
 import Foursquare from "next-auth/providers/foursquare"
 import Freshbooks from "next-auth/providers/freshbooks"
 import GitHub from "next-auth/providers/github"
 import Gitlab from "next-auth/providers/gitlab"
 import Google from "next-auth/providers/google"
-import Hubspot from "next-auth/providers/hubspot"
-import IDS4 from "next-auth/providers/identity-server4"
+// import IDS4 from "next-auth/providers/identity-server4"
 import Instagram from "next-auth/providers/instagram"
-import Keycloak from "next-auth/providers/keycloak"
+// import Keycloak from "next-auth/providers/keycloak"
 import Line from "next-auth/providers/line"
 import LinkedIn from "next-auth/providers/linkedin"
 import Mailchimp from "next-auth/providers/mailchimp"
-import Okta from "next-auth/providers/okta"
+// import Okta from "next-auth/providers/okta"
 import Osu from "next-auth/providers/osu"
 import Patreon from "next-auth/providers/patreon"
 import Slack from "next-auth/providers/slack"
 import Spotify from "next-auth/providers/spotify"
-import Todoist from "next-auth/providers/todoist"
 import Trakt from "next-auth/providers/trakt"
 import Twitch from "next-auth/providers/twitch"
-import Twitter, { TwitterLegacy } from "next-auth/providers/twitter"
+import Twitter from "next-auth/providers/twitter"
 import Vk from "next-auth/providers/vk"
 import Wikimedia from "next-auth/providers/wikimedia"
 import WorkOS from "next-auth/providers/workos"
-import Zitadel from "next-auth/providers/zitadel"
-
-// Adapters
 
 // // Prisma
 // import { PrismaClient } from "@prisma/client"
@@ -65,9 +59,16 @@ import Zitadel from "next-auth/providers/zitadel"
 //   synchronize: true,
 // })
 
+// // Supabase
+// import { SupabaseAdapter } from "@next-auth/supabase-adapter"
+// const adapter = SupabaseAdapter({
+//   url: process.env.NEXT_PUBLIC_SUPABASE_URL,
+//   secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
+// })
+
 export const authOptions: NextAuthOptions = {
   // adapter,
-  debug: process.env.NODE_ENV !== "production",
+  // debug: process.env.NODE_ENV !== "production",
   theme: {
     logo: "https://next-auth.js.org/img/logo/logo-sm.png",
     brandColor: "#1786fb",
@@ -77,15 +78,19 @@ export const authOptions: NextAuthOptions = {
       credentials: { password: { label: "Password", type: "password" } },
       async authorize(credentials) {
         if (credentials.password !== "pw") return null
-        return { name: "Fill Murray", email: "bill@fillmurray.com", image: "https://www.fillmurray.com/64/64" }
+        return { name: "Fill Murray", email: "bill@fillmurray.com", image: "https://www.fillmurray.com/64/64", id: "1", foo: "" }
       },
     }),
     Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
     Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
-    AzureAD({ clientId: process.env.AZURE_AD_CLIENT_ID, clientSecret: process.env.AZURE_AD_CLIENT_SECRET, tenantId: process.env.AZURE_AD_TENANT_ID }),
+    AzureAD({
+      clientId: process.env.AZURE_AD_CLIENT_ID,
+      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
+      tenantId: process.env.AZURE_AD_TENANT_ID,
+    }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
-    Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
+    // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
     DuendeIDS6({ clientId: "interactive.confidential", clientSecret: "secret", issuer: "https://demo.duendesoftware.com" }),
     Facebook({ clientId: process.env.FACEBOOK_ID, clientSecret: process.env.FACEBOOK_SECRET }),
@@ -94,36 +99,34 @@ export const authOptions: NextAuthOptions = {
     GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
     Gitlab({ clientId: process.env.GITLAB_ID, clientSecret: process.env.GITLAB_SECRET }),
     Google({ clientId: process.env.GOOGLE_ID, clientSecret: process.env.GOOGLE_SECRET }),
-    Hubspot({ clientId: process.env.HUBSPOT_ID, clientSecret: process.env.HUBSPOT_SECRET }),
-    IDS4({ clientId: process.env.IDS4_ID, clientSecret: process.env.IDS4_SECRET, issuer: process.env.IDS4_ISSUER }),
+    // IDS4({ clientId: process.env.IDS4_ID, clientSecret: process.env.IDS4_SECRET, issuer: process.env.IDS4_ISSUER }),
     Instagram({ clientId: process.env.INSTAGRAM_ID, clientSecret: process.env.INSTAGRAM_SECRET }),
-    Keycloak({ clientId: process.env.KEYCLOAK_ID, clientSecret: process.env.KEYCLOAK_SECRET, issuer: process.env.KEYCLOAK_ISSUER }),
+    // Keycloak({ clientId: process.env.KEYCLOAK_ID, clientSecret: process.env.KEYCLOAK_SECRET, issuer: process.env.KEYCLOAK_ISSUER }),
     Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
     LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
     Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
-    Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
+    // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
     Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
     Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),
     Slack({ clientId: process.env.SLACK_ID, clientSecret: process.env.SLACK_SECRET }),
     Spotify({ clientId: process.env.SPOTIFY_ID, clientSecret: process.env.SPOTIFY_SECRET }),
-    Todoist({ clientId: process.env.TODOIST_ID, clientSecret: process.env.TODOIST_SECRET }),
     Trakt({ clientId: process.env.TRAKT_ID, clientSecret: process.env.TRAKT_SECRET }),
     Twitch({ clientId: process.env.TWITCH_ID, clientSecret: process.env.TWITCH_SECRET }),
-    Twitter({ version: "2.0", clientId: process.env.TWITTER_ID, clientSecret: process.env.TWITTER_SECRET }),
-    TwitterLegacy({ clientId: process.env.TWITTER_LEGACY_ID, clientSecret: process.env.TWITTER_LEGACY_SECRET }),
+    Twitter({ clientId: process.env.TWITTER_ID, clientSecret: process.env.TWITTER_SECRET }),
+    // TwitterLegacy({ clientId: process.env.TWITTER_LEGACY_ID, clientSecret: process.env.TWITTER_LEGACY_SECRET }),
     Vk({ clientId: process.env.VK_ID, clientSecret: process.env.VK_SECRET }),
     Wikimedia({ clientId: process.env.WIKIMEDIA_ID, clientSecret: process.env.WIKIMEDIA_SECRET }),
     WorkOS({ clientId: process.env.WORKOS_ID, clientSecret: process.env.WORKOS_SECRET }),
-    Zitadel({ issuer: process.env.ZITADEL_ISSUER, clientId: process.env.ZITADEL_CLIENT_ID, clientSecret: process.env.ZITADEL_CLIENT_SECRET }),
   ],
 }
 
 if (authOptions.adapter) {
-  authOptions.providers.unshift(
-    // NOTE: You can start a fake e-mail server with `pnpm email`
-    // and then go to `http://localhost:1080` in the browser
-    Email({ server: "smtp://127.0.0.1:1025?tls.rejectUnauthorized=false" })
-  )
+  // TODO:
+  // authOptions.providers.unshift(
+  //   // NOTE: You can start a fake e-mail server with `pnpm email`
+  //   // and then go to `http://localhost:1080` in the browser
+  //   Email({ server: "smtp://127.0.0.1:1025?tls.rejectUnauthorized=false" })
+  // )
 }
 
 export default NextAuth(authOptions)

apps/dev/pages/api/examples/supabase-rls.js

@@ -0,0 +1,30 @@
+// This is an example of how to query data from Supabase with RLS.
+// Learn more about Row Levele Security (RLS): https://supabase.com/docs/guides/auth/row-level-security
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+
+export default async (req, res) => {
+  const session = await unstable_getServerSession(req, res, authOptions)
+
+  if (!session)
+    return res.send(JSON.stringify({ error: "No session!" }, null, 2))
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  res.send(JSON.stringify({ supabaseAccessToken, data, error }, null, 2))
+}

apps/dev/pages/supabase-client-rls.js

@@ -0,0 +1,49 @@
+import Layout from "../components/layout"
+import { useState, useEffect } from "react"
+import { useSession } from "next-auth/react"
+import { createClient } from "@supabase/supabase-js"
+
+export default function Page() {
+  const { data: session } = useSession()
+  const [data, setData] = useState(null)
+
+  useEffect(() => {
+    if (session) {
+      console.log(session)
+      // User is logged in, let's fetch their data.
+      const { supabaseAccessToken } = session
+      const supabase = createClient(
+        process.env.NEXT_PUBLIC_SUPABASE_URL,
+        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+        {
+          global: {
+            headers: { Authorization: `Bearer ${supabaseAccessToken}` },
+          },
+        }
+      )
+      // Fetch data with RLS enabled.
+      supabase
+        .from("users")
+        .select("*")
+        .then(({ data }) => setData(data))
+    }
+  }, [session])
+
+  return (
+    <Layout>
+      <h1>Fetch Data from Supabase with RLS</h1>
+      <h2>Client-side data fetching with RLS:</h2>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+      <h2>API Example</h2>
+      <p>
+        You can also use Supabase in API routes. See the code in the
+        `/pages/api/examples/supabase-rls.js` file.
+      </p>
+      <p>
+        <em>You must be signed in to see responses.</em>
+      </p>
+      <p>/api/examples/supabase-rls</p>
+      <iframe src="/api/examples/supabase-rls" />
+    </Layout>
+  )
+}

apps/dev/pages/supabase-ssr.js

@@ -0,0 +1,68 @@
+// This is an example of how to protect content using server rendering
+// and fetching data from Supabase with RLS enabled.
+import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "./api/auth/[...nextauth]"
+import { createClient } from "@supabase/supabase-js"
+import Layout from "../components/layout"
+import AccessDenied from "../components/access-denied"
+
+export default function Page({ data, session }) {
+  // If no session exists, display access denied message
+  if (!session) {
+    return (
+      <Layout>
+        <AccessDenied />
+      </Layout>
+    )
+  }
+
+  // If session exists, display content
+  return (
+    <Layout>
+      <h1>Protected Page</h1>
+      <p>Data fetched during SSR from Supabase with RSL enabled:</p>
+      <pre>{JSON.stringify(data, null, 2)}</pre>
+    </Layout>
+  )
+}
+
+export async function getServerSideProps(context) {
+  const session = await unstable_getServerSession(
+    context.req,
+    context.res,
+    authOptions
+  )
+
+  if (!session)
+    return {
+      props: {
+        session,
+        data: null,
+        error: "No session",
+      },
+    }
+
+  const { supabaseAccessToken } = session
+
+  const supabase = createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+    {
+      global: {
+        headers: {
+          Authorization: `Bearer ${supabaseAccessToken}`,
+        },
+      },
+    }
+  )
+  // Now you can query with RLS enabled.
+  const { data, error } = await supabase.from("users").select("*")
+
+  return {
+    props: {
+      session,
+      data,
+      error,
+    },
+  }
+}

apps/dev/types/nextauth.d.ts

@@ -6,6 +6,8 @@ declare module "next-auth" {
    * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
    */
   interface Session {
+    // A JWT which can be used as Authorization header with supabase-js for RLS.
+    supabaseAccessToken?: string
     user: {
       /** The user's postal address. */
       address: string

apps/playground-sveltekit/.env.example

@@ -1,4 +0,0 @@
-GITHUB_CLIENT_ID=
-GITHUB_CLIENT_SECRET=
-NEXTAUTH_SECRET=
-PUBLIC_NEXTAUTH_URL=http://localhost:5173

apps/playground-sveltekit/.eslintrc.cjs

@@ -1,24 +0,0 @@
-module.exports = {
-  root: true,
-  parser: "@typescript-eslint/parser",
-  extends: [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/recommended",
-    "prettier",
-  ],
-  plugins: ["svelte3", "@typescript-eslint"],
-  ignorePatterns: ["*.cjs", "build/**/*"],
-  overrides: [{ files: ["*.svelte"], processor: "svelte3/svelte3" }],
-  settings: {
-    "svelte3/typescript": () => require("typescript"),
-  },
-  parserOptions: {
-    sourceType: "module",
-    ecmaVersion: 2020,
-  },
-  env: {
-    browser: true,
-    es2017: true,
-    node: true,
-  },
-}

apps/playground-sveltekit/.gitignore

@@ -1,8 +0,0 @@
-.DS_Store
-node_modules
-/build
-/.svelte-kit
-/package
-.env
-.env.*
-!.env.example

apps/playground-sveltekit/README.md

@@ -1,76 +0,0 @@
-# SvelteKit + NextAuth.js Playground
-
-NextAuth.js is committed to bringing easy authentication to other frameworks. https://github.com/nextauthjs/next-auth/issues/2294
-
-SvelteKit support with NextAuth.js is currently experimental. This directory contains a minimal, proof-of-concept application. Parts of this is expected to be abstracted away into a package like `@next-auth/sveltekit`
-
-## Running this Demo
-
-- Copy `.env.example` to `.env`
-- In `.env`, set `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET`
-  - See [https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app))
-  - When creating the OAuth app, set "Homepage URL" to `http://localhost:5173` and Authorization callack URL to `http://localhost:5173/api/auth/callback/github`
-- In `.env`, set `NEXTAUTH_SECRET` to any random string
-- Build and run the application: `yarn build && yarn start`
-
-## Existing Project
-
-### Add API Route
-
-To add NextAuth.js to a project create a file called `[...nextauth]/+server.js` in routes/api/auth. This contains the dynamic route handler for NextAuth.js which will also contain all of your global NextAuth.js configurations.
-
-```ts
-import { NextAuth, options } from "$lib/next-auth"
-
-export const { GET, POST } = NextAuth(options)
-```
-
-### Add [hook](https://kit.svelte.dev/docs/hooks)
-
-```ts
-import type { Handle } from "@sveltejs/kit"
-import { getServerSession, options as nextAuthOptions } from "$lib/next-auth"
-
-export const handle: Handle = async function handle({
-  event,
-  resolve,
-}): Promise<Response> {
-  const session = await getServerSession(event.request, nextAuthOptions)
-  event.locals.session = session
-
-  return resolve(event)
-}
-```
-
-### Load Session from Primary Layout
-
-```ts
-// src/lib/routes/+layout.server.ts
-import type { LayoutServerLoad } from "./$types"
-
-export const load: LayoutServerLoad = ({ locals }) => {
-  return {
-    session: locals.session,
-  }
-}
-```
-
-### Protecting a Route
-
-```ts
-// src/lib/routes/protected/+page.ts
-import { redirect } from "@sveltejs/kit"
-import type { PageLoad } from "./$types"
-
-export const load: PageLoad = async ({ parent }) => {
-  const { session } = await parent()
-  if (!session?.user) {
-    throw redirect(302, "/")
-  }
-  return {}
-}
-```
-
-## Packaging lib
-
-Refer to https://kit.svelte.dev/docs/packaging

apps/playground-sveltekit/package.json

@@ -1,43 +0,0 @@
-{
-  "name": "sveltekit-nextauth",
-  "private": true,
-  "version": "0.0.1",
-  "scripts": {
-    "dev": "vite dev",
-    "build": "vite build",
-    "preview": "vite preview",
-    "start": "HOST=127.0.0.1 PORT=5173 ORIGIN=http://localhost:5173 node ./build",
-    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
-    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
-    "lint": "prettier --check . && eslint .",
-    "format": "prettier --write ."
-  },
-  "devDependencies": {
-    "@sveltejs/adapter-auto": "^1.0.0-next.80",
-    "@sveltejs/adapter-node": "1.0.0-next.96",
-    "@sveltejs/kit": "1.0.0-next.511",
-    "@types/cookie": "^0.5.1",
-    "@typescript-eslint/eslint-plugin": "^5.35.1",
-    "@typescript-eslint/parser": "^5.35.1",
-    "eslint": "^8.22.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-svelte3": "^4.0.0",
-    "prettier": "^2.7.1",
-    "prettier-plugin-svelte": "^2.7.0",
-    "svelte": "^3.49.0",
-    "svelte-check": "^2.8.1",
-    "svelte-preprocess": "^4.10.7",
-    "tslib": "^2.4.0",
-    "typescript": "~4.8.2",
-    "vite": "^3.1.0"
-  },
-  "type": "module",
-  "dependencies": {
-    "cookie": "0.5.0",
-    "next-auth": "latest"
-  },
-  "prettier": {
-    "semi": false,
-    "singleQuote": false
-  }
-}

apps/playground-sveltekit/src/app.d.ts

@@ -1,30 +0,0 @@
-/// <reference types="@sveltejs/kit" />
-import type {
-  User as NextAuthUser,
-  Session as NextAuthSession,
-} from "next-auth"
-
-// optionally extend the `user`
-interface User extends NextAuthUser {
-  // add custom fields here
-}
-
-interface AppSession extends NextAuthSession {
-  user: User
-}
-
-// See https://kit.svelte.dev/docs/typescript
-// for information about these interfaces
-declare global {
-  declare namespace App {
-    interface Locals {
-      session: AppSession
-    }
-
-    interface Platform {}
-
-    interface Session extends AppSession {}
-
-    interface Stuff {}
-  }
-}

apps/playground-sveltekit/src/app.html

@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <link rel="icon" href="%sveltekit.assets%/favicon.png" />
-    <meta name="viewport" content="width=device-width" />
-    %sveltekit.head%
-  </head>
-  <body>
-    <div>%sveltekit.body%</div>
-  </body>
-</html>

apps/playground-sveltekit/src/hooks.server.ts

@@ -1,14 +0,0 @@
-import type { Handle } from "@sveltejs/kit"
-import { getServerSession, options as nextAuthOptions } from "$lib/next-auth"
-
-export const handle: Handle = async function handle({
-  event,
-  resolve,
-}): Promise<Response> {
-  const session = await getServerSession(event.request, nextAuthOptions)
-  if (session) {
-    event.locals.session = session
-  }
-
-  return resolve(event)
-}

