* feat(adapter): Add Azure Table Storage DB adapter
* add newlines
* remove sessionByUserId together with the session
* include import in the readme file
* add types to response objects
* introduce contracts for the db entities
* Rename the lib in docs
Co-authored-by: Nico Domino <yo@ndo.dev>
* run prettier
* feat: azure tables adapter
---------
Co-authored-by: Nikita Dmitriev <nikitadmitry@gmail.com>
Co-authored-by: Nikita Dmitriev <106996965+nikitaclicks@users.noreply.github.com>
Co-authored-by: Nico Domino <yo@ndo.dev>
Improve performance by avoiding call to parseDataSourceConfig before checking if _dataSource was already initialized.
Co-authored-by: Thang Vu <hi@thvu.dev>
Fix crash in azure-ad-b2c.ts
Not all b2c-setups return a list of emails. This fixes the resulting crash by using defensive access when setting the profile email address field.
Co-authored-by: Thang Vu <hi@thvu.dev>
* Add vanilla Postgres adapter for NextAuth using the pg package.
All tests are passing.
* Fix typo in readme
* Add basic tsconfig
* Replace this.getUser with functio body as this is undef
* Change name from @next-auth/postgres-adapter to @next-auth/pg-adapter
* Fix package folder to be same as name
* Add package to issue template, labeller and PR labeller
* Commit pnpm lock change.
* Set next-auth version to ^4
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Return user id when updating user. Fixes#4897.
* chore: format PR
* chore: format PR
* chore: formatting
* fix: tests
* fix
---------
Co-authored-by: Jake Coppinger <jake@jakecoppinger.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* cleaned everything up
* Added documentation
* fixed up d1 logo in docs
* cleaning out unused file
* changed to esm module
* formatting the PR
* update the deps
* update the deps
* ignore test
* ignore test
* fix deps
* add contributor
---------
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Thang Vu <hi@thvu.dev>
BREAKING CHANGE:
The required minimum version of `mongodb` has been bumped to v6, make sure to upgrade it in your project via `npm i mongodb@latest` or the equivalent
* feat: click up provider created
* docs: ClickUp documentation
* Format
---------
Co-authored-by: Antonio Basile <antoniobasile2@eng.it>
Co-authored-by: Thang Vu <hi@thvu.dev>
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/supabase-adapter": "0.0.0",
+ "@auth/supabase-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/xata-adapter": "0.0.0",
+ "@auth/xata-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/sequelize-adapter": "0.0.0",
+ "@auth/sequelize-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/pouchdb-adapter": "0.0.0",
+ "@auth/pouchdb-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
This package assumes that `globalThis.crypto` is available.
In older Node.js versions, you can polyfill by adding:
`globalThis.crypto ??= require("node:crypto").webcrypto`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/neo4j-adapter": "0.0.0",
+ "@auth/neo4j-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
This package assumes that `globalThis.crypto` is available.
In older Node.js versions, you can polyfill by adding:
`globalThis.crypto ??= require("node:crypto").webcrypto`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/firebase-adapter": "0.0.0",
+ "@auth/firebase-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
* feat: introduce `@auth/fauna-adapter`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/fauna-adapter": "0.0.0",
+ "@auth/fauna-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/mikro-orm-adapter": "0.0.0",
+ "@auth/mikro-orm-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
This package assumes that `globalThis.crypto` is available.
In older Node.js versions, you can polyfill by adding:
`globalThis.crypto ??= require("node:crypto").webcrypto`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/dynamodb-adapter": "0.0.0",
+ "@auth/dynamodb-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
This package assumes that `globalThis.crypto` is available.
In older Node.js versions, you can polyfill by adding:
`globalThis.crypto ??= require("node:crypto").webcrypto`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/dgraph-adapter": "0.0.0",
+ "@auth/dgraph-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
`fetch` is not polyfilled anymore.
In older Node.js versions, you can use the `--experimental-fetch` flag, or install `undici` and add the following line:
`globalThis.fetch ??= require("undici").fetch`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/upstash-redis-adapter": "0.0.0",
+ "@auth/upstash-redis-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
This package assumes that `globalThis.crypto` is available.
In older Node.js versions, you can polyfill by adding:
`globalThis.crypto ??= require("node:crypto").webcrypto`
Database adapters are not dependent on Next.js features, so it makes sense to republish them under the `@auth/*` scope.
