chore(release): bump version [skip ci]

feat: make generateSessionToken awaitable (#6536 )
Co-authored-by: @HommeSauvage
2026-05-01 10:55:20 +00:00 · 2023-01-28 13:24:50 +01:00 · 2023-01-28 12:19:32 +00:00 · 2023-01-28 12:12:00 +00:00 · 2023-01-28 09:44:23 +00:00
6 changed files with 16 additions and 12 deletions
--- a/packages/next-auth/package.json
+++ b/packages/next-auth/package.json
@@ -1,6 +1,6 @@
 {
  "name": "next-auth",
-  "version": "4.18.10",
+  "version": "4.19.0",
  "description": "Authentication for Next.js",
  "homepage": "https://next-auth.js.org",
  "repository": "https://github.com/nextauthjs/next-auth.git",
--- a/packages/next-auth/src/core/lib/callback-handler.ts
+++ b/packages/next-auth/src/core/lib/callback-handler.ts
@@ -113,7 +113,7 @@ export default async function callbackHandler(params: {
    session = useJwtSession
      ? {}
      : await createSession({
-          sessionToken: generateSessionToken(),
+          sessionToken: await generateSessionToken(),
          userId: user.id,
          expires: fromDate(options.session.maxAge),
        })
@@ -143,7 +143,7 @@ export default async function callbackHandler(params: {
      session = useJwtSession
        ? {}
        : await createSession({
-            sessionToken: generateSessionToken(),
+            sessionToken: await generateSessionToken(),
            userId: userByAccount.id,
            expires: fromDate(options.session.maxAge),
          })
@@ -181,11 +181,11 @@ export default async function callbackHandler(params: {
        ? await getUserByEmail(profile.email)
        : null
      if (userByEmail) {
-        const provider = options.provider as OAuthConfig<any>;
+        const provider = options.provider as OAuthConfig<any>
        if (provider?.allowDangerousEmailAccountLinking) {
-          // If you trust the oauth provider to correctly verify email addresses, you can opt-in to 
+          // If you trust the oauth provider to correctly verify email addresses, you can opt-in to
          // account linking even when the user is not signed-in.
-          user = userByEmail;
+          user = userByEmail
        } else {
          // We end up here when we don't have an account with the same [provider].id *BUT*
          // we do already have an account with the same email address as the one in the
@@ -216,7 +216,7 @@ export default async function callbackHandler(params: {
      session = useJwtSession
        ? {}
        : await createSession({
-            sessionToken: generateSessionToken(),
+            sessionToken: await generateSessionToken(),
            userId: user.id,
            expires: fromDate(options.session.maxAge),
          })
--- a/packages/next-auth/src/core/lib/oauth/authorization-url.ts
+++ b/packages/next-auth/src/core/lib/oauth/authorization-url.ts
@@ -1,5 +1,5 @@
 import { openidClient } from "./client"
-import { oAuth1Client } from "./client-legacy"
+import { oAuth1Client, oAuth1TokenStore } from "./client-legacy"
 import { createState } from "./state-handler"
 import { createNonce } from "./nonce-handler"
 import { createPKCE } from "./pkce-handler"
@@ -44,7 +44,7 @@ export default async function getAuthorizationUrl({
      oauth_token_secret: tokens.oauth_token_secret,
      ...tokens.params,
    })}`
-
+    oAuth1TokenStore.set(tokens.oauth_token, tokens.oauth_token_secret)
    logger.debug("GET_AUTHORIZATION_URL", { url, provider })
    return { redirect: url }
  }
--- a/packages/next-auth/src/core/lib/oauth/callback.ts
+++ b/packages/next-auth/src/core/lib/oauth/callback.ts
@@ -1,6 +1,6 @@
 import { TokenSet } from "openid-client"
 import { openidClient } from "./client"
-import { oAuth1Client } from "./client-legacy"
+import { oAuth1Client, oAuth1TokenStore } from "./client-legacy"
 import { useState } from "./state-handler"
 import { usePKCECodeVerifier } from "./pkce-handler"
 import { useNonce } from "./nonce-handler"
@@ -42,7 +42,7 @@ export default async function oAuthCallback(params: {
      const { oauth_token, oauth_verifier } = query ?? {}
      const tokens = (await (client as any).getOAuthAccessToken(
        oauth_token,
-        null,
+        oAuth1TokenStore.get(oauth_token),
        oauth_verifier
      )) as TokenSet
      let profile: Profile = await (client as any).get(
@@ -63,6 +63,8 @@ export default async function oAuthCallback(params: {
    }
  }

+  if (query?.oauth_token) oAuth1TokenStore.delete(query.oauth_token)
+
  try {
    const client = await openidClient(options)

--- a/packages/next-auth/src/core/lib/oauth/client-legacy.ts
+++ b/packages/next-auth/src/core/lib/oauth/client-legacy.ts
@@ -69,3 +69,5 @@ export function oAuth1Client(options: InternalOptions<"oauth">) {
  }
  return oauth1Client
 }
+
+export const oAuth1TokenStore = new Map()
--- a/packages/next-auth/src/core/types.ts
+++ b/packages/next-auth/src/core/types.ts
@@ -465,7 +465,7 @@ export interface SessionOptions {
   * However, you can specify your own custom string (such as CUID) to be used.
   * @default `randomUUID` or `randomBytes.toHex` depending on the Node.js version
   */
-  generateSessionToken: () => string
+  generateSessionToken: () => Awaitable<string>
 }

 export interface DefaultUser {
Author	SHA1	Message	Date
Balázs Orbán	e847b3466f	chore(release): bump version [skip ci]	2023-01-28 13:24:50 +01:00
Balázs Orbán	8df6d5b469	feat: make `generateSessionToken` awaitable (#6536 ) Co-authored-by: @HommeSauvage	2023-01-28 12:19:32 +00:00
Balázs Orbán	0bcaeca369	feat: remove `unstable_` prefix `getServerSession` (#6535 ) * feat: remove `unstable_` prefix from `getServerSession` * fix test * fix lint	2023-01-28 12:12:00 +00:00
Balázs Orbán	4f5ddbcb76	fix(oauth1): pass `oauth_token_secret` (#6534 ) * Pass oauth_token_secret in OAuth 1.0 calls * simplify * simplify --------- Co-authored-by: dawidos234 <dawidos234@gmail.com>	2023-01-28 09:44:23 +00:00