fix(logger): attempt at fixing infinite loop (#1789 )

docs: add Class components tutorial (#1784 )
build(provider): auto-generate Providers submodule (#1782 )
2026-05-01 10:55:20 +00:00 · 2021-04-20 21:22:20 +02:00 · 2021-04-20 17:34:05 +02:00 · 2021-04-20 17:33:24 +02:00 · 2021-04-20 12:59:48 +02:00 · 2021-04-20 12:56:07 +02:00
114 changed files with 3948 additions and 2752 deletions
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,5 +1,6 @@
 test:
  - test/**/*
+  - types/tests/**/*

 documentation:
  - www/**/*
@@ -32,4 +33,7 @@ client:

 pages:
  - src/server/pages/**/*
-  - www/docs/configuration/pages.md
+  - www/docs/configuration/pages.md
+
+TypeScript:
+  - types/**/*
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,10 +6,12 @@ on:
  push:
    branches: 
     - main
+     - beta
     - next
  pull_request:
    branches:
     - main
+     - beta
     - next

 jobs:
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,7 @@ name: "CodeQL"

 on:
  push:
-    branches: [ main, next ]
+    branches: [ main, beta, next ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ main ]
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -2,9 +2,10 @@ name: Integration Test

 on:
  push:
-    branches: 
-     - main
-     - next
+    branches:
+      - main
+      - beta
+      - next
  pull_request:

 jobs:
@@ -17,7 +18,7 @@ jobs:
    if: github.event.pull_request.head.repo.full_name == github.repository

    # We use self-hosted runners as cloud based runnners (e.g. AWS, GPC)
-    # fail due to IP Address checks done by providers, which enforce 
+    # fail due to IP Address checks done by providers, which enforce
    # CAPTCHA checks on login request from cloud compute IP addresses to
    # prevent abuse.
    runs-on: self-hosted
@@ -45,7 +46,7 @@ jobs:
      - run: npm test
        # TODO Tests should exit out if env vars not set (currently hangs)
        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} 
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
          NEXTAUTH_TWITTER_ID: ${{secrets.NEXTAUTH_TWITTER_ID}}
          NEXTAUTH_TWITTER_SECRET: ${{secrets.NEXTAUTH_TWITTER_SECRET}}
          NEXTAUTH_TWITTER_USERNAME: ${{secrets.NEXTAUTH_TWITTER_USERNAME}}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,7 @@ on:
  push:
    branches:
      - 'main'
+      - 'beta'
      - 'next'
      - '3.x'
  pull_request:
--- a/.github/workflows/types.yml
+++ b/.github/workflows/types.yml
@@ -0,0 +1,25 @@
+name: Types
+
+on:
+  push:
+    branches:
+      - main
+      - beta
+      - next
+  pull_request:
+    branches:
+      - main
+      - beta
+      - next
+
+jobs:
+  lint-and-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+      - name: Install dependencies
+        uses: bahmutov/npm-install@v1
+      - name: Check types
+        run: npm run test:types
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ node_modules
 .cache-loader
 .next
 www/providers.json
+src/providers/index.js

 # VS
 /.vs/slnx.sqlite-journal
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,7 +16,7 @@ Anyone can be a contributor. Either you found a typo, or you have an awesome fea
 * The latest changes are always in `main`, so please make your Pull Request against that branch.
 * Pull Requests should be raised for any change
 * Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-* Run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this extension](https://marketplace.visualstudio.com/items?itemName=chenxsan.vscode-standardjs) to fix lint issues in development)
+* We use ESLint/Prettier for linting/formatting, so please run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
 * We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
 * If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request

@@ -42,7 +42,7 @@ npm i
 > NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
 > You can find the next-auth config under`pages/api/auth/[...nextauth].js`.

-1. Start the dev application/server and CSS watching:
+1. Start the dev application/server:
 ```sh
 npm run dev
 ```
@@ -59,6 +59,16 @@ When running `npm run dev`, you start a Next.js dev server on `http://localhost:

 >NOTE: When working on CSS, you will need to manually refresh the page after changes. (Improving this through a PR is very welcome!)

+#### Providers
+
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
+2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
+
+That's it! 🎉 Others will be able to discover this provider much more easily now!
+
+You can look at the existing built-in providers for inspiration.
+
 #### Databases

 Included is a Docker Compose file that starts up MySQL, Postgres, and MongoDB databases on localhost.
--- a/README.md
+++ b/README.md
@@ -84,13 +84,9 @@ Advanced options allow you to define your own routines to handle controlling wha

 ### TypeScript

-You can install the appropriate types via the following command:
+NextAuth.js comes with built-in types. For more information and usage, check out the [TypeScript section](https://next-auth.js.org/getting-started/typescript) in the documentaion.