This PR is part of a series to convert adapters, using `@auth/core` for types.
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/mongodb-adapter": "0.0.0",
+ "@auth/mongodb-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/typeorm-legacy-adapter": "0.0.0",
+ "@auth/typeorm-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only
BREAKING CHANGE:
If you are coming from the previous adapter, change your `package.json`:
```diff
- "@next-auth/prisma-adapter": "0.0.0",
+ "@auth/prisma-adapter": "0.0.0",
```
And run `npm install`, `yarn install` or `pnpm install` respectively.
**Note:** This packages is published as ESM-only.
* upgrade neo4j-driver
* Correcting depdendency to also allow for ^4.0.0 and pnpm install
---------
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Update size of icons on load && on resize event
Added 'use client' since window object would only be defined on client side ( and using hooks );
Thought it'd be a cool feature to add :)
* Apply suggestions from code review
---------
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix#6935: show close button.
* fix(global-css): show close button on annoucement bar
dev and build were generating different results, adding `!important` fixed on build.
BREAKING CHANGE:
Complete rewrite of the package. It is now published as ESM-only and written for `next-auth@4`. `next-auth@3` support is removed.
---------
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* added optional dynamic sveltekit options
* changed dynamicOptions function to async
* converted dynamicOptions to a named type
* updated inline docs to show async capabilities
* Update packages/frameworks-sveltekit/src/lib/index.ts
Co-authored-by: Thang Vu <hi@thvu.dev>
* Update packages/frameworks-sveltekit/src/lib/index.ts
Co-authored-by: Thang Vu <hi@thvu.dev>
* Update packages/frameworks-sveltekit/src/lib/index.ts
Co-authored-by: Thang Vu <hi@thvu.dev>
* Update packages/frameworks-sveltekit/src/lib/index.ts
Co-authored-by: Thang Vu <hi@thvu.dev>
* Update packages/frameworks-sveltekit/src/lib/index.ts
Co-authored-by: Thang Vu <hi@thvu.dev>
* refined to a simpler function signature
* removed redundant return statement
* Apply suggestions from code review
---------
Co-authored-by: Thang Vu <hi@thvu.dev>
* fix(adapters): comply to Node.js native ESM resolver for Firebase adapter
* fix import
* use single file
---------
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Bump @panva/hkdf to v1.0.3
Fixes#6736
* Update to v1.0.4
v.1.0.3 failed to publish it seems
* update lockfile
---------
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
BREAKING CHANGE:
- This package now only ships ESM, as all maintained Node.js versions have native support
- Dropped the `crypto` Node.js import in favor of `uuid`. When `globalThis.crypto` is the default in the future, we can remove `uuid` again
* add notion provider along with logo and styles
"
* adjust notion documentation
* update issue template with Notion provider
* update docs and provider with code from TomYeoman
* feat: move Notion provider to core
* get it working
---------
Co-authored-by: Harrison Broadbent <harrisonbroadbent@gmail.com>
Co-authored-by: Harrison Broadbent <harrisonbroadbent@Harrisons-MacBook-Air.local>
Co-authored-by: Thang Vu <hi@thvu.dev>
* Fix token expiry comparision in database strategy
fixes the condition used for example
in database strategy
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: e2e test init
* run e2e test on CI
* Add credentials to ci
* Update pnpm-lock.yaml
* move test to dev
* add dotenv
* remove in examples
* add e2e command
* revert
* add output cache for turbo e2e
* correct path for upload artifact
* Update release.yml
* feat(pages): Redesigned all default pages according to sketches discussed.
* chore(signin): Remove console.log
* fix(css): Makes cards scale down to 320px and have a fixed width on larger screens
* fix(styling): Adds margins on bottom and top of card.
* chore(docs): Change the documentation according to changes. Uploaded new images that reflect the new pages.
* fix(next-auth/core): Fixes correct styling of provider button across browsers.
* chore(docs): Add doc string to beta docs aswell
* feat: move changes to core
* revert change in next-auth
Co-authored-by: Nico Domino <yo@ndo.dev>
Co-authored-by: Thang Vu <hi@thvu.dev>
revert signin
* chore(docs): Session management sample for Svelte
Added a code sample for managing the session through the $page store.