apps/playground-sveltekit/src/lib/next-auth.ts

@@ -1,144 +0,0 @@
-import type { ServerLoadEvent } from "@sveltejs/kit"
-import type { RequestInternal } from "next-auth"
-import type { NextAuthAction, NextAuthOptions } from "next-auth/core/types"
-import type { OutgoingResponse as NextAuthResponse } from "next-auth/core"
-import { NextAuthHandler } from "next-auth/core"
-import GithubProvider from "next-auth/providers/github"
-import cookie from "cookie"
-import {
-  GITHUB_CLIENT_ID,
-  GITHUB_CLIENT_SECRET,
-  NEXTAUTH_SECRET,
-} from "$env/static/private"
-import { PUBLIC_NEXTAUTH_URL } from "$env/static/public"
-
-// @ts-expect-error import is exported on .default during SSR
-const github = GithubProvider?.default || GithubProvider
-
-export const options: NextAuthOptions = {
-  providers: [
-    github({
-      clientId: GITHUB_CLIENT_ID,
-      clientSecret: GITHUB_CLIENT_SECRET,
-    }),
-  ],
-}
-
-const toSvelteKitResponse = async <
-  T extends string | any[] | Record<string, any>
->(
-  request: Request,
-  nextAuthResponse: NextAuthResponse<T>
-): Promise<Response> => {
-  const { cookies, redirect } = nextAuthResponse
-
-  const headers = new Headers()
-  for (const header of nextAuthResponse?.headers || []) {
-    // pass headers along from next-auth
-    headers.set(header.key, header.value)
-  }
-
-  // set-cookie header
-  if (cookies?.length) {
-    headers.set(
-      "set-cookie",
-      cookies
-        ?.map((item) => cookie.serialize(item.name, item.value, item.options))
-        .join(",") as string
-    )
-  }
-
-  let body = undefined
-  let status = nextAuthResponse.status || 200
-
-  if (redirect) {
-    let formData: FormData | null = null
-    try {
-      formData = await request.formData()
-    } catch {
-      // no formData passed
-    }
-    const { json } = Object.fromEntries(formData ?? [])
-    if (json !== "true") {
-      status = 302
-      headers.set("Location", redirect)
-    } else {
-      body = { url: redirect }
-    }
-  } else {
-    body = nextAuthResponse.body
-  }
-
-  // @ts-expect-error - body is a known HTML document or JSON object
-  return new Response(body, {
-    status,
-    headers,
-  })
-}
-
-const SKNextAuthHandler = async (
-  { request, url, params }: ServerLoadEvent,
-  options: NextAuthOptions
-): Promise<Response> => {
-  const [action, provider] = params.nextauth!.split("/")
-  let body: FormData | undefined
-  try {
-    body = await request.formData()
-  } catch {
-    // no formData passed
-  }
-  options.secret = NEXTAUTH_SECRET
-  const req: RequestInternal = {
-    host: PUBLIC_NEXTAUTH_URL,
-    body: Object.fromEntries(body ?? []),
-    query: Object.fromEntries(url.searchParams),
-    headers: request.headers,
-    method: request.method,
-    cookies: cookie.parse(request.headers.get("cookie") || ""),
-    action: action as NextAuthAction,
-    providerId: provider,
-    error: provider,
-  }
-
-  const response = await NextAuthHandler({
-    req,
-    options,
-  })
-
-  return toSvelteKitResponse(request, response)
-}
-
-export const getServerSession = async (
-  request: Request,
-  options: NextAuthOptions
-): Promise<App.Session | null> => {
-  options.secret = NEXTAUTH_SECRET
-
-  const session = await NextAuthHandler<App.Session>({
-    req: {
-      host: PUBLIC_NEXTAUTH_URL,
-      action: "session",
-      method: "GET",
-      cookies: cookie.parse(request.headers.get("cookie") || ""),
-      headers: request.headers,
-    },
-    options,
-  })
-
-  const { body } = session
-
-  if (body && Object.keys(body).length) {
-    return body as App.Session
-  }
-  return null
-}
-
-export const NextAuth = (
-  options: NextAuthOptions
-): {
-  GET: (event: ServerLoadEvent) => Promise<unknown>
-  POST: (event: ServerLoadEvent) => Promise<unknown>
-} => ({
-  GET: (event) => SKNextAuthHandler(event, options),
-  POST: (event) => SKNextAuthHandler(event, options),
-})

apps/playground-sveltekit/src/routes/+layout.server.ts

@@ -1,7 +0,0 @@
-import type { LayoutServerLoad } from "./$types"
-
-export const load: LayoutServerLoad = ({ locals }) => {
-  return {
-    session: locals.session,
-  }
-}

apps/playground-sveltekit/src/routes/+layout.svelte

@@ -1,151 +0,0 @@
-<script lang="ts">
-  import { page } from "$app/stores"
-</script>
-
-<div>
-  <header>
-    <div class="signedInStatus">
-      <p class="nojs-show loaded">
-        {#if Object.keys($page.data.session || {}).length}
-          {#if $page.data.session.user.image}
-            <span
-              style="background-image: url('{$page.data.session.user.image}')"
-              class="avatar"
-            />
-          {/if}
-          <span class="signedInText">
-            <small>Signed in as</small><br />
-            <strong
-              >{$page.data.session.user.email ||
-                $page.data.session.user.name}</strong
-            >
-          </span>
-          <a href="/api/auth/signout" class="button">Sign out</a>
-        {:else}
-          <span class="notSignedInText">You are not signed in</span>
-          <a href="/api/auth/signin" class="buttonPrimary">Sign in</a>
-        {/if}
-      </p>
-    </div>
-    <nav>
-      <ul class="navItems">
-        <li class="navItem"><a href="/">Home</a></li>
-        <li class="navItem"><a href="/protected">Protected</a></li>
-      </ul>
-    </nav>
-  </header>
-  <slot />
-</div>
-
-<style>
-  :global(body) {
-    font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont,
-      "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif,
-      "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol",
-      "Noto Color Emoji";
-    padding: 0 1rem 1rem 1rem;
-    max-width: 680px;
-    margin: 0 auto;
-    background: #fff;
-    color: #333;
-  }
-  :global(li),
-  :global(p) {
-    line-height: 1.5rem;
-  }
-  :global(a) {
-    font-weight: 500;
-  }
-  :global(hr) {
-    border: 1px solid #ddd;
-  }
-  :global(iframe) {
-    background: #ccc;
-    border: 1px solid #ccc;
-    height: 10rem;
-    width: 100%;
-    border-radius: 0.5rem;
-    filter: invert(1);
-  }
-
-  .nojs-show {
-    opacity: 1;
-    top: 0;
-  }
-  .signedInStatus {
-    display: block;
-    min-height: 4rem;
-    width: 100%;
-  }
-  .loaded {
-    position: relative;
-    top: 0;
-    opacity: 1;
-    overflow: hidden;
-    border-radius: 0 0 0.6rem 0.6rem;
-    padding: 0.6rem 1rem;
-    margin: 0;
-    background-color: rgba(0, 0, 0, 0.05);
-    transition: all 0.2s ease-in;
-  }
-  .signedInText,
-  .notSignedInText {
-    position: absolute;
-    padding-top: 0.8rem;
-    left: 1rem;
-    right: 6.5rem;
-    white-space: nowrap;
-    text-overflow: ellipsis;
-    overflow: hidden;
-    display: inherit;
-    z-index: 1;
-    line-height: 1.3rem;
-  }
-  .signedInText {
-    padding-top: 0rem;
-    left: 4.6rem;
-  }
-  .avatar {
-    border-radius: 2rem;
-    float: left;
-    height: 2.8rem;
-    width: 2.8rem;
-    background-color: white;
-    background-size: cover;
-    background-repeat: no-repeat;
-  }
-  .button,
-  .buttonPrimary {
-    float: right;
-    margin-right: -0.4rem;
-    font-weight: 500;
-    border-radius: 0.3rem;
-    cursor: pointer;
-    font-size: 1rem;
-    line-height: 1.4rem;
-    padding: 0.7rem 0.8rem;
-    position: relative;
-    z-index: 10;
-    background-color: transparent;
-    color: #555;
-  }
-  .buttonPrimary {
-    background-color: #346df1;
-    border-color: #346df1;
-    color: #fff;
-    text-decoration: none;
-    padding: 0.7rem 1.4rem;
-  }
-  .buttonPrimary:hover {
-    box-shadow: inset 0 0 5rem rgba(0, 0, 0, 0.2);
-  }
-  .navItems {
-    margin-bottom: 2rem;
-    padding: 0;
-    list-style: none;
-  }
-  .navItem {
-    display: inline-block;
-    margin-right: 1rem;
-  }
-</style>

apps/playground-sveltekit/src/routes/+page.svelte

@@ -1,7 +0,0 @@
-<h1>SvelteKit + NextAuth.js Example</h1>
-<p>
-  This is an example site to demonstrate how to use <a
-    href="https://kit.svelte.dev/">SvelteKit</a
-  >
-  with <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
-</p>

apps/playground-sveltekit/src/routes/api/auth/[...nextauth]/+server.ts

@@ -1,3 +0,0 @@
-import { NextAuth, options } from "$lib/next-auth"
-
-export const { GET, POST } = NextAuth(options)

apps/playground-sveltekit/src/routes/protected/+page.svelte

@@ -1,10 +0,0 @@
-<script lang="ts">
-  import { page } from "$app/stores"
-</script>
-
-<h1>Protected page</h1>
-<p>
-  This is a protected content. You can access this content because you are
-  signed in.
-</p>
-<p>Session expiry: {$page.data.session.expires}</p>

apps/playground-sveltekit/src/routes/protected/+page.ts

@@ -1,10 +0,0 @@
-import { redirect } from "@sveltejs/kit"
-import type { PageLoad } from "./$types"
-
-export const load: PageLoad = async ({ parent }) => {
-  const { session } = await parent()
-  if (!session?.user) {
-    throw redirect(302, "/")
-  }
-  return {}
-}

apps/playground-sveltekit/svelte.config.js

@@ -1,14 +0,0 @@
-import adapter from "@sveltejs/adapter-node" // or use https://github.com/sveltejs/kit/tree/master/packages/adapter-auto
-import preprocess from "svelte-preprocess"
-
-/** @type {import('@sveltejs/kit').Config} */
-const config = {
-  // Consult https://github.com/sveltejs/svelte-preprocess
-  // for more information about preprocessors
-  preprocess: preprocess(),
-  kit: {
-    adapter: adapter(),
-  },
-}
-
-export default config

apps/playground-sveltekit/tsconfig.json

@@ -1,17 +0,0 @@
-{
-  "extends": "./.svelte-kit/tsconfig.json",
-  "compilerOptions": {
-    "allowJs": true,
-    "checkJs": true,
-    "esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
-    "skipLibCheck": true,
-    "sourceMap": true,
-    "strict": true
-  }
-  // Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias
-  //
-  // If you want to overwrite includes/excludes, make sure to copy over the relevant includes/excludes
-  // from the referenced tsconfig.json - TypeScript does not merge them in
-}

apps/playground-sveltekit/vite.config.ts

@@ -1,8 +0,0 @@
-import { sveltekit } from "@sveltejs/kit/vite"
-import type { UserConfig } from "vite"
-
-const config: UserConfig = {
-  plugins: [sveltekit()],
-}
-
-export default config

docs/CODE_OF_CONDUCT.md

@@ -1,76 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-- Using welcoming and inclusive language
-- Being respectful of differing viewpoints and experiences
-- Gracefully accepting constructive criticism
-- Focusing on what is best for the community
-- Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-- The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-- Trolling, insulting/derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting me@iaincollins.com. All complaints will be reviewed and
-investigated and will result in a response that is deemed necessary and
-appropriate to the circumstances. The project team is obligated to maintain
-confidentiality with regard to the reporter of an incident. Further details of
-specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq

docs/CONTRIBUTING.md

@@ -1,26 +0,0 @@
-# Contributing guide
-
-Contributions and feedback on your experience of using this software are welcome.
-
-This includes bug reports, feature requests, ideas, pull requests, and examples of how you have used this software.
-
-Please see the [Code of Conduct](CODE_OF_CONDUCT.md) and follow any templates configured in GitHub when reporting bugs, requesting enhancements, or contributing code.
-
-Please raise any significant new functionality or breaking change an issue for discussion before raising a Pull Request for it.
-
-## For contributors
-
-Anyone can be a contributor. Either you found a typo, or you have an awesome feature request you could implement, we encourage you to create a Pull Request.
-
-### Pull Requests
-
-- The latest changes are always in `main`, so please make your Pull Request against that branch.
-- Pull Requests should be raised for any change
-
-### Setting up local environment
-
-The local environment can be setup by doing the following.
-
-1. Clone the repository `$ git clone https://github.com/nextauthjs/docs.git`
-2. Install dependencies `$ npm install`
-3. Start development server `$ npm start`

docs/docs/adapters/mongodb.md

@@ -15,26 +15,23 @@ The MongoDB adapter does not handle connections automatically, so you will have
 npm install next-auth @next-auth/mongodb-adapter mongodb
 ```
 
-2. Add `lib/mongodb.js`
+2. Add `lib/mongodb.ts`
 
-```js
+```ts
 // This approach is taken from https://github.com/vercel/next.js/tree/canary/examples/with-mongodb
-import { MongoClient } from "mongodb"
-
-const uri = process.env.MONGODB_URI
-const options = {
-  useUnifiedTopology: true,
-  useNewUrlParser: true,
-}
-
-let client
-let clientPromise
+import { MongoClient } from 'mongodb'
 
 if (!process.env.MONGODB_URI) {
-  throw new Error("Please add your Mongo URI to .env.local")
+  throw new Error('Invalid/Missing environment variable: "MONGODB_URI"')
 }
 
-if (process.env.NODE_ENV === "development") {
+const uri = process.env.MONGODB_URI
+const options = {}
+
+let client
+let clientPromise: Promise<MongoClient>
+
+if (process.env.NODE_ENV === 'development') {
   // In development mode, use a global variable so that the value
   // is preserved across module reloads caused by HMR (Hot Module Replacement).
   if (!global._mongoClientPromise) {

docs/docs/adapters/overview.md

@@ -21,6 +21,7 @@ We have a list of official adapters that are distributed as their own packages u
 - [`neo4j`](./neo4j)
 - [`typeorm-legacy`](./typeorm)
 - [`sequelize`](./sequelize)
+- [`supabase`](./supabase)
 - [`dgraph`](./dgraph)
 - [`upstash-redis`](./upstash-redis)
 

docs/docs/adapters/supabase.md

@@ -0,0 +1,309 @@
+---
+id: supabase
+title: Supabase
+---
+
+# Supabase
+
+This is the Supabase Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
+
+:::note
+This adapter is developed by the community and not officially maintained or supported by Supabase. It uses the Supabase Database to store user and session data in a separate `next_auth` schema. It is a standalone Auth server that does not interface with Supabase Auth and therefore provides a different feature set.
+
+If you’re looking for an officially maintained Auth server with additional features like [built-in email server](https://supabase.com/docs/guides/auth/auth-email#configure-email-settings?utm_source=next-auth-docs&medium=referral&campaign=next-auth), [phone auth](https://supabase.com/docs/guides/auth/auth-twilio?utm_source=next-auth-docs&medium=referral&campaign=next-auth), and [Multi Factor Authentication (MFA / 2FA)](https://supabase.com/contact/mfa?utm_source=next-auth-docs&medium=referral&campaign=next-auth), please use [Supabase Auth](https://supabase.com/auth) with the [Auth Helpers for Next.js](https://supabase.com/docs/guides/auth/auth-helpers/nextjs?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
+:::
+
+## Getting Started
+
+1. Install `@supabase/supabase-js`, `next-auth` and `@next-auth/supabase-adapter`.
+
+```bash npm2yarn2pnpm
+npm install @supabase/supabase-js next-auth @next-auth/supabase-adapter
+```
+
+2. Add this adapter to your `pages/api/[...nextauth].js` next-auth configuration object.
+
+```js title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import { SupabaseAdapter } from "@next-auth/supabase-adapter"
+
+// For more information on each option (and a full list of options) go to
+// https://next-auth.js.org/configuration/options
+export default NextAuth({
+  // https://next-auth.js.org/configuration/providers
+  providers: [...],
+  adapter: SupabaseAdapter({
+    url: process.env.NEXT_PUBLIC_SUPABASE_URL,
+    secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
+  }),
+  // ...
+})
+```
+
+## Setup
+
+### Create the `next_auth` schema in Supabase
+
+Setup your database as described in our main [schema](/adapters/models), by copying the SQL schema below in the Supabase [SQL Editor](https://app.supabase.com/project/_/sql).
+
+Alternatively you can select the NextAuth Quickstart card on the [SQL Editor page](https://app.supabase.com/project/_/sql), or [create a migration with the Supabase CLI](https://supabase.com/docs/guides/cli/local-development#database-migrations?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
+
+```sql
+--
+-- Name: next_auth; Type: SCHEMA;
+--
+CREATE SCHEMA next_auth;
+
+GRANT USAGE ON SCHEMA next_auth TO service_role;
+GRANT ALL ON SCHEMA next_auth TO postgres;
+
+--
+-- Create users table
+--
+CREATE TABLE IF NOT EXISTS next_auth.users
+(
+    id uuid NOT NULL DEFAULT uuid_generate_v4(),
+    name text,
+    email text,
+    "emailVerified" timestamp with time zone,
+    image text,
+    CONSTRAINT users_pkey PRIMARY KEY (id),
+    CONSTRAINT email_unique UNIQUE (email)
+);
+
+GRANT ALL ON TABLE next_auth.users TO postgres;
+GRANT ALL ON TABLE next_auth.users TO service_role;
+
+--- uid() function to be used in RLS policies
+CREATE FUNCTION next_auth.uid() RETURNS uuid
+    LANGUAGE sql STABLE
+    AS $$
+  select
+  	coalesce(
+		nullif(current_setting('request.jwt.claim.sub', true), ''),
+		(nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub')
+	)::uuid
+$$;
+
+--
+-- Create sessions table
+--
+CREATE TABLE IF NOT EXISTS  next_auth.sessions
+(
+    id uuid NOT NULL DEFAULT uuid_generate_v4(),
+    expires timestamp with time zone NOT NULL,
+    "sessionToken" text NOT NULL,
+    "userId" uuid,
+    CONSTRAINT sessions_pkey PRIMARY KEY (id),
+    CONSTRAINT sessionToken_unique UNIQUE ("sessionToken"),
+    CONSTRAINT "sessions_userId_fkey" FOREIGN KEY ("userId")
+        REFERENCES  next_auth.users (id) MATCH SIMPLE
+        ON UPDATE NO ACTION
+        ON DELETE CASCADE
+);
+
+GRANT ALL ON TABLE next_auth.sessions TO postgres;
+GRANT ALL ON TABLE next_auth.sessions TO service_role;
+
+--
+-- Create accounts table
+--
+CREATE TABLE IF NOT EXISTS  next_auth.accounts
+(
+    id uuid NOT NULL DEFAULT uuid_generate_v4(),
+    type text NOT NULL,
+    provider text NOT NULL,
+    "providerAccountId" text NOT NULL,
+    refresh_token text,
+    access_token text,
+    expires_at bigint,
+    token_type text,
+    scope text,
+    id_token text,
+    session_state text,
+    oauth_token_secret text,
+    oauth_token text,
+    "userId" uuid,
+    CONSTRAINT accounts_pkey PRIMARY KEY (id),
+    CONSTRAINT provider_unique UNIQUE (provider, "providerAccountId"),
+    CONSTRAINT "accounts_userId_fkey" FOREIGN KEY ("userId")
+        REFERENCES  next_auth.users (id) MATCH SIMPLE
+        ON UPDATE NO ACTION
+        ON DELETE CASCADE
+);
+
+GRANT ALL ON TABLE next_auth.accounts TO postgres;
+GRANT ALL ON TABLE next_auth.accounts TO service_role;
+
+--
+-- Create verification_tokens table
+--
+CREATE TABLE IF NOT EXISTS  next_auth.verification_tokens
+(
+    identifier text,
+    token text,
+    expires timestamp with time zone NOT NULL,
+    CONSTRAINT verification_tokens_pkey PRIMARY KEY (token),
+    CONSTRAINT token_unique UNIQUE (token),
+    CONSTRAINT token_identifier_unique UNIQUE (token, identifier)
+);
+
+GRANT ALL ON TABLE next_auth.verification_tokens TO postgres;
+GRANT ALL ON TABLE next_auth.verification_tokens TO service_role;
+```
+
+### Expose the `next_auth` schema in Supabase
+
+Expose the `next_auth` schema via the Serverless API in the [API settings](https://app.supabase.com/project/_/settings/api) by adding `next_auth` to the "Exposed schemas" list.
+
+When developing locally add `next_auth` to the `schemas` array in the `config.toml` file in the `supabase` folder that was generated by the [Supabase CLI](https://supabase.com/docs/guides/cli/local-development#initialize-your-project?utm_source=next-auth-docs&medium=referral&campaign=next-auth).
+
+## Enabling Row Level Security (RLS)
+
+Postgres provides a powerful feature called [Row Level Security (RLS)](https://supabase.com/docs/guides/auth/row-level-security?utm_source=next-auth-docs&medium=referral&campaign=next-auth) to limit access to data.
+
+This works by sending a signed JWT to your [Supabase Serverless API](https://supabase.com/docs/guides/api?utm_source=next-auth-docs&medium=referral&campaign=next-auth). There is two steps to make this work with NextAuth:
+
+### 1. Generate the Supabase `access_token` JWT in the session callback
+
+To sign the JWT use the `jsonwebtoken` package:
+
+```bash npm2yarn2pnpm
+npm install jsonwebtoken
+```
+
+Using the [NexthAuth Session callback](https://next-auth.js.org/configuration/callbacks#session-callback) create the Supabase `access_token` and append it to the `session` object.
+
+To sign the JWT use the Supabase JWT secret which can be found in the [API settings](https://app.supabase.com/project/_/settings/api)
+
+```js title="pages/api/auth/[...nextauth].js"
+import NextAuth from "next-auth"
+import { SupabaseAdapter } from "@next-auth/supabase-adapter"
+import jwt from "jsonwebtoken"
+
+// For more information on each option (and a full list of options) go to
+// https://next-auth.js.org/configuration/options
+export default NextAuth({
+  // https://next-auth.js.org/configuration/providers
+  providers: [...],
+  adapter: SupabaseAdapter({
+    url: process.env.NEXT_PUBLIC_SUPABASE_URL,
+    secret: process.env.SUPABASE_SERVICE_ROLE_KEY,
+  }),
+	callbacks: {
+    async session({ session, user }) {
+      const signingSecret = process.env.SUPABASE_JWT_SECRET
+      if (signingSecret) {
+        const payload = {
+          aud: "authenticated",
+          exp: Math.floor(new Date(session.expires).getTime() / 1000),
+          sub: user.id,
+          email: user.email,
+          role: "authenticated",
+        }
+        session.supabaseAccessToken = jwt.sign(payload, signingSecret)
+      }
+      return session
+    },
+  },
+  // ...
+})
+```
+
+### 2. Inject the Supabase `access_token` JWT into the Supabase Client
+
+For example, given the following public schema:
+
+```sql
+/**
+* USERS
+* Note: This table contains user data. Users should only be able to view and update their own data.
+*/
+create table users (
+  -- UUID from next_auth.users
+  id uuid not null primary key,
+  name text,
+  email text,
+  image text,
+  constraint "users_id_fkey" foreign key ("id")
+        references  next_auth.users (id) match simple
+        on update no action
+        on delete cascade -- if user is deleted in NextAuth they will also be deleted in our public table.
+);
+alter table users enable row level security;
+create policy "Can view own user data." on users for select using (next_auth.uid() = id);
+create policy "Can update own user data." on users for update using (next_auth.uid() = id);
+
+/**
+* This trigger automatically creates a user entry when a new user signs up via NextAuth.
+*/
+create function public.handle_new_user()
+returns trigger as $$
+begin
+  insert into public.users (id, name, email, image)
+  values (new.id, new.name, new.email, new.image);
+  return new;
+end;
+$$ language plpgsql security definer;
+create trigger on_auth_user_created
+  after insert on next_auth.users
+  for each row execute procedure public.handle_new_user();
+```
+
+The `supabaseAccessToken` is now available on the `session` object and can be passed to the supabase-js client. This works in any environment: client-side, server-side (API routes, SSR), as well as in middleware edge functions!
+
+```js
+// ...
+// Use `useSession()` or `unstable_getServerSession()` to get the NextAuth session.
+
+const { supabaseAccessToken } = session
+
+const supabase = createClient(
+  process.env.NEXT_PUBLIC_SUPABASE_URL,
+  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
+  {
+    global: {
+      headers: {
+        Authorization: `Bearer ${supabaseAccessToken}`,
+      },
+    },
+  }
+)
+// Now you can query with RLS enabled.
+const { data, error } = await supabase.from("users").select("*")
+```
+
+## Usage with TypeScript
+
+You can pass types that were [generated with the Supabase CLI](https://supabase.com/docs/reference/javascript/typescript-support#generating-types) to the Supabase Client to get enhanced type safety and auto completion.
+
+Creating a new supabase client object:
+
+```tsx
+import { createClient } from "@supabase/supabase-js"
+import { Database } from "../database.types"
+
+const supabase = createClient<Database>()
+```
+
+### Extend the session type with the `supabaseAccessToken`
+
+In order to extend the `session` object with the `supabaseAccessToken` we need to extend the `session` interface in a `types/next-auth.d.ts` file:
+
+```ts title="types/next-auth.d.ts"
+import NextAuth, { DefaultSession } from "next-auth"
+
+declare module "next-auth" {
+  /**
+   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
+   */
+  interface Session {
+    // A JWT which can be used as Authorization header with supabase-js for RLS.
+    supabaseAccessToken?: string
+    user: {
+      /** The user's postal address. */
+      address: string
+    } & DefaultSession["user"]
+  }
+}
+```

docs/docs/configuration/nextjs.md

@@ -14,7 +14,7 @@ Otherwise, if you only want to get the session token, see [`getToken`](/tutorial
 
 In `[...nextauth].ts`:
 ```ts
-import { NextAuth } from 'next-auth'
+import NextAuth from 'next-auth'
 import type { NextAuthOptions } from 'next-auth'
 