-```
-npm install --save-dev @types/next-auth
-```
-
-As of now, TypeScript is a community effort. If you encounter any problems with the types package, please create an issue at [DefinitelyTyped](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/next-auth). Alternatively, you can open a pull request directly with your fixes there. We welcome anyone to start a discussion on migrating this package to TypeScript, or how to improve the TypeScript experience in general.
+The package at `@types/next-auth` is now deprecated.

 ## Example

--- a/adapters.js
+++ b/adapters.js
@@ -1 +0,0 @@
-module.exports = require('./dist/adapters').default
--- a/client.js
+++ b/client.js
@@ -1 +0,0 @@
-module.exports = require('./dist/client').default
--- a/config/build.js
+++ b/config/build.js
@@ -0,0 +1,86 @@
+const fs = require("fs-extra")
+const path = require("path")
+
+const MODULE_ENTRIES = {
+  SERVER: "index",
+  CLIENT: "client",
+  PROVIDERS: "providers",
+  ADAPTERS: "adapters",
+  JWT: "jwt",
+}
+
+// Building submodule entries
+
+const BUILD_TARGETS = {
+  [`${MODULE_ENTRIES.SERVER}.js`]: "module.exports = require('./dist/server').default\n",
+  [`${MODULE_ENTRIES.CLIENT}.js`]: "module.exports = require('./dist/client').default\n",
+  [`${MODULE_ENTRIES.ADAPTERS}.js`]: "module.exports = require('./dist/adapters').default\n",
+  [`${MODULE_ENTRIES.PROVIDERS}.js`]: "module.exports = require('./dist/providers').default\n",
+  [`${MODULE_ENTRIES.JWT}.js`]: "module.exports = require('./dist/lib/jwt').default\n",
+}
+
+Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
+  fs.writeFile(path.join(process.cwd(), target), content, (err) => {
+    if (err) throw err
+    console.log(`[build] created "${target}" in root folder`)
+  })
+})
+
+// Building types
+
+const TYPES_TARGETS = [
+  `${MODULE_ENTRIES.SERVER}.d.ts`,
+  `${MODULE_ENTRIES.CLIENT}.d.ts`,
+  `${MODULE_ENTRIES.ADAPTERS}.d.ts`,
+  `${MODULE_ENTRIES.PROVIDERS}.d.ts`,
+  `${MODULE_ENTRIES.JWT}.d.ts`,
+  "internals",
+]
+
+TYPES_TARGETS.forEach((target) => {
+  fs.copy(
+    path.resolve("types", target),
+    path.join(process.cwd(), target),
+    (err) => {
+      if (err) throw err
+      console.log(`[build-types] copying "${target}" to root folder`)
+    }
+  )
+})
+
+// Building providers
+
+const providersDir = path.join(process.cwd(), "/src/providers")
+
+const files = fs.readdirSync(providersDir, "utf8")
+
+let importLines = ""
+let exportLines = `export default {\n`
+files.forEach((file) => {
+  const provider = fs.readFileSync(path.join(providersDir, file), "utf8")
+  try {
+    // NOTE: If this fails, the default export probably wasn't a named function.
+    // Always use a named function as default export.
+    // Eg.: export default function YourProvider ...
+    const { functionName } = provider.match(
+      /export default function (?<functionName>.+)\s?\(/
+    ).groups
+
+    importLines += `import ${functionName} from "./${file}"\n`
+    exportLines += `  ${functionName},\n`
+  } catch (error) {
+    console.error(
+      [
+        `\nThe provider file '${file}' should have a single named default export`,
+        "Example: 'export default function YourProvider'\n\n",
+      ].join("\n")
+    )
+    process.exit(1)
+  }
+})
+exportLines += `}\n`
+
+fs.writeFile(
+  path.join(process.cwd(), "src/providers/index.js"),
+  [importLines, exportLines].join("\n")
+)
--- a/index.js
+++ b/index.js
@@ -1 +0,0 @@
-module.exports = require('./dist/server')
--- a/jwt.js
+++ b/jwt.js
@@ -1 +0,0 @@
-module.exports = require('./dist/lib/jwt').default
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -8,37 +8,45 @@
  "main": "index.js",
  "scripts": {
    "build": "npm run build:js && npm run build:css",
-    "build:js": "babel --config-file ./config/babel.config.json src --out-dir dist",
+    "build:js": "node ./config/build.js && babel --config-file ./config/babel.config.json src --out-dir dist",
    "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir dist && node config/wrap-css.js",