The sample demonstrates how to retrieve the session data in the root
+page.server.ts file and make it globally accessible through the $page
store, simplifying state management in the application. The previous
examples already used the data available in this store but did not show
how to set it.
* docs: Add authorization section to SvelteKit docs
This authorization section was added to make sure a few caveats with
SvelteKit were well documented to anyone using the library.
The problem is documented here: https://github.com/sveltejs/kit/issues/6315
Essentially, propagation of data between leafs is not guaranteed when
using the +layout.server.ts file as its load function is not guaranteed
to rerun every page change. The current approach to solve this is to do
authorization in each +page.server.ts file and additionally make sure to
grab the session data by awaiting the parent instead of directly
accessing the $page store, to make sure the information there is
current.
* docs: Fix small typesafety mistake in SvelteKit
PageLoad type should actually be PageServerLoad. Not setting this does
not actually generate any problems other than TypeScript complaining
that this type is not actually exported.
* docs: Add handle hook authorization management
Another way to handle authorization is through a path-based method. This
added part of the documentation uses the handle hook to protect certain
routes based on their path. The previous method which is per-component
is still present.
* docs: Simplify component approach for Svelte auth
Using event.locals.getSession() exposed by SvelteKitAuth instead of
relying in the root layout file making that available in the $page
store.
* docs: Complete SvelteKit authorization docs
Finalize the explanation for the URI-based approach and also clarify
interactions with the component-based approach.
* docs: Add formatting to vars in the SvelteKit docs
Format the variables like this: `var` so that it appears clearly as code
when reading the documentation.
Co-authored-by: Thang Vu <hi@thvu.dev>
* added function overload to getToken
* use MissingSecret error instead
* had wrong import
* change in core
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix(core): update CallbacksOptions.jwt docstring
Change description to reflect that JWT is encrypted by default
* update in core
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(sveltekit): autogenerate API reference
* feat(sveltekit): update to use latest `@auth/core`
* chore: format
* chore: add auth packages as docs dependency
* chore: format
* chore: more formatting
* chore: don't run build before tests
- Cleans up logging. Logs are now color-coded, added more debug logs, and errors can include some simple metadata (like provider id) to know which provider caused an issue.
- All errors are exposed via `@auth/core/errors`. Each error has a URL like: https://errors.authjs.dev#errorcode in the terminal, which points to the documentation explaining the problem in detail, suggesting a fix.
- Added a bunch of documentation that autogenerates the pages under https://authjs.dev/reference/core/modules/main
- Renames `AuthHandler` to `Auth` and `AuthOptions` to `AuthConfig`
- Throwing an error in `signIn` callback will now be caught as a general error and will redirect to `/error?error=Configuration`. If the callback returns `false`, it will redirect to `/error?error=AccessDenied`.
* Directions to deploy outside Vercel
An additional ENV variable is needed when deploying with another service.
* Updated as suggested, AUTH_TRUST_HOST is a boolean
Add AUTH_TRUST_HOST for deploy outside Vercel
* feat: add signin button styles
* fix: remove unnecessary spans
chore: rm comments
* Update packages/next-auth/src/core/pages/signin.tsx
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: add provider svgs to repo
* fix: adjust SVG sizes
* fix: adjust provider btn to logo links
* feat: apple provider btn style
* fix: add apple-dark svg
* feat: atlassian logo and style
* feat: auth0 logo and style
* feat: azure logo and style
* fix: azure logo size
* feat: battlenet logo and style
* feat: box logo and style
* feat: cognito logo and style
* feat: discord logo and style
* feat: facebook logo and style
* feat: foursquare logo and style
* fix: foursquare logo size
* feat: freshbooks logo and style
* feat: gitlab logo and style
* fix: gitlab logo whitespace
* feat: hubspot logo and style
* feat: instagram logo and style
* feat: keycloak logo and style
* feat: keycloak logo resize
* feat: linkedin logo and style
* feat: mailchimp logo and style
* feat: okta logo and style
* feat: update okta logos
* feat: patreon logo and style
* fix: okta logo viewbox
* feat: slack logo and style
* feat: spotify logo and style
* feat: todoist logo and style
* fix: spotify logo size
* feat: trakt logo and style
* feat: twitch logo and style
* feat: twitter logo and style
* feat: vk logo and style
* feat: wikimedia logo and style
* feat: workos logo and style
* fix: wikimedia-dark logo + twitter (legacy)
* fix: button:active styling
* fix: ignore eslint inline css custom properties warning
* fix: improve darkmode default btn stylign
* fix: swap github btn colors
* fix: swap line btn theme colors
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat(next): support Server Components with `unstable_getServerSession`
* chore: remove `.entries`
* docs(next): add documentation for RSC
* update beta docs
* chore(dev): add app dir
* fix text
* only show second warning if using with RSC
* only delete expires for RSC case
* feat(client): add `refetchWhenOffline` option
* docs(client): document `refetchWhenOffline` option
* add TODO comment for next major
* feat: improve refetch hook logic
* fix: add todo back
* chore: small refactoring
Co-authored-by: Thang Vu <hi@thvu.dev>
* Non vercel-specific way to forward host header
* Update packages/next-auth/src/utils/detect-host.ts
Co-authored-by: Balázs Orbán <info@balazsorban.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix(middleware): improve handling of custom nextjs basePath
* fix(middleware): improve extraction of nextjs base path from req.nextUrl
* adapt to req.nextUrl.basePath
* Fix indent
* Add middleware test for custom-base and simplified code a little bit
* Fix indent
* Add another test
* Rename basePath and nextJsBasePath
* Fix lint error
* Add user id to `session` and `jwt` callback
* Minor changes
- Notes on why the id is not exposed by default is already documented in the `session` section.
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(adapters): Add prisma client docs for typescript users
Add documentation for connecting prisma client w/ prisma adapter for typescript users.
* docs(adapters): remove prismadb.js for prismadb.ts
remove prismadb.js as it is identical to the prismadb.ts
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* Update prisma.md
The referenced official doc page describes how to fix the `warn(prisma-client) There are already 10 instances of Prisma Client actively running.` error in development mode.
* Update prisma.md
Implemented best practice for Prisma Client creation.
* Fixed typo in Prisma db filename.
* fix(middleware): use `includes()` for NextAuth pages
Some users could be setting their `signIn` and `error` pages option to
`/` to disable the automatically generated pages, as suggested in [1].
This commit reverts the behaviour for matching `signIn` and `error`
pages in `handleMiddleware` to pre-v4.10.3.
```
const signInPage = "/"
const errorPage = "/"
const publicPaths = [signInPage, errorPage, "/_next", "/favicon.ico"]
// pathname = "/" will return true
publicPaths.some((p) => pathname.startsWith(p))
```
Fixes: aedabc8d ("fix: avoid redirect on always public paths")
Reference [1]: https://github.com/nextauthjs/next-auth/discussions/2330#discussioncomment-1678298
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* test(middleware): add tests for public paths
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: Thang Vu <thvu@hey.com>
* clean up `package.json` files
* chore(ts): make sure `next-auth/next` does not conflict with `next`
* simplify `turbo.json`
* fix: apply suggestion
* simplify doc dev command
* ignore upstash redis again
* ignore mikro orm for now
* chore: dev command
* update lock file
* update css path for dev only
* Update apps/dev/package.json
Co-authored-by: Thang Vu <thvu@hey.com>
* Send client_id and client_secret to linkedin
Linkedin now requires client_id and client_secret to be
sent in the oauth callback. Fixes#5220
* Update linkedin.ts
Co-authored-by: Thang Vu <thvu@hey.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: added providing database name in options
* fix: added database name providing in readme
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix: return null in unstable_getServerSession if there's an error
* Remove status check and instead check body is not a string
* Combine similar tests
* Keep error from being logged twice
The same errors have been logged, firstly before throwing
OAuthCallbackError, later in the catch-clause of it.
This commit removes the former and lets the latter survive,
because logging functionality seems better to reside in the
same neighborhood.
* doc: Merge CALLBACK_OAUTH_ERROR to OAUTH_CALLBACK_ERROR
* doc: This particular error from openid-client comes with SIGNIN_OAUTH_ERROR
* Provide logger with `providerId`
Co-authored-by: Thang Vu <thvu@hey.com>
Co-authored-by: Thang Vu <thvu@hey.com>
* fix typo in faq
Added missing “not” in same root different subdomain config section warning text
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: add nonce check type
* Update types import for nonce-handler.ts
* Update packages/next-auth/src/core/lib/oauth/callback.ts
Co-authored-by: Thang Vu <thvu@hey.com>
* Add further info to debug msg as per PR suggestion
* Cast OauthChecks as OpenIDCallbackChecks
* Update order of imports as per PR suggestion
Co-authored-by: Hamid Adelyar <hamid.adelyar@bjss.com>
Co-authored-by: hamidbjss <98807568+hamidbjss@users.noreply.github.com>
Co-authored-by: Thang Vu <thvu@hey.com>
Contains the following squashed commits:
* Added how to install next-auth
* Update docs/docs/getting-started/example.md
* Update docs/docs/getting-started/example.md
* Updated with suggestions in mind
* Update example.md
* type safe babel config
* avoid auth redirect for `_next`
* force render default error page on user miconfig
* add slash to _next path
* use `.some`
* add docs
* change from localhost
* add favicon to public path
Split a FAQ into two parts:
Before:
- Can I use NextAuth.js with a website that does not use Next.js?
After:
- Can I use NextAuth.js with a framework different than Next.js?
- Can session generated by NextAuth.js be used by another website?
Ports and refactors `@next-auth/firebase-adapter` to use the new Adapter API. Ported from this PR: nextauthjs/adapters#183
BREAKING CHANGE:
- Renames `FirebaseAdapter` export to `FirestoreAdpater`
- This adapter now requires firebase v9+
We haven't kept up with the recent TypeORM changes, and since they are still <1, it's likely that users kept upgrading, even if there were breaking changes.
BREAKING CHANGE:
[`typeorm`](https://github.com/typeorm/typeorm) is still in active development and has not yet published a stable release. Because of this, you can expect breaking changes in minor versions. This release of the adapter expects `typeorm@0.3.7` and is not validated against previous or future releases.
Run `npm i typeorm@latest` and make sure to read the [release notes](https://github.com/typeorm/typeorm/releases) for breaking changes in TypeORM
* ✨ provide secret via config
* 🐛 make secret optional
* 📝 docs for middleware and env var
* 📝 recommendation at the end of paragraph
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* chore: update docs regarding new server session API
* fix: add note about unstable_ API prefix
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
**NOTE:** Issues that are potentially security related should be reported to us by following the [Security guidelines](https://next-auth.js.org/security) rather than on GitHub.
Thanks for taking the time to fill out this issue after reading/searching through the [documentation](https://next-auth.js.org) first!
Is this your first time contributing? Check out this video: https://www.youtube.com/watch?v=cuoNzXFLitc
### Important :exclamation:
_Providing incorrect/insufficient information or skipping steps to reproduce the issue may result in closing the issue or converting to a discussion without further explanation._
_Providing incorrect/insufficient information or skipping steps to reproduce the issue will result in closing the issue and/or converting to a discussion without further explanation._
If you have a generic question specific to your project, it is best asked in Discussions under the [Questions category](https://github.com/nextauthjs/next-auth/discussions/new?category=Questions)
# Let's wait with this until adoption in other frameworks.
@@ -29,7 +30,7 @@ body:
Run this command in your project's root folder and paste the result:
Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
**NOTE:** Issues that are potentially security related should be reported to us by following the [Security guidelines](https://next-auth.js.org/security) rather than on GitHub.
Thanks for taking the time to fill out this [Provider](https://next-auth.js.org/providers/overview) related issue!
Is this your first time contributing? Check out this video: https://www.youtube.com/watch?v=cuoNzXFLitc
@@ -24,17 +25,23 @@ body:
- "Custom provider"
- "42 School"
- "Apple"
- "Asgardeo"
- "Atlassian"
- "Auth0"
- "Authentik"
- "Azure Active Directory"
- "Azure Active Directory B2C"
- "Azure DevOps"
- "Battlenet"
- "Beyond Identity"
- "Box"
- "Bungie"
- "ClickUp"
- "Cognito"
- "Coinbase"
- "Descope"
- "Discord"
- "Dribbble"
- "Dropbox"
- "EVE Online"
- "Facebook"
@@ -53,9 +60,11 @@ body:
- "LinkedIn"
- "Mailchimp"
- "Mail.ru"
- "Mastodon"
- "Medium"
- "Naver"
- "Netlify"
- "Notion"
- "Okta"
- "OneLogin"
- "Osso"
@@ -67,6 +76,8 @@ body:
- "Slack"
- "Spotify"
- "Strava"
- "Tiktok"
- "Todoist"
- "Trakt"
- "Twitch"
- "Twitter"
@@ -85,7 +96,7 @@ body:
Run this command in your project's root folder and paste the result:
Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
**NOTE:** Issues that are potentially security related should be reported to us by following the [Security guidelines](https://next-auth.js.org/security) rather than on GitHub.
