chore(release): bump package version(s) [skip ci]

* rewrite github provider in typescript

* rename md js endings

* Update packages/next-auth/src/providers/github.ts

Co-authored-by: Balázs Orbán <info@balazsorban.com>

* add eslint disable next line

Co-authored-by: Balázs Orbán <info@balazsorban.com>

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@v2.2.1
         with:
-          version: 6.32.8
+          version: 7.5.1
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
@@ -55,7 +55,7 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@v2.2.1
         with:
-          version: 6.32.8
+          version: 7.5.1
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
@@ -85,7 +85,7 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@v2.2.1
         with:
-          version: 6.32.8
+          version: 7.5.1
       - name: Setup Node
         uses: actions/setup-node@v3
         with:

.gitignore

@@ -44,6 +44,7 @@ packages/next-auth/middleware.js
 # Development app
 apps/dev/src/css
 apps/dev/prisma/migrations
+apps/dev/typeorm
 
 # VS
 /.vs/slnx.sqlite-journal

CONTRIBUTING.md

@@ -17,7 +17,7 @@ Anyone can be a contributor. Either you found a typo, or you have an awesome fea
 - The latest changes are always in `main`, so please make your Pull Request against that branch.
 - Pull Requests should be raised for any change
 - Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-- We use ESLint/Prettier for linting/formatting, so please run `yarn lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
+- We use ESLint/Prettier for linting/formatting, so please run `pnpm lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
 - We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
 - If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request
 
@@ -37,7 +37,7 @@ cd next-auth
 1. Install packages. Developing requires Node.js v16:
 
 ```sh
-yarn
+pnpm install
 ```
 
 3. Populate `.env.local`:
@@ -55,7 +55,7 @@ cp .env.local.example .env.local
 4. Start the developer application/server:
 
 ```sh
-yarn dev:app
+pnpm dev
 ```
 Your developer application will be available on `http://localhost:3000`
 
@@ -65,7 +65,7 @@ If you need an example project to link to, you can use [next-auth-example](https
 
 #### Hot reloading
 
-When running `yarn dev:app`, you start a Next.js developer server on `http://localhost:3000`, which includes hot reloading out of the box. Make changes on any of the files in `src` and see the changes immediately.
+When running `pnpm dev`, you start a Next.js developer server on `http://localhost:3000`, which includes hot reloading out-of-the-box. Make changes on any of the files in `src` and see the changes immediately.
 
 > NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered (using API routes). (Improving this through a PR is very welcome!)
 
@@ -75,7 +75,7 @@ When running `yarn dev:app`, you start a Next.js developer server on `http://loc
 
 If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
 
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
 2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
 
 That's it! 🎉 Others will be able to discover this provider much more easily now!
@@ -88,13 +88,13 @@ If you would like to contribute to an existing database adapter or help create a
 
 #### Testing
 
-Tests can be run with `yarn test`.
+Tests can be run with `pnpm test`.
 
 Automated tests are currently crude and limited in functionality, but improvements are in development.
 
 ## For maintainers
 
-We use [a custom script](https://github.com/nextauthjs/next-auth/tree/main/scripts/index.ts) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone. Please study the "Conventional Commits" site to understand how to write a good commit message.
+We use [a custom script](https://github.com/nextauthjs/next-auth/blob/main/scripts/release/index.ts) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone. Please study the "Conventional Commits" site to understand how to write a good commit message.
 
 When accepting Pull Requests, make sure the following:
 
@@ -103,9 +103,9 @@ When accepting Pull Requests, make sure the following:
 - Rewrite the commit message to conform to the `Conventional Commits` style.
   - Using `fix` releases a patch (x.x.1)
   - Using `feat` releases a minor (x.1.x)
-  - Using `feat` when `BREAKING CHANGE` is present in the commit messgae releases a major (1.x.x)
+  - Using `feat` when `BREAKING CHANGE` is present in the commit message releases a major (1.x.x)
 - Optionally link issues the PR will resolve (You can add "close" in front of the issue numbers to close the issues automatically, when the PR is merged. `semantic-release` will also comment back to connected issues and PRs, notifying the users that a feature is added/bug fixed, etc.)
 
 ### Skipping a release
 
-If a commit contains `[skip release]` in their message will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.
+If a commit contains `[skip release]` in their message, it will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.

apps/dev/.env.local.example

@@ -50,3 +50,6 @@ DATABASE_URL=
 BOXYHQSAML_ISSUER="https://jackson-demo.boxyhq.com"
 BOXYHQSAML_ID="tenant=boxyhq.com&product=saml-demo.boxyhq.com"
 BOXYHQSAML_SECRET="dummy"
+
+WIKIMEDIA_ID=
+WIKIMEDIA_SECRET=

apps/dev/package.json

@@ -16,21 +16,25 @@
   },
   "license": "ISC",
   "dependencies": {
-    "@next-auth/fauna-adapter": "^1",
-    "@next-auth/prisma-adapter": "^1",
+    "@next-auth/fauna-adapter": "workspace:*",
+    "@next-auth/prisma-adapter": "workspace:*",
+    "@next-auth/typeorm-legacy-adapter": "workspace:*",
     "@prisma/client": "^3",
     "faunadb": "^4",
-    "next": "12.1.7-canary.51",
+    "next": "12.2.0",
     "nodemailer": "^6",
     "react": "^18",
     "react-dom": "^18"
   },
   "devDependencies": {
-    "@types/react": "^18",
-    "@types/react-dom": "^18",
+    "@types/react": "^18.0.15",
+    "@types/react-dom": "^18.0.6",
     "concurrently": "^7",
     "cpx": "^1.5.0",
     "fake-smtp-server": "^0.8.0",
-    "prisma": "^3"
+    "pg": "^8.7.3",
+    "prisma": "^3",
+    "sqlite3": "^5.0.8",
+    "typeorm": "0.3.7"
   }
 }

apps/dev/pages/api/auth/[...nextauth].ts

@@ -4,10 +4,11 @@ import GitHubProvider from "next-auth/providers/github"
 import Auth0Provider from "next-auth/providers/auth0"
 import KeycloakProvider from "next-auth/providers/keycloak"
 import TwitterProvider, {
-  TwitterLegacy as TwitterLegacyProvider,
+  // TwitterLegacy as TwitterLegacyProvider,
 } from "next-auth/providers/twitter"
 import CredentialsProvider from "next-auth/providers/credentials"
 import IDS4Provider from "next-auth/providers/identity-server4"
+import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
 import Twitch from "next-auth/providers/twitch"
 import GoogleProvider from "next-auth/providers/google"
 import FacebookProvider from "next-auth/providers/facebook"
@@ -31,25 +32,41 @@ import PatreonProvider from "next-auth/providers/patreon"
 import TraktProvider from "next-auth/providers/trakt"
 import WorkOSProvider from "next-auth/providers/workos"
 import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml"
+import WikimediaProvider from "next-auth/providers/wikimedia"
+import VkProvider from "next-auth/providers/vk"
 
+// TypeORM
+// import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
+// const adapter = TypeORMLegacyAdapter({
+//   type: "sqlite",
+//   name: "next-auth-test-memory",
+//   database: "./typeorm/dev.db",
+//   synchronize: true,
+// })
+
+// // Prisma
 // import { PrismaAdapter } from "@next-auth/prisma-adapter"
 // import { PrismaClient } from "@prisma/client"
 // const prisma = new PrismaClient()
 // const adapter = PrismaAdapter(prisma)
 
+// // Fauna
 // import { Client as FaunaClient } from "faunadb"
 // import { FaunaAdapter } from "@next-auth/fauna-adapter"
-
 // const client = new FaunaClient({
 //   secret: process.env.FAUNA_SECRET,
 //   domain: process.env.FAUNA_DOMAIN,
 // })
 // const adapter = FaunaAdapter(client)
+
+// // Dummy
+// const adapter: any = {
+//   getUserByEmail: (email) => ({ id: "1", email, emailVerified: null }),
+//   createVerificationToken: (token) => token,
+// }
+
 export const authOptions: NextAuthOptions = {
-  // adapter: {
-  //   getUserByEmail: (email) => ({ id: "1", email, emailVerified: null }),
-  //   createVerificationToken: (token) => token,
-  // } as any,
+  // adapter,
   providers: [
     // E-mail
     // Start fake e-mail server with `npm run start:email`
@@ -150,6 +167,11 @@ export const authOptions: NextAuthOptions = {
       clientSecret: process.env.IDS4_SECRET,
       issuer: process.env.IDS4_ISSUER,
     }),
+    DuendeIDS6Provider({
+      clientId: "interactive.confidential",
+      clientSecret: "secret",
+      issuer: "https://demo.duendesoftware.com",
+    }),
     DiscordProvider({
       clientId: process.env.DISCORD_ID,
       clientSecret: process.env.DISCORD_SECRET,
@@ -205,10 +227,18 @@ export const authOptions: NextAuthOptions = {
       clientSecret: process.env.WORKOS_SECRET,
     }),
     BoxyHQSAMLProvider({
-      issuer: process.env.BOXYHQSAML_ISSUER,
+      issuer: process.env.BOXYHQSAML_ISSUER ?? "https://example.com",
       clientId: process.env.BOXYHQSAML_ID,
       clientSecret: process.env.BOXYHQSAML_SECRET,
     }),
+    WikimediaProvider({
+      clientId: process.env.WIKIMEDIA_ID,
+      clientSecret: process.env.WIKIMEDIA_SECRET,
+    }),
+    VkProvider({
+      clientId: process.env.VK_ID,
+      clientSecret: process.env.VK_SECRET
+    }),
   ],
   debug: true,
   theme: {

apps/example-nextjs/package.json

@@ -1,19 +1,15 @@
 {
-  "name": "next-auth-example",
-  "version": "0.0.0",
   "private": true,
-  "description": "An example project for NextAuth.js",
+  "description": "An example project for NextAuth.js with Next.js",
   "repository": "https://github.com/nextauthjs/next-auth-example.git",
   "bugs": {
     "url": "https://github.com/nextauthjs/next-auth/issues"
   },
   "homepage": "https://next-auth-example.vercel.app",
-  "main": "",
   "scripts": {
     "dev": "next",
     "build": "next build",
-    "start": "next start",
-    "types": "tsc --noEmit"
+    "start": "next start"
   },
   "author": "Iain Collins <me@iaincollins.com>",
   "contributors": [
@@ -21,20 +17,16 @@
     "Nico Domino <yo@ndo.dev>",
     "Lluis Agusti <hi@llu.lu>"
   ],
-  "license": "ISC",
   "dependencies": {
-    "next": "12.1.7-canary.51",
+    "next": "latest",
     "next-auth": "latest",
     "nodemailer": "^6",
-    "react": "^18",
-    "react-dom": "^18"
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0"
   },
   "devDependencies": {
     "@types/node": "^17",
-    "@types/react": "^18",
+    "@types/react": "^18.0.15",
     "typescript": "^4"
-  },
-  "prettier": {
-    "semi": false
   }
 }

apps/example-nextjs/pages/_app.tsx

@@ -1,7 +1,8 @@
 import { SessionProvider } from "next-auth/react"
-import type { AppProps } from "next/app"
 import "./styles.css"
 
+import type { AppProps } from "next/app"
+
 // Use of the <SessionProvider> is mandatory to allow components that call
 // `useSession()` anywhere in your application to access the `session` object.
 export default function App({ Component, pageProps }: AppProps) {

apps/example-nextjs/pages/api/examples/jwt.ts

@@ -1,10 +1,14 @@
 // This is an example of how to read a JSON Web Token from an API route
 import { getToken } from "next-auth/jwt"
+
 import type { NextApiRequest, NextApiResponse } from "next"
 
 const secret = process.env.NEXTAUTH_SECRET
 
-export default async (req: NextApiRequest, res: NextApiResponse) => {
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
   const token = await getToken({ req, secret })
   res.send(JSON.stringify(token, null, 2))
 }

apps/example-nextjs/pages/api/examples/protected.ts

@@ -1,19 +1,23 @@
 // This is an example of to protect an API route
 import { unstable_getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
+
 import type { NextApiRequest, NextApiResponse } from "next"
 
-export default async (req: NextApiRequest, res: NextApiResponse) => {
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
   const session = await unstable_getServerSession(req, res, authOptions)
 
   if (session) {
-    res.send({
+    return res.send({
       content:
         "This is protected content. You can access this content because you are signed in.",
     })
-  } else {
-    res.send({
-      error:
-        "You must be signed in to view the protected content on this page.",
-    })
   }
+
+  res.send({
+    error: "You must be signed in to view the protected content on this page.",
+  })
 }

apps/example-nextjs/pages/api/examples/session.ts

@@ -1,8 +1,13 @@
 // This is an example of how to access a session from an API route
-import { getSession } from "next-auth/react"
+import { unstable_getServerSession } from "next-auth"
+import { authOptions } from "../auth/[...nextauth]"
+
 import type { NextApiRequest, NextApiResponse } from "next"
 
-export default async (req: NextApiRequest, res: NextApiResponse) => {
-  const session = await getSession({ req })
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const session = await unstable_getServerSession(req, res, authOptions)
   res.send(JSON.stringify(session, null, 2))
 }

apps/example-nextjs/pages/server.tsx

@@ -1,12 +1,13 @@
 import { unstable_getServerSession } from "next-auth/next"
 import { authOptions } from "./api/auth/[...nextauth]"
 import Layout from "../components/layout"
-import type { NextPageContext } from "next"
 
-export default function ServerSidePage({ session }) {
+import type { GetServerSidePropsContext } from "next"
+import type { Session } from "next-auth"
+
+export default function ServerSidePage({ session }: { session: Session }) {
   // As this page uses Server Side Rendering, the `session` will be already
   // populated on render without needing to go through a loading stage.
-
   return (
     <Layout>
       <h1>Server Side Rendering</h1>
@@ -28,15 +29,20 @@ export default function ServerSidePage({ session }) {
         The disadvantage of Server Side Rendering is that this page is slower to
         render.
       </p>
+      <pre>{JSON.stringify(session, null, 2)}</pre>
     </Layout>
   )
 }
 
 // Export the `session` prop to use sessions with Server Side Rendering
-export async function getServerSideProps(context: NextPageContext) {
+export async function getServerSideProps(context: GetServerSidePropsContext) {
   return {
     props: {
-      session: await unstable_getServerSession(context.req, context.res, authOptions),
+      session: await unstable_getServerSession(
+        context.req,
+        context.res,
+        authOptions
+      ),
     },
   }
 }

apps/playground-sveltekit/yarn.lock

@@ -1232,10 +1232,10 @@ natural-compare@^1.4.0:
   resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
   integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=
 
-next-auth@^4.5.0:
-  version "4.5.0"
-  resolved "https://registry.yarnpkg.com/next-auth/-/next-auth-4.5.0.tgz#2df57287fddc705b8971c88c60bad44a89ac6dd1"
-  integrity sha512-B6gYRIbqtj8nlDsx3y2Ruwp/mvZnItPs7VUULY43QYw+M9xtDPIM9EBZ3ryd/wNYA3MDteBJlzGm/ivseXcmJA==
+"next-auth@workspace:*":
+  version "4.9.0"
+  resolved "https://registry.yarnpkg.com/next-auth/-/next-auth-4.9.0.tgz#0d8cabcb22a976744131a2e68d5f08756f322593"
+  integrity sha512-/4S5dFeyNg2nXlD7g/Sh5A4WZWnUMDpEf8x/x+gzmAf5cAY2SjDM6sLk9u4XRmsndsxQpIMWDw03sUTAD+Yzog==
   dependencies:
     "@babel/runtime" "^7.16.3"
     "@panva/hkdf" "^1.0.1"

docs/docs/adapters/firebase.md

@@ -5,18 +5,14 @@ title: Firebase
 
 # Firebase
 
-:::warning
-This adapter is still experimental and does not work with NextAuth.js 4 or newer. If you would like to help out upgrading it, please visit [this PR](https://github.com/nextauthjs/next-auth/pull/3873)
-:::
-
-This is the Firebase Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
+This is the Firebase (Firestore) Adapter for [`next-auth`](https://next-auth.js.org). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
 
 ## Getting Started
 
 1. Install the necessary packages
 
 ```bash npm2yarn2pnpm
-npm install next-auth @next-auth/firebase-adapter@experimental
+npm install next-auth @next-auth/firebase-adapter
 ```
 
 2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
@@ -24,14 +20,7 @@ npm install next-auth @next-auth/firebase-adapter@experimental
 ```javascript title="pages/api/auth/[...nextauth].js"
 import NextAuth from "next-auth"
 import GoogleProvider from "next-auth/providers/google"
-import { FirebaseAdapter } from "@next-auth/firebase-adapter"
-
-import firebase from "firebase/app"
-import "firebase/firestore"
-
-const firestore = (
-  firebase.apps[0] ?? firebase.initializeApp(/* your config */)
-).firestore()
+import { FirestoreAdapter } from "@next-auth/firebase-adapter"
 
 // For more information on each option (and a full list of options) go to
 // https://next-auth.js.org/configuration/options
@@ -43,9 +32,19 @@ export default NextAuth({
       clientSecret: process.env.GOOGLE_SECRET,
     }),
   ],
-  adapter: FirebaseAdapter(firestore),
-  ...
-})
+  adapter: FirestoreAdapter({
+    apiKey: process.env.FIREBASE_API_KEY,
+    appId: process.env.FIREBASE_APP_ID,
+    authDomain: process.env.FIREBASE_AUTH_DOMAIN,
+    databaseURL: process.env.FIREBASE_DATABASE_URL,
+    projectId: process.env.FIREBASE_PROJECT_ID,
+    storageBucket: process.env.FIREBASE_STORAGE_BUCKET,
+    messagingSenderId: process.env.FIREBASE_MESSAGING_SENDER_ID,
+    // Optional emulator config (see below for options)
+    emulator: {},
+  }),
+  // ...
+});
 ```
 
 ## Options
@@ -69,6 +68,21 @@ const firebaseConfig = {
 
 See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
 
+You can optionally pass in emulator options to automatically connect to your local Firebase emulator.
+
+```js
+FirestoreAdapter({
+  // ...
+  // Passing in an enable object will enable the emulator
+  emulator: {
+    // Optional host, defaults to `localhost`
+    host: 'localhost',
+  // Optional port, defaults to `3001`
+    port: 3001,
+  },
+}),
+```
+
 :::tip **From Firebase**
 
 **Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.

docs/docs/adapters/typeorm.md

@@ -5,18 +5,22 @@ title: TypeORM
 
 # TypeORM
 
-This Adapter is used to support SQL-flavored databases (like SQLite, MySQL, MSSQL, MariaDB, CockroachDB, etc.) through [TypeORM](https://typeorm.io), and mostly kept around for legacy reasons. (See the warning below.)
+This Adapter is used to support SQL-flavored databases (like SQLite, MySQL, MSSQL, MariaDB, CockroachDB, etc.) through [TypeORM](https://typeorm.io).
 
 :::note
 If you previously used this Adapter with MongoDB, check out the [MongoDB Adapter](/adapters/mongodb) instead.
 :::
 
-:::warning
+:::note
 In the future, we might split up this adapter to support single flavors of SQL for easier maintenance and reduced bundle size.
 :::
 
 ## Usage
 
+:::warning
+[`typeorm`](https://github.com/typeorm/typeorm) is still in active development and has not yet published a stable release. Because of this, you can expect breaking changes in minor versions. This adapter expects `typeorm@0.3.7` and is not validated against previous or future releases.
+:::
+
 To use this Adapter, you need to install the following packages:
 
 ```bash npm2yarn2pnpm
@@ -36,7 +40,7 @@ export default NextAuth({
 })
 ```
 
-`TypeORMLegacyAdapter` takes either a connection string, or a [`ConnectionOptions`](https://github.com/typeorm/typeorm/blob/master/docs/connection-options.md) object as its first parameter.
+`TypeORMLegacyAdapter` takes either a connection string, or a [`DataSourceOptions`](https://github.com/typeorm/typeorm/blob/master/docs/data-source-options.md) object as its first parameter.
 
 ## Custom models
 
@@ -217,9 +221,9 @@ For example, you can add the naming convention option to the connection object i
 import NextAuth from "next-auth"
 import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
 import { SnakeNamingStrategy } from 'typeorm-naming-strategies'
-import { ConnectionOptions } from "typeorm"
 
-const connection: ConnectionOptions = {
+export default NextAuth({
+  adapter: TypeORMLegacyAdapter({
     type: "mysql",
     host: "localhost",
     port: 3306,
@@ -227,10 +231,7 @@ const connection: ConnectionOptions = {
     password: "test",
     database: "test",
     namingStrategy: new SnakeNamingStrategy()
-}
-
-export default NextAuth({
-  adapter: TypeORMLegacyAdapter(connection),
+  }),
   ...
 })
 ```

docs/docs/configuration/nextjs.md

@@ -8,7 +8,7 @@ This feature is experimental and may be removed or changed in the future.
 
 When calling from server-side i.e. in API routes or in `getServerSideProps`, we recommend using this function instead of `getSession` to retrieve the `session` object. This method is especially useful when you are using NextAuth.js with a database. This method can _drastically_ reduce response time when used over `getSession` server-side, due to avoiding an extra `fetch` to an API Route (this is generally [not recommended in Next.js](https://nextjs.org/docs/basic-features/data-fetching/get-server-side-props#getserversideprops-or-api-routes)). In addition, `unstable_getServerSession` will correctly update the cookie expiry time and update the session content if `callbacks.jwt` or `callbacks.session` changed something.
 
-Otherwise, if you only want to get the session token, see [`getToken`](tutorials/securing-pages-and-api-routes#using-gettoken).
+Otherwise, if you only want to get the session token, see [`getToken`](/tutorials/securing-pages-and-api-routes#using-gettoken).
 
 `unstable_getServerSession` requires passing the same object you would pass to `NextAuth` when initializing NextAuth.js. To do so, you can export your NextAuth.js options in the following way:
 
@@ -80,10 +80,11 @@ You can get the `withAuth` middleware function from `next-auth/middleware` eithe
 
 ### Prerequisites
 
-You must set the [`NEXTAUTH_SECRET`](/configuration/options#nextauth_secret) environment variable when using this middleware. If you are using the [`secret` option](/configuration/options#secret) this value must match.
+You must set the same secret in the middleware that you use in NextAuth. The easiest way is to set the [`NEXTAUTH_SECRET`](/configuration/options#nextauth_secret) environment variable. It will be picked up by both the [NextAuth config](/configuration/options#options), as well as the middleware config.
 
-**We strongly recommend** replacing the `secret` value completely with this `NEXTAUTH_SECRET` environment variable. This environment variable will be picked up by both the [NextAuth config](/configuration/options#options), as well as the middleware config.
+Alternatively, you can provide the secret using the [`secret`](#secret) option in the middleware config.
 
+**We strongly recommend** replacing the `secret` value completely with this `NEXTAUTH_SECRET` environment variable.
 
 ### Basic usage
 
@@ -149,6 +150,22 @@ See the documentation for the [pages option](/configuration/pages) for more info
 
 ---
 
+### `secret`
+
+- **Required**: _No_
+
+#### Description
+
+The same `secret` used in the [NextAuth config](/configuration/options#options).
+
+#### Example (default value)
+
+```js
+secret: process.env.NEXTAUTH_SECRET
+```
+
+---
+
 ### Advanced usage
 
 NextAuth.js Middleware is very flexible, there are multiple ways to use it.

docs/docs/configuration/options.md

@@ -13,19 +13,22 @@ When deploying to production, set the `NEXTAUTH_URL` environment variable to the
 NEXTAUTH_URL=https://example.com
 ```
 
-If your Next.js application uses a custom base path, specify the route to the API endpoint in full.
+If your Next.js application uses a custom base path, specify the route to the API endpoint in full. More informations about the usage of custom base path [here](/getting-started/client#custom-base-path).
 
 _e.g. `NEXTAUTH_URL=https://example.com/custom-route/api/auth`_
 
+:::tip
+When you're using a custom base path, you will need to pass the `basePath` page prop to the `<SessionProvider>`. More informations [here](/getting-started/client#custom-base-path).
+:::
+
 :::note
 Using [System Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables) we automatically detect when you deploy to [Vercel](https://vercel.com) so you don't have to define this variable. Make sure **Automatically expose System Environment Variables** is checked in your Project Settings.
 :::
 
 ### NEXTAUTH_SECRET
 
-Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](/adapters/models#verification-token). This is the default value for the [`secret`](/configuration/options#secret) option. The `secret` option might be removed in the future in favor of this.
+Used to encrypt the NextAuth.js JWT, and to hash [email verification tokens](/adapters/models#verification-token). This is the default value for the `secret` option in [NextAuth](/configuration/options#secret) and [Middleware](/configuration/nextjs#secret).
 
-If you are using [Middleware](/configuration/nextjs#prerequisites) this environment variable must be set.
 
 ### NEXTAUTH_URL_INTERNAL
 

docs/docs/configuration/providers/oauth.md

@@ -350,7 +350,7 @@ providers: [
 
 ## Built-in providers
 
-NextAuth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/main/src/providers). Each built-in provider has its own documentation page:
+NextAuth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers). Each built-in provider has its own documentation page:
 
 <div className="provider-name-list">
 {Object.entries(require("../../../providers.json"))

docs/docs/getting-started/client.md

@@ -506,3 +506,29 @@ However, if it was set to `false`, it stops re-fetching the session and the comp
 :::note
 See [**the Next.js documentation**](https://nextjs.org/docs/advanced-features/custom-app) for more information on **\_app.js** in Next.js applications.
 :::
+
+### Custom base path
+When your Next.js application uses a custom base path, set the `NEXTAUTH_URL` environment variable to the route to the API endpoint in full - as in the example below and as explained [here](/configuration/options#nextauth_url).
+
+Also, make sure to pass the `basePath` page prop to the `<SessionProvider>` – as in the example below – so your custom base path is fully configured and used by NextAuth.js.
+
+#### Example
+In this example, the custom base path used is `/custom-route`.
+
+```
+NEXTAUTH_URL=https://example.com/custom-route/api/auth
+```
+
+```jsx title="pages/_app.js"
+import { SessionProvider } from "next-auth/react"
+export default function App({
+  Component,
+  pageProps: { session, ...pageProps },
+}) {
+  return (
+    <SessionProvider session={session} basePath="/custom-route/api/auth">
+      <Component {...pageProps} />
+    </SessionProvider>
+  )
+}
+```

docs/docs/providers/github.md

@@ -19,7 +19,7 @@ https://github.com/settings/apps
 
 The **GitHub Provider** comes with a set of default options:
 
-- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/github.js)
+- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/github.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/providers/wikimedia.md

@@ -0,0 +1,50 @@
+---
+id: wikimedia
+title: Wikimedia
+---
+
+## Documentation
+
+https://www.mediawiki.org/wiki/Extension:OAuth
+
+This provider also supports all Wikimedia projects:
+
+- Wikipedia
+- Wikidata
+- Wikibooks
+- Wiktionary
+- etc..
+
+Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.
+
+## Configuration
+
+1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
+2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
+  2a. Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/wikimedia`
+  2b. Do not check the box next to `This consumer is only for [your username]`
+  2c. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.`
+
+After registration, you can initally test your application only with your own Wikimedia account. You may have to wait several days for the application to be approved for it to be used by everyone.
+
+## Options
+
+The **Wikimedia Provider** comes with a set of default options:
+
+- [Wikimedia Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/wikimedia.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```js
+import WikimediaProvider from "next-auth/providers/wikimedia";
+...
+providers: [
+  WikimediaProvider({
+    clientId: process.env.WIKIMEDIA_CLIENT_ID,
+    clientSecret: process.env.WIKIMEDIA_CLIENT_SECRET
+  })
+]
+...
+```

docs/docs/tutorials/securing-pages-and-api-routes.md

@@ -44,7 +44,7 @@ export default function Page() {
 
 With NextAuth.js 4.2.0 and Next.js 12, you can now protect your pages via the middleware pattern more easily. If you would like to protect all pages, you can create a `_middleware.js` file in your root `pages` directory which looks like this.
 
-```js title="/pages/_middleware.js"
+```js title="/middleware.js"
 export { default } from "next-auth/middleware"
 ```
 

docs/package.json

@@ -23,7 +23,7 @@
     "@docusaurus/preset-classic": "^2.0.0-beta.21",
     "@docusaurus/theme-common": "2.0.0-beta.21",
     "@mdx-js/react": "1.6.22",
-    "@sapphire/docusaurus-plugin-npm2yarn2pnpm": "^1.1.0",
+    "@sapphire/docusaurus-plugin-npm2yarn2pnpm": "1.1.3",
     "classnames": "^2.3.1",
     "mdx-mermaid": "^1.2.2",
     "mermaid": "^9.0.1",

docs/versioned_docs/version-v3/configuration/providers.md

@@ -181,7 +181,7 @@ If you think your custom provider might be useful to others, we encourage you to
 
 You only need to add two changes:
 
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers)<br />
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
    • make sure you use a named default export, like this: `export default function YourProvider`
 2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/ead715219a5d7a6e882a6ba27fa56b03954d062d/www/docs/providers)
 3. Add it to our [provider types](https://github.com/nextauthjs/next-auth/blob/ead715219a5d7a6e882a6ba27fa56b03954d062d/types/providers.d.ts) (for TS projects)<br />

docs/versioned_docs/version-v3/providers/duende-identity-server6.md

@@ -0,0 +1,53 @@
+---
+id: duende-identityserver6
+title: DuendeIdentityServer6
+---
+
+## Documentation
+
+https://docs.duendesoftware.com/identityserver/v6
+
+## Options
+
+The **DuendeIdentityServer6 Provider** comes with a set of default options:
+
+- [DuendeIdentityServer6 Provider options](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers/duende-identity-server6.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```js
+import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
+
+...
+providers: [
+  DuendeIDS6Provider({
+    clientId: process.env.DUENDE_IDS6_ID,
+    clientSecret: process.env.DUENDE_IDS6_SECRET,
+    issuer: process.env.DUENDE_IDS6_ISSUER,
+  })
+]
+...
+```
+
+## Demo IdentityServer
+
+The configuration below is for the demo server at https://demo.duendesoftware.com/
+
+If you want to try it out, you can copy and paste the configuration below.
+
+You can sign in to the demo service with either <b>bob/bob</b> or <b>alice/alice</b>.
+
+```js
+import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
+...
+providers: [
+  DuendeIDS6Provider({
+    clientId: "interactive.confidential",
+    clientSecret: "secret",
+    issuer: "https://demo.duendesoftware.com",
+  })
+]
+...
+```

docs/versioned_docs/version-v3/providers/github.md

@@ -15,7 +15,7 @@ https://github.com/settings/apps
 
 The **Github Provider** comes with a set of default options:
 
-- [Github Provider options](https://github.com/nextauthjs/next-auth/blob/main/src/providers/github.js)
+- [Github Provider options](https://github.com/nextauthjs/next-auth/blob/main/src/providers/github.ts)
 
 You can override any of the options to suit your own use case.
 

docs/versioned_docs/version-v3/providers/identity-server4.md

@@ -54,6 +54,6 @@ providers: [
     clientSecret: "secret",
     protection: "pkce"
   })
-}
+]
 ...
 ```

package.json

@@ -36,8 +36,9 @@
     "pretty-quick": "^3.1.2",
     "semver": "7.3.5",
     "stream-to-array": "2.3.0",
-    "ts-node": "10.5.0",
-    "turbo": "^1.2.5",
+    "ts-node": "10.8.2",
+    "turbo": "1.3.1",
+    "type-fest": "2.16.0",
     "typescript": "^4.5.2"
   },
   "engines": {
@@ -97,7 +98,7 @@
     "**/tests",
     "**/__tests__"
   ],
-  "packageManager": "pnpm@6.32.8",
+  "packageManager": "pnpm@7.5.1",
   "funding": [
     {
       "type": "github",

packages/adapter-firebase/README.md

@@ -32,14 +32,13 @@ npm install next-auth @next-auth/firebase-adapter
 ```js
 import NextAuth from "next-auth"
 import Providers from "next-auth/providers"
-import { FirebaseAdapter } from "@next-auth/firebase-adapter"
+import { FirestoreAdapter } from "@next-auth/firebase-adapter"
 
-import firebase from "firebase/app"
-import "firebase/firestore"
+import { initializeApp } from "firebase/app";
+import { getFirestore } from "firebase/firestore"
 
-const firestore = (
-  firebase.apps[0] ?? firebase.initializeApp(/* your config */)
-).firestore()
+const app = initializeApp({ projectId: "next-auth-test" });
+const firestore = getFirestore(app);
 
 // For more information on each option (and a full list of options) go to
 // https://next-auth.js.org/configuration/options
@@ -51,7 +50,7 @@ export default NextAuth({
       clientSecret: process.env.GOOGLE_SECRET,
     }),
   ],
-  adapter: FirebaseAdapter(firestore),
+  adapter: FirestoreAdapter(firestore),
   ...
 })
 ```

packages/adapter-firebase/jest.config.js

@@ -1 +1 @@
-module.exports = require("@next-auth/adapter-test/jest.config")
+module.exports = require("@next-auth/adapter-test/jest/jest-preset")

packages/adapter-firebase/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/firebase-adapter",
-  "version": "0.1.3",
+  "version": "1.0.0",
   "description": "Firebase adapter for next-auth.",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth",
@@ -28,18 +28,18 @@
     "access": "public"
   },
   "scripts": {
-    "build:wip": "tsc",
-    "test:wip": "FIRESTORE_EMULATOR_HOST=localhost:8080 firebase emulators:exec --only firestore --project next-auth-test jest"
+    "build": "tsc",
+    "test": "FIRESTORE_EMULATOR_HOST=localhost:8080 firebase emulators:exec --only firestore --project next-auth-test jest"
   },
   "peerDependencies": {
-    "firebase": "^8.6.2",
+    "firebase": "^9.7.0",
     "next-auth": "workspace:*"
   },
   "devDependencies": {
     "@next-auth/adapter-test": "workspace:^0.0.0",
     "@next-auth/tsconfig": "workspace:^0.0.0",
-    "firebase": "^8.6.2",
-    "firebase-tools": "^9.11.0",
+    "firebase": "^9.7.0",
+    "firebase-tools": "^10.7.2",
     "jest": "^27.4.3",
     "next-auth": "workspace:*"
   }

packages/adapter-firebase/src/converter.ts

@@ -0,0 +1,58 @@
+import { Timestamp } from "firebase/firestore"
+import type {
+  FirestoreDataConverter,
+  QueryDocumentSnapshot,
+  WithFieldValue,
+} from "firebase/firestore"
+
+const isTimestamp = (value: unknown): value is Timestamp =>
+  typeof value === "object" && value !== null && value instanceof Timestamp
+
+interface GetConverterOptions {
+  excludeId?: boolean
+}
+
+export const getConverter = <Document extends Record<string, unknown>>(
+  options?: GetConverterOptions
+): FirestoreDataConverter<Document> => ({
+  // `PartialWithFieldValue` implicitly types `object` as `any`, so we want to explicitly type it
+  toFirestore(object: WithFieldValue<Document>) {
+    const document: Record<string, unknown> = {}
+
+    Object.keys(object).forEach((key) => {
+      if (object[key] !== undefined) {
+        document[key] = object[key]
+      }
+    })
+
+    return document
+  },
+  // We need to explicitly type `snapshot` since it uses `DocumentData` for generic type
+  fromFirestore(snapshot: QueryDocumentSnapshot<Document>) {
+    if (!snapshot.exists()) {
+      return snapshot
+    }
+
+    let document: Document = snapshot.data()
+
+    if (!options?.excludeId) {
+      document = {
+        ...document,
+        id: snapshot.id,
+      }
+    }
+
+    for (const key in document) {
+      const value = document[key]
+
+      if (isTimestamp(value)) {
+        document = {
+          ...document,
+          [key]: value.toDate(),
+        }
+      }
+    }
+
+    return document
+  },
+})

packages/adapter-firebase/src/index.ts

@@ -1,283 +1,289 @@
-import type firebase from "firebase"
-import { createHash, randomBytes } from "crypto"
-import { Adapter } from "next-auth/adapters"
+import { initializeApp } from "firebase/app"
+import type { FirebaseOptions } from "firebase/app"
 import {
-  querySnapshotToObject,
-  docSnapshotToObject,
-  stripUndefined,
-} from "./utils"
-import { Profile, Session, User } from "next-auth"
+  addDoc,
+  collection,
+  deleteDoc,
+  doc,
+  getDoc,
+  getDocs,
+  getFirestore,
+  limit,
+  query,
+  runTransaction,
+  setDoc,
+  where,
+  connectFirestoreEmulator,
+} from "firebase/firestore"
+import type { Account } from "next-auth"
+import type {
+  Adapter,
+  AdapterSession,
+  AdapterUser,
+  VerificationToken,
+} from "next-auth/adapters"
 
-interface FirebaseVerificationRequest {
-  id: string
-  identifier: string
-  token: string
-  expires: Date
+import { getConverter } from "./converter"
+
+type IndexableObject = Record<string, unknown>
+
+export interface FirestoreAdapterOptions {
+  emulator?: {
+    host?: string
+    port?: number
+  }
 }
 
-export type FirebaseSession = Session & {
-  id: string
-  expires: Date
-}
+export function FirestoreAdapter({
+  emulator,
+  ...firebaseOptions
+}: FirebaseOptions & FirestoreAdapterOptions): Adapter {
+  const firebaseApp = initializeApp(firebaseOptions)
+  const db = getFirestore(firebaseApp)
+
+  if (emulator) {
+    connectFirestoreEmulator(
+      db,
+      emulator?.host ?? "localhost",
+      emulator?.port ?? 3001
+    )
+  }
+
+  const Users = collection(db, "users").withConverter(
+    getConverter<AdapterUser>()
+  )
+  const Sessions = collection(db, "sessions").withConverter(
+    getConverter<AdapterSession & IndexableObject>()
+  )
+  const Accounts = collection(db, "accounts").withConverter(
+    getConverter<Account>()
+  )
+  const VerificationTokens = collection(db, "verificationTokens").withConverter(
+    getConverter<VerificationToken & IndexableObject>({ excludeId: true })
+  )
 
-// @ts-expect-error
-export const FirebaseAdapter: Adapter<
-  firebase.firestore.Firestore,
-  never,
-  User & { id: string },
-  Profile,
-  FirebaseSession
-> = (client) => {
   return {
-    async getAdapter({ session, secret, ...appOptions }) {
-      const sessionMaxAge = session.maxAge * 1000 // default is 30 days
-      const sessionUpdateAge = session.updateAge * 1000 // default is 1 day
-      /**
-       * @todo Move this to core package
-       * @todo Use bcrypt or a more secure method
-       */
-      const hashToken = (token: string) =>
-        createHash("sha256").update(`${token}${secret}`).digest("hex")
+    async createUser(newUser) {
+      const userRef = await addDoc(Users, newUser)
+      const userSnapshot = await getDoc(userRef)
 
-      return {
-        displayName: "FIREBASE",
-        async createUser(profile) {
-          const userRef = await client.collection("users").add(
-            stripUndefined({
-              name: profile.name,
-              email: profile.email,
-              image: profile.image,
-              emailVerified: profile.emailVerified ?? null,
-            })
-          )
-          const snapshot = await userRef.get()
-          const user = docSnapshotToObject(snapshot)
-          return user
-        },
-
-        async getUser(id) {
-          const snapshot = await client.collection("users").doc(id).get()
-          const user = docSnapshotToObject(snapshot)
-          return user
-        },
-
-        async getUserByEmail(email) {
-          if (!email) return null
-
-          const snapshot = await client
-            .collection("users")
-            .where("email", "==", email)
-            .limit(1)
-            .get()
-
-          const user = querySnapshotToObject(snapshot)
-          return user
-        },
-
-        async getUserByProviderAccountId(providerId, providerAccountId) {
-          const accountSnapshot = await client
-            .collection("accounts")
-            .where("providerId", "==", providerId)
-            .where("providerAccountId", "==", providerAccountId)
-            .limit(1)
-            .get()
-
-          if (accountSnapshot.empty) return null
-
-          const userId = accountSnapshot.docs[0].data().userId
-
-          const userSnapshot = await client
-            .collection("users")
-            .doc(userId)
-            .get()
-
-          // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-          return { ...userSnapshot.data(), id: userSnapshot.id } as any
-        },
-
-        async updateUser(user) {
-          await client
-            .collection("users")
-            .doc(user.id)
-            .update(stripUndefined(user))
-
-          return user
-        },
-
-        async deleteUser(userId) {
-          await client.collection("users").doc(userId).delete()
-        },
-
-        async linkAccount(
-          userId,
-          providerId,
-          providerType,
-          providerAccountId,
-          refreshToken,
-          accessToken,
-          accessTokenExpires
-        ) {
-          const accountRef = await client.collection("accounts").add(
-            stripUndefined({
-              userId,
-              providerId,
-              providerType,
-              providerAccountId,
-              refreshToken,
-              accessToken,
-              accessTokenExpires,
-            })
-          )
-
-          const accountSnapshot = await accountRef.get()
-          const account = docSnapshotToObject(accountSnapshot)
-          return account
-        },
-
-        async unlinkAccount(userId, providerId, providerAccountId) {
-          const snapshot = await client
-            .collection("accounts")
-            .where("userId", "==", userId)
-            .where("providerId", "==", providerId)
-            .where("providerAccountId", "==", providerAccountId)
-            .limit(1)
-            .get()
-
-          const accountId = snapshot.docs[0].id
-
-          await client.collection("accounts").doc(accountId).delete()
-        },
-
-        async createSession(user) {
-          const sessionRef = await client.collection("sessions").add({
-            userId: user.id,
-            expires: new Date(Date.now() + sessionMaxAge),
-            sessionToken: randomBytes(32).toString("hex"),
-            accessToken: randomBytes(32).toString("hex"),
-          })
-          const snapshot = await sessionRef.get()
-          const session = docSnapshotToObject(snapshot)
-          return session
-        },
-
-        async getSession(sessionToken) {
-          const snapshot = await client
-            .collection("sessions")
-            .where("sessionToken", "==", sessionToken)
-            .limit(1)
-            .get()
-
-          const session = querySnapshotToObject<FirebaseSession>(snapshot)
-          if (!session) return null
-
-          // if the session has expired
-          if (session.expires < new Date()) {
-            // delete the session
-            await client.collection("sessions").doc(session.id).delete()
-            return null
-          }
-          // return already existing session
-          return session
-        },
-
-        async updateSession(session, force) {
-          if (
-            !force &&
-            Number(session.expires) - sessionMaxAge + sessionUpdateAge >
-              Date.now()
-          ) {
-            return null
-          }
-
-          // Update the item in the database
-          await client
-            .collection("sessions")
-            .doc(session.id)
-            .update({
-              expires: new Date(Date.now() + sessionMaxAge),
-            })
-
-          return session
-        },
-
-        async deleteSession(sessionToken) {
-          const snapshot = await client
-            .collection("sessions")
-            .where("sessionToken", "==", sessionToken)
-            .limit(1)
-            .get()
-
-          const session = querySnapshotToObject<FirebaseSession>(snapshot)
-          if (!session) return
-
-          await client.collection("sessions").doc(session.id).delete()
-        },
-
-        async createVerificationRequest(identifier, url, token, _, provider) {
-          const verificationRequestRef = await client
-            .collection("verificationRequests")
-            .add({
-              identifier,
-              token: hashToken(token),
-              expires: new Date(Date.now() + provider.maxAge * 1000),
-            })
-
-          // With the verificationCallback on a provider, you can send an email, or queue
-          // an email to be sent, or perform some other action (e.g. send a text message)
-          await provider.sendVerificationRequest({
-            identifier,
-            url,
-            token,
-            baseUrl: appOptions.baseUrl,
-            provider,
-          })
-
-          const snapshot = await verificationRequestRef.get()
-          return docSnapshotToObject<FirebaseVerificationRequest>(snapshot)
-        },
-
-        async getVerificationRequest(identifier, token) {
-          const snapshot = await client
-            .collection("verificationRequests")
-            .where("token", "==", hashToken(token))
-            .where("identifier", "==", identifier)
-            .limit(1)
-            .get()
-
-          const verificationRequest =
-            querySnapshotToObject<FirebaseVerificationRequest>(snapshot)
-          if (!verificationRequest) return null
-
-          if (verificationRequest.expires < new Date()) {
-            // Delete verification entry so it cannot be used again
-            await client
-              .collection("verificationRequests")
-              .doc(verificationRequest.id)
-              .delete()
-            return null
-          }
-          return verificationRequest
-        },
-
-        async deleteVerificationRequest(identifier, token) {
-          const snapshot = await client
-            .collection("verificationRequests")
-            .where("token", "==", hashToken(token))
-            .where("identifier", "==", identifier)
-            .limit(1)
-            .get()
-
-          const verificationRequest =
-            querySnapshotToObject<FirebaseVerificationRequest>(snapshot)
-
-          if (!verificationRequest) return null
-
-          await client
-            .collection("verificationRequests")
-            .doc(verificationRequest.id)
-            .delete()
-        },
+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
       }
+
+      throw new Error("[createUser] Failed to create user")
+    },
+    async getUser(id) {
+      const userSnapshot = await getDoc(doc(Users, id))
+
+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }
+
+      return null
+    },
+    async getUserByEmail(email) {
+      const userQuery = query(Users, where("email", "==", email), limit(1))
+      const userSnapshots = await getDocs(userQuery)
+      const userSnpashot = userSnapshots.docs[0]
+
+      if (userSnpashot?.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnpashot)
+      }
+
+      return null
+    },
+    async getUserByAccount({ provider, providerAccountId }) {
+      const accountQuery = query(
+        Accounts,
+        where("provider", "==", provider),
+        where("providerAccountId", "==", providerAccountId),
+        limit(1)
+      )
+      const accountSnapshots = await getDocs(accountQuery)
+      const accountSnapshot = accountSnapshots.docs[0]
+
+      if (accountSnapshot?.exists()) {
+        const { userId } = accountSnapshot.data()
+        const userDoc = await getDoc(doc(Users, userId))
+
+        if (userDoc.exists() && Users.converter) {
+          return Users.converter.fromFirestore(userDoc)
+        }
+      }
+
+      return null
+    },
+
+    async updateUser(partialUser) {
+      const userRef = doc(Users, partialUser.id)
+
+      await setDoc(userRef, partialUser, { merge: true })
+
+      const userSnapshot = await getDoc(userRef)
+
+      if (userSnapshot.exists() && Users.converter) {
+        return Users.converter.fromFirestore(userSnapshot)
+      }
+
+      throw new Error("[updateUser] Failed to update user")
+    },
+
+    async deleteUser(userId) {
+      const userRef = doc(Users, userId)
+      const accountsQuery = query(Accounts, where("userId", "==", userId))
+      const sessionsQuery = query(Sessions, where("userId", "==", userId))
+
+      // TODO: May be better to use events instead of transactions?
+      await runTransaction(db, async (transaction) => {
+        const accounts = await getDocs(accountsQuery)
+        const sessions = await getDocs(sessionsQuery)
+
+        transaction.delete(userRef)
+        accounts.forEach((account) => transaction.delete(account.ref))
+        sessions.forEach((session) => transaction.delete(session.ref))
+      })
+    },
+
+    async linkAccount(account) {
+      const accountRef = await addDoc(Accounts, account)
+      const accountSnapshot = await getDoc(accountRef)
+
+      if (accountSnapshot.exists() && Accounts.converter) {
+        return Accounts.converter.fromFirestore(accountSnapshot)
+      }
+    },
+
+    async unlinkAccount({ provider, providerAccountId }) {
+      const accountQuery = query(
+        Accounts,
+        where("provider", "==", provider),
+        where("providerAccountId", "==", providerAccountId),
+        limit(1)
+      )
+      const accountSnapshots = await getDocs(accountQuery)
+      const accountSnapshot = accountSnapshots.docs[0]
+
+      if (accountSnapshot?.exists()) {
+        await deleteDoc(accountSnapshot.ref)
+      }
+    },
+
+    async createSession(session) {
+      const sessionRef = await addDoc(Sessions, session)
+      const sessionSnapshot = await getDoc(sessionRef)
+
+      if (sessionSnapshot.exists() && Sessions.converter) {
+        return Sessions.converter.fromFirestore(sessionSnapshot)
+      }
+
+      throw new Error("[createSession] Failed to create session")
+    },
+
+    async getSessionAndUser(sessionToken) {
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", sessionToken),
+        limit(1)
+      )
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]
+
+      if (sessionSnapshot?.exists() && Sessions.converter) {
+        const session = Sessions.converter.fromFirestore(sessionSnapshot)
+        const userDoc = await getDoc(doc(Users, session.userId))
+
+        if (userDoc.exists() && Users.converter) {
+          const user = Users.converter.fromFirestore(userDoc)
+
+          return { session, user }
+        }
+      }
+
+      return null
+    },
+
+    async updateSession(partialSession) {
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", partialSession.sessionToken),
+        limit(1)
+      )
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]
+
+      if (sessionSnapshot?.exists()) {
+        await setDoc(sessionSnapshot.ref, partialSession, { merge: true })
+
+        const sessionDoc = await getDoc(sessionSnapshot.ref)
+
+        if (sessionDoc?.exists() && Sessions.converter) {
+          const session = Sessions.converter.fromFirestore(sessionDoc)
+
+          return session
+        }
+      }
+
+      return null
+    },
+
+    async deleteSession(sessionToken) {
+      const sessionQuery = query(
+        Sessions,
+        where("sessionToken", "==", sessionToken),
+        limit(1)
+      )
+      const sessionSnapshots = await getDocs(sessionQuery)
+      const sessionSnapshot = sessionSnapshots.docs[0]
+
+      if (sessionSnapshot?.exists()) {
+        await deleteDoc(sessionSnapshot.ref)
+      }
+    },
+
+    async createVerificationToken(verificationToken) {
+      const verificationTokenRef = await addDoc(
+        VerificationTokens,
+        verificationToken
+      )
+      const verificationTokenSnapshot = await getDoc(verificationTokenRef)
+
+      if (verificationTokenSnapshot.exists() && VerificationTokens.converter) {
+        const {
+          id,
+          ...verificationToken
+        } = VerificationTokens.converter.fromFirestore(
+          verificationTokenSnapshot
+        )
+
+        return verificationToken
+      }
+    },
+
+    async useVerificationToken({ identifier, token }) {
+      const verificationTokensQuery = query(
+        VerificationTokens,
+        where("identifier", "==", identifier),
+        where("token", "==", token),
+        limit(1)
+      )
+      const verificationTokenSnapshots = await getDocs(verificationTokensQuery)
+      const verificationTokenSnapshot = verificationTokenSnapshots.docs[0]
+
+      if (verificationTokenSnapshot?.exists() && VerificationTokens.converter) {
+        await deleteDoc(verificationTokenSnapshot.ref)
+
+        const {
+          id,
+          ...verificationToken
+        } = VerificationTokens.converter.fromFirestore(
+          verificationTokenSnapshot
+        )
+
+        return verificationToken
+      }
+
+      return null
     },
   }
 }

packages/adapter-firebase/src/utils.ts

@@ -1,40 +0,0 @@
-import type firebase from "firebase"
-
-/**
- * Takes in a snapshot and returns all of its `data()`,
- * as well as `id` and `createdAt` and `updatedAt` `Date`
- */
-export function docSnapshotToObject<T>(
-  snapshot: firebase.firestore.DocumentSnapshot<firebase.firestore.DocumentData>
-): T | null {
-  if (!snapshot.exists) {
-    return null
-  }
-  const data: any = snapshot.data()
-  if (data.expires) {
-    data.expires = data.expires.toDate()
-  }
-  return { id: snapshot.id, ...data }
-}
-
-export function querySnapshotToObject<T>(
-  snapshot: firebase.firestore.QuerySnapshot<firebase.firestore.DocumentData>
-): T | null {
-  if (snapshot.empty) {
-    return null
-  }
-  const doc = snapshot.docs[0]
-
-  const data: any = doc.data()
-  if (data.expires) {
-    data.expires = data.expires.toDate()
-  }
-  return { id: doc.id, ...data }
-}
-
-/** Firebase does not like `undefined` values */
-export function stripUndefined(obj: any) {
-  return Object.fromEntries(
-    Object.entries(obj).filter(([, value]) => typeof value !== "undefined")
-  )
-}

packages/adapter-firebase/tests/index.test.ts

@@ -1,67 +1,77 @@
 import { runBasicTests } from "@next-auth/adapter-test"
-import { FirebaseAdapter } from "../src"
-import { docSnapshotToObject, querySnapshotToObject } from "../src/utils"
+import { FirestoreAdapter } from "../src"
 
-import firebase from "firebase/app"
-import "firebase/firestore"
+import { getFirestore, connectFirestoreEmulator, terminate, collection, query, where, limit, getDocs, getDoc, doc } from "firebase/firestore"
+import { initializeApp } from "firebase/app";
+import { getConverter } from "../src/converter";
+import type { AdapterSession, AdapterUser, VerificationToken } from "next-auth/adapters";
+import type { Account } from "next-auth";
 
-const firestore = (
-  firebase.apps[0] ?? firebase.initializeApp({ projectId: "next-auth-test" })
-).firestore()
-firestore.useEmulator("localhost", 8080)
+const app = initializeApp({ projectId: "next-auth-test" });
+const firestore = getFirestore(app);
+
+connectFirestoreEmulator(firestore, 'localhost', 8080);
+
+type IndexableObject = Record<string, unknown>;
+
+const Users = collection(firestore, 'users').withConverter(getConverter<AdapterUser>());
+const Sessions = collection(firestore, 'sessions').withConverter(getConverter<AdapterSession & IndexableObject>());
+const Accounts = collection(firestore, 'accounts').withConverter(getConverter<Account>());
+const VerificationTokens = collection(firestore, 'verificationTokens').withConverter(getConverter<VerificationToken & IndexableObject>({ excludeId: true }));
 
 runBasicTests({
-  adapter: FirebaseAdapter(firestore),
+  adapter: FirestoreAdapter({ projectId: "next-auth-test" }),
   db: {
     async disconnect() {
-      await firestore.terminate()
+      await terminate(firestore);
     },
     async session(sessionToken) {
-      const snapshot = await firestore
-        .collection("sessions")
-        .where("sessionToken", "==", sessionToken)
-        .limit(1)
-        .get()
-      return querySnapshotToObject(snapshot)
-    },
-    async expireSession(sessionToken, expires) {
-      const snapshot = await firestore
-        .collection("sessions")
-        .where("sessionToken", "==", sessionToken)
-        .limit(1)
-        .get()
+      const snapshotQuery = query(Sessions, where("sessionToken", "==", sessionToken), limit(1));
+      const snapshots = await getDocs(snapshotQuery);
+      const snapshot = snapshots.docs[0];
 
-      if (snapshot.empty) {
-        console.error(sessionToken, expires)
-        throw new Error("Could not expire session")
+      if (snapshot?.exists() && Sessions.converter) {
+        const session = Sessions.converter.fromFirestore(snapshot);
+
+        return session;
       }
 
-      return await firestore
-        .collection("sessions")
-        .doc(snapshot.docs[0].id)
-        .update({ expires })
+      return null;
     },
     async user(id) {
-      const snapshot = await firestore.collection("users").doc(id).get()
-      return docSnapshotToObject(snapshot)
+      const snapshot = await getDoc(doc(Users, id));
+
+      if (snapshot?.exists() && Users.converter) {
+        const user = Users.converter.fromFirestore(snapshot);
+
+        return user;
+      }
+
+      return null;
     },
-    async account(providerId, providerAccountId) {
-      const snapshot = await firestore
-        .collection("accounts")
-        .where("providerId", "==", providerId)
-        .where("providerAccountId", "==", providerAccountId)
-        .limit(1)
-        .get()
-      return querySnapshotToObject(snapshot)
+    async account({ provider, providerAccountId }) {
+      const snapshotQuery = query(Accounts, where("provider", "==", provider), where("providerAccountId", "==", providerAccountId), limit(1));
+      const snapshots = await getDocs(snapshotQuery);
+      const snapshot = snapshots.docs[0];
+
+      if (snapshot?.exists() && Accounts.converter) {
+        const account = Accounts.converter.fromFirestore(snapshot);
+
+        return account;
+      }
+
+      return null;
     },
-    async verificationRequest(identifier, token) {
-      const snapshot = await firestore
-        .collection("verificationRequests")
-        .where("identifier", "==", identifier)
-        .where("token", "==", token)
-        .limit(1)
-        .get()
-      return querySnapshotToObject(snapshot)
+    async verificationToken({ identifier, token }) {
+      const snapshotQuery = query(VerificationTokens, where("identifier", "==", identifier), where("token", "==", token), limit(1));
+      const snapshots = await getDocs(snapshotQuery);
+      const snapshot = snapshots.docs[0];
+
+      if (snapshot?.exists() && VerificationTokens.converter) {
+        const verificationToken = VerificationTokens.converter.fromFirestore(snapshot);
+
+        return verificationToken;
+      }
     },
   },
 })

packages/adapter-firebase/tsconfig.json

@@ -1,8 +1,10 @@
 {
-  "extends": "@next-auth/tsconfig/base.json",
+  "extends": "@next-auth/tsconfig/adapters.json",
   "compilerOptions": {
     "rootDir": "src",
-    "outDir": "dist"
+    "outDir": "dist",
+    "strict": true,
+    "noUncheckedIndexedAccess": true
   },
   "exclude": ["tests", "dist", "jest.config.js"]
 }

packages/adapter-mikro-orm/package.json

@@ -33,17 +33,21 @@
   ],
   "peerDependencies": {
     "@mikro-orm/core": "^5.0.2",
-    "next-auth": "workspace:*"
+    "next-auth": "^4"
   },
   "devDependencies": {
     "@mikro-orm/core": "^5.0.2",
     "@mikro-orm/sqlite": "^5.0.2",
     "@next-auth/adapter-test": "workspace:^0.0.0",
     "@next-auth/tsconfig": "workspace:^0.0.0",
+    "@types/uuid": "^8.3.3",
     "jest": "^27.4.3",
     "next-auth": "workspace:*"
   },
   "jest": {
     "preset": "@next-auth/adapter-test/jest"
+  },
+  "dependencies": {
+    "uuid": "^8.3.2"
   }
 }

packages/adapter-sequelize/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/sequelize-adapter",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Sequelize adapter for next-auth.",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth",
@@ -29,7 +29,7 @@
     "dist"
   ],
   "peerDependencies": {
-    "next-auth": "workspace:*",
+    "next-auth": "^4",
     "sequelize": "^6.6.5"
   },
   "devDependencies": {

packages/adapter-test/jest/jest-preset.js

@@ -1,7 +1,13 @@
+const swcConfig = {
+  jsc: {
+    parser: { syntax: "typescript", decorators: true },
+    transform: { legacyDecorator: true, decoratorMetadata: true },
+  },
+}
 module.exports = {
   transform: {
-    ".(ts|tsx)$": "@swc/jest",
-    ".(js|jsx)$": "@swc/jest", // jest's default
+    ".(ts|tsx)$": ["@swc/jest", swcConfig],
+    ".(js|jsx)$": ["@swc/jest", swcConfig],
   },
   transformIgnorePatterns: ["[/\\\\]node_modules[/\\\\].+\\.(js|jsx)$"],
   moduleFileExtensions: ["ts", "tsx", "js", "jsx", "json", "node"],

packages/adapter-typeorm-legacy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/typeorm-legacy-adapter",
-  "version": "1.0.3",
+  "version": "2.0.0",
   "description": "TypeORM (legacy) adapter for next-auth.",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth",
@@ -37,24 +37,25 @@
     "sqlite": "tests/sqlite/test.sh"
   },
   "devDependencies": {
-    "@next-auth/adapter-test": "workspace:^0.0.0",
-    "@next-auth/tsconfig": "workspace:^0.0.0",
+    "@next-auth/adapter-test": "workspace:*",
+    "@next-auth/tsconfig": "workspace:*",
     "jest": "^27.4.3",
     "mssql": "^7.2.1",
     "mysql": "^2.18.1",
     "next-auth": "workspace:*",
-    "pg": "^8.7.1",
-    "sqlite3": "^5.0.2",
-    "typeorm": "^0.2.37",
-    "typeorm-naming-strategies": "^2.0.0"
+    "pg": "^8.7.3",
+    "sqlite3": "^5.0.8",
+    "typeorm": "0.3.7",
+    "typeorm-naming-strategies": "^4.1.0",
+    "typescript": "^4.7.4"
   },
   "peerDependencies": {
     "mssql": "^6.2.1 || 7",
     "mysql": "^2.18.1",
-    "next-auth": "workspace:*",
+    "next-auth": "^4",
     "pg": "^8.2.1",
     "sqlite3": "^5.0.2",
-    "typeorm": "^0.2.31"
+    "typeorm": "0.3.7"
   },
   "peerDependenciesMeta": {
     "mysql": {

packages/adapter-typeorm-legacy/src/index.ts

@@ -1,13 +1,8 @@
-import { Adapter, AdapterSession, AdapterUser } from "next-auth/adapters"
-import {
-  Connection,
-  ConnectionOptions,
-  EntityManager,
-  getConnectionManager,
-} from "typeorm"
-import { Account } from "next-auth"
+import type { Adapter, AdapterSession, AdapterUser } from "next-auth/adapters"
+import { DataSourceOptions, DataSource, EntityManager } from "typeorm"
+import type { Account } from "next-auth"
 import * as defaultEntities from "./entities"
-import { parseConnectionConfig, updateConnectionEntities } from "./utils"
+import { parseDataSourceConfig, updateConnectionEntities } from "./utils"
 
 export const entities = defaultEntities
 
@@ -17,43 +12,40 @@ export interface TypeORMLegacyAdapterOptions {
   entities?: Entities
 }
 
-let _connection: Connection
+let _dataSource: DataSource | undefined
 
 export async function getManager(options: {
-  connection: string | ConnectionOptions
+  dataSource: string | DataSourceOptions
   entities: Entities
 }): Promise<EntityManager> {
-  const { connection, entities } = options
+  const { dataSource, entities } = options
 
   const config = {
-    ...parseConnectionConfig(connection),
+    ...parseDataSourceConfig(dataSource),
     entities: Object.values(entities),
   }
 
-  const connectionManager = getConnectionManager()
+  if (!_dataSource) _dataSource = new DataSource(config)
 
-  if (connectionManager.has(config.name ?? "default")) {
-    _connection = connectionManager.get(config.name ?? "default")
+  const manager = _dataSource?.manager
 
-    if (_connection.isConnected) return _connection.manager
-
-    if (process.env.NODE_ENV !== "production") {
-      await updateConnectionEntities(_connection, config.entities)
-    }
-  } else {
-    _connection = await connectionManager.create(config).connect()
+  if (!manager.connection.isInitialized) {
+    await manager.connection.initialize()
   }
 
-  return _connection.manager
+  if (process.env.NODE_ENV !== "production") {
+    await updateConnectionEntities(_dataSource, config.entities)
+  }
+  return manager
 }
 
 export function TypeORMLegacyAdapter(
-  connection: string | ConnectionOptions,
+  dataSource: string | DataSourceOptions,
   options?: TypeORMLegacyAdapterOptions
 ): Adapter {
   const entities = options?.entities
   const c = {
-    connection,
+    dataSource,
     entities: {
       UserEntity: entities?.UserEntity ?? defaultEntities.UserEntity,
       SessionEntity: entities?.SessionEntity ?? defaultEntities.SessionEntity,
@@ -82,14 +74,14 @@ export function TypeORMLegacyAdapter(
     // @ts-expect-error
     async getUser(id) {
       const m = await getManager(c)
-      const user = await m.findOne("UserEntity", { id })
+      const user = await m.findOne("UserEntity", { where: { id } })
       if (!user) return null
       return { ...user }
     },
     // @ts-expect-error
     async getUserByEmail(email) {
       const m = await getManager(c)
-      const user = await m.findOne("UserEntity", { email })
+      const user = await m.findOne("UserEntity", { where: { email } })
       if (!user) return null
       return { ...user }
     },
@@ -97,8 +89,7 @@ export function TypeORMLegacyAdapter(
       const m = await getManager(c)
       const account = await m.findOne<Account & { user: AdapterUser }>(
         "AccountEntity",
-        provider_providerAccountId,
-        { relations: ["user"] }
+        { where: provider_providerAccountId, relations: ["user"] }
       )
       if (!account) return null
       return account.user ?? null
@@ -136,7 +127,7 @@ export function TypeORMLegacyAdapter(
       const m = await getManager(c)
       const sessionAndUser = await m.findOne<
         AdapterSession & { user: AdapterUser }
-      >("SessionEntity", { sessionToken }, { relations: ["user"] })
+      >("SessionEntity", { where: { sessionToken }, relations: ["user"] })
 
       if (!sessionAndUser) return null
       const { user, ...session } = sessionAndUser
@@ -162,10 +153,9 @@ export function TypeORMLegacyAdapter(
     // @ts-expect-error
     async useVerificationToken(identifier_token) {
       const m = await getManager(c)
-      const verificationToken = await m.findOne(
-        "VerificationTokenEntity",
-        identifier_token
-      )
+      const verificationToken = await m.findOne("VerificationTokenEntity", {
+        where: identifier_token,
+      })
       if (!verificationToken) {
         return null
       }

packages/adapter-typeorm-legacy/src/utils.ts

@@ -1,10 +1,10 @@
-import { Connection, ConnectionOptions } from "typeorm"
+import type { DataSource, DataSourceOptions } from "typeorm"
 import * as defaultEntities from "./entities"
 
 /** Ensure configOrString is normalized to an object. */
-export function parseConnectionConfig(
-  configOrString: string | ConnectionOptions
-): ConnectionOptions {
+export function parseDataSourceConfig(
+  configOrString: string | DataSourceOptions
+): DataSourceOptions {
   if (typeof configOrString !== "string") {
     return {
       ...configOrString,
@@ -89,22 +89,22 @@ function entitiesChanged(
 }
 
 export async function updateConnectionEntities(
-  connection: Connection,
+  dataSource: DataSource,
   entities: any[]
 ) {
-  if (!entitiesChanged(connection.options.entities, entities)) return
+  if (!entitiesChanged(dataSource.entityMetadatas, entities)) return
 
   // @ts-expect-error
-  connection.options.entities = entities
+  dataSource.entityMetadatas = entities
 
   // @ts-expect-error
-  connection.buildMetadatas()
+  dataSource.buildMetadatas()
 
-  if (connection.options.synchronize !== false) {
+  if (dataSource.options.synchronize !== false) {
     console.warn(
       "[next-auth][warn][adapter_typeorm_updating_entities]",
       "\nhttps://next-auth.js.org/warnings#adapter_typeorm_updating_entities"
     )
-    await connection.synchronize()
+    await dataSource.synchronize()
   }
 }

packages/adapter-typeorm-legacy/tests/helpers.ts

@@ -1,46 +1,49 @@
-import { ConnectionManager, ConnectionOptions } from "typeorm"
-import { TestOptions } from "@next-auth/adapter-test"
+import { DataSource } from "typeorm"
+import type { DataSourceOptions } from "typeorm"
+import type { TestOptions } from "@next-auth/adapter-test"
 import * as defaultEntities from "../src/entities"
-import { parseConnectionConfig } from "../src/utils"
+import { parseDataSourceConfig } from "../src/utils"
 
 export { defaultEntities }
 
+console.warn = jest.fn()
+
 /** Set up Test Database */
 export function db(
-  config: string | ConnectionOptions,
+  config: string | DataSourceOptions,
   entities: typeof defaultEntities = defaultEntities
 ): TestOptions["db"] {
-  const connection = new ConnectionManager().create({
-    ...parseConnectionConfig(config),
+  const connection = new DataSource({
+    ...parseDataSourceConfig(config),
     entities: Object.values(entities),
-  })
+  }).manager.connection
 
   const m = connection.manager
   return {
-    connect: async () => await connection.connect(),
-    disconnect: async () => await connection.close(),
+    connect: async () => await connection.initialize(),
+    disconnect: async () => await connection.destroy(),
     async user(id) {
-      const user = await m.findOne(entities.UserEntity, id)
+      const user = await m.findOne(entities.UserEntity, { where: { id } })
       return user ?? null
     },
     async account(provider_providerAccountId) {
-      const account = await m.findOne(
-        entities.AccountEntity,
-        provider_providerAccountId
-      )
+      const account = await m.findOne(entities.AccountEntity, {
+        where: provider_providerAccountId,
+      })
       return account ?? null
     },
     async session(sessionToken) {
-      const session = await m.findOne(entities.SessionEntity, { sessionToken })
+      const session = await m.findOne(entities.SessionEntity, {
+        where: { sessionToken },
+      })
       return session ?? null
     },
     async verificationToken(token_identifier) {
       const verificationToken = await m.findOne(
         entities.VerificationTokenEntity,
-        token_identifier
+        { where: token_identifier }
       )
       if (!verificationToken) return null
-      // @ts-expect-error
       const { id: _, ...rest } = verificationToken
       return rest
     },

packages/adapter-typeorm-legacy/tests/index.test.ts

@@ -1,11 +1,9 @@
-// eslint-disable-next-line @typescript-eslint/prefer-ts-expect-error
-// @ts-ignore
-import { parseConnectionString } from "../src/lib/config"
+import { parseDataSourceConfig } from "../src/utils"
 
 const connectionString = "mysql://root:password@localhost:3306/next-auth"
 
 test("could parse connection string", () => {
-  expect(parseConnectionString(connectionString)).toEqual(
+  expect(parseDataSourceConfig(connectionString)).toEqual(
     expect.objectContaining({
       type: "mysql",
       host: "localhost",

packages/adapter-typeorm-legacy/tests/sqlite/index.test.ts

@@ -3,9 +3,9 @@ import { TypeORMLegacyAdapter } from "../../src"
 import { db } from "../helpers"
 import { SnakeNamingStrategy } from "typeorm-naming-strategies"
 
-import type { ConnectionOptions } from "typeorm"
+import type { DataSourceOptions } from "typeorm"
 
-const sqliteConfig: ConnectionOptions = {
+const sqliteConfig: DataSourceOptions = {
   type: "sqlite" as const,
   name: "next-auth-test-memory",
   database: "./tests/sqlite/dev.db",

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.9.0",
+  "version": "4.10.0",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -107,8 +107,8 @@
     "@types/node": "^17.0.42",
     "@types/nodemailer": "^6.4.4",
     "@types/oauth": "^0.9.1",
-    "@types/react": "^18.0.2",
-    "@types/react-dom": "^18.0.5",
+    "@types/react": "^18.0.15",
+    "@types/react-dom": "^18.0.6",
     "autoprefixer": "^10.4.7",
     "babel-plugin-jsx-pragmatic": "^1.0.2",
     "babel-preset-preact": "^2.0.0",
@@ -117,7 +117,7 @@
     "jest-environment-jsdom": "^28.1.1",
     "jest-watch-typeahead": "^1.1.0",
     "msw": "^0.42.3",
-    "next": "12.1.7-canary.51",
+    "next": "12.2.0",
     "postcss": "^8.4.14",
     "postcss-cli": "^9.1.0",
     "postcss-nested": "^5.0.6",

packages/next-auth/src/core/types.ts

@@ -214,7 +214,7 @@ export interface NextAuthOptions {
  * [Pages](https://next-auth.js.org/configuration/pages)
  */
 export interface Theme {
-  colorScheme: "auto" | "dark" | "light"
+  colorScheme?: "auto" | "dark" | "light"
   logo?: string
   brandColor?: string
   buttonText?: string

packages/next-auth/src/next/middleware.ts

@@ -84,6 +84,12 @@ export interface NextAuthMiddlewareOptions {
      */
     authorized?: AuthorizedCallback
   }
+
+  /**
+   * The same `secret` used in the `NextAuth` configuration.
+   * Defaults to the `NEXTAUTH_SECRET` environment variable.
+   */
+  secret?: string
 }
 
 async function handleMiddleware(
@@ -102,7 +108,8 @@ async function handleMiddleware(
     return
   }
 
-  if (!process.env.NEXTAUTH_SECRET) {
+  const secret = options?.secret ?? process.env.NEXTAUTH_SECRET
+  if (!secret) {
     console.error(
       `[next-auth][error][NO_SECRET]`,
       `\nhttps://next-auth.js.org/errors#no_secret`
@@ -118,6 +125,7 @@ async function handleMiddleware(
     req,
     decode: options?.jwt?.decode,
     cookieName: options?.cookies?.sessionToken?.name,
+    secret,
   })
 
   const isAuthorized =

packages/next-auth/src/providers/azure-ad.ts

@@ -2,7 +2,7 @@ import type { OAuthConfig, OAuthUserConfig } from "."
 
 export interface AzureADProfile extends Record<string, any> {
   sub: string
-  nicname: string
+  nickname: string
   email: string
   picture: string
 }

packages/next-auth/src/providers/duende-identity-server6.ts

@@ -0,0 +1,31 @@
+import type { OAuthConfig, OAuthUserConfig } from "./oauth"
+
+export interface DuendeISUser extends Record<string, any> {
+  email: string
+  id: string
+  name: string
+  verified: boolean
+}
+
+export default function DuendeIdentityServer6<P extends DuendeISUser>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "duende-identityserver6",
+    name: "DuendeIdentityServer6",
+    type: "oauth",
+    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
+    authorization: { params: { scope: "openid profile email" } },
+    checks: ["pkce", "state"],
+    idToken: true,
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.name,
+        email: profile.email,
+        image: null,
+      }
+    },
+    options,
+  }
+}

packages/next-auth/src/providers/email.ts

@@ -1,7 +1,7 @@
 import { createTransport } from "nodemailer"
 
 import type { CommonProviderOptions } from "."
-import type { Options as SMTPConnectionOptions } from "nodemailer/lib/smtp-connection"
+import type { Options as SMTPTransportOptions } from "nodemailer/lib/smtp-transport"
 import type { Awaitable } from ".."
 import type { Theme } from "../core/types"
 
@@ -17,7 +17,7 @@ export interface SendVerificationRequestParams {
 export interface EmailConfig extends CommonProviderOptions {
   type: "email"
   // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
-  server: string | SMTPConnectionOptions
+  server: string | SMTPTransportOptions
   /** @default "NextAuth <no-reply@example.com>" */
   from?: string
   /**

packages/next-auth/src/providers/github.js

@@ -1,44 +0,0 @@
-/** @type {import(".").OAuthProvider} */
-export default function GitHub(options) {
-  return {
-    id: "github",
-    name: "GitHub",
-    type: "oauth",
-    authorization: "https://github.com/login/oauth/authorize?scope=read:user+user:email",
-    token: "https://github.com/login/oauth/access_token",
-    userinfo: {
-      url: "https://api.github.com/user",
-      async request({ client, tokens }) {
-        // Get base profile
-        const profile = await client.userinfo(tokens)
-
-        // If user has email hidden, get their primary email from the GitHub API
-        if (!profile.email) {
-          const emails = await (
-            await fetch("https://api.github.com/user/emails", {
-              headers: { Authorization: `token ${tokens.access_token}` },
-            })
-          ).json()
-
-          if (emails?.length > 0) {
-            // Get primary email
-            profile.email = emails.find(email => email.primary)?.email;
-            // And if for some reason it doesn't exist, just use the first
-            if (!profile.email) profile.email = emails[0].email;
-          }
-        }
-
-        return profile
-      },
-    },
-    profile(profile) {
-      return {
-        id: profile.id.toString(),
-        name: profile.name || profile.login,
-        email: profile.email,
-        image: profile.avatar_url,
-      }
-    },
-    options,
-  }
-}

packages/next-auth/src/providers/github.ts

@@ -0,0 +1,109 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+/**
+ * Source https://docs.github.com/en/rest/users/users#get-the-authenticated-user
+ */
+export interface GithubProfile extends Record<string, any> {
+  login: string
+  id: number
+  node_id: string
+  avatar_url: string
+  gravatar_id: string | null
+  url: string
+  html_url: string
+  followers_url: string
+  following_url: string
+  gists_url: string
+  starred_url: string
+  subscriptions_url: string
+  organizations_url: string
+  repos_url: string
+  events_url: string
+  received_events_url: string
+  type: string
+  site_admin: boolean
+  name: string | null
+  company: string | null
+  blog: string | null
+  location: string | null
+  email: string | null
+  hireable: boolean | null
+  bio: string | null
+  twitter_username?: string | null
+  public_repos: number
+  public_gists: number
+  followers: number
+  following: number
+  created_at: string
+  updated_at: string
+  private_gists?: number
+  total_private_repos?: number
+  owned_private_repos?: number
+  disk_usage?: number
+  suspended_at?: string | null
+  collaborators?: number
+  two_factor_authentication: boolean
+  plan?: {
+    collaborators: number
+    name: string
+    space: number
+    private_repos: number
+  }
+}
+
+export interface GithubEmail extends Record<string, any> {
+  email: string
+  primary: boolean
+  verified: boolean
+  visibility: string | null
+}
+
+export default function Github<P extends GithubProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "github",
+    name: "GitHub",
+    type: "oauth",
+    authorization: {
+      url: "https://github.com/login/oauth/authorize",
+      params: { scope: "read:user+user:email" },
+    },
+    token: "https://github.com/login/oauth/access_token",
+    userinfo: {
+      url: "https://api.github.com/user",
+      async request({ client, tokens }) {
+        // Get base profile
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        const profile = await client.userinfo(tokens.access_token!)
+
+        // If user has email hidden, get their primary email from the GitHub API
+        if (!profile.email) {
+          const emails: GithubEmail[] = await (
+            await fetch("https://api.github.com/user/emails", {
+              headers: { Authorization: `token ${tokens.access_token}` },
+            })
+          ).json()
+
+          if (emails?.length > 0) {
+            // Get primary email
+            profile.email = emails.find((email) => email.primary)?.email
+            // And if for some reason it doesn't exist, just use the first
+            if (!profile.email) profile.email = emails[0].email
+          }
+        }
+
+        return profile
+      },
+    },
+    profile(profile) {
+      return {
+        id: profile.id.toString(),
+        name: profile.name ?? profile.login,
+        email: profile.email,
+        image: profile.avatar_url,
+      }
+    },
+    options,
+  }
+}

packages/next-auth/src/providers/vk.js

@@ -1,23 +0,0 @@
-/** @type {import(".").OAuthProvider} */
-export default function VK(options) {
-  const apiVersion = "5.126" // https://vk.com/dev/versions
-
-  return {
-    id: "vk",
-    name: "VK",
-    type: "oauth",
-    authorization: `https://oauth.vk.com/authorize?scope=email&v=${apiVersion}`,
-    token: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    userinfo: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
-    profile(result) {
-      const profile = result.response?.[0] ?? {}
-      return {
-        id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
-        email: profile.email,
-        image: profile.photo_100,
-      }
-    },
-    options,
-  }
-}

packages/next-auth/src/providers/vk.ts

@@ -0,0 +1,285 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+export interface VkProfile {
+  // https://dev.vk.com/reference/objects/user
+  response: Array<{
+    id: number
+    first_name: string
+    last_name: string
+    photo_100: string
+    can_access_closed: boolean
+    is_closed: boolean
+    deactivated?: string
+    sex?: 0 | 1 | 2
+    screen_name?: string
+    photo_50?: string
+    online?: 0 | 1
+    online_mobile?: 0 | 1
+    online_app?: number
+    verified?: 0 | 1
+    trending?: 0 | 1
+    friend_status?: 0 | 1 | 2 | 3
+    first_name_nom?: string
+    first_name_gen?: string
+    first_name_dat?: string
+    first_name_acc?: string
+    first_name_ins?: string
+    first_name_abl?: string
+    last_name_nom?: string
+    last_name_gen?: string
+    last_name_dat?: string
+    last_name_acc?: string
+    last_name_ins?: string
+    last_name_abl?: string
+    nickname?: string
+    maiden_name?: string
+    domain?: string
+    bdate?: string
+    city?: {
+      id: number
+      title: string
+    }
+    country?: {
+      id: number
+      title: string
+    }
+    timezone?: number
+    photo_200?: string
+    photo_max?: string
+    photo_200_orig?: string
+    photo_400_orig?: string
+    photo_max_orig?: string
+    photo_id?: string
+    has_photo?: 0 | 1
+    has_mobile?: 0 | 1
+    is_friend?: 0 | 1
+    can_post?: 0 | 1
+    can_see_all_posts?: 0 | 1
+    can_see_audio?: 0 | 1
+    connections?: {
+      facebook?: string
+      skype?: string
+      twitter?: string
+      livejournal?: string
+      instagram?: string
+    }
+    photo_400?: string
+    wall_default?: 'owner' | 'all'
+    interests?: string
+    books?: string
+    tv?: string
+    quotes?: string
+    about?: string
+    games?: string
+    movies?: string
+    activities?: string
+    music?: string
+    can_write_private_message?: 0 | 1
+    can_send_friend_request?: 0 | 1
+    contacts?: {
+      mobile_phone?: string
+      home_phone?: string
+    }
+    site?: string
+    status_audio?: {
+      access_key?: string
+      artist: string
+      id: number
+      owner_id: number
+      title: string
+      url?: string
+      duration: number
+      date?: number
+      album_id?: number
+      genre_id?: number
+      performer?: string
+    }
+    status?: string
+    last_seen?: {
+      platform?: 1 | 2 | 3 | 4 | 5 | 6 | 7
+      time?: number
+    }
+    exports?: {
+      facebook?: number
+      livejournal?: number
+      twitter?: number
+      instagram?: number
+    }
+    crop_photo?: {
+      photo: {
+        access_key?: string
+        album_id: number
+        date: number
+        height?: number
+        id: number
+        images?: Array<{
+          height?: number
+          type?: 's' | 'm' | 'x' | 'l' | 'o' | 'p' | 'q' | 'r' | 'y' | 'z' | 'w'
+          url?: string
+          width?: number
+        }>
+        lat?: number
+        long?: number
+        owner_id: number
+        photo_256?: string
+        can_comment?: 0 | 1
+        place?: string
+        post_id?: number
+        sizes?: Array<{
+          height: number
+          url: string
+          src?: string
+          type: 's' | 'm' | 'x' | 'o' | 'p' | 'q' | 'r' | 'k' | 'l' | 'y' | 'z' | 'c' | 'w' | 'a' | 'b' | 'e' | 'i' | 'd' | 'j' | 'temp' | 'h' | 'g' | 'n' | 'f' | 'max'
+          width: number
+        }>
+        text?: string
+        user_id?: number
+        width?: number
+        has_tags: boolean
+      }
+      crop: {
+        x: number
+        y: number
+        x2: number
+        y2: number
+      }
+      rect: {
+        x: number
+        y: number
+        x2: number
+        y2: number
+      }
+    }
+    followers_count?: number
+    blacklisted?: 0 | 1
+    blacklisted_by_me?: 0 | 1
+    is_favorite?: 0 | 1
+    is_hidden_from_feed?: 0 | 1
+    common_count?: number
+    occupation?: {
+      id?: number
+      name?: string
+      type?: 'work' | 'school' | 'university'
+    }
+    career?: {
+      group_id?: number
+      company?: string
+      country_id?: number
+      city_id?: number
+      city_name?: string
+      from?: number
+      until?: number
+      position?: string
+    }
+    military?: {
+      country_id: number
+      from?: number
+      unit: string
+      unit_id: number
+      until?: number
+    }
+    education?: {
+      university?: number
+      university_name?: string
+      faculty?: number
+      faculty_name?: string
+      graduation?: number
+    }
+    home_town?: string
+    relation?: 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
+    relation_partner?: {
+      deactivated?: string
+      first_name: string
+      hidden?: number
+      id: number
+      last_name: string
+      can_access_closed?: boolean
+      is_closed?: boolean
+    }
+    personal?: {
+      alcohol?: 1 | 2 | 3 | 4 | 5
+      inspired_by?: string
+      langs?: string[]
+      life_main?: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
+      people_main?: 1 | 2 | 3 | 4 | 5 | 6
+      political?: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
+      religion?: string
+      smoking?: 1 | 2 | 3 | 4 | 5
+    }
+    universities?: Array<{
+      chair?: number
+      chair_name?: string
+      city?: number
+      country?: number
+      education_form?: string
+      education_status?: string
+      faculty?: number
+      faculty_name?: string
+      graduation?: number
+      id?: number
+      name?: string
+      university_group_id?: number
+    }>
+    schools?: Array<{
+      city?: number
+      class?: string
+      country?: number
+      id?: string
+      name?: string
+      type?: number
+      type_str?: string
+      year_from?: number
+      year_graduated?: number
+      year_to?: number
+      speciality?: string
+    }>
+    relatives?: Array<{
+      id?: number
+      name?: string
+      type: 'parent' | 'child' | 'grandparent' | 'grandchild' | 'sibling'
+    }>
+    counters?: {
+      albums?: number
+      videos?: number
+      audios?: number
+      photos?: number
+      notes?: number
+      friends?: number
+      groups?: number
+      online_friends?: number
+      mutual_friends?: number
+      user_videos?: number
+      followers?: number
+      pages?: number
+    }
+    is_no_index?: 0 | 1
+  }>
+}
+
+export default function VK<
+  P extends Record<string, any> = VkProfile
+>(options: OAuthUserConfig<P>): OAuthConfig<P> {
+  const apiVersion = "5.131" // https://vk.com/dev/versions
+
+  return {
+    id: "vk",
+    name: "VK",
+    type: "oauth",
+    authorization: `https://oauth.vk.com/authorize?scope=email&v=${apiVersion}`,
+    client: {
+      token_endpoint_auth_method: "client_secret_post",
+    },
+    token: `https://oauth.vk.com/access_token?v=${apiVersion}`,
+    userinfo: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
+    profile(result: P) {
+      const profile = result.response?.[0] ?? {}
+      return {
+        id: profile.id,
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
+        email: null,
+        image: profile.photo_100,
+      }
+    },
+    options,
+  }
+}

packages/next-auth/src/providers/wikimedia.ts

@@ -0,0 +1,185 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+export type WikimediaGroup =
+  | "*"
+  | "user"
+  | "autoconfirmed"
+  | "extendedconfirmed"
+  | "bot"
+  | "sysop"
+  | "bureaucrat"
+  | "steward"
+  | "accountcreator"
+  | "import"
+  | "transwiki"
+  | "ipblock-exempt"
+  | "oversight"
+  | "rollbacker"
+  | "propertycreator"
+  | "wikidata-staff"
+  | "flood"
+  | "translationadmin"
+  | "confirmed"
+  | "flow-bot"
+  | "checkuser"
+
+export type WikimediaGrant =
+  | "basic"
+  | "blockusers"
+  | "checkuser"
+  | "createaccount"
+  | "delete"
+  | "editinterface"
+  | "editmycssjs"
+  | "editmyoptions"
+  | "editmywatchlist"
+  | "editpage"
+  | "editprotected"
+  | "editsiteconfig"
+  | "globalblock"
+  | "highvolume"
+  | "import"
+  | "mergehistory"
+  | "oath"
+  | "oversight"
+  | "patrol"
+  | "privateinfo"
+  | "protect"
+  | "rollback"
+  | "sendemail"
+  | "shortenurls"
+  | "uploadfile"
+  | "viewdeleted"
+  | "viewmywatchlist"
+
+export type WikimediaRight =
+  | "abusefilter-log"
+  | "apihighlimits"
+  | "applychangetags"
+  | "autoconfirmed"
+  | "autopatrol"
+  | "autoreview"
+  | "bigdelete"
+  | "block"
+  | "blockemail"
+  | "bot"
+  | "browsearchive"
+  | "changetags"
+  | "checkuser"
+  | "checkuser-log"
+  | "createaccount"
+  | "createpage"
+  | "createpagemainns"
+  | "createtalk"
+  | "delete"
+  | "delete-redirect"
+  | "deletedhistory"
+  | "deletedtext"
+  | "deletelogentry"
+  | "deleterevision"
+  | "edit"
+  | "edit-legal"
+  | "editinterface"
+  | "editmyoptions"
+  | "editmyusercss"
+  | "editmyuserjs"
+  | "editmyuserjson"
+  | "editmywatchlist"
+  | "editprotected"
+  | "editsemiprotected"
+  | "editsitecss"
+  | "editsitejs"
+  | "editsitejson"
+  | "editusercss"
+  | "edituserjs"
+  | "edituserjson"
+  | "globalblock"
+  | "import"
+  | "importupload"
+  | "ipblock-exempt"
+  | "item-merge"
+  | "item-redirect"
+  | "item-term"
+  | "markbotedits"
+  | "massmessage"
+  | "mergehistory"
+  | "minoredit"
+  | "move"
+  | "move-subpages"
+  | "movefile"
+  | "movestable"
+  | "mwoauth-authonlyprivate"
+  | "nominornewtalk"
+  | "noratelimit"
+  | "nuke"
+  | "patrol"
+  | "patrolmarks"
+  | "property-create"
+  | "property-term"
+  | "protect"
+  | "purge"
+  | "read"
+  | "reupload"
+  | "reupload-own"
+  | "reupload-shared"
+  | "rollback"
+  | "sendemail"
+  | "skipcaptcha"
+  | "suppressionlog"
+  | "tboverride"
+  | "templateeditor"
+  | "torunblocked"
+  | "transcode-reset"
+  | "translate"
+  | "undelete"
+  | "unwatchedpages"
+  | "upload"
+  | "upload_by_url"
+  | "viewmywatchlist"
+  | "viewsuppressed"
+  | "writeapi"
+
+export interface WikimediaProfile extends Record<string, any> {
+  sub: string
+  username: string
+  editcount: number
+  confirmed_email: boolean
+  blocked: boolean
+  registered: string
+  groups: WikimediaGroup[]
+  rights: WikimediaRight[]
+  grants: WikimediaGrant[]
+  realname: string
+  email: string
+}
+
+/**
+ * Wikimedia OAuth2 provider.
+ * All Wikimedia wikis are supported. Wikipedia, Wikidata, etc...
+ *
+ * (Register)[https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration]
+ * (Documentation)[https://www.mediawiki.org/wiki/Extension:OAuth]
+ */
+export default function Wikimedia<P extends WikimediaProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "wikimedia",
+    name: "Wikimedia",
+    type: "oauth",
+    token: "https://meta.wikimedia.org/w/rest.php/oauth2/access_token",
+    userinfo: "https://meta.wikimedia.org/w/rest.php/oauth2/resource/profile",
+    authorization: {
+      url: "https://meta.wikimedia.org/w/rest.php/oauth2/authorize",
+      params: { scope: "" },
+    },
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.username,
+        email: profile.email,
+      }
+    },
+    options,
+  }
+}

scripts/release/analyze.ts

@@ -1,11 +1,13 @@
-import type { Commit, GroupedCommits, PackageToRelease } from "./types"
+import type {
+  Commit,
+  GroupedCommits as GrouppedCommits,
+  PackageToRelease,
+} from "./types"
 
 import { debug, pkgJson, execSync } from "./utils"
 import semver from "semver"
 import parseCommit from "@commitlint/parse"
-// @ts-ignore
 import gitLog from "git-log-parser"
-// @ts-ignore
 import streamToArray from "stream-to-array"
 
 export async function analyze(options: {
@@ -14,14 +16,12 @@ export async function analyze(options: {
   BREAKING_COMMIT_MSG: string
   RELEASE_COMMIT_MSG: string
   RELEASE_COMMIT_TYPES: string[]
-  SKIP_RELEASE_MSG: string
 }): Promise<PackageToRelease[]> {
   const {
     packages,
     BREAKING_COMMIT_MSG,
     RELEASE_COMMIT_MSG,
     RELEASE_COMMIT_TYPES,
-    SKIP_RELEASE_MSG,
   } = options
 
   const packageFolders = Object.values(options.packages)
@@ -65,12 +65,7 @@ export async function analyze(options: {
   )
 
   const lastCommit = commitsSinceLatestTag[0]
-  if (lastCommit?.parsed.raw.includes(SKIP_RELEASE_MSG)) {
-    console.log(
-      `Last commit contained ${SKIP_RELEASE_MSG}, skipping release...`
-    )
-    return []
-  }
+
   if (lastCommit?.parsed.raw === RELEASE_COMMIT_MSG) {
     debug("Already released...")
     return []
@@ -132,7 +127,7 @@ export async function analyze(options: {
       }
     }
     return acc
-  }, {} as Record<string, GroupedCommits>)
+  }, {} as Record<string, GrouppedCommits>)
 
   if (packagesNeedRelease.length) {
     console.log(

scripts/release/config.ts

@@ -17,9 +17,12 @@ export const config = {
     "@next-auth/typeorm-legacy-adapter": "packages/adapter-typeorm-legacy",
   },
   rootDir: process.cwd(),
-  RELEASE_COMMIT_MSG: "chore(release): bump version",
-  BREAKING_COMMIT_MSG: "BREAKING CHANGE",
-  SKIP_RELEASE_MSG: "[skip release]",
+  BREAKING_COMMIT_MSG: "BREAKING CHANGE:",
+  RELEASE_COMMIT_MSG: "chore(release): bump package version(s) [skip ci]",
   RELEASE_COMMIT_TYPES: ["feat", "fix"],
-  dryRun: !process.env.CI || !!process.env.DRY_RUN,
+  dryRun:
+    !process.env.CI ||
+    !!process.env.DRY_RUN ||
+    process.argv.includes("--dry-run"),
+  verbose: !!process.env.VERBOSE || process.argv.includes("--verbose"),
 }

scripts/release/index.ts

@@ -31,7 +31,7 @@ async function run() {
         JSON.stringify(
           {
             ...p,
-            commits: `${p.commits.features.length} feature(s), ${p.commits.bugfixes.length} bugfixe(s), ${p.commits.other.length} othe(r) and ${p.commits.breaking.length} breaking change(s)`,
+            commits: `${p.commits.features.length} feature(s), ${p.commits.bugfixes.length} bugfixe(s), ${p.commits.other.length} other(s) and ${p.commits.breaking.length} breaking change(s)`,
           },
           null,
           2

scripts/release/publish.ts

@@ -1,4 +1,3 @@
-import { createHash } from "crypto"
 import type { Commit, PackageToRelease } from "./types"
 
 import { debug, pkgJson, execSync } from "./utils"
@@ -15,11 +14,11 @@ export async function publish(options: {
   for await (const pkg of packages) {
     if (dryRun) {
       console.log(
-        `Dry run, npm publish for package ${pkg.name} will show the wrong version (${pkg.oldVersion}). In normal run, it would be ${pkg.newVersion}`
+        `Dry run, \`npm publish\` would have released package \`${pkg.name}\` with version "${pkg.newVersion}".`
       )
     } else {
       console.log(
-        `Writing version ${pkg.newVersion} to package.json for package ${pkg.name}`
+        `Writing version "${pkg.newVersion}" to package.json for package \`${pkg.name}\``
       )
       await pkgJson.update(pkg.path, { version: pkg.newVersion })
       console.log("package.json file has been written, publishing...")
@@ -35,8 +34,10 @@ export async function publish(options: {
     }
 
     if (dryRun) {
-      console.log(`Dry run, skip npm publish for package ${pkg.name}...`)
-      npmPublish += " --dry-run"
+      console.log(
+        `Dry run, skip \`npm publish\` for package \`${pkg.name}\`...\n`
+      )
+      npmPublish += " --dry-run --silent"
     } else {
       execSync(
         "echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc",
@@ -58,13 +59,15 @@ export async function publish(options: {
     const { name, oldVersion, newVersion } = pkg
     const gitTag = `${name}@v${newVersion}`
 
-    console.log(`${name} ${oldVersion} -> ${newVersion}`)
+    console.log(
+      `\n\n-------------------------------\n${name} ${oldVersion} -> ${newVersion}`
+    )
 
     const changelog = createChangelog(pkg)
-    debug(`Generated changelog for package ${name}`, changelog)
+    debug("Changelog generated", changelog)
 
     if (dryRun) {
-      console.log(`Dry run, skip git tag/release notes for package ${name}`)
+      console.log(`Dry run, skip git tag/release notes for package \`${name}\``)
     } else {
       console.log(`Creating git tag...`)
       execSync(`git tag ${gitTag}`)
@@ -83,7 +86,7 @@ function createChangelog(pkg: PackageToRelease) {
   const {
     commits: { features, breaking, bugfixes, other },
   } = pkg
-  console.log(`Creating changelog for package ${pkg.name}...`)
+  console.log(`Creating changelog for package \`${pkg.name}\`...`)
 
   let changelog = ``
   changelog += listGroup("Features", features)

scripts/release/tsconfig.json

@@ -1,21 +1,12 @@
 {
   "compilerOptions": {
-    "target": "ES2018",
-    "module": "commonjs",
+    "target": "ESNext",
+    "module": "NodeNext",
     "esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
-    "strict": true,
-    "noImplicitAny": true,
     "skipLibCheck": true,
-    "checkJs": true,
-    "resolveJsonModule": true
+    "skipDefaultLibCheck": true
   },
   "ts-node": {
-    "transpileOnly": true,
-    "files": true,
-    "compilerOptions": {
-      "sourceMap": true,
-      "inlineSources": true
-    }
+    "swc": true
   }
 }

scripts/release/utils.ts

@@ -3,6 +3,7 @@ import type { PackageJson } from "type-fest"
 import fs from "node:fs/promises"
 import path from "node:path"
 import { execSync as nodeExecSync } from "node:child_process"
+import { config } from "./config"
 
 async function read(directory: string): Promise<PackageJson> {
   const content = await fs.readFile(
@@ -28,7 +29,7 @@ async function update(
 export const pkgJson = { read, update }
 
 export function debug(...args: any[]): void {
-  if (!process.env.DEBUG) return
+  if (!config.verbose) return
   const [first, ...rest] = args
   console.log(`\n[debug] ${first}\n`, ...rest, "\n")
 }