 export const authOptions: NextAuthOptions = {
@@ -75,9 +75,10 @@ You can also use `unstable_getServerSession` in Next.js' server components:
 
 ```tsx
 import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "pages/api/auth/[...nextauth]"
 
 export default async function Page() {
-  const session = await unstable_getServerSession()
+  const session = await unstable_getServerSession(authOptions)
   return <pre>{JSON.stringify(session, null, 2)}</pre>
 }
 ```

docs/docs/configuration/options.md

@@ -472,7 +472,8 @@ cookies: {
       httpOnly: true,
       sameSite: 'lax',
       path: '/',
-      secure: useSecureCookies
+      secure: useSecureCookies,
+      maxAge: 900
     }
   },
   state: {
@@ -482,6 +483,7 @@ cookies: {
       sameSite: "lax",
       path: "/",
       secure: useSecureCookies,
+      maxAge: 900
     },
   },
   nonce: {

docs/docs/configuration/providers/email.md

@@ -13,7 +13,7 @@ Adding support for signing in via email in addition to one or more OAuth service
 Configuration is similar to other providers, but the options are different:
 
 ```js title="pages/api/auth/[...nextauth].js"
-import EmailProvider from `next-auth/providers/email`
+import EmailProvider from "next-auth/providers/email"
 ...
 providers: [
   EmailProvider({

docs/docs/configuration/providers/oauth.md

@@ -174,6 +174,10 @@ interface OAuthConfig {
   issuer?: string
   client?: Partial<ClientMetadata>
   allowDangerousEmailAccountLinking?: boolean
+  /**
+   * Object containing the settings for the styling of the providers sign-in buttons
+   */
+  style: ProviderStyleType
 }
 ```
 
@@ -428,8 +432,9 @@ If you think your custom provider might be useful to others, we encourage you to
 You only need to add three changes:
 
 1. Add your config: [`src/providers/{provider}.ts`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
-   • make sure you use a named default export, like this: `export default function YourProvider`
+    - Make sure you use a named default export, like this: `export default function YourProvider`
+    - Add two SVG's of the provider logo, like `google-dark.svg` (dark mode) and `google.svg` (light mode), to the `/packages/next-auth/provider-logos/` directory as well as the styling config to the provider config object. See existing provider for example
 2. Add provider documentation: [`/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/docs/docs/providers)
-3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](<[http](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)>)
+3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)
 
 That's it! 🎉 Others will be able to discover and use this provider much more easily now!

docs/docs/errors.md

@@ -78,7 +78,7 @@ If you are using an OAuth v1 provider, check your OAuth v1 provider settings, es
 
 3. `openid-client` version mismatch
 
-If you are seeing `expected 200 OK with body but no body was returned`, it might have happened due to `openid-client` (which is peer dependency) node version mismatch. For instance, `openid-client` requires `>=14.2.0` for `lts/fermium` and has similar limits for the other versions. For the full list of the compatible node versions please see [package.json](https://github.com/panva/node-openid-client/blob/2a84e46992e1ebeaf685c3f87b65663d126e81aa/package.json#L78).
+If you are seeing `expected 200 OK with body but no body was returned`, it might have happened due to `openid-client` (which is a dependency we rely on) node version mismatch. For instance, `openid-client` requires `>=14.2.0` for `lts/fermium` and has similar limits for the other versions. For the full list of the compatible node versions please see [package.json](https://github.com/panva/node-openid-client/blob/2a84e46992e1ebeaf685c3f87b65663d126e81aa/package.json#L78).
 
 #### OAUTH_CALLBACK_ERROR
 

docs/docs/faq.md

@@ -67,7 +67,7 @@ _If you use a custom credentials provider user accounts will not be persisted in
 </summary>
 <p>
 
-NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/example-gatsby" target="_blank">Gatsby</a> and <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-sveltekit" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before open a new issue.
+NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-gatsby" target="_blank">Gatsby</a> and <a href="https://sveltekit.authjs.dev/" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before open a new issue.
 
 </p>
 </details>

docs/docs/getting-started/client.md

@@ -65,7 +65,7 @@ export default function Component() {
 
 ### Require session
 
-Due to the way how Next.js handles `getServerSideProps` and `getInitialProps`, every protected page load has to make a server-side request to check if the session is valid and then generate the requested page (SSR). This increases server load, and if you are good with making the requests from the client, there is an alternative. You can use `useSession` in a way that makes sure you always have a valid session. If after the initial loading state there was no session found, you can define the appropriate action to respond.
+Due to the way Next.js handles `getServerSideProps` and `getInitialProps`, every protected page load has to make a server-side request to check if the session is valid and then generate the requested page (SSR). This increases server load, and if you are good with making the requests from the client, there is an alternative. You can use `useSession` in a way that makes sure you always have a valid session. If after the initial loading state there was no session found, you can define the appropriate action to respond.
 
 The default behavior is to redirect the user to the sign-in page, from where - after a successful login - they will be sent back to the page they started on. You can also define an `onUnauthenticated()` callback, if you would like to do something else:
 

docs/docs/providers/identity-server4.md

@@ -35,27 +35,3 @@ providers: [
 ]
 ...
 ```
-
-## Demo IdentityServer
-
-The configuration below is for the demo server at https://demo.identityserver.io/
-
-If you want to try it out, you can copy and paste the configuration below.
-
-You can sign in to the demo service with either <b>bob/bob</b> or <b>alice/alice</b>.
-
-```js
-import IdentityServer4Provider from `next-auth/providers/identity-server4`
-...
-providers: [
-  IdentityServer4Provider({
-    id: "demo-identity-server",
-    name: "Demo IdentityServer4",
-    authorization: { params: { scope: "openid profile email api offline_access" } },
-    issuer:  "https://demo.identityserver.io/",
-    clientId: "interactive.confidential",
-    clientSecret: "secret",
-  })
-}
-...
-```

docs/docs/providers/strava.md

@@ -11,7 +11,7 @@ http://developers.strava.com/docs/reference/
 
 The **Strava Provider** comes with a set of default options:
 
-- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/strava.js)
+- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/strava.ts)
 
 You can override any of the options to suit your own use case. Ensure the redirect_uri configuration fits your needs accordingly.
 

docs/docs/tutorials.md

@@ -46,6 +46,10 @@ title: Tutorials and Explainers
 - Learn how to use Sign-In With Ethereum to authenticate your users with their existing Ethereum wallets - identifiers they personally control.
 - Example application: [spruceid/siwe-next-auth-example](https://github.com/spruceid/siwe-next-auth-example)
 
+#### [Next.js Authentication with Okta and NextAuth.js 4.0](https://thetombomb.com/posts/nextjs-nextauth-okta) <svg xmlns="http://www.w3.org/2000/svg" style={{ marginLeft: '5px', marginBottom:'-6px'}} height="20" width="20" fill="none" viewBox="0 0 24 24" stroke="currentColor"><title>External</title> <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" /> </svg>
+
+- Learn how to perform authentication with an OIDC Application in Okta and NextAuth.js.
+
 ## Fullstack
 
 #### [Build a FullStack App with Next.js, NextAuth.js, Supabase & Prisma](https://themodern.dev/courses/build-a-fullstack-app-with-nextjs-supabase-and-prisma-322389284337222224) <svg xmlns="http://www.w3.org/2000/svg" style={{ marginLeft: '5px', marginBottom:'-6px'}} height="20" width="20" fill="none" viewBox="0 0 24 24" stroke="currentColor"><title>External</title> <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" /> </svg>

docs/docs/tutorials/securing-pages-and-api-routes.md

@@ -42,7 +42,7 @@ export default function Page() {
 
 ### Next.js (Middleware)
 
-With NextAuth.js 4.2.0 and Next.js 12, you can now protect your pages via the middleware pattern more easily. If you would like to protect all pages, you can create a `middleware.js` file in your root `pages` directory which looks like this:
+With NextAuth.js 4.2.0 and Next.js 12, you can now protect your pages via the middleware pattern more easily. If you would like to protect all pages, you can create a `middleware.js` file at the root or in the src directory (same level as your `pages`) which looks like this:
 
 ```js title="/middleware.js"
 export { default } from "next-auth/middleware"
@@ -61,7 +61,7 @@ For the time being, the `withAuth` middleware only supports `"jwt"` as [session
 More details can be found [here](https://next-auth.js.org/configuration/nextjs#middleware).
 
 :::tip
-To inclue all `dashboard` nested routes (sub pages like `/dashboard/settings`, `/dashboard/profile`) you can pass `matcher: "/dashboard/:path*"` to `config`.
+To include all `dashboard` nested routes (sub pages like `/dashboard/settings`, `/dashboard/profile`) you can pass `matcher: "/dashboard/:path*"` to `config`.
 
 For other patterns check out the [Next.js Middleware documentation](https://nextjs.org/docs/advanced-features/middleware#matcher).
 :::

docs/docusaurus.config.js

@@ -7,8 +7,6 @@ module.exports = {
   favicon: "img/favicon.ico",
   organizationName: "nextauthjs",
   projectName: "next-auth",
-  // TODO: remove this once BETA is ready
-  onBrokenLinks: "log",
   themeConfig: {
     prism: {
       theme: require("prism-react-renderer/themes/vsDark"),
@@ -23,8 +21,10 @@ module.exports = {
     algolia: {
       appId: "OUEDA16KPG",
       apiKey: "97c0894508f2d1d4a2fef4fe6db28448",
-      indexName: "next-auth",
+      indexName: "next-auth-v4",
       searchParameters: {},
+      contextualSearch: false,
+      externalUrlRegex: "authjs\\.dev|next-auth\\.js\\.org",
     },
     navbar: {
       title: "NextAuth.js",
@@ -107,13 +107,13 @@ module.exports = {
         },
       ],
     },
-    // announcementBar: {
-    //   id: "new-major-announcement",
-    //   content:
-    //     "The default documentation is for v4 which has been released to GA 🚨 migration to <b>v4</b> docs can be found <a href='/getting-started/upgrade-v4'>here</a> 👈 The old v3 docs can be found <a href='/v3/getting-started/introduction'>here</a>.",
-    //   backgroundColor: "#1786fb",
-    //   textColor: "#fff",
-    // },
+    announcementBar: {
+      id: "new-major-announcement",
+      content:
+        "NextAuth.js is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. You are looking at the NextAuth.js (v4) documentation. For the new documentation go to <a target='_blank' rel='noopener noreferrer' href='https://authjs.dev'>authjs.dev</a>.",
+      backgroundColor: "#000",
+      textColor: "#fff",
+    },
     footer: {
       links: [
         {
@@ -180,7 +180,7 @@ module.exports = {
         docs: {
           routeBasePath: "/",
           sidebarPath: require.resolve("./sidebars.js"),
-          editUrl: "https://github.com/nextauthjs/next-auth/edit/main/docs",
+          editUrl: "https://github.com/nextauthjs/next-auth/edit/v4/docs",
           lastVersion: "current",
           showLastUpdateAuthor: true,
           showLastUpdateTime: true,
@@ -196,10 +196,6 @@ module.exports = {
             v3: {
               label: "v3",
             },
-            beta: {
-              label: "v4-unreleased",
-              banner: "unreleased",
-            },
           },
         },
         theme: {

docs/sidebars.js

@@ -65,6 +65,7 @@ module.exports = {
         "adapters/neo4j",
         "adapters/typeorm",
         "adapters/sequelize",
+        "adapters/supabase",
         "adapters/mikro-orm",
         "adapters/dgraph",
         "adapters/upstash-redis",