Thanks for taking the time to fill out this [Adapter](https://next-auth.js.org/adapters/overview) related issue!
Is this your first time contributing? Check out this video: https://www.youtube.com/watch?v=cuoNzXFLitc
@@ -20,18 +21,26 @@ body:
multiple:true
options:
- "Custom adapter"
- "@next-auth/dgraph-adapter"
- "@next-auth/dynamodb-adapter"
- "@next-auth/fauna-adapter"
- "@next-auth/firebase-adapter"
- "@next-auth/mikro-orm-adapter"
- "@next-auth/mongodb-adapter"
- "@next-auth/neo4j-adapter"
- "@next-auth/pouchdb-adapter"
- "@next-auth/prisma-adapter"
- "@next-auth/sequelize-adapter"
- "@next-auth/typeorm-legacy-adapter"
- "@next-auth/upstash-redis-adapter"
- "@auth/azure-tables-adapter"
- "@auth/edgedb-adapter"
- "@auth/d1-adapter"
- "@auth/dgraph-adapter"
- "@auth/drizzle-adapter"
- "@auth/dynamodb-adapter"
- "@auth/fauna-adapter"
- "@auth/firebase-adapter"
- "@auth/kysely-adapter"
- "@auth/mikro-orm-adapter"
- "@auth/mongodb-adapter"
- "@auth/neo4j-adapter"
- "@auth/pg-adapter"
- "@auth/pouchdb-adapter"
- "@auth/prisma-adapter"
- "@auth/sequelize-adapter"
- "@auth/supabase-adapter"
- "@auth/typeorm-adapter"
- "@auth/upstash-redis-adapter"
- "@auth/xata-adapter"
validations:
required:true
- type:textarea
@@ -41,7 +50,7 @@ body:
Run this command in your project's root folder and paste the result:
Alternatively, if the above command did not work, we need the version of the following packages from your package.json: "next", "react", "next-auth" and your adapter. Please also mention your OS and Node.js version, as well as the browser you are using.
Thank you very much for reaching out to us regarding the awesome feature that you believe should be included in the NextAuth.js library.
_NOTE: Feature requests are converted to [discussions (Ideas 💡)](https://github.com/nextauthjs/next-auth/discussions/categories/ideas). Make sure your idea hasn't been asked yet, and upvote the existing one before opening a new instead._
### Important :exclamation:
Please proceed by providing the following information:
- type:textarea
id:description
attributes:
label:Description 📓
description:Please provide a more in-depth description of the feature proposed.
validations:
required:true
- type:markdown
attributes:
value:|
Make sure you provide plenty of [links]() to external documentation and inline code examples like so:
```js
function myAwesomeNextAuthFeature() {
return 💚
}
```
Take time thinking about what you want to say and help us understand your proposal making sure that this description contains:
- **purpose of the feature**
- **potential problems**
- **potential alternatives**
- type:textarea
id:reproduction
attributes:
label:How to reproduce ☕️
description:If you have a CodeSandbox playground or some code snippets to help us visualize your idea better, please provide it here.
validations:
required:true
- type:markdown
attributes:
value:|
You can use one of the templates set up on **CodeSandbox** to better illustrate your idea:
description:Please provide an in-depth description of the question you have when using NextAuth.js on a Typescript project or when consuming the built-in types for `next-auth`.
validations:
required:true
- type:markdown
attributes:
value:|
Make sure you [link]() to external documentation if necessary and provide inline code examples like so:
```js
function myAwesomeNextAuthFeature() {
return 💚
}
```
**NOTE:** Questions will be converted to Discussions. You can find them [here](https://github.com/nextauthjs/next-auth/discussions)!
- type:textarea
id:codesandbox
attributes:
label:How to reproduce ☕️
description:Please provide a link to a minimal reproduction or code snippets that represents your question
validations:
required:true
- type:markdown
attributes:
value:|
We encourage you to use the template set-up on **CodeSandbox** as a playground to represent your question or doubt:
@@ -5,9 +5,14 @@ Please fill out the information below to expedite the review and (hopefully)
merge of your pull request!