-    "dev": "next | npm run watch:css",
+    "dev:with-css": "next | npm run watch:css",
+    "dev": "next",
    "watch": "npm run watch:js | npm run watch:css",
    "watch:js": "babel --config-file ./config/babel.config.json --watch src --out-dir dist",
    "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir dist",
    "test:app:start": "docker-compose -f test/docker/app.yml up -d",
    "test:app:rebuild": "npm run build && docker-compose -f test/docker/app.yml up -d --build",
    "test:app:stop": "docker-compose -f test/docker/app.yml down",
-    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop",
+    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop && npm run test:types",
    "test:db": "npm run test:db:mysql && npm run test:db:postgres && npm run test:db:mongodb && npm run test:db:mssql",
    "test:db:mysql": "node test/mysql.js",
    "test:db:postgres": "node test/postgres.js",
    "test:db:mongodb": "node test/mongodb.js",
    "test:db:mssql": "node test/mssql.js",
    "test:integration": "mocha test/integration",
+    "test:types": "dtslint types",
    "db:start": "docker-compose -f test/docker/databases.yml up -d",
    "db:stop": "docker-compose -f test/docker/databases.yml down",
    "prepublishOnly": "npm run build",
    "publish:beta": "npm publish --tag beta",
    "publish:canary": "npm publish --tag canary",
-    "lint": "ts-standard",
-    "lint:fix": "ts-standard --fix"
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix"
  },
  "files": [
    "dist",
    "index.js",
+    "index.d.ts",
    "providers.js",
+    "providers.d.ts",
    "adapters.js",
+    "adapters.d.ts",
    "client.js",
-    "jwt.js"
+    "client.d.ts",
+    "jwt.js",
+    "jwt.d.ts",
+    "internals"
  ],
  "license": "ISC",
  "dependencies": {
@@ -57,7 +65,7 @@
  },
  "peerDependencies": {
    "react": "^16.13.1 || ^17",
-    "react-dom": "^16.13.1 || ^17"
+    "react-dom": "16.13.1 || ^17"
  },
  "peerOptionalDependencies": {
    "mongodb": "^3.5.9",
@@ -76,12 +84,21 @@
    "@semantic-release/npm": "7.0.8",
    "@semantic-release/release-notes-generator": "^9.0.1",
    "@types/react": "^17.0.0",
+    "@typescript-eslint/eslint-plugin": "^4.22.0",
+    "@typescript-eslint/parser": "^4.22.0",
    "autoprefixer": "^9.7.6",
    "babel-preset-preact": "^2.0.0",
    "conventional-changelog-conventionalcommits": "4.4.0",
    "cssnano": "^4.1.10",
    "dotenv": "^8.2.0",
+    "dtslint": "^4.0.8",
    "eslint": "^7.19.0",
+    "eslint-config-prettier": "^8.2.0",
+    "eslint-config-standard-with-typescript": "^19.0.1",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-promise": "^4.3.1",
+    "eslint-plugin-standard": "^5.0.0",
    "mocha": "^8.1.3",
    "mongodb": "^3.5.9",
    "mssql": "^6.2.1",
@@ -90,26 +107,41 @@
    "pg": "^8.2.1",
    "postcss-cli": "^7.1.1",
    "postcss-nested": "^4.2.1",
+    "prettier": "^2.2.1",
    "prisma": "^2.16.1",
    "puppeteer": "^5.2.1",
    "puppeteer-extra": "^3.1.15",
    "puppeteer-extra-plugin-stealth": "^2.6.1",
    "react": "^17.0.1",
    "react-dom": "^17.0.1",
-    "ts-standard": "^10.0.0",
    "typescript": "^4.1.3"
  },
-  "ts-standard": {
-    "project": "./tsconfig.json",
-    "ignore": [
-      "test/",
-      "next-env.d.ts"
+  "prettier": {
+    "semi": false
+  },
+  "eslintConfig": {
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+      "project": "./tsconfig.json"
+    },
+    "extends": [
+      "standard-with-typescript",
+      "prettier"
    ],
-    "globals": [
-      "localStorage",
-      "location",
-      "fetch"
-    ]
+    "ignorePatterns": [
+      "node_modules",
+      "test",
+      "next-env.d.ts",
+      "types",
+      "www",
+      ".next",
+      "dist"
+    ],
+    "globals": {
+      "localStorage": "readonly",
+      "location": "readonly",
+      "fetch": "readonly"
+    }
  },
  "funding": [
    {
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -6,6 +6,27 @@ import Providers from 'next-auth/providers'
 // const prisma = new PrismaClient()

 export default NextAuth({
+  // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+  // cookies: {
+  //   csrfToken: {
+  //     name: 'next-auth.csrf-token',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   },
+  //   pkceCodeVerifier: {
+  //     name: 'next-auth.pkce.code_verifier',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   }
+  // },
  providers: [
    Providers.Email({
      server: process.env.EMAIL_SERVER,
@@ -19,6 +40,11 @@ export default NextAuth({
      clientId: process.env.AUTH0_ID,
      clientSecret: process.env.AUTH0_SECRET,
      domain: process.env.AUTH0_DOMAIN,
+      // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+      // protection: ["pkce", "state"],
+      // authorizationParams: {
+      //   response_mode: 'form_post'
+      // }
      protection: 'pkce'
    }),
    Providers.Twitter({
--- a/pages/credentials.js
+++ b/pages/credentials.js
@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-use-before-define
 import * as React from 'react'
 import { signIn, signOut, useSession } from 'next-auth/client'
 import Layout from 'components/layout'
--- a/pages/email.js
+++ b/pages/email.js
@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-use-before-define
 import * as React from 'react'
 import { signIn, signOut, useSession } from 'next-auth/client'
 import Layout from 'components/layout'
--- a/providers.js
+++ b/providers.js
@@ -1 +0,0 @@
-module.exports = require('./dist/providers').default
--- a/release.config.js
+++ b/release.config.js
@@ -2,6 +2,7 @@ module.exports = {
  branches: [
    '+([0-9])?(.{+([0-9]),x}).x',
    'main',
+    { name: 'beta', prerelease: true },
    { name: 'next', prerelease: true }
  ]
 }
--- a/src/client/index.d.ts
+++ b/src/client/index.d.ts
@@ -1,103 +0,0 @@
-import * as React from 'react'
-import { GetServerSidePropsContext } from 'next'
-
-interface DefaultSession {
-  user: {
-    name: string | null
-    email: string | null
-    image: string | null
-  }
-  expires: Date | string
-}
-
-interface BroadcastMessage {
-  event?: 'session'
-  data?: {
-    trigger?: 'signout' | 'getSession'
-  }
-  clientId: string
-  timestamp: number
-}
-
-type GetSession<S extends Record<string, unknown> = DefaultSession> = (options: {
-  ctx?: GetServerSidePropsContext
-  req?: GetServerSidePropsContext['req']
-  event?: 'storage' | 'timer' | 'hidden' | string
-  triggerEvent?: boolean
-}) => Promise<S>
-
-export interface NextAuthConfig {
-  baseUrl: string
-  basePath: string
-  baseUrlServer: string
-  basePathServer: string
-  /** 0 means disabled (don't send); 60 means send every 60 seconds */
-  keepAlive: number
-  /** 0 means disabled (only use cache); 60 means sync if last checked > 60 seconds ago */
-  clientMaxAge: number
-  /** Used for timestamp since last sycned (in seconds) */
-  _clientLastSync: number
-  /** Stores timer for poll interval */
-  _clientSyncTimer: ReturnType<typeof setTimeout>
-  /** Tracks if event listeners have been added */
-  _eventListenersAdded: boolean
-  /** Stores last session response from hook */
-  _clientSession: DefaultSession | null | undefined
-  /** Used to store to function export by getSession() hook */
-  _getSession: any
-}
-
-export type GetCsrfToken = (
-  ctxOrReq: GetServerSidePropsContext & GetServerSidePropsContext['req']
-) => Promise<string | null>
-
-export interface SessionOptions {
-  baseUrl?: string
-  basePath?: string
-  clientMaxAge?: number
-  keepAlive?: number
-}
-
-export type Provider<S extends Record<string, unknown> = DefaultSession > = (options: {
-  children: React.ReactNode
-  session: S
-  options: SessionOptions
-}) => React.ReactNode
-
-export type SetOptions = (options: SessionOptions) => void
-
-export type SessionContext = React.createContext<[DefaultSession | null, boolean]>
-
-export type UseSession = () => [any, boolean]
-
-export type GetProviders = () => Promise<any[]>
-
-// Sign in types
-
-export interface SignInOptions {
-  /** Defaults to the current URL. */
-  callbackUrl?: string
-  redirect?: boolean
-}
-export interface SignInResponse {
-  error: string | null
-  status: number
-  ok: boolean
-  url: string | null
-}
-
-export type SignIn<AuthorizationParams = Record<string, string>> = (
-  provider?: string,
-  options?: SignInOptions,
-  authorizationParams?: AuthorizationParams
-) => SignInResponse
-
-// Sign out types
-
-interface SignOutResponse<RedirectType extends boolean=true> {
-  /** Defaults to the current URL. */
-  callbackUrl?: string
-  redirect?: RedirectType
-}
-
-export type SignOut<RedirectType extends boolean = true> = (params: SignOutResponse<RedirectType>) => RedirectType extends true ? Promise<{url?: string} | undefined> : undefined
--- a/src/client/index.js
+++ b/src/client/index.js
@@ -18,7 +18,7 @@ import parseUrl from '../lib/parse-url'
 //    relative URLs are valid in that context and so defaults to empty.
 // 2. When invoked server side the value is picked up from an environment
 //    variable and defaults to 'http://localhost:3000'.
-/** @type {import(".").NextAuthConