fix(logger): properly end request every time (#1557 )

* fix(logger): properly end request every time * chore: fix linting
fix(provider): reject access token if slack login flow was canceled (#1544 )
2026-05-01 10:55:20 +00:00 · 2021-03-20 10:08:12 +01:00 · 2021-03-18 14:59:24 +01:00 · 2021-03-16 19:27:11 +01:00 · 2021-03-16 19:25:24 +01:00 · 2021-03-16 00:00:35 +01:00
11 changed files with 6358 additions and 3701 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -19624,9 +19624,9 @@
      "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA=="
    },
    "xmldom": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.3.0.tgz",
-      "integrity": "sha512-z9s6k3wxE+aZHgXYxSTpGDo7BYOUfJsIRyoZiX6HTjwpwfS2wpQBQKa2fD+ShLyPkqDYo5ud7KitmLZ2Cd6r0g==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.5.0.tgz",
+      "integrity": "sha512-Foaj5FXVzgn7xFzsKeNIde9g6aFBxTPi37iwsno8QvApmtg7KYrr+OPyRHcJF7dud2a5nGRBXK3n0dL62Gf7PA==",
      "dev": true
    },
    "xpath.js": {
--- a/src/providers/faceit.js
+++ b/src/providers/faceit.js
@@ -0,0 +1,25 @@
+export default (options) => {
+  return {
+    id: 'faceit',
+    name: 'FACEIT',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    headers: {
+      Authorization: `Basic ${Buffer.from(`${options.clientId}:${options.clientSecret}`).toString('base64')}`
+    },
+    accessTokenUrl: 'https://api.faceit.com/auth/v1/oauth/token',
+    authorizationUrl: 'https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code',
+    profileUrl: 'https://api.faceit.com/auth/v1/resources/userinfo',
+    profile (profile) {
+      const { guid: id, nickname: name, email, picture: image } = profile
+      return {
+        id,
+        name,
+        email,
+        image
+      }
+    },
+    ...options
+  }
+}
--- a/src/providers/index.js
+++ b/src/providers/index.js
@@ -12,6 +12,7 @@ import Discord from './discord'
 import Email from './email'
 import EVEOnline from './eveonline'
 import Facebook from './facebook'
+import FACEIT from './faceit'
 import Foursquare from './foursquare'
 import FusionAuth from './fusionauth'
 import GitHub from './github'
@@ -36,6 +37,7 @@ import Twitch from './twitch'
 import Twitter from './twitter'
 import VK from './vk'
 import Yandex from './yandex'
+import Zoho from './zoho'

 export default {
  Apple,
@@ -52,6 +54,7 @@ export default {
  Email,
  EVEOnline,
  Facebook,
+  FACEIT,
  Foursquare,
  FusionAuth,
  GitHub,
@@ -75,5 +78,6 @@ export default {
  Twitch,
  Twitter,
  VK,
-  Yandex
+  Yandex,
+  Zoho
 }
--- a/src/providers/zoho.js
+++ b/src/providers/zoho.js
@@ -0,0 +1,22 @@
+export default (options) => {
+  return {
+    id: 'zoho',
+    name: 'Zoho',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'AaaServer.profile.Read',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.zoho.com/oauth/v2/token',
+    authorizationUrl: 'https://accounts.zoho.com/oauth/v2/auth?response_type=code',
+    profileUrl: 'https://accounts.zoho.com/oauth/user/info',
+    profile: (profile) => {
+      return {
+        id: profile.ZUID,
+        name: `${profile.First_Name} ${profile.Last_Name}`,
+        email: profile.Email,
+        image: null
+      }
+    },
+    ...options
+  }
+}
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -225,18 +225,19 @@ async function NextAuthHandler (req, res, userOptions) {
          }
          break
        case '_log':
-          try {
-            if (!userOptions.logger) return
-            const {
-              code = 'CLIENT_ERROR',
-              level = 'error',
-              message = '[]'
-            } = req.body
+          if (userOptions.logger) {
+            try {
+              const {
+                code = 'CLIENT_ERROR',
+                level = 'error',
+                message = '[]'
+              } = req.body

-            logger[level](code, ...JSON.parse(message))
-          } catch (error) {
-            // If logging itself failed...
-            logger.error('LOGGER_ERROR', error)
+              logger[level](code, ...JSON.parse(message))
+            } catch (error) {
+              // If logging itself failed...
+              logger.error('LOGGER_ERROR', error)
+            }
          }
          return res.end()
        default:
--- a/src/server/lib/oauth/client.js
+++ b/src/server/lib/oauth/client.js
@@ -167,9 +167,17 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
          raw = querystring.parse(data)
        }

-        const accessToken = provider.id === 'slack'
-          ? raw.authed_user.access_token
-          : raw.access_token
+        let accessToken
+        if (provider.id === 'slack') {
+          const { ok, error } = raw
+          if (!ok) {
+            return reject(error)
+          }
+
+          accessToken = raw.authed_user.access_token
+        } else {
+          accessToken = raw.access_token
+        }

        resolve({
          accessToken,
--- a/www/docs/getting-started/rest-api.md
+++ b/www/docs/getting-started/rest-api.md
@@ -35,7 +35,7 @@ The `POST` submission requires CSRF token from `/api/auth/csrf`.

 Returns client-safe session object - or an empty object if there is no session.

-The contents of the session object that is returned is configurable with the session callback.
+The contents of the session object that is returned are configurable with the session callback.

 #### `GET` /api/auth/csrf

@@ -52,7 +52,7 @@ It can be used to dynamically generate custom sign up pages and to check what ca
 ---

 :::note
-The default base path is `/api/auth` but it is configurable by specyfing a custom path in `NEXTAUTH_URL`
+The default base path is `/api/auth` but it is configurable by specifying a custom path in `NEXTAUTH_URL`

 e.g. 

--- a/www/docs/providers/faceit.md
+++ b/www/docs/providers/faceit.md
@@ -0,0 +1,30 @@
+---
+id: faceit
+title: FACEIT
+---
+
+## Documentation
+
+https://cdn.faceit.com/third_party/docs/FACEIT_Connect_3.0.pdf
+
+## Configuration
+
+https://developers.faceit.com/apps
+
+Grant type: `Authorization Code`
+
+Scopes to have basic infos (email, nickname, guid and avatar) : `openid`, `email`, `profile`
+
+## Example
+
+```js
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.FACEIT({
+    clientId: process.env.FACEIT_CLIENT_ID,
+    clientSecret: process.env.FACEIT_CLIENT_SECRET
+  })
+]
+...
+```
--- a/www/docs/providers/zoho.md
+++ b/www/docs/providers/zoho.md
@@ -0,0 +1,26 @@
+---
+id: zoho
+title: Zoho
+---
+
+## Documentation
+
+https://www.zoho.com/accounts/protocol/oauth/web-server-applications.html
+
+## Configuration
+
+https://api-console.zoho.com/
+
+## Example
+
+```js
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.Zoho({
+    clientId: process.env.ZOHO_CLIENT_ID,
+    clientSecret: process.env.ZOHO_CLIENT_SECRET
+  })
+]
+...
+```
--- a/www/docs/tutorials.md
+++ b/www/docs/tutorials.md
@@ -9,6 +9,14 @@ _These tutorials are contributed by the community and hosted on this site._

 _New submissions and edits are welcome!_

+### [NextJS Authentication Crash Course with NextAuth.js](https://youtu.be/o_wZIVmWteQ)
+
+This tutorial dives in to the ins and outs of NextAuth including email, Github, Twitter and integrating with Auth0 in under hour.
+
+### [Create your own NextAuth.js Login Pages](https://youtu.be/kB6YNYZ63fw)
+
+This tutorial shows you how to jump in and create your own custom login pages versus using the ones provided by NextAuth.js
+
 ### [Refresh Token Rotation](tutorials/refresh-token-rotation)

 How to implement refresh token rotation.
--- a/www/package-lock.json
+++ b/www/package-lock.json
Author	SHA1	Message	Date
Balázs Orbán	985f7b3431	fix(logger): properly end request every time (#1557 ) * fix(logger): properly end request every time * chore: fix linting	2021-03-20 10:08:12 +01:00
Max	237b016378	fix(provider): reject access token if slack login flow was canceled (#1544 ) * fix: reject access token if slack login flow was canceled * style: fix lint errors in oauth client	2021-03-18 14:59:24 +01:00
Joshua Williams	776b9480da	feat(provider): add Zoho provider (#1516 ) * feat(provider): add zoho * fix: use LF instead of CRLF * fix: crlf to lf line endings Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-03-16 19:27:11 +01:00
Honman Yau	07a3f76cb3	docs: fix typos in REST API guide (#1528 )	2021-03-16 19:25:24 +01:00
tclaude94	3726d68c49	feat(provider): add FACEIT provider (#1469 )	2021-03-16 00:00:35 +01:00
dependabot[bot]	e31db1726a	chore(deps): bump xmldom from 0.3.0 to 0.5.0 (#1510 ) Bumps [xmldom](https://github.com/xmldom/xmldom) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](https://github.com/xmldom/xmldom/compare/0.3.0...0.5.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-03-13 14:19:22 +01:00
James Perkins	a241199c11	docs(tutorials): Adding two more tutorials to the list. [skip release]	2021-03-13 03:42:00 +00:00
dependabot[bot]	5385ec20a9	chore(deps): bump elliptic from 6.5.3 to 6.5.4 in /www (#1493 ) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-03-10 22:59:10 +01:00