-->
> _NOTE_:
>
> - It's a good idea to open an issue first to discuss potential changes.
> - Please make sure that you are _NOT_ opening a PR to fix a potential security vulnerability. Instead, please follow the [Security guidelines](https://github.com/nextauthjs/.github/blob/main/SECURITY.md) to disclose the issue to us confidentially.
## ☕️ Reasoning
What changes are being made? What feature/bug is being fixed here?
<!-- What changes are being made? What feature/bug is being fixed here? -->
We could not detect a valid reproduction link. **Make sure to follow the bug report template carefully.**
### Why was this issue closed?
To be able to investigate, we need access to a reproduction to identify what triggered the issue. We need a link to a **public** GitHub repository. Example: ([NextAuth.js example repository](https://github.com/nextauthjs/next-auth-example)).
The bug template that you filled out has a section called "Reproduction URL", which is where you should provide the link to the reproduction.
- If you did not provide a link or the link you provided is not valid, we will close the issue.
- If you provide a link to a private repository, we will close the issue.
- If you provide a link to a repository but not in the correct section, we will close the issue.
### What should I do?
Depending on the reason the issue was closed, you can do the following:
- If you did not provide a link, please open a new issue with a link to a reproduction.
- If you provided a link to a private repository, please open a new issue with a link to a public repository.
- If you provided a link to a repository but not in the correct section, please open a new issue with a link to a reproduction in the correct section.
**In general, assume that we should not go through a lengthy onboarding process at your company code only to be able to verify an issue.**
### My repository is private and cannot make it public
In most cases, a private repo will not be a sufficient **minimal reproduction**, as this codebase might contain a lot of unrelated parts that would make our investigation take longer. Please do **not** make it public. Instead, create a new repository using the templates above, adding the relevant code to reproduce the issue. Common things to look out for:
- Remove any code that is not related to the issue. (pages, API Routes, components, etc.)
- Remove any dependencies that are not related to the issue.
- Remove any third-party service that would require us to sign up for an account to reproduce the issue.
- Remove any environment variables that are not related to the issue.
- Remove private packages that we do not have access to.
- If the issue is not related to a monorepo specifically, try to reproduce the issue without a complex monorepo setup
### I did not open this issue, but it is relevant to me, what can I do to help?
Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps by opening a new issue.
### I think my reproduction is good enough, why aren't you looking into it quickly?
We look into every issue and monitor open issues for new comments.
However, sometimes we might miss a few due to the popularity/high traffic of the repository. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.
Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.
### Useful Resources
- [How to create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve)
Contributions and feedback on your experience of using this software are welcome.
This includes bug reports, feature requests, ideas, pull requests, and examples of how you have used this software.
Please see the [Code of Conduct](CODE_OF_CONDUCT.md) and follow any templates configured in GitHub when reporting bugs, requesting enhancements, or contributing code.
Please raise any significant new functionality or breaking change an issue for discussion before raising a Pull Request for it.
## For contributors
Anyone can be a contributor. Either you found a typo, or you have an awesome feature request you could implement, we encourage you to create a Pull Request.
### Pull Requests
- The latest changes are always in `main`, so please make your Pull Request against that branch.
- Pull Requests should be raised for any change
- Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
- We use ESLint/Prettier for linting/formatting, so please run `yarn lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
- We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
- If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request
### Setting up local environment
A quick guide on how to setup _next-auth_ locally to work on it and test out any changes:
Copy `apps/dev/.env.local.example` to `apps/dev/.env.local`, and add your env variables for each provider you want to test.
```sh
cd apps/dev
cp .env.local.example .env.local
```
> NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
> You can find the next-auth config under`apps/dev/pages/api/auth/[...nextauth].js`.
4. Start the developer application/server:
```sh
yarn dev:app
```
Your developer application will be available on `http://localhost:3000`
That's it! 🎉
If you need an example project to link to, you can use [next-auth-example](https://github.com/iaincollins/next-auth-example).
#### Hot reloading
When running `yarn dev:app`, you start a Next.js developer server on `http://localhost:3000`, which includes hot reloading out of the box. Make changes on any of the files in `src` and see the changes immediately.
> NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered (using API routes). (Improving this through a PR is very welcome!)
> NOTE: The setup is as follows: The development application lives inside the `app` folder, and whenever you make a change to the `src` folder in the root (where next-auth is), it gets copied into `app` every time (gitignored), so Next.js can pick them up and apply hot reloading. This is to avoid some annoying issues with how symlinks are working with different React builds, and also to provide a super-fast feedback loop while developing core features.
#### Providers
If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
That's it! 🎉 Others will be able to discover this provider much more easily now!
You can look at the existing built-in providers for inspiration.
#### Databases
If you would like to contribute to an existing database adapter or help create a new one, head over to the [nextauthjs/adapters](https://www.github.com/nextauthjs/adapters) repository and follow the instructions provided there.
#### Testing
Tests can be run with `yarn test`.
Automated tests are currently crude and limited in functionality, but improvements are in development.
## For maintainers
We use [a custom script](https://github.com/nextauthjs/next-auth/tree/main/scripts/index.ts) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone. Please study the "Conventional Commits" site to understand how to write a good commit message.
When accepting Pull Requests, make sure the following:
- Use "Squash and merge"
- Make sure you merge contributor PRs into `main`
- Rewrite the commit message to conform to the `Conventional Commits` style.
- Using `fix` releases a patch (x.x.1)
- Using `feat` releases a minor (x.1.x)
- Using `feat` when `BREAKING CHANGE` is present in the commit messgae releases a major (1.x.x)
- Optionally link issues the PR will resolve (You can add "close" in front of the issue numbers to close the issues automatically, when the PR is merged. `semantic-release` will also comment back to connected issues and PRs, notifying the users that a feature is added/bug fixed, etc.)
### Skipping a release
If a commit contains `[skip release]` in their message will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.
Auth.js is a set of open-source packages that are built on Web Standard APIs for authentication in modern applications with any framework on any platform in any JS runtime.
See [authjs.dev](https://authjs.dev) for our framework-specific libraries, or check out [next-auth.js.org](https://next-auth.js.org) for `next-auth` (Next.js).
## Features
### Flexible and easy to use
- Designed to work with any OAuth service, it supports 2.0+, OIDC
- Built-in support for [many popular sign-in services](https://github.com/nextauthjs/next-auth/tree/main/packages/core/src/providers)
- Email/Passwordless authentication
- Bring Your Database - or none! - stateless authentication with any backend (Active Directory, LDAP, etc.)
- An open-source solution that allows you to keep control of your data
- Built-in support for [MySQL, MariaDB, Postgres, Microsoft SQL Server, MongoDB, SQLite, etc.](https://adapters.authjs.dev)
- Works great with databases from popular hosting providers
### Secure by default
- Promotes the use of passwordless sign-in mechanisms
- Designed to be secure by default and encourage best practices for safeguarding user data
- Uses Cross-Site Request Forgery (CSRF) Tokens on POST routes (sign in, sign out)
- Default cookie policy aims for the most restrictive policy appropriate for each cookie
- When JSON Web Tokens are used, they are encrypted by default (JWE) with A256GCM
- Features tab/window syncing and session polling to support short-lived sessions
- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org)
Advanced configuration allows you to define your routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
### TypeScript
Auth.js libraries are written with type safety in mind. [Check out the docs](https://authjs.dev/getting-started/typescript) for more information.
## Security
If you think you have found a vulnerability (or are not sure) in Auth.js or any of the related packages (i.e. Adapters), we ask you to read our [Security Policy](https://authjs.dev/security) to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.
## Acknowledgments
[Auth.js is made possible thanks to all of its contributors.](https://authjs.dev/contributors)
We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js.
If you contact us regarding a serious issue:
- We will endeavor to get back to you within 72 hours.
- We will aim to publish a fix within 30 days.
- We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
- If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.
The best way to report an issue is by contacting us via email at info@balazsorban.com or me@iaincollins.com and yo@ndo.dev, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.)
> For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future) it is appropriate to submit these these publically as bug reports or feature requests or to raise a question to open a discussion around them.
## Supported Versions
Security updates are only released for the current version.
Old releases are not maintained and do not receive updates.
// This is an example of how to read a JSON Web Token from an API route
import{getToken}from"next-auth/jwt"
exportdefaultasync(req,res)=>{
consttoken=awaitgetToken({req})
res.send(JSON.stringify(token,null,2))
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