docs/versioned_docs/version-beta/concepts/faq.md

@@ -1,361 +0,0 @@
----
-id: faq
-title: Frequently Asked Questions
----
-
-## About NextAuth.js
-
-### Is NextAuth.js commercial software?
-
-NextAuth.js is an open source project built by individual contributors.
-
-It is not commercial software and is not associated with a commercial organization.
-
----
-
-## Compatibility
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What databases does NextAuth.js support?</h3>
-</summary>
-<p>
-
-You can use NextAuth.js with MySQL, MariaDB, Postgres, MongoDB and SQLite or without a database. (See also: [Databases](/configuration/databases))
-
-You can use also NextAuth.js with any database using a custom database adapter, or by using a custom credentials authentication provider - e.g. to support signing in with a username and password stored in an existing database.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What authentication services does NextAuth.js support?</h3>
-</summary>
-<p>
-
-<p>NextAuth.js includes built-in support for signing in with&nbsp;
---------- DISPLAY PROVIDERS HERE ----------
-(See also: <a href="/configuration/providers/oauth">Providers</a>)
-</p>
-
-NextAuth.js also supports email for passwordless sign in, which is useful for account recovery or for people who are not able to use an account with the configured OAuth services (e.g. due to service outage, account suspension or otherwise becoming locked out of an account).
-
-You can also use a custom based provider to support signing in with a username and password stored in an external database and/or using two factor authentication.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Does NextAuth.js support signing in with a username and password?</h3>
-</summary>
-<p>
-
-NextAuth.js is designed to avoid the need to store passwords for user accounts.
-
-If you have an existing database of usernames and passwords, you can use a custom credentials provider to allow signing in with a username and password stored in an existing database.
-
-_If you use a custom credentials provider user accounts will not be persisted in a database by NextAuth.js (even if one is configured). The option to use JSON Web Tokens for session tokens (which allow sign in without using a session database) must be enabled to use a custom credentials provider._
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with a website that does not use Next.js?</h3>
-</summary>
-<p>
-
-NextAuth.js is designed for use with Next.js and Serverless.
-
-If you are using a different framework for your website, you can create a website that handles sign in with Next.js and then access those sessions on a website that does not use Next.js as long as the websites are on the same domain.
-
-If you use NextAuth.js on a website with a different subdomain then the rest of your website (e.g. `auth.example.com` vs `www.example.com`) you will need to set a custom cookie domain policy for the Session Token cookie. (See also: [Cookies](/configuration/options#cookies))
-
-NextAuth.js does not currently support automatically signing into sites on different top level domains (e.g. `www.example.com` vs `www.example.org`) using a single session.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Can I use NextAuth.js with React Native?</h3>
-</summary>
-<p>
-
-NextAuth.js is designed as a secure, confidential client and implements a server side authentication flow.
-
-It is not intended to be used in native applications on desktop or mobile applications, which typically implement public clients (e.g. with client / secrets embedded in the application).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Is NextAuth.js supporting TypeScript?</h3>
-</summary>
-<p>
-
-Yes! Check out the [TypeScript docs](/getting-started/typescript)
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Is NextAuth.js compatible with Next.js 12 Middleware?</h3>
-</summary>
-<p>
-
-[Next.js Middleware](https://nextjs.org/docs/middleware) is supported. Head over to the [this page](/configuration/nextjs#middleware)
-
-</p>
-</details>
-
----
-
-## Databases
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What databases are supported by NextAuth.js?</h3>
-</summary>
-<p>
-
-NextAuth.js can be used with MySQL, Postgres, MongoDB, SQLite and compatible databases (e.g. MariaDB, Amazon Aurora, Amazon DocumentDB…) or with no database.
-
-It also provides an Adapter API which allows you to connect it to any database.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What does NextAuth.js use databases for?</h3>
-</summary>
-<p>
-
-Databases in NextAuth.js are used for persisting users, OAuth accounts, email sign in tokens and sessions.
-
-Specifying a database is optional if you don't need to persist user data or support email sign in. If you don't specify a database then JSON Web Tokens will be enabled for session storage and used to store session data.
-
-If you are using a database with NextAuth.js, you can still explicitly enable JSON Web Tokens for sessions (instead of using database sessions).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Should I use a database?</h3>
-</summary>
-<p>
-
-- Using NextAuth.js without a database works well for internal tools - where you need to control who is able to sign in, but when you do not need to create user accounts for them in your application.
-
-- Using NextAuth.js with a database is usually a better approach for a consumer facing application where you need to persist accounts (e.g. for billing, to contact customers, etc).
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>What database should I use?</h3>
-</summary>
-<p>
-
-Managed database solutions for MySQL, Postgres and MongoDB (and compatible databases) are well supported from cloud providers such as Amazon, Google, Microsoft and Atlas.
-
-If you are deploying directly to a particular cloud platform you may also want to consider serverless database offerings they have (e.g. [Amazon Aurora Serverless on AWS](https://aws.amazon.com/rds/aurora/serverless/)).
-
-</p>
-</details>
-
----
-
-## Security
-
-Parts of this section has been moved to its [own page](/security).
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>How do I get Refresh Tokens and Access Tokens for an OAuth account?</h3>
-</summary>
-<p>
-
-NextAuth.js provides a solution for authentication, session management and user account creation.
-
-NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by the provider) and it will pass them, along with the User ID, Provider and Provider Account ID, to either:
-
-1. A database - if a database connection string is provided
-2. The JSON Web Token callback - if JWT sessions are enabled (e.g. if no database specified)
-
-You can then look them up from the database or persist them to the JSON Web Token.
-
-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.
-
-We also have an [example repository](https://github.com/nextauthjs/next-auth-refresh-token-example) / project based upon NextAuth.js v4 where we demonstrate how to use a refresh token to refresh the provided access token.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>When I sign in with another account with the same email address, why are accounts not linked automatically?</h3>
-</summary>
-<p>
-
-Automatic account linking on sign in is not secure between arbitrary providers - with the exception of allowing users to sign in via an email addresses as a fallback (as they must verify their email address as part of the flow).
-
-When an email address is associated with an OAuth account it does not necessarily mean that it has been verified as belonging to account holder — how email address verification is handled is not part of the OAuth specification and varies between providers (e.g. some do not verify first, some do verify first, others return metadata indicating the verification status).
-
-With automatic account linking on sign in, this can be exploited by bad actors to hijack accounts by creating an OAuth account associated with the email address of another user.
-
-For this reason it is not secure to automatically link accounts between arbitrary providers on sign in, which is why this feature is generally not provided by authentication service and is not provided by NextAuth.js.
-
-Automatic account linking is seen on some sites, sometimes insecurely. It can be technically possible to do automatic account linking securely if you trust all the providers involved to ensure they have securely verified the email address associated with the account, but requires placing trust (and transferring the risk) to those providers to handle the process securely.
-
-Examples of scenarios where this is secure include with an OAuth provider you control (e.g. that only authorizes users internal to your organization) or with a provider you explicitly trust to have verified the users email address.
-
-Automatic account linking is not a planned feature of NextAuth.js, however there is scope to improve the user experience of account linking and of handling this flow, in a secure way. Typically this involves providing a fallback option to sign in via email, which is already possible (and recommended), but the current implementation of this flow could be improved on.
-
-Providing support for secure account linking and unlinking of additional providers - which can only be done if a user is already signed in already - was originally a feature in v1.x but has not been present since v2.0, is planned to return in a future release.
-
-</p>
-</details>
-
----
-
-## Feature Requests
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>Why doesn't NextAuth.js support [a particular feature]?</h3>
-</summary>
-<p>
-
-NextAuth.js is an open source project built by individual contributors who are volunteers writing code and providing support in their spare time.
-
-If you would like NextAuth.js to support a particular feature, the best way to help make it happen is to raise a feature request describing the feature and offer to work with other contributors to develop and test it.
-
-If you are not able to develop a feature yourself, you can offer to sponsor someone to work on it.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3 style={{display:"inline-block"}}>I disagree with a design decision, how can I change your mind?</h3>
-</summary>
-<p>
-
-Product design decisions on NextAuth.js are made by core team members.
-
-You can raise suggestions as feature requests / requests for enhancement.
-
-Requests that provide the detail requested in the template and follow the format requested may be more likely to be supported, as additional detail prompted in the templates often provides important context.
-
-Ultimately if your request is not accepted or is not actively in development, you are always free to fork the project under the terms of the ISC License.
-
-</p>
-</details>
-
----
-
-## JSON Web Tokens
-
-<details>
-<summary>
-  <h3>Does NextAuth.js use JSON Web Tokens?</h3>
-</summary>
-<p>
-
-NextAuth.js by default uses JSON Web Tokens for saving the user's session. However, if you use a [database adapter](/adapters/overview), the database will be used to persist the user's session. You can force the usage of JWT when using a database [through the configuration options](/configuration/options#session). Since v4 all our JWT tokens are now encrypted by default with A256GCM.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What are the advantages of JSON Web Tokens?</h3>
-</summary>
-<p>
-
-JSON Web Tokens can be used for session tokens, but are also used for lots of other things, such as sending signed objects between services in authentication flows.
-
-- Advantages of using a JWT as a session token include that they do not require a database to store sessions, this can be faster and cheaper to run and easier to scale.
-
-- JSON Web Tokens in NextAuth.js are secured using cryptographic encryption (JWE) to store the included information directly in a JWT session token. You may then use the token to pass information between services and APIs on the same domain without having to contact a database to verify the included information.
-
-- You can use JWT to securely store information you do not mind the client knowing even without encryption, as the JWT is stored in a server-readable-only cookie so data in the JWT is not accessible to third party JavaScript running on your site.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What are the disadvantages of JSON Web Tokens?</h3>
-</summary>
-<p>
-
-- You cannot as easily expire a JSON Web Token - doing so requires maintaining a server side blocklist of invalid tokens (at least until they expire) and checking every token against the list every time a token is presented.
-
-  Shorter session expiry times are used when using JSON Web Tokens as session tokens to allow sessions to be invalidated sooner and simplify this problem.
-
-  NextAuth.js client includes advanced features to mitigate the downsides of using shorter session expiry times on the user experience, including automatic session token rotation, optionally sending keep alive messages to prevent short lived sessions from expiring if there is an window or tab open, background re-validation, and automatic tab/window syncing that keeps sessions in sync across windows any time session state changes or a window or tab gains or loses focus.
-
-- As with database session tokens, JSON Web Tokens are limited in the amount of data you can store in them. There is typically a limit of around 4096 bytes per cookie, though the exact limit varies between browsers, proxies and hosting services. If you want to support most browsers, then do not exceed 4096 bytes per cookie. If you want to save more data, you will need to persist your sessions in a database (Source: [browsercookielimits.iain.guru](http://browsercookielimits.iain.guru/))
-
-  The more data you try to store in a token and the more other cookies you set, the closer you will come to this limit. Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing. However since this data needs to be transmitted on every request, if you wish to store more than ~4 KB of data you're probably at the point where you want to store a unique ID in the token and persist the data elsewhere (e.g. in a server-side key/value store).
-
-- Data stored in an encrypted JSON Web Token (JWE) may be compromised at some point.
-
-  Even if appropriately configured, information stored in an encrypted JWT should not be assumed to be impossible to decrypt at some point - e.g. due to the discovery of a defect or advances in technology.
-
-  Avoid storing any data in a token that might be problematic if it were to be decrypted in the future.
-
-- If you do not explicitly specify a secret for for NextAuth.js, existing sessions will be invalidated any time your NextAuth.js configuration changes, as NextAuth.js will default to an auto-generated secret. Since v4 this only impacts development and generating a secret is required in production.
-
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>Are JSON Web Tokens secure?</h3>
-</summary>
-<p>
-
-By default tokens are not signed (JWS) but are encrypted (JWE). Since v4 we have implemented cookie chunking so that cookies over the 4kb limit get split and reassembled upon parsing.
-
-You can specify other valid algorithms - [as specified in RFC 7518](https://tools.ietf.org/html/rfc7517) - with either a secret (for symmetric encryption) or a public/private key pair (for asymmetric encryption).
-
-NextAuth.js will generate keys for you, but this will generate a warning at start up.
-
-Using explicit public/private keys for signing is strongly recommended.
-
-</p>
-</details>
-
-<details>
-<summary>
-  <h3>What signing and encryption standards does NextAuth.js support?</h3>
-</summary>
-<p>
-
-NextAuth.js includes a largely complete implementation of JSON Object Signing and Encryption (JOSE):
-
-- [RFC 7515 - JSON Web Signature (JWS)](https://tools.ietf.org/html/rfc7515)
-- [RFC 7516 - JSON Web Encryption (JWE)](https://tools.ietf.org/html/rfc7516)
-- [RFC 7517 - JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517)
-- [RFC 7518 - JSON Web Algorithms (JWA)](https://tools.ietf.org/html/rfc7518)
-- [RFC 7519 - JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519)
-
-This incorporates support for:
-
-- [RFC 7638 - JSON Web Key Thumbprint](https://tools.ietf.org/html/rfc7638)
-- [RFC 7787 - JSON JWS Unencoded Payload Option](https://tools.ietf.org/html/rfc7797)
-- [RFC 8037 - CFRG Elliptic Curve ECDH and Signatures](https://tools.ietf.org/html/rfc8037)
-
-</p>
-</details>

docs/versioned_docs/version-beta/concepts/oauth.md

@@ -1,50 +0,0 @@
----
-title: How OAuth works
----
-Authentication Providers in **NextAuth.js** are OAuth definitions that allow your users to sign in with their favorite preexisting logins. You can use any of our many predefined providers, or write your own custom OAuth configuration.
-
-- [Using a built-in OAuth Provider](#built-in-providers) (e.g Github, Twitter, Google, etc...)
-- [Using a custom OAuth Provider](#using-a-custom-provider)
-
-:::note
-NextAuth.js is designed to work with any OAuth service, it supports **OAuth 1.0**, **1.0A**, **2.0** and **OpenID Connect** and has built-in support for most popular sign-in services.
-:::
-
-Without going into too much detail, the OAuth flow generally has 6 parts:
-
-1. The application requests authorization to access service resources from the user
-2. If the user authorized the request, the application receives an authorization grant
-3. The application requests an access token from the authorization server (API) by presenting authentication of its own identity, and the authorization grant
-4. If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.
-5. The application requests the resource from the resource server (API) and presents the access token for authentication
-6. If the access token is valid, the resource server (API) serves the resource to the application
-
-```mermaid
-sequenceDiagram
-    participant Browser
-    participant App Server
-    participant Auth Server (Github)
-    Note left of Browser: User clicks on "Sign in"
-    Browser->>App Server: GET<br/>"api/auth/signin"
-    App Server->>App Server: Computes the available<br/>sign in providers<br/>from the "providers" option
-    App Server->>Browser: Redirects to Sign in page
-    Note left of Browser: Sign in options<br/>are shown the user<br/>(Github, Twitter, etc...)
-    Note left of Browser: User clicks on<br/>"Sign in with Github"
-    Browser->>App Server: POST<br/>"api/auth/signin/github"
-    App Server->>App Server: Computes sign in<br/>options for Github<br/>(scopes, callback URL, etc...)
-    App Server->>Auth Server (Github): GET<br/>"github.com/login/oauth/authorize"
-    Note left of Auth Server (Github): Sign in options<br> are supplied as<br/>query params<br/>(clientId, <br/>scope, etc...)
-    Auth Server (Github)->>Browser: Shows sign in page<br/>in Github.com<br/>to the user
-    Note left of Browser: User inserts their<br/>credentials in Github
-    Browser->>Auth Server (Github): Github validates the inserted credentials
-    Auth Server (Github)->>Auth Server (Github): Generates one time access code<br/>and calls callback<br>URL defined in<br/>App settings
-    Auth Server (Github)->>App Server: GET<br/>"api/auth/github/callback?code=123"
-    App Server->>App Server: Grabs code<br/>to exchange it for<br/>access token
-    App Server->>Auth Server (Github): POST<br/>"github.com/login/oauth/access_token"<br/>{code: 123}
-    Auth Server (Github)->>Auth Server (Github): Verifies code is<br/>valid and generates<br/>access token
-    Auth Server (Github)->>App Server: { access_token: 16C7x... }
-    App Server->>App Server: Generates session token<br/>and stores session
-    App Server->>Browser: You're now logged in!
-```
-
-For more details, check out Aaron Parecki's blog post [OAuth2 Simplified](https://aaronparecki.com/oauth-2-simplified/) or Postman's blog post [OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead](https://blog.postman.com/pkce-oauth-how-to/).

docs/versioned_docs/version-beta/getting-started/01-introduction.md

@@ -1,55 +0,0 @@
----
-title: Introduction
----
-
-## About NextAuth.js
-
-NextAuth.js is a complete open-source authentication solution for [Next.js](http://nextjs.org/) applications.
-
-It is designed from the ground up to support Next.js and Serverless.
-
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.
-
-### Flexible and easy to use
-
-- Designed to work with any [OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect](/providers)
-- Built-in support for [many popular sign-in services](/configuration/providers/oauth)
-- Supports [email / passwordless authentication](/providers/email)
-- Supports stateless authentication with [any backend](/adapters/overview) (Active Directory, LDAP, etc)
-- Supports both JSON Web Tokens and database sessions
-- Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
-
-### Own your own data
-
-NextAuth.js can be used with or without a database.
-
-- An open-source solution that allows you to keep control of your data
-- Supports Bring Your Own Database (BYOD) and can be used with any database
-- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/configuration/databases)
-- Works great with databases from popular hosting providers
-- Can also be used _without a database_ (e.g. OAuth + JWT)
-
-_Note: Email sign-in requires a database to be configured to store single-use verification tokens._
-
-### Secure by default
-
-- Promotes the use of passwordless sign-in mechanisms
-- Designed to be secure by default and encourage best practices for safeguarding user data
-- Uses Cross-Site Request Forgery Tokens on POST routes (sign in, sign out)
-- Default cookie policy aims for the most restrictive policy appropriate for each cookie
-- When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM
-- Auto-generates symmetric signing and encryption keys for developer convenience
-- Features tab/window syncing and keepalive messages to support short-lived sessions
-- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org/)
-
-Advanced options allow you to define your own routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
-
-## Credits
-
-NextAuth.js is an open-source project that is only possible [thanks to contributors](/contributors).
-
-If you would like to financially support the development of NextAuth.js, you can find more information on our [OpenCollective](https://opencollective.com/nextauth) page.
-
-## Getting Started
-
-[Check out the example code](/getting-started/example) to see how easy it is to use NextAuth.js for authentication.

docs/versioned_docs/version-beta/getting-started/02-oauth-tutorial.mdx

@@ -1,291 +0,0 @@
----
-title: OAuth authentication
----
-import creatingOauthAppImg from "./img/getting-started-creating-oauth-app.png"
-import addingCallbackUrlImg from "./img/getting-started-oauth-callback-url.png"
-import gettingClientIdSecretImg from "./img/getting-started-oauth-clientid-secret.png"
-import startAppAndSignInImg from "./img/getting-started-app-start.png"
-import githubAuthCredentials from "./img/getting-started-github-auth.png"
-import nextAuthUserLoggedIn from "./img/getting-started-nextauth-success.png"
-
-
-We know, authentication is hard. Is a rabbit hole and it's easy to get lost on it. The goal of making NextAuth.js is that you can add authentication easily to your project with just a few lines of code.
-
-The easiest way is to setup NextAuth.js with an [OAuth](https://en.wikipedia.org/wiki/OAuth) provider. In this tutorial we'll be setting NextAuth.js in a **Next.js app** to be able to login with **Github**.
-
-:::info
-NextAuth.js comes with a long list of [built-in providers](/reference/Providers/) (Google, Facebook, Twitter, etc...) you can also integrate it with your own OAuth service easily by [building a custom provider](/beta/guides/oauth/custom-provider). NextAuth.js can integrate as well with other frameworks like SvelteKit and Gatsby.
-:::
-
-## 1. Configuring NextAuth.js
-
-### Creating the server config
-
-To add NextAuth.js to a [**Next.js**](https://nextjs.org/) project, create the following [API route](https://nextjs.org/docs/api-routes/introduction):
-
-```
-pages/api/auth/[...nextauth].ts
-```
-
-This route will contain the **dynamic route handler** for NextAuth.js which describes your global auth configuration:
-
-```ts title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GithubProvider from "next-auth/providers/github"
-
-export default NextAuth({
-  providers: [
-    GithubProvider({
-      clientId: /* We'll fill this later */,
-      clientSecret: /* We'll fill this later*/,
-    }),
-  ],
-})
-```
-
-Behind the scenes this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
-
-- `/api/auth/callback`
-- `/api/auth/signIn`
-- `/api/auth/singOut`
-- etc...
-
-can be handled by NextAuth.js. In this way, NextAuth.js stays in charge of handling the whole authentication request/response flow of your application for you.
-
-You may notice there are some environment variables in the code example above. `GITHUB_ID` and `GITHUB_SECRET` are provided by the OAuth provider (in this case **Github**) see ["Configuring OAuth Provider"](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
-
-`NEXTAUTH_SECRET` is a random string used by the library to encrypt tokens and email verification hashes, and **it's mandatory to keep things secure**! 🔥 🔐 . You can use:
-
-```
-$ openssl rand -base64 32
-```
-
-or https://generate-secret.vercel.app/32 to generate a random value for it.
-
-:::info
-NextAuth.js is extremely customizable, [our guides section](/beta/guides/overview) will teach you how you can set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/server/configuration).
-:::
-
-### Exposing the session via provider
-
-To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/getting-started/client#sessionprovider), at the top level of your application:
-
-```ts title="pages/_app.ts"
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    <SessionProvider session={session}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-Instances of `useSession` (more on it in the next section) will then have access to the session data and status. The `<SessionProvider />` also takes care of keeping the session updated and synced between browser tabs and windows. 💪🏽
-
-:::tip
-Check our [client docs](/reference/client/introduction) to learn all the available options for handling sessions on the browser.
-:::
-
-### Consuming the session via hooks
-
-NextAuth.js exposes a [`useSession()`](/getting-started/client#usesession) React Hook so that you can easily check if someone is signed in:
-
-```ts title="pages/overview.tsx"
-import { useSession, signIn, signOut } from "next-auth/react"
-
-export default function CamperVanPage() {
-  const { data: session, status } = useSession()
-  const userEmail = session.user.email
-
-  if (status === "loading") {
-    return <p>Hang on there...</p>
-  }
-
-  if (status === "authenticated") {
-    return (
-      <>
-        <p>Signed in as {userEmail}</p>
-        <button onClick={() => signOut()}>Sign out</button>
-        <img src="https://cdn.pixabay.com/photo/2017/08/11/19/36/vw-2632486_1280.png" />
-      </img>
-    )
-  }
-
-  return (
-    <>
-      <p>Not signed in.</p>
-      <button onClick={() => signIn()}>Sign in</button>
-    </>
-  )
-}
-```
-
-You can use the `useSession` hook from anywhere in your application (e.g. in a header component). Behind the scenes, the hook will connect to the `<SessionProvider />` to read the current user session.
-
-### Protecting API Routes
-
-Protecting your custom API Routes (.i.e not allowing a resource to be accessed in case the user is not logged in) is easy! You can use [`getSession()`](/getting-started/client#getsession) to know whether a session exists or not:
-
-```ts title="pages/api/movies/list.ts"
-import { getSession } from "next-auth/react"
-
-export default async function listMovies(req, res) {
-  const session = await getSession({ req })
-
-  if (session) {
-    res.send({
-      movies: [
-        { title: "Alien vs Predator", id: 1 },
-        { title: "Reservoir Dogs", id: 2 },
-      ],
-    })
-  } else {
-    res.send({
-      error: "You must sign in to view movies.",
-    })
-  }
-}
-```
-
-## 2. Configuring OAuth Provider
-
-Ok, we have our Next.js app setup with NextAuth, however, if you run the app right now, it won't work as we haven't configured our OAuth provider (**Github**) yet.
-
-:::info
-When using OAuth you're asking for a third-party service (in this case Github, although it could be Google, Twitter, etc...) to handle user authentication for your app.
-:::
-
-We need to register our new Next.js app in Github, so that when NextAuth.js forwards the authorization requests to it, Github can recognize your application and prompt the user to sign in.
-
-<img src={creatingOauthAppImg} />
-
-Log in into **Github**, go to `Settings / Developers / OAuth Apps` and click on "New OAuth App".
-
-Next you'll be presented with a screen to add details about your new application. Fill in the required fields, but pay extra attention to the **Authorization Callback URL** one:
-
-<img src={addingCallbackUrlImg} />
-
-The callback URL we insert should have the following pattern:
-```
-[origin]/api/auth/callback/[provider]
-```
-In this case, given we want to try our authentication working locally on our machine and we're using **Github** as our OAuth provider, it'll be:
-```
-http://localhost:3000/api/auth/callback/github
-```
-
-:::info
-NextAuth.js will already magically create this API endpoint for you when we start the application later. Note that because we're using Next.js, locally it starts our server on the port `3000`, hence the origin is `http://localhost:3000`.
-:::
-
-Next you'll be presented with the following screen which presents all the configuration for your new OAuth app. For now, let's we need two things from it: the **Client ID** and **Client Secret** for our new OAuth app:
-
-<img src={gettingClientIdSecretImg} />
-
-The Client ID is always there, a public identifier of your OAuth application within Github. Click on the **Generate a new client Secret** button and should be presented with a new string (which is just a randomized string).
-
-:::warning
-🔥 Keep both your Client ID and Client Secret secure and never expose them to the public or shared with people outside your organization. With tem a malicious actor could hijack your application and cause you and your user serious problems!
-:::
-
-Now let's copy both the Client ID and Client Secret and paste them in an environment file in the root of your project like so:
-```title=".env.local"
-GITHUB_ID=12345
-GITHUB_SECRET=67890
-```
-
-Cool! We have finished the configuring our OAuth provider, now let's wire all together so we can finally see authentication working in our app!
-
-:::info
-As noted previously, NextAuth.js has built-in support for multiple OAuth providers, <a href="">here the full list</a>. You can also easily build your own in case the provider you need is not on the list.
-
-Note that, for each provider, the configuration process will be similar to what we just did:
-1. Log in to the provider
-2. Create create your OAuth application within it
-3. Set the callback URL
-4. Get the Client ID and Generate a Client Secret
-:::
-
-## 3. Wiring all together
-
-Finally, we just need to reference our **Client ID** and **Client Secret** we just generated in the previous in our NextAuth.js config. In this way the library will be able to use them when forwarding users to Github, and Github will be able to recognize the request as generated from our application:
-
-```ts title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GithubProvider from "next-auth/providers/github"
-
-export default NextAuth({
-  providers: [
-    GithubProvider({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-  ],
-})
-```
-
-Great! We're now ready to run our application locally. Start the Next.js app by running on your terminal the following command and navigating to [`http://localhost:3000`](http://localhost:3000):
-```
-$ npm run next dev
-```
-You should see the following page:
-
-<img src={startAppAndSignInImg} />
-
-Click on "Sign in" and then on "Sign in with Github": NextAuth.js will redirect you to Github, and Github will recognize our app [that we just registered](#2-configuring-oauth-provider) and ask the user (in this case you) to enter its credentials to proceed:
-
-<img src={githubAuthCredentials} />
-
-Once inserted and correct, Github will redirect the user to our app and NextAuth.js will take care of any further calls with Github to get access to the user profile and start a user sessions safely in the background:
-
-<img src={nextAuthUserLoggedIn} />
-
-Great! We have completed the whole E2E authentication flow setup so that users can login in our application through Github!
-
-:::info
-You can create your own Sign In page instead of using the default one from NextAuth.js. You can learn how to do so in our dedicated guide for it.
-:::
-
-## 4. Deploying to production
-
-### Configuring different environments
-
-It's normal to test your application under different environments. Usually you'll have a development environment (when you run the application locally in your machine), a staging environment (for teams members to try the application) and a production environment.
-
-For each environment, you're going to need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it. 
-
-For instance in the previous section, we pointed the callback URL to:
-```
-http://localhost:3000/api/auth/callback/github
-``` 
-as we wanted to test our application in the development environment.
-
-If we were to deploy our app to production, we would need to create again a new **OAuth App** in Github (calling it something like "Van life – prod") and point the **callback URL** to our production domain:
-```
-https://example.com/api/auth/callback/github
-```
-
-Finally, we would need just to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run against. 
-
-### Setting up `NEXTAUTH_URL`
-
-When deploying your site, **you need to set** the `NEXTAUTH_URL` environment variable to the canonical URL of your website:
-
-```
-NEXTAUTH_URL=https://example.com
-```
-
-:::warning
-In production, this needs to be set as an environment variable on the service you use to deploy your app.
-
-To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `vercel env pull` [command](https://vercel.com/docs/build-step#development-environment-variables).
-:::
-
-For more information please check out our [deployment page](/deployment).
-
-

docs/versioned_docs/version-beta/getting-started/03-email-tutorial.mdx

@@ -1,204 +0,0 @@
----
-title: Email authentication
----
-
-import smtpConfig from "./img/dashboard-smtp.png"
-import startPageImg from "./img/email-tutorial-start.png"
-import checkPageImg from "./img/email-tutorial-check.png"
-import mailboxImg from "./img/email-tutorial-mailbox.png"
-import loggedInImg from "./img/email-tutorial-logged.png"
-
-Aside from authenticating users in NextAuth.js via [OAuth](/getting-started/oauth-tutorial), you can also enable the option to authenticate them via "magic links". These are links that are sent to the user's email and when clicking on them they'll sign up the user automatically.
-
-Adding support for signing in via email in addition to one or more OAuth services provides a way for users to sign in if they lose access to their OAuth account (e.g. if it is locked or deleted).
-
-The Email provider can be used in conjunction with (or instead of) one or more OAuth providers.
-
-## How it works
-
-On initial sign in, a **Verification Token** is sent to the email address provided. By default this token **is valid for 24 hours**. If the Verification Token is used within that time (i.e. by clicking on the link in the email) an account is created for the user and they are signed in.
-
-:::tip
-The Email Provider can be used with both JSON Web Tokens and database sessions, but you [must configure a database adapter](/beta/guides/adapters/setting-up-a-database-adapter) to use it. It is not possible to enable email sign in without using a database.
-:::
-
-## 1. Installing `nodemailer`
-
-[`nodemailer`](https://www.npmjs.com/package/nodemailer) is a [peer dependency](https://nodejs.org/en/blog/npm/peer-dependencies/) when using the Email Provider. This means we need to install before we can start sending emails:
-
-```bash npm2yarn2pnpm
-npm install -D nodemailer
-```
-
-`nodemailer` will enable us to send emails from NodeJS, which the runtime on which Next.js application operate.
-
-## 2. Setting up a SMTP service
-
-Next we need a [SMTP service](https://sendgrid.com/blog/what-is-an-smtp-server/) which will be in charge of sending emails from our application. There's a number of services available for this, however [here are the ones](http://nodemailer.com/smtp/well-known/) known to work with `nodemailer`.
-
-:::info
-For this tutorial, we're gonna be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
-:::
-
-First create an account in and then login to the dashboard, then navigate to "Settings → API Keys" and create an API key:
-
-<img src={smtpConfig} />
-
-Next paste the API in your terminal as so, and run the command:
-```bash
-echo -n '<YOUR_API_KEY>' | openssl base64
-```
-
-Next, as [per Sendgrid documentation](https://docs.sendgrid.com/for-developers/sending-email/integrating-with-the-smtp-api), let's add the following [environment variables](https://nextjs.org/docs/basic-features/environment-variables) in our Next.js app:
-
-```bash title=".env.local"
-SMTP_USER=apikey
-SMTP_PASSWORD={API_KEY}
-SMTP_HOST=smtp.sendgrid.net
-SMTP_PROT=587
-EMAIL_FROM={SENDER_EMAIL}
-```
-
-Note that we're also specifying from which domain email are going to be sent from. You're gonna need to verify [a sender identity](https://docs.sendgrid.com/for-developers/sending-email/sender-identity) so that Sendgrid can send emails from your domain.
-
-Nice! We're getting there. Now we need to read supply this values as the configuration for our Email Provider. Open `pages/api/auth/[...nextauth].ts` and do the following:
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import EmailProvider from "next-auth/providers/email"
-
-export default NextAuth({
-  providers: [
-    Email({
-      server: {
-        host: process.env.EMAIL_SERVER_HOST,
-        port: Number(process.env.EMAIL_SERVER_PORT),
-        auth: {
-          user: process.env.EMAIL_SERVER_USER,
-          pass: process.env.EMAIL_SERVER_PASSWORD
-        }
-      },
-      from: process.env.EMAIL_FROM
-    }),
-  ],
-})
-```
-
-## 3. Setting up an adapter
-
-Finally, we'll need to set up a database adapter to store verification tokens the Email Provider will emit when verifying users.
-
-An **Adapter** in NextAuth.js connects your application to whatever database or backend system you want to use to store data for users, their accounts, sessions, etc...
-
-For this tutorial, we're going to use the **MongoDB** adapter, other any of the other adapters will work just fine.
-
-First, let's start by installing the adapter package:
-
-```bash npm2yarn2pnpm
-npm install -D  @next-auth/mongodb-adapter mongodb
-```
-
-and create a simple MongoDB client:
-
-```ts title="lib/mongodb/client.ts"
-// This approach is taken from https://github.com/vercel/next.js/tree/canary/examples/with-mongodb
-import { MongoClient } from "mongodb"
-
-const uri = process.env.MONGODB_URI
-const options = {
-  useUnifiedTopology: true,
-  useNewUrlParser: true,
-}
-
-let client
-let clientPromise
-
-if (!process.env.MONGODB_URI) {
-  throw new Error("Please add your Mongo URI to .env.local")
-}
-
-if (process.env.NODE_ENV === "development") {
-  // In development mode, use a global variable so that the value
-  // is preserved across module reloads caused by HMR (Hot Module Replacement).
-  if (!global._mongoClientPromise) {
-    client = new MongoClient(uri, options)
-    global._mongoClientPromise = client.connect()
-  }
-  clientPromise = global._mongoClientPromise
-} else {
-  // In production mode, it's best to not use a global variable.
-  client = new MongoClient(uri, options)
-  clientPromise = client.connect()
-}
-
-// Export a module-scoped MongoClient promise. By doing this in a
-// separate module, the client can be shared across functions.
-export default clientPromise
-```
-And now let's reference this new adapter from our NextAuth.js configuration file:
-
-```diff title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import EmailProvider from "next-auth/providers/email"
-+ import { MongoDBAdapter } from "@next-auth/mongodb-adapter"
-+ import clientPromise from "../../../lib/mongodb/client"
-
-export default NextAuth({
-  secret: process.env.NEXTAUTH_SECRET,
-  providers: [
-+   adapter: MongoDBAdapter(clientPromise),
-    EmailProvider({
-      server: {
-        host: process.env.EMAIL_SERVER_HOST,
-        port: process.env.EMAIL_SERVER_PORT,
-        auth: {
-          user: process.env.EMAIL_SERVER_USER,
-          pass: process.env.EMAIL_SERVER_PASSWORD
-        }
-      },
-      from: process.env.EMAIL_FROM
-    }),
-  ],
-})
-```
-
-## 4. Wiring all together
-
-Now that everything is properly configured, let's try to sign in via email on our application.
-
-Let's start by running a Next.js application with NextAuth, making sure the **EmailProvider** and a Database Adapter are properly configured as per the instructions above. 
-
-For this tutorial we're gonna be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
-
-<img src={startPageImg} alt="Screenshot of sign in page" />
-
-:::info
-You can customize the look and feel of your Sign in page pretty easily with NextAuth. Refer to our [pages guide](/beta/guides/basics/pages) for that!
-:::
-
-Then we insert the email address we want to log-in with in the Email credentials section and click on "Sign in with Email".
-
-NextAuth will then display another page hinting the user to check their email:
-
-<img src={checkPageImg} alt="Screenshot of check email page" />
-
-Let's now check our email, and look for one sent from NextAuth (check your spam folder just in case):
-
-<img src={mailboxImg} alt="Screenshot of mailbox" />
-
-Nice! We got one, coming from the sender specified in the `EMAIL_FROM` environment variable from our configuration above and that's is the sender we verified in Sengrid.
-
-Click on "Sign in" and a new browser tab will open, you should then land on your application as authenticated!
-
-<img src={loggedInImg} alt="Screenshot of logged in" />
-
-Easy right? We had to configure Sendgrid and install a database adapter so the user sessions can be saved somewhere, but once done NextAuth will deal with all the user session management for us in a secure way!
-
-:::info
-A user account (i.e. an entry in the Users table) will not be created for the user until the first time they verify their email address. If an email address is already associated with an account, the user will be signed in to that account when they use the link in the email.
-:::
-
-
-
-
-

docs/versioned_docs/version-beta/getting-started/04-credentials-tutorial.mdx

@@ -1,55 +0,0 @@
----
-title: Credentials authentication
----
-
-NextAuth.js is built in a way that is flexible to integrate it with any authentication back-end you or your company may already have.
-
-This library has been designed to handle the user session client-wise, to support multiple authentication methods (OAuth, Email, etc...) so that you're not forced to run your own authentication service.
-
-In case you already have an authentication service, you can use the Credentials Provider, which will just forward the credentials inserted by the user in the login form to your service.
-
-For this tutorial, we're going to use [NextAuth.js example app](https://github.com/nextauthjs/next-auth-example) as a base.
-
-:::warning
-The functionality provided for credentials based authentication is intentionally limited to discourage use of passwords due to the inherent security risks associated with them and the additional complexity associated with supporting usernames and passwords.
-:::
-
-Integrating the Credentials Provider is as simple as initializing it in the NextAuth.js configuration file:
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-import CredentialsProvider from "next-auth/providers/credentials"
-
-export default NextAuth({
-  providers: [
-    CredentialsProvider({
-      async authorize(credentials) {
-        const authResponse = await fetch('/users/login', {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json'
-          },
-          body: JSON.stringify(credentials)
-        })
-
-        if (!authResponse.ok) {
-          return null
-        }
-
-        const user = await authResponse.json()
-
-        return user
-      },
-    }),
-  ],
-})
-```
-
-Note that we only need to define an `authorize` method that is in charge of receiving the credentials inserted by the user and call the authorization service.  
-
-:::info
-If you're using TypeScript, you can [augment the `User` interface](/getting-started/typescript#module-augmentation) to match the response of your `authorize` callback, so whenever you read the user in other callbacks (like the `jwt`) the type will match correctly.
-:::
-
-
-

docs/versioned_docs/version-beta/getting-started/05-typescript.md

@@ -1,162 +0,0 @@
----
-title: TypeScript
----
-
-NextAuth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.
-
-Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-typescript-example
-
----
-
-## Adapters
-
-If you're writing your own custom Adapter, you can take advantage of the types to make sure your implementation conforms to what's expected:
-
-```ts
-import type { Adapter } from "next-auth/adapters"
-
-function MyAdapter(): Adapter {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-When writing your own custom Adapter in plain JavaScript, note that you can use **JSDoc** to get helpful editor hints and auto-completion like so:
-
-```js
-/** @return { import("next-auth/adapters").Adapter } */
-function MyAdapter() {
-  return {
-    // your adapter methods here
-  }
-}
-```
-
-:::note
-This will work in code editors with a strong TypeScript integration like VSCode or WebStorm. It might not work if you're using more lightweight editors like VIM or Atom.
-:::
-
-## Module Augmentation
-
-`next-auth` comes with certain types/interfaces that are shared across submodules. Good examples are `Session` and `JWT`. Ideally, you should only need to create these types at a single place, and TS should pick them up in every location where they are referenced. Luckily, Module Augmentation is exactly that, which can do this for us. Define your shared interfaces in a single place, and get type-safety across your application when using `next-auth` (or one of its submodules).
-
-### Main module
-
-Let's look at `Session`:
-
-```ts title="pages/api/auth/[...nextauth].ts"
-import NextAuth from "next-auth"
-
-export default NextAuth({
-  callbacks: {
-    session({ session, token, user }) {
-      return session // The return type will match the one returned in `useSession()`
-    },
-  },
-})
-```
-
-```ts title="pages/index.ts"
-import { useSession } from "next-auth/react"
-
-export default function IndexPage() {
-  // `session` will match the returned value of `callbacks.session()` from `NextAuth()`
-  const { data: session } = useSession()
-
-  return (
-    // Your component
-  )
-}
-```
-
-To extend/augment this type, create a `types/next-auth.d.ts` file in your project:
-
-```ts title="types/next-auth.d.ts"
-import NextAuth from "next-auth"
-
-declare module "next-auth" {
-  /**
-   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
-   */
-  interface Session {
-    user: {
-      /** The user's postal address. */
-      address: string
-    }
-  }
-}
-```
-
-#### Extend default interface properties
-
-By default, TypeScript will merge new interface properties and overwrite existing ones. In this case, the default session user properties will be overwritten, with the new one defined above.
-
-If you want to keep the default session user properties, you need to add them back into the newly declared interface:
-
-```ts title="types/next-auth.d.ts"
-import NextAuth, { DefaultSession } from "next-auth"
-
-declare module "next-auth" {
-  /**
-   * Returned by `useSession`, `getSession` and received as a prop on the `SessionProvider` React Context
-   */
-  interface Session {
-    user: {
-      /** The user's postal address. */
-      address: string
-    } & DefaultSession["user"]
-  }
-}
-```
-
-#### Popular interfaces to augment
-
-Although you can augment almost anything, here are some of the more common interfaces that you might want to override in the `next-auth` module:
-
-```ts
-/**
- * The shape of the user object returned in the OAuth providers' `profile` callback,
- * or the second parameter of the `session` callback, when using a database.
- */
-interface User {}
-/**
- * Usually contains information about the provider being used
- * and also extends `TokenSet`, which is different tokens returned by OAuth Providers.
- */
-interface Account {}
-/** The OAuth profile returned from your provider */
-interface Profile {}
-```
-
-Make sure that the `types` folder is added to [`typeRoots`](https://www.typescriptlang.org/tsconfig/#typeRoots) in your project's `tsconfig.json` file.
-
-### Submodules
-
-The `JWT` interface can be found in the `next-auth/jwt` submodule:
-
-```ts title="types/next-auth.d.ts"
-import { JWT } from "next-auth/jwt"
-
-declare module "next-auth/jwt" {
-  /** Returned by the `jwt` callback and `getToken`, when using JWT sessions */
-  interface JWT {
-    /** OpenID ID Token */
-    idToken?: string
-  }
-}
-```
-
-### Useful links
-
-1. [TypeScript documentation: Module Augmentation](https://www.typescriptlang.org/docs/handbook/declaration-merging.html#module-augmentation)
-2. [Digital Ocean: Module Augmentation in TypeScript](https://www.digitalocean.com/community/tutorials/typescript-module-augmentation)
-
-## Contributing
-
-Contributions of any kind are always welcome, especially for TypeScript. Please keep in mind that we are a small team working on this project in our free time. We will try our best to give support, but if you think you have a solution for a problem, please open a PR!
-
-:::note
-When contributing to TypeScript, if the actual JavaScript user API does not change in a breaking manner, we reserve the right to push any TypeScript change in a minor release. This ensures that we can keep on a faster release cycle.
-:::

docs/versioned_docs/version-beta/getting-started/06-databases.md

@@ -1,13 +0,0 @@
-# Databases
-
-NextAuth.js offers multiple database adapters. Check out [the overview](/adapters/overview).
-
-> As of **v4** NextAuth.js no longer ships with an adapter included by default. If you would like to persist any information, you need to install one of the many available adapters yourself. See the individual adapter documentation pages for more details.
-
-To learn more about databases in NextAuth.js and how they are used, check out [databases in the FAQ](/faq#databases).
-
----
-
-## How to use a database
-
-See the [documentation for adapters](/adapters/overview) for more information on advanced configuration, including how to use NextAuth.js with other databases using a [custom adapter](/tutorials/creating-a-database-adapter).

docs/versioned_docs/version-beta/getting-started/07-security.md

@@ -1,26 +0,0 @@
-# Security
-
-## Reporting a Vulnerability
-
-NextAuth.js practices responsible disclosure.
-
-We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js.
-
-If you contact us regarding a serious issue:
-
-- We will endeavor to get back to you within 72 hours.
-- We will aim to publish a fix within 30 days.
-- We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
-- If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.
-
-The best way to report an issue is by contacting us via email at info@balazsorban.com or me@iaincollins.com and yo@ndo.dev, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.)
-
-:::note
-For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future) it is appropriate to make these public as bug reports or feature requests or to raise a question to open a discussion around them.
-:::
-
-## Supported Versions
-
-Security updates are only released for the current version.
-
-Old releases are not maintained and do not receive updates.

docs/versioned_docs/version-beta/getting-started/08-upgrade-to-v4.md

@@ -1,612 +0,0 @@
----
-title: Upgrade Guide (v4)
----
-
-NextAuth.js version 4 includes a few breaking changes from the last major version (3.x). So we're here to help you upgrade your applications as smoothly as possible. It should be possible to upgrade from any version of 3.x to the latest 4 release by following the next few migration steps.
-
-:::note
-Version 4 has been released to GA 🚨
-
-We encourage users to try it out and report any and all issues they come across.
-:::
-
-You can upgrade to the new version by running:
-
-```bash npm2yarn
-npm install next-auth
-```
-
-## `next-auth/jwt`
-
-We no longer have a default export in `next-auth/jwt`.
-To comply with this, change the following:
-
-```diff
-- import jwt from "next-auth/jwt"
-+ import { getToken } from "next-auth/jwt"
-```
-
-## `next-auth/react`
-
-We've renamed the client-side import source to `next-auth/react`. To comply with this change, you will simply have to rename anywhere you were using `next-auth/client`.
-
-For example:
-
-```diff
-- import { useSession } from "next-auth/client"
-+ import { useSession } from "next-auth/react"
-```
-
-We've also made the following changes to the names of the exports:
-
-- `setOptions`: Not exposed anymore, use [`SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
-- `options`: Not exposed anymore, [use `SessionProvider` props](https://next-auth.js.org/getting-started/client#options)
-- `session`: Renamed to `getSession`
-- `providers`: Renamed to `getProviders`
-- `csrfToken`: Renamed to `getCsrfToken`
-- `signin`: Renamed to `signIn`
-- `signout`: Renamed to `signOut`
-- `Provider`: Renamed to `SessionProvider`
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.12
-
-## `SessionProvider`
-
-Version 4 makes using the `SessionProvider` mandatory. This means that you will have to wrap any part of your application using `useSession` in this provider, if you were not doing so already. The `SessionProvider` has also undergone a few further changes:
-
-- `Provider` is renamed to `SessionProvider`
-- The options prop is now flattened as the props of SessionProvider.
-- `keepAlive` has been renamed to `refetchInterval`.
-- `clientMaxAge` has been removed in favor of `refetchInterval`, as they overlap in functionality, with the difference that `refetchInterval` will keep re-fetching the session periodically in the background.
-
-The best practice for wrapping your app in Providers is to do so in your `pages/_app.jsx` file.
-
-An example use-case with these new changes:
-
-```jsx
-import { SessionProvider } from "next-auth/react"
-
-export default function App({
-  Component,
-  pageProps: { session, ...pageProps },
-}) {
-  return (
-    // `session` comes from `getServerSideProps` or `getInitialProps`.
-    // Avoids flickering/session loading on first load.
-    <SessionProvider session={session} refetchInterval={5 * 60}>
-      <Component {...pageProps} />
-    </SessionProvider>
-  )
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.12
-
-## Providers
-
-Providers now need to be imported individually.
-
-```diff
-- import Provider from "next-auth/providers"
-- Providers.Auth0({...})
-- Providers.Google({...})
-+ import Auth0Provider from "next-auth/providers/auth0"
-+ import GoogleProvider from "next-auth/providers/google"
-+ Auth0Provider({...})
-+ GoogleProvider({...})
-```
-
-1. The `AzureADB2C` provider has been renamed `AzureAD`.
-2. The `Basecamp` provider has been removed, see explanation [here](https://github.com/basecamp/api/blob/master/sections/authentication.md#on-authenticating-users-via-oauth).
-3. The GitHub provider by default now will not request full write access to user profiles. If you need this scope, please add `user` to the scope option manually.
-
-The following new options are available when defining your Providers in the configuration:
-
-1. `authorization` (replaces `authorizationUrl`, `authorizationParams`, `scope`)
-2. `token` replaces (`accessTokenUrl`, `headers`, `params`)
-3. `userinfo` (replaces `profileUrl`)
-4. `issuer`(replaces `domain`)
-
-For more details on their usage, please see [options](/configuration/providers/oauth#options) section of the OAuth Provider documentation.
-
-When submitting a new OAuth provider to the repository, the `profile` callback is expected to only return these fields from now on: `id`, `name`, `email`, and `image`. If any of these are missing values, they should be set to `null`.
-
-Also worth noting is that `id` is expected to be returned as a `string` type (For example if your provider returns it as a number, you can cast it by using the `.toString()` method). This makes the returned profile object comply across all providers/accounts/adapters, and hopefully cause less confusion in the future.
-
-Implemented in: https://github.com/nextauthjs/next-auth/pull/2411
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.20
-
-## `useSession` Hook
-
-The `useSession` hook has been updated to return an object. This allows you to test states much more cleanly with the new `status` option.
-
-```diff
-- const [ session, loading ] = useSession()
-+ const { data: session, status } = useSession()
-+ const loading = status === "loading"
-```
-
-[Check the docs](https://next-auth.js.org/getting-started/client#usesession) for the possible values of both `session.status` and `session.data`.
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.18
-
-## Named Parameters
-
-We have changed the arguments to our callbacks to the named parameters pattern. This way you don't have to use dummy `_` placeholders or other tricks.
-
-### Callbacks
-
-The signatures for the callback methods now look like this:
-
-```diff
-- signIn(user, account, profileOrEmailOrCredentials)
-+ signIn({ user, account, profile, email, credentials })
-```
-
-```diff
-- redirect(url, baseUrl)
-+ redirect({ url, baseUrl })
-```
-
-```diff
-- session(session, tokenOrUser)
-+ session({ session, token, user })
-```
-
-```diff
-- jwt(token, user, account, OAuthProfile, isNewUser)
-+ jwt({ token, user, account, profile, isNewUser })
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.17
-
-### Events
-
-Two event signatures have changed to also use the named parameters pattern, `signOut` and `updateUser`.
-
-```diff
-// [...nextauth].js
-...
-events: {
-- signOut(tokenOrSession),
-+ signOut({ token, session }), // token if using JWT, session if DB persisted sessions.
-- updateUser(user)
-+ updateUser({ user })
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.20
-
-## JWT configuration
-
-We have removed some of the [configuration options](/configuration/options) when using JSON Web Tokens, [here's the PR](https://github.com/nextauthjs/next-auth/pull/3039) for more context.
-
-```diff
-export default NextAuth({
-  // ...
-  jwt: {
-    secret,
-    maxAge,
--   encryptionKey
--   signingKey
--   encryptionKey
--   verificationOptions
-    encode({
-        token
-        secret
-        maxAge
--       signingKey
--       signingOptions
--       encryptionKey
--       encryptionOptions
--       encryption
-    }) {},
-    decode({
-        token
-        secret
--       maxAge
--       signingKey
--       verificationKey
--       verificationOptions
--       encryptionKey
--       decryptionKey
--       decryptionOptions
--       encryption
-    }) {}
-  }
-})
-```
-
-## Logger API
-
-The logger API has been simplified to use at most two parameters, where the second is usually an object (`metadata`) containing an `error` object. If you are not using the logger settings you can ignore this change.
-
-```diff
-// [...nextauth.js]
-import log from "some-logger-service"
-...
-logger: {
-- error(code, ...message) {},
-+ error(code, metadata) {},
-- warn(code, ...message) {},
-+ warn(code) {}
-- debug(code, ...message) {}
-+ debug(code, metadata) {}
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.19
-
-## `nodemailer`
-
-Like `typeorm` and `prisma`, [`nodemailer`](https://npmjs.com/package/nodemailer) is no longer included as a dependency by default. If you are using the Email provider you must install it in your project manually, or use any other Email library in the [`sendVerificationRequest`](/configuration/providers/email#options-1#:~:text=sendVerificationRequest) callback. This reduces bundle size for those not actually using the Email provider. Remember, when using the Email provider, it is mandatory to also use a database adapter due to the fact that verification tokens need to be persisted longer term for the magic link functionality to work.
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.2
-
-## Theme
-
-We have added some basic customization options to our built-in pages like `signin`, `signout`, etc.
-
-These can be set under the `theme` configuration key. This used to be a string which only controlled the color scheme option. Now it is an object with the following options:
-
-```js
-theme: {
-  colorScheme: "auto", // "auto" | "dark" | "light"
-  brandColor: "", // Hex color value
-  logo: "" // Absolute URL to logo image
-}
-```
-
-The hope is that with some minimal configuration / customization options, users won't immediately feel the need to replace the built-in pages with their own.
-
-More details and screenshots of the new theme options can be found under [configuration/pages](https://next-auth.js.org/configuration/pages#theming).
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/2788
-
-## Session
-
-The `session.jwt: boolean` option has been renamed to `session.strategy: "jwt" | "database"`. The goal is to make the user's options more intuitive:
-
-1. No adapter, `strategy: "jwt"`: This is the default. The session is saved in a cookie and never persisted anywhere.
-2. With Adapter, `strategy: "database"`: If an Adapter is defined, this will be the implicit setting. No user config is needed.
-3. With Adapter, `strategy: "jwt"`: The user can explicitly instruct `next-auth` to use JWT even if a database is available. This can result in faster lookups in compromise of lowered security. Read more about: https://next-auth.js.org/faq#json-web-tokens
-
-Example:
-
-```diff
-session: {
-- jwt: true,
-+ strategy: "jwt",
-}
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/3144
-
-## Adapters
-
-Most importantly, the core `next-auth` package no longer ships with `typeorm` or any other database adapter by default. This brings the default bundle size down significantly for those not needing to persist user data to a database.
-
-You can find the official Adapters in the `packages` directory in the primary monorepo ([nextauthjs/next-auth](https://github.com/nextauthjs/next-auth)). Although you can still [create your own](/tutorials/creating-a-database-adapter) with a new, [simplified Adapter API](https://github.com/nextauthjs/next-auth/pull/2361).
-
-If you have a database that was created with a `3.x.x` or earlier version of NextAuth.js, you will need to run a migration to update the schema to the new version 4 database model. See the bottom of this migration guide for database specific migration examples.
-
-1. If you use the built-in TypeORM or Prisma adapters, these have been removed from the core `next-auth` package. Thankfully the migration is easy; you just need to install the external packages for your database and change the import in your `[...nextauth].js`.
-
-The `database` option has been removed, you must now do the following instead:
-
-```diff
-// [...nextauth].js
-import NextAuth from "next-auth"
-+ import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
-
-...
-export default NextAuth({
--  database: "yourconnectionstring",
-+  adapter: TypeORMLegacyAdapter("yourconnectionstring")
-})
-```
-
-2. The `prisma-legacy` adapter has been removed, please use the [`@next-auth/prisma-adapter`](https://npmjs.com/package/@next-auth/prisma-adapter) instead.
-
-3. The `typeorm-legacy` adapter has been upgraded to use the newer adapter API, but has retained the `typeorm-legacy` name. We aim to migrate this to individual lighter weight adapters for each database type in the future, or switch out `typeorm`.
-
-4. MongoDB has been moved to its own adapter under `@next-auth/mongodb-adapter`. See the [MongoDB Adapter docs](/adapters/mongodb).
-
-Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.8 and https://github.com/nextauthjs/next-auth/pull/2361
-
-### Adapter API
-
-**This does not require any changes from the user - these are adapter specific changes only**
-
-The Adapter API has been rewritten and significantly simplified in NextAuth v4. The adapters now have less work to do as some functionality has been migrated to the core of NextAuth, like hashing the [verification token](/adapters/models/#verification-token).
-
-If you are an adapter maintainer or are interested in writing your own adapter, you can find more information about this change in https://github.com/nextauthjs/next-auth/pull/2361 and release https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.22.
-
-### Schema changes
-
-The way we save data with adapters have slightly changed. With the new Adapter API, we wanted to make it easier to extend your database with additional fields. For example if your User needs an extra `phone` field, it should be enough to add that to your database's schema, and no changes will be necessary in your adapter.
-
-- `created_at`/`createdAt` and `updated_at`/`updatedAt` fields are removed from all Models.
-- `user_id`/`userId` consistently named `userId`.
-- `compound_id`/`compoundId` is removed from Account.
-- `access_token`/`accessToken` is removed from Session.
-- `email_verified`/`emailVerified` on User is consistently named `emailVerified`.
-- `provider_id`/`providerId` renamed to `provider` on Account
-- `provider_type`/`providerType` renamed to `type` on Account
-- `provider_account_id`/`providerAccountId` on Account is consistently named `providerAccountId`
-- `access_token_expires`/`accessTokenExpires` on Account renamed to `expires_at`
-- New fields on Account: `token_type`, `scope`, `id_token`, `session_state`
-- `verification_requests` table has been renamed to `verification_tokens`
-
-<!-- REVIEW: Would something like this below be helpful? -->
-<details>
-<summary>
-See the changes
-</summary>
-<pre>
-
-```diff
-User {
-  id
-  name
-  email
-- emailVerified
-+ email_verified
-  image
--  created_at
--  updated_at
-}
-
-Account {
-  id
-- compound_id
-- user_id
-+ userId
--  provider_type
-+ type
-- provider_id
-+ provider
-- provider_account_id
-+ providerAccountId
-  refresh_token
-  access_token
-- access_token_expires
-+ expires_in
-+ expires_at
-+ token_type
-+ scope
-+ id_token
-+ session_state
-- created_at
-- updated_at
-}
-
-Session {
-  id
-  userId
-  expires
-  sessionToken
-- access_token
-- created_at
-- updated_at
-}
-
-VerificationToken {
-  id
-  token
-  expires
-  identifier
--  created_at
--  updated_at
-}
-```
-
-</pre>
-</details>
-
-For more info, see the [Models page](/adapters/models).
-
-### Database migration
-
-NextAuth.js v4 has a slightly different database schema compared to v3. If you're using any of our adapters and want to upgrade, you can use on of the below schemas.
-
-They are designed to be run directly against the database itself. So instead of having one in Prisma syntax, one in TypeORM syntax, etc. we've decided to just make one for each underlying database type. i.e. one for Postgres, one for MySQL, one for MongoDB, etc.
-
-#### MySQL
-
-```sql
-/* ACCOUNT */
-ALTER TABLE accounts
-CHANGE "access_token_expires" "expires_at" int
-CHANGE "user_id" "userId" varchar(255)
-ADD CONSTRAINT fk_user_id FOREIGN KEY (userId) REFERENCES users(id)
-RENAME COLUMN "provider_id" "provider"
-RENAME COLUMN "provider_account_id" "providerAccountId"
-DROP COLUMN "provider_type"
-DROP COLUMN "compound_id"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-ADD COLUMN "token_type" varchar(255) NULL
-ADD COLUMN "scope" varchar(255) NULL
-ADD COLUMN "id_token" varchar(255) NULL
-ADD COLUMN "session_state" varchar(255) NULL
-
-/* Note: These are only needed if you're going to be using the old Twitter OAuth 1.0 provider. */
-ADD COLUMN "oauth_token_secret" varchar(255) NULL
-ADD COLUMN "oauth_token" varchar(255) NULL
-
-/* USER */
-ALTER TABLE users
-RENAME COLUMN "email_verified" "emailVerified"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-/* SESSION */
-ALTER TABLE sessions
-RENAME COLUMN "session_token" "sessionToken"
-CHANGE "user_id" "userId" varchar(255)
-ADD CONSTRAINT fk_user_id FOREIGN KEY (userId) REFERENCES users(id)
-DROP COLUMN "access_token"
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-
-/* VERIFICATION REQUESTS */
-ALTER TABLE verification_requests RENAME verification_tokens
-ALTER TABLE verification_tokens
-DROP COLUMN id
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-DROP COLUMN "created_at"
-DROP COLUMN "updated_at"
-```
-
-#### Postgres
-
-```sql
-/* ACCOUNT */
-ALTER TABLE accounts RENAME COLUMN "user_id" TO "userId";
-ALTER TABLE accounts RENAME COLUMN "provider_id" TO "provider";
-ALTER TABLE accounts RENAME COLUMN "provider_account_id" TO "providerAccountId";
-ALTER TABLE accounts RENAME COLUMN "access_token_expires" TO "expires_at";
-ALTER TABLE accounts RENAME COLUMN "provider_type" TO "type";
-
-/* Do conversion of TIMESTAMPTZ to BIGINT */
-ALTER TABLE accounts ALTER COLUMN "expires_at" TYPE TEXT USING CAST(extract(epoch FROM "expires_at") AS BIGINT)*1000;
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE accounts ALTER COLUMN "id" TYPE TEXT; */
-/* ALTER TABLE accounts ALTER COLUMN "userId" TYPE TEXT; */
-ALTER TABLE accounts ALTER COLUMN "type" TYPE TEXT;
-ALTER TABLE accounts ALTER COLUMN "provider" TYPE TEXT;
-ALTER TABLE accounts ALTER COLUMN "providerAccountId" TYPE TEXT;
-
-ALTER TABLE accounts ADD CONSTRAINT fk_user_id FOREIGN KEY ("userId") REFERENCES users(id);
-ALTER TABLE accounts
-DROP COLUMN IF EXISTS "compound_id";
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE accounts
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-ALTER TABLE accounts
-ADD COLUMN IF NOT EXISTS "token_type" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "scope" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "id_token" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "session_state" TEXT NULL;
-/* Note: These are only needed if you're going to be using the old Twitter OAuth 1.0 provider. */
-/* ALTER TABLE accounts
-ADD COLUMN IF NOT EXISTS "oauth_token_secret" TEXT NULL,
-ADD COLUMN IF NOT EXISTS "oauth_token" TEXT NULL; */
-
-/* USER */
-ALTER TABLE users RENAME COLUMN "email_verified" TO "emailVerified";
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE users ALTER COLUMN "id" TYPE TEXT; */
-ALTER TABLE users ALTER COLUMN "name" TYPE TEXT;
-ALTER TABLE users ALTER COLUMN "email" TYPE TEXT;
-ALTER TABLE users ALTER COLUMN "image" TYPE TEXT;
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE users ALTER COLUMN "emailVerified" TYPE TEXT USING CAST(CAST(extract(epoch FROM "emailVerified") AS BIGINT)*1000 AS TEXT);
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE users
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-/* SESSION */
-ALTER TABLE sessions RENAME COLUMN "session_token" TO "sessionToken";
-ALTER TABLE sessions RENAME COLUMN "user_id" TO "userId";
-
-/* Keep id as SERIAL with autoincrement when using ORM. Using new v4 uuid format won't work because of incompatibility */
-/* ALTER TABLE sessions ALTER COLUMN "id" TYPE TEXT; */
-/* ALTER TABLE sessions ALTER COLUMN "userId" TYPE TEXT; */
-ALTER TABLE sessions ALTER COLUMN "sessionToken" TYPE TEXT;
-ALTER TABLE sessions ADD CONSTRAINT fk_user_id FOREIGN KEY ("userId") REFERENCES users(id);
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE sessions ALTER COLUMN "expires" TYPE TEXT USING CAST(CAST(extract(epoch FROM "expires") AS BIGINT)*1000 AS TEXT);
-ALTER TABLE sessions DROP COLUMN IF EXISTS "access_token";
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE sessions
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-
-/* VERIFICATION REQUESTS */
-ALTER TABLE verification_requests RENAME TO verification_tokens;
-/* Keep id as ORM needs it */
-/* ALTER TABLE verification_tokens DROP COLUMN IF EXISTS id; */
-ALTER TABLE verification_tokens ALTER COLUMN "identifier" TYPE TEXT;
-ALTER TABLE verification_tokens ALTER COLUMN "token" TYPE TEXT;
-/* Do conversion of TIMESTAMPTZ to BIGINT and then TEXT */
-ALTER TABLE verification_tokens ALTER COLUMN "expires" TYPE TEXT USING CAST(CAST(extract(epoch FROM "expires") AS BIGINT)*1000 AS TEXT);
-/* The following two timestamp columns have never been necessary for NextAuth.js to function, but can be kept if you want */
-ALTER TABLE verification_tokens
-DROP COLUMN IF EXISTS "created_at",
-DROP COLUMN IF EXISTS "updated_at";
-```
-
-#### MongoDB
-
-MongoDB is a document database and as such new fields will be automatically populated. You do, however, need to update the names of existing fields which are going to be reused.
-
-```mongo
-db.getCollection('accounts').updateMany({}, {
-  $rename: {
-    "provider_id": "provider",
-    "provider_account_id": "providerAccountId",
-    "user_id": "userId",
-    "access_token_expires": "expires_at"
-  }
-})
-db.getCollection('users').updateMany({}, {
-  $rename: {
-    "email_verified": "emailVerified"
-  }
-})
-db.getCollection('sessions').updateMany({}, {
-  $rename: {
-    "session_token": "sessionToken",
-    "user_id": "userId"
-  }
-})
-```
-
-## Missing `secret`
-
-NextAuth.js used to generate a secret for convenience, when the user did not define one. This might have been useful in development, but can be a concern in production. We have always been clear about that in the docs, but from now on, if you forget to define a `secret` property in production, we will show the user an error page. Read more about this option [here](https://next-auth.js.org/configuration/options#secret)
-
-You can generate a secret to be placed in the `secret` configuration option via the following command:
-
-```bash
-$ openssl rand -base64 32
-```
-
-Therefore, your NextAuth.js config should look something like this:
-
-```javascript title="/pages/api/auth/[...nextauth].js"
-...
-export default NextAuth({
-  ...
-  providers: [...],
-  secret: "LlKq6ZtYbr+hTC073mAmAh9/h2HwMfsFo4hrfCx5mLg=",
-  ...
-})
-```
-
-Introduced in https://github.com/nextauthjs/next-auth/issues/3143
-
-## Session `strategy`
-
-We have always supported two different session strategies. The first being our most popular and default strategy - the JWT based one. The second is the database adapter persisted session strategy. Both have their advantages/disadvantages, you can learn more about them on the [FAQ](https://next-auth.js.org/faq) page.
-
-Previously, the way you configured this was through the `jwt: boolean` flag in the `session` option. The names `session` and `jwt` might have been a bit overused in the options, and so for a clearer message, we renamed this option to `strategy: "jwt" | "database"`, it is still in the `session` object. This will hopefully better indicate the purpose of this option as well as make very explicit which type of session you are going to use.
-
-See the [`session` option docs](https://next-auth.js.org/configuration/options#session) for more details.
-
-Introduced in https://github.com/nextauthjs/next-auth/pull/3144
-
-## Summary
-
-We hope this migration goes smoothly for each and every one of you! If you have any questions or get stuck anywhere, feel free to create [a new issue](https://github.com/nextauthjs/next-auth/issues/new) on GitHub.

docs/versioned_docs/version-beta/getting-started/09-contributors.md

@@ -1,39 +0,0 @@
-# Contributors
-
-## Core team
-
-Without these people, the project could not have become one of the most used authentication library in its category.
-
-- [Balázs Orbán](https://github.com/balazsorban44) - **Lead Maintainer**
-- [Thang Vu](https://github.com/ThangHuuVu) - Maintainer (Core)
-- [Nico Domino](https://github.com/ndom91) - Maintainer (Core, Documentation)
-- [Lluis Agusti](https://github.com/lluia) - Maintainer (Documentation, Testing, TypeScript)
-
-## Special thanks
-
-Special thanks to Lori Karikari for creating most of the original provider configurations to Fredrik Pettersen for creating the original Prisma Adapter, to Gerald Nolan for adding support for Sign in with Apple, and to Jefferson Bledsoe for working on original testing automations.
-
-- [Lori Karikari](https://github.com/LoriKarikari)
-- [Fredrik Pettersen](https://github.com/Fumler)
-- [Gerald Nolan](https://github.com/geraldnolan)
-- [Jefferson Bledsoe](https://github.com/JeffersonBledsoe)
-
-## Other contributors
-
-NextAuth.js as it exists today has been possible thanks to the work of many individual contributors.
-
-Thank you to the [dozens of individual contributors](https://github.com/nextauthjs/next-auth/graphs/contributors) who have help shaped NextAuth.js.
-
-## Open Collective
-
-You can find NextAuth.js on Open Collective. We are very thankful for all of our existing contributors and would be delighted if you or your company would decide to join them.
-
-More information can be found at: https://opencollective.com/nextauth
-
-## History
-
-- NextAuth.js was originally developed by <a href="https://github.com/iaincollins">Iain Collins</a> in 2016 for Next.js.
-
-- In 2020, NextAuth.js was rebuilt from the ground up to support Serverless, with support for MySQL, Postgres and MongoDB, JSON Web Tokens and built in support for over a dozen authentication providers.
-
-- In 2021, efforts have started to move NextAuth.js to other frameworks and to support as many databases and providers as possible.

docs/versioned_docs/version-beta/guides/01-overview.mdx

@@ -1,5 +0,0 @@
-# Overview
-
-We have internal guides in three levels of difficulty.
-
-If you can't find what you're looking for here, maybe take a look at our third-party [tutorials](/tutorials) page.

docs/versioned_docs/version-beta/guides/03-basics/_category_.json

@@ -1,5 +0,0 @@
-{
-  "label": "Basics",
-  "collapsible": true,
-  "collapsed": false
-}

docs/versioned_docs/version-beta/guides/03-basics/callbacks.md

@@ -1,164 +0,0 @@
-# Callbacks
-
-Callbacks are **asynchronous** functions you can use to control what happens when an action is performed.
-
-Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as they allow you to implement access controls without a database and to integrate with external databases or APIs.
-
-:::tip
-If you want to pass data such as an Access Token or User ID to the browser when using JSON Web Tokens, you can persist the data in the token when the `jwt` callback is called, then pass the data through to the browser in the `session` callback.
-:::
-
-You can specify a handler for any of the callbacks below.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-  callbacks: {
-    async signIn({ user, account, profile, email, credentials }) {
-      return true
-    },
-    async redirect({ url, baseUrl }) {
-      return baseUrl
-    },
-    async session({ session, user, token }) {
-      return session
-    },
-    async jwt({ token, user, account, profile, isNewUser }) {
-      return token
-    }
-...
-}
-```
-
-The documentation below shows how to implement each callback, their default behaviour and an example of what the response for each callback should be. Note that configuration options and authentication providers you are using can impact the values passed to the callbacks.
-
-## Sign in callback
-
-Use the `signIn()` callback to control if a user is allowed to sign in.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async signIn({ user, account, profile, email, credentials }) {
-    const isAllowedToSignIn = true
-    if (isAllowedToSignIn) {
-      return true
-    } else {
-      // Return false to display a default error message
-      return false
-      // Or you can return a URL to redirect to:
-      // return '/unauthorized'
-    }
-  }
-}
-...
-```
-
-- When using the **Email Provider** the `signIn()` callback is triggered both when the user makes a **Verification Request** (before they are sent an email with a link that will allow them to sign in) and again _after_ they activate the link in the sign-in email.
-
-  Email accounts do not have profiles in the same way OAuth accounts do. On the first call during email sign in the `email` object will include a property `verificationRequest: true` to indicate it is being triggered in the verification request flow. When the callback is invoked _after_ a user has clicked on a sign-in link, this property will not be present.
-
-  You can check for the `verificationRequest` property to avoid sending emails to addresses or domains on a blocklist (or to only explicitly generate them for email address in an allow list).
-
-* When using the **Credentials Provider** the `user` object is the response returned from the `authorize` callback and the `profile` object is the raw body of the `HTTP POST` submission.
-
-:::note
-When using NextAuth.js with a database, the User object will be either a user object from the database (including the User ID) if the user has signed in before or a simpler prototype user object (i.e. name, email, image) for users who have not signed in before.
-
-When using NextAuth.js without a database, the user object will always be a prototype user object, with information extracted from the profile.
-:::
-
-:::note
-Redirects returned by this callback cancel the authentication flow. Only redirect to error pages that, for example, tell the user why they're not allowed to sign in.
-
-To redirect to a page after a successful sign in, please use [the `callbackUrl` option](/getting-started/client#specifying-a-callbackurl) or [the redirect callback](/configuration/callbacks#redirect-callback).
-:::
-
-## Redirect callback
-
-The redirect callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout).
-
-By default only URLs on the same URL as the site are allowed, you can use the redirect callback to customise that behaviour.
-
-The default redirect callback looks like this:
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async redirect({ url, baseUrl }) {
-    // Allows relative callback URLs
-    if (url.startsWith("/")) return `${baseUrl}${url}`
-    // Allows callback URLs on the same origin
-    else if (new URL(url).origin === baseUrl) return url
-    return baseUrl
-  }
-}
-...
-```
-
-:::note
-The redirect callback may be invoked more than once in the same flow.
-:::
-
-## JWT callback
-
-This callback is called whenever a JSON Web Token is created (i.e. at sign
-in) or updated (i.e whenever a session is accessed in the client). The returned value will be [encrypted](/configuration/options#jwt), and it is stored in a cookie.
-
-Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`, `unstable_getServerSession()`, `useSession()` will invoke this function, but only if you are using a [JWT session](/configuration/options#session). This method is not invoked when you persist sessions in a database.
-
-- As with database persisted session expiry times, token expiry time is extended whenever a session is active.
-- The arguments _user_, _account_, _profile_ and _isNewUser_ are only passed the first time this callback is called on a new session, after the user signs in. In subsequent calls, only `token` will be available.
-
-The contents _user_, _account_, _profile_ and _isNewUser_ will vary depending on the provider and on if you are using a database or not. You can persist data such as User ID, OAuth Access Token in this token. To make it available in the browser, check out the [`session()` callback](#session-callback) as well.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async jwt({ token, account }) {
-    // Persist the OAuth access_token to the token right after signin
-    if (account) {
-      token.accessToken = account.access_token
-    }
-    return token
-  }
-}
-...
-```
-
-:::tip
-Use an if branch to check for the existence of parameters (apart from `token`). If they exist, this means that the callback is being invoked for the first time (i.e. the user is being signed in). This is a good place to persist additional data like an `access_token` in the JWT. Subsequent invocations will only contain the `token` parameter.
-:::
-
-## Session callback
-
-The session callback is called whenever a session is checked. By default, only a subset of the token is returned for increased security. If you want to make something available you added to the token through the `jwt()` callback, you have to explicitly forward it here to make it available to the client.
-
-e.g. `getSession()`, `useSession()`, `/api/auth/session`
-
-- When using database sessions, the User object is passed as an argument.
-- When using JSON Web Tokens for sessions, the JWT payload is provided instead.
-
-```js title="pages/api/auth/[...nextauth].js"
-...
-callbacks: {
-  async session({ session, token, user }) {
-    // Send properties to the client, like an access_token from a provider.
-    session.accessToken = token.accessToken
-    return session
-  }
-}
-...
-```
-
-:::tip
-When using JSON Web Tokens the `jwt()` callback is invoked before the `session()` callback, so anything you add to the
-JSON Web Token will be immediately available in the session callback, like for example an `access_token` from a provider.
-:::
-
-:::warning
-The session object is not persisted server side, even when using database sessions - only data such as the session token, the user, and the expiry time is stored in the session table.
-
-If you need to persist session data server side, you can use the `accessToken` returned for the session as a key - and connect to the database in the `session()` callback to access it. Session `accessToken` values do not rotate and are valid as long as the session is valid.
-
-If using JSON Web Tokens instead of database sessions, you should use the User ID or a unique key stored in the token (you will need to generate a key for this yourself on sign in, as access tokens for sessions are not generated when using JSON Web Tokens).
-:::

docs/versioned_docs/version-beta/guides/03-basics/deployment.md

@@ -1,92 +0,0 @@
-# Deployment
-
-Deploying NextAuth.js only requires a few steps. It can be run anywhere a Next.js application can. Therefore, in a default configuration using only JWT session strategy, i.e. without a database, you will only need these few things in addition to your application:
-
-1. NextAuth.js environment variables
-
-   - `NEXTAUTH_SECRET`
-   - `NEXTAUTH_URL`
-
-2. NextAuth.js API Route and its configuration (`/pages/api/auth/[...nextauth].js`).
-   - OAuth Provider `clientId` / `clientSecret`
-
-Deploying a modern JavaScript application using NextAuth.js consists of making sure your environment variables are set correctly as well as the configuration in the NextAuth.js API route is setup, as well as any configuration (like Callback URLs, etc.) are correctly done in your OAuth provider(s) themselves.
-
-See below for more detailed provider settings.
-
-## Vercel
-
-1. Make sure to expose the Vercel [System Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) in your project settings.
-2. Create a `NEXTAUTH_SECRET` environment variable for all environments.
-   a. You can use `openssl rand -base64 32` or https://generate-secret.vercel.app/32 to generate a random value.
-   b. You **do not** need the `NEXTAUTH_URL` environment variable in Vercel.
-3. Add your provider's client ID and client secret to environment variables. _(Skip this step if not using an [OAuth Provider](/configuration/providers/oauth))_
-4. Deploy!
-
-Example repository: https://github.com/nextauthjs/next-auth-example
-
-A few notes about deploying to Vercel. The environment variables are read server-side, so you do not need to prefix them with `NEXT_PUBLIC_`. When deploying here, you do not need to explicitly set the `NEXTAUTH_URL` environment variable. With other providers **you will** need to also set this environment variable.
-
-### Securing a preview deployment
-
-Securing a preview deployment (with an OAuth provider) comes with some critical obstacles. Most OAuth providers only allow a single redirect/callback URL, or at least a set of full static URLs. Meaning you cannot set the value before publishing the site and you cannot use wildcard subdomains in the callback URL settings of your OAuth provider. Here are a few ways you can still use NextAuth.js to secure your Preview Deployments.
-
-#### Using the Credentials Provider
-
-You could check in your `/pages/api/auth/[...nextauth].js` API route / configuration file to see if you're currently in a Vercel preview environment, and if so, enable a simple "credential provider", meaning username/password. Vercel offers a few built-in [system environment variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) which you could check against, like `VERCEL_ENV`. This would allow you to use this basic, for testing only, authentication strategy in your preview deployments.
-
-Some things to be aware of here, include:
-
-- Do not let this potential testing-only user have access to any critical data
-- If possible, maybe do not even connect this preview deployment to your production database
-
-##### Example
-
-```js title="/pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import CredentialsProvider from "next-auth/providers/credentials"
-
-export default NextAuth({
-  providers: [
-    process.env.VERCEL_ENV === "preview"
-      ? CredentialsProvider({
-          name: "Credentials",
-          credentials: {
-            username: {
-              label: "Username",
-              type: "text",
-              placeholder: "jsmith",
-            },
-            password: { label: "Password", type: "password" },
-          },
-          async authorize() {
-            return {
-              id: 1,
-              name: "J Smith",
-              email: "jsmith@example.com",
-              image: "https://i.pravatar.cc/150?u=jsmith@example.com",
-            }
-          },
-        })
-      : GoogleProvider({
-          clientId: process.env.GOOGLE_ID,
-          clientSecret: process.env.GOOGLE_SECRET,
-        }),
-  ],
-})
-```
-
-#### Using the branch based preview URL
-
-Preview deployments at Vercel are often available via multiple URLs. For example, PR's merged to `master` or `main`, will be available the commit and PR specific preview URLs, but also the branch specific preview URLs. This branch specific URL will obviously not change as long as you work with that same branch. Therefore, you could add to your OAuth provider your `{project}-git-main-{user}.vercel.app` preview URL. As this will stay constant for that branch, you can reuse that preview deployment / URL for testing any authentication related deployments.
-
-## Netlify
-
-Netlify is very similar to Vercel in that you can deploy a Next.js project without almost any extra work.
-
-In order to setup NextAuth.js correctly here, you will want to make sure you add your `NEXTAUTH_SECRET` environment variable in the project settings. If you are using the [Essential Next.js Build Plugin](https://github.com/netlify/netlify-plugin-nextjs) within your project, you **do not** need to set the `NEXTAUTH_URL` environment variable as it is set automatically as part of the build process. 
-
-Netlify also exposes some [system environment variables](https://docs.netlify.com/configure-builds/environment-variables/) from which you can check which `NODE_ENV` you are currently in and much more.
-
-After this, just make sure you either have your OAuth provider setup correctly with `clientId` / `clientSecret`'s and callback URLs.

docs/versioned_docs/version-beta/guides/03-basics/events.md

@@ -1,62 +0,0 @@
-# Events
-
-Events are asynchronous functions that do not return a response, they are useful for audit logs / reporting or handling any other side-effects.
-
-You can specify a handler for any of these events below, for debugging or for an audit log.
-
-:::note
-The execution of your authentication API will be blocked by an `await` on your event handler. If your event handler starts any burdensome work it should not block its own promise on that work.
-:::
-
-## Events
-
-### signIn
-
-Sent on a successful sign in.
-
-The message will be an object and contain:
-
-- `user` (from your adapter or from the provider if a `credentials` type provider)
-- `account` (from your adapter or the provider)
-- `profile` (from the provider, is `undefined` on `credentials` provider, use `user` instead)
-- `isNewUser` (whether your adapter had a user for this account already)
-
-### signOut
-
-Sent when the user signs out.
-
-The message object will contain one of these depending on if you use JWT or database persisted sessions:
-
-- `token`: The JWT token for this session.
-- `session`: The session object from your adapter that is being ended
-
-### createUser
-
-Sent when the adapter is told to create a new user.
-
-The message object will contain the user.
-
-### updateUser
-
-Sent when the adapter is told to update an existing user. Currently, this is only sent when the user verifies their email address.
-
-The message object will contain the user.
-
-### linkAccount
-
-Sent when an account in a given provider is linked to a user in our user database. For example, when a user signs up with Twitter or when an existing user links their Google account.
-
-The message object will contain:
-
-- `user`: The user object from your adapter.
-- `account`: The object returned from the provider.
-- `profile`: The object returned from the `profile` callback of the OAuth provider.
-
-### session
-
-Sent at the end of a request for the current session.
-
-The message object will contain one of these depending on if you use JWT or database persisted sessions:
-
-- `token`: The JWT token for this session.
-- `session`: The session object from your adapter.

docs/versioned_docs/version-beta/guides/03-basics/initialization.md

@@ -1,122 +0,0 @@
----
-title: Custom Initialization 
----
-
-In Next.js, you can define an API route that will catch all requests that begin with a certain path. Conveniently, this is called [Catch all API routes](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes).
-
-When you define a `/pages/api/auth/[...nextauth]` JS/TS file, you instruct NextAuth.js that every API request beginning with `/api/auth/*` should be handled by the code written in the `[...nextauth]` file.
-
-Depending on your use case, you can initialize NextAuth.js in two different ways:
-
-## Simple initialization
-
-In most cases, you won't need to worry about what `NextAuth.js` does, and you will get by just fine with the following initialization:
-
-```ts title="/pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-
-export default NextAuth({
-  ...
-})
-```
-
-Here, you only need to pass your [options](/configuration/options) to `NextAuth`, and `NextAuth` does the rest.
-
-This is the preferred initialization in tutorials/other parts of the documentation, as it simplifies the code and reduces potential errors in the authentication flow.
-
-## Advanced initialization
-
-If you have a specific use case and need to make NextAuth.js do something slightly different than what it is designed for, keep in mind, the `[...nextauth].js` config file is still just **a regular [API Route](https://nextjs.org/docs/api-routes/introduction)** at the end of the day.
-
-That said, you can initialize NextAuth.js like this:
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import type { NextApiRequest, NextApiResponse } from "next"
-import NextAuth from "next-auth"
-
-export default async function auth(req: NextApiRequest, res: NextApiResponse) {
-  // Do whatever you want here, before the request is passed down to `NextAuth`
-  return await NextAuth(req, res, {
-    ...
-  })
-}
-```
-
-The `...` section will still be your [options](/configuration/options), but you now have the possibility to execute/modify certain things on the request.
-
-You could for example log the request, add headers, read `query` or `body` parameters, whatever you would do in an API route.
-
-:::tip
-Since this is a catch-all route, remember to check what kind of NextAuth.js "action" is running. Compare the REST API with the `req.query.nextauth` parameter.
-
-For example to execute something on the "callback" action when the request is a POST method, you can check for `req.query.nextauth.includes("callback") && req.method === "POST"`
-:::
-
-:::note
-`NextAuth` will implicitly close the response (by calling `res.end`, `res.send` or similar), so you should not run code **after** `NextAuth` in the function body. Using `return NextAuth` makes sure you don't forget that.
-:::
-
-Any variable you create this way will be available in the `NextAuth` options as well, since they are in the same scope.
-
-```ts title="/pages/api/auth/[...nextauth].ts"
-import type { NextApiRequest, NextApiResponse } from "next"
-import NextAuth from "next-auth"
-
-export default async function auth(req: NextApiRequest, res: NextApiResponse) {
-
-  if(req.query.nextauth.includes("callback") && req.method === "POST") {
-    console.log(
-      "Handling callback request from my Identity Provider",
-      req.body
-    )
-  }
-
-  // Get a custom cookie value from the request
-  const someCookie = req.cookies["some-custom-cookie"]
-
-  return await NextAuth(req, res, {
-    ...
-    callbacks: {
-      session({ session, token }) {
-        // Return a cookie value as part of the session
-        // This is read when `req.query.nextauth.includes("session") && req.method === "GET"`
-        session.someCookie = someCookie
-        return session
-      }
-    }
-  })
-}
-```
-
-A practical example could be to not show a certain provider on the default sign-in page, but still be able to sign in with it. (The idea is taken from [this discussion](https://github.com/nextauthjs/next-auth/discussions/3133)):
-
-```js title="/pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import CredentialsProvider from "next-auth/providers/credentials"
-import GoogleProvider from "next-auth/providers/google"
-
-export default async function auth(req, res) {
-  const providers = [
-    CredentialsProvider(...),
-    GoogleProvider(...),
-  ]
-
-  const isDefaultSigninPage = req.method === "GET" && req.query.nextauth.includes("signin")
-
-  // Will hide the `GoogleProvider` when you visit `/api/auth/signin`
-  if (isDefaultSigninPage) providers.pop()
-
-  return await NextAuth(req, res, {
-    providers,
-    ...
-  })
-}
-```
-
-For more details on all available actions and which methods are supported, please check out the [REST API documentation](/getting-started/rest-api) or the appropriate area in [the source code](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/index.ts)
-
-This way of initializing `NextAuth` is very powerful, but should be used sparingly.
-
-:::warning
-Changing parts of the request that is essential to `NextAuth` to do it's job - like messing with the [default cookies](/configuration/options#cookies) - can have unforeseen consequences, and have the potential to introduce security holes if done incorrectly. Only change those if you understand consequences.
-:::

docs/versioned_docs/version-beta/guides/03-basics/overriding-jwt.md

@@ -1,31 +0,0 @@
----
-title: Override JWT `encode` and `decode` methods
-sidebar_label: Custom JWT encoding
----
-
-:::warning
-If you use middleware to protect routes, make sure the same method is also set in the [`_middleware.ts` options](/configuration/nextjs#custom-jwt-decode-method)
-:::
-
-
-NextAuth.js uses encrypted JSON Web Tokens ([JWE](https://datatracker.ietf.org/doc/html/rfc7516)) by default. Unless you have a good reason, we recommend keeping this behaviour. Although you can override this using the `encode` and `decode` methods. Both methods must be defined at the same time.
-
-```js
-jwt: {
-  async encode(params: {
-    token: JWT
-    secret: string
-    maxAge: number
-  }): Promise<string> {
-    // return a custom encoded JWT string
-    return "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
-  },
-  async decode(params: {
-    token: string
-    secret: string
-  }): Promise<JWT | null> {
-    // return a `JWT` object, or `null` if decoding failed
-    return {}
-  },
-}
-```

docs/versioned_docs/version-beta/guides/03-basics/pages.md

@@ -1,179 +0,0 @@
-# Pages
-
-NextAuth.js automatically creates simple, unbranded authentication pages for handling Sign in, Sign out, Email Verification and displaying error messages.
-
-The options displayed on the sign-up page are automatically generated based on the providers specified in the options passed to NextAuth.js.
-
-To add a custom login page, you can use the `pages` option:
-
-```javascript title="pages/api/auth/[...nextauth].js"
-...
-  pages: {
-    signIn: '/auth/signin',
-    signOut: '/auth/signout',
-    error: '/auth/error', // Error code passed in query string as ?error=
-    verifyRequest: '/auth/verify-request', // (used for check email message)
-    newUser: '/auth/new-user' // New users will be directed here on first sign in (leave the property out if not of interest)
-  }
-...
-```
-
-:::note
-When using this configuration, ensure that these pages actually exist. For example `error: '/auth/error'` refers to a page file at `pages/auth/error.js`.
-:::
-
-## Error codes
-
-We purposefully restrict the returned error codes for increased security.
-
-### Error page
-
-The following errors are passed as error query parameters to the default or overridden error page:
-
-- **Configuration**: There is a problem with the server configuration. Check if your [options](/configuration/options#options) are correct.
-- **AccessDenied**: Usually occurs, when you restricted access through the [`signIn` callback](/configuration/callbacks#sign-in-callback), or [`redirect` callback](/configuration/callbacks#redirect-callback)
-- **Verification**: Related to the Email provider. The token has expired or has already been used
-- **Default**: Catch all, will apply, if none of the above matched
-
-Example: `/auth/error?error=Configuration`
-
-### Sign-in page
-
-The following errors are passed as error query parameters to the default or overridden sign-in page:
-
-- **OAuthSignin**: Error in constructing an authorization URL ([1](https://github.com/nextauthjs/next-auth/blob/457952bb5abf08b09861b0e5da403080cd5525be/src/server/lib/signin/oauth.js), [2](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/state-handler.ts)),
-- **OAuthCallback**: Error in handling the response ([1](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/callback.ts), [2](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/pkce-handler.ts), [3](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/state-handler.ts)) from an OAuth provider.
-- **OAuthCreateAccount**: Could not create OAuth provider user in the database.
-- **EmailCreateAccount**: Could not create email provider user in the database.
-- **Callback**: Error in the [OAuth callback handler route](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/routes/callback.ts)
-- **OAuthAccountNotLinked**: If the email on the account is already linked, but not with this OAuth account
-- **EmailSignin**: Sending the e-mail with the verification token failed
-- **CredentialsSignin**: The `authorize` callback returned `null` in the [Credentials provider](/providers/credentials). We don't recommend providing information about which part of the credentials were wrong, as it might be abused by malicious hackers.
-- **SessionRequired**: The content of this page requires you to be signed in at all times. See [useSession](/getting-started/client#require-session) for configuration.
-- **Default**: Catch all, will apply, if none of the above matched
-
-Example: `/auth/signin?error=Default`
-
-## Theming
-
-By default, the built-in pages will follow the system theme, utilizing the [`prefer-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) Media Query. You can override this to always use a dark or light theme, through the [`theme.colorScheme` option](/configuration/options#theme).
-
-In addition, you can define a `theme.brandColor` to define a custom accent color for these built-in pages. You can also define a URL to a logo in `theme.logo` which will be rendered above the primary card in these pages.
-
-#### Sign In
-
-![Customized Signin Page](/img/pages_signin.png)
-
-#### Sign Out
-
-![Customized Signout Page](/img/pages_signout.png)
-
-## Examples
-
-### OAuth Sign in
-
-In order to get the available authentication providers and the URLs to use for them, you can make a request to the API endpoint `/api/auth/providers`:
-
-```jsx title="pages/auth/signin.js"
-import { getProviders, signIn } from "next-auth/react"
-
-export default function SignIn({ providers }) {
-  return (
-    <>
-      {Object.values(providers).map((provider) => (
-        <div key={provider.name}>
-          <button onClick={() => signIn(provider.id)}>
-            Sign in with {provider.name}
-          </button>
-        </div>
-      ))}
-    </>
-  )
-}
-
-export async function getServerSideProps(context) {
-  const providers = await getProviders()
-  return {
-    props: { providers },
-  }
-}
-```
-
-There is another, more fully styled example signin page available [here](https://github.com/ndom91/next-auth-example-sign-in-page).
-
-### Email Sign in
-
-If you create a custom sign in form for email sign in, you will need to submit both fields for the **email** address and **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/signin/email**.
-
-```jsx title="pages/auth/email-signin.js"
-import { getCsrfToken } from "next-auth/react"
-
-export default function SignIn({ csrfToken }) {
-  return (
-    <form method="post" action="/api/auth/signin/email">
-      <input name="csrfToken" type="hidden" defaultValue={csrfToken} />
-      <label>
-        Email address
-        <input type="email" id="email" name="email" />
-      </label>
-      <button type="submit">Sign in with Email</button>
-    </form>
-  )
-}
-
-export async function getServerSideProps(context) {
-  const csrfToken = await getCsrfToken(context)
-  return {
-    props: { csrfToken },
-  }
-}
-```
-
-You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
-
-```js
-signIn("email", { email: "jsmith@example.com" })
-```
-
-### Credentials Sign in
-
-If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/callback/credentials**.
-
-```jsx title="pages/auth/credentials-signin.js"
-import { getCsrfToken } from "next-auth/react"
-
-export default function SignIn({ csrfToken }) {
-  return (
-    <form method="post" action="/api/auth/callback/credentials">
-      <input name="csrfToken" type="hidden" defaultValue={csrfToken} />
-      <label>
-        Username
-        <input name="username" type="text" />
-      </label>
-      <label>
-        Password
-        <input name="password" type="password" />
-      </label>
-      <button type="submit">Sign in</button>
-    </form>
-  )
-}
-
-export async function getServerSideProps(context) {
-  return {
-    props: {
-      csrfToken: await getCsrfToken(context),
-    },
-  }
-}
-```
-
-You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
-
-```js
-signIn("credentials", { username: "jsmith", password: "1234" })
-```
-
-:::tip
-Remember to put any custom pages in a folder outside **/pages/api** which is reserved for API code. As per the examples above, a location convention suggestion is `pages/auth/...`.
-:::

docs/versioned_docs/version-beta/guides/03-basics/refresh-token-rotation.md

@@ -1,134 +0,0 @@
-# Refresh Token Rotation
-
-While NextAuth.js doesn't automatically handle access token rotation for [OAuth providers](/beta/reference/providers/oauth-builtin) yet, this functionality can be implemented using [callbacks](https://next-auth.js.org/configuration/callbacks).
-
-## Source Code
-
-A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
-
-## Implementation
-
-### Server Side
-
-Using a [JWT callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) and a [session callback](https://next-auth.js.org/configuration/callbacks#session-callback), we can persist OAuth tokens and refresh them when they expire.
-
-Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
-
-```js title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-
-const GOOGLE_AUTHORIZATION_URL =
-  "https://accounts.google.com/o/oauth2/v2/auth?" +
-  new URLSearchParams({
-    prompt: "consent",
-    access_type: "offline",
-    response_type: "code",
-  })
-
-/**
- * Takes a token, and returns a new token with updated
- * `accessToken` and `accessTokenExpires`. If an error occurs,
- * returns the old token and an error property
- */
-async function refreshAccessToken(token) {
-  try {
-    const url =
-      "https://oauth2.googleapis.com/token?" +
-      new URLSearchParams({
-        client_id: process.env.GOOGLE_CLIENT_ID,
-        client_secret: process.env.GOOGLE_CLIENT_SECRET,
-        grant_type: "refresh_token",
-        refresh_token: token.refreshToken,
-      })
-
-    const response = await fetch(url, {
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      method: "POST",
-    })
-
-    const refreshedTokens = await response.json()
-
-    if (!response.ok) {
-      throw refreshedTokens
-    }
-
-    return {
-      ...token,
-      accessToken: refreshedTokens.access_token,
-      accessTokenExpires: Date.now() + refreshedTokens.expires_at * 1000,
-      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
-    }
-  } catch (error) {
-    console.log(error)
-
-    return {
-      ...token,
-      error: "RefreshAccessTokenError",
-    }
-  }
-}
-
-export default NextAuth({
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      authorization: GOOGLE_AUTHORIZATION_URL,
-    }),
-  ],
-  callbacks: {
-    async jwt({ token, user, account }) {
-      // Initial sign in
-      if (account && user) {
-        return {
-          accessToken: account.access_token,
-          accessTokenExpires: Date.now() + account.expires_at * 1000,
-          refreshToken: account.refresh_token,
-          user,
-        }
-      }
-
-      // Return previous token if the access token has not expired yet
-      if (Date.now() < token.accessTokenExpires) {
-        return token
-      }
-
-      // Access token has expired, try to update it
-      return refreshAccessToken(token)
-    },
-    async session({ session, token }) {
-      session.user = token.user
-      session.accessToken = token.accessToken
-      session.error = token.error
-
-      return session
-    },
-  },
-})
-```
-
-### Client Side
-
-The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed all the way to the client. This means that you can direct the user to the sign in flow if we cannot refresh their token.
-
-We can handle this functionality as a side effect:
-
-```js title="pages/home.js"
-import { signIn, useSession } from "next-auth/react";
-import { useEffect } from "react";
-
-const HomePage() {
-  const { data: session } = useSession();
-
-  useEffect(() => {
-    if (session?.error === "RefreshAccessTokenError") {
-      signIn(); // Force sign in to hopefully resolve error
-    }
-  }, [session]);
-
-return (...)
-}
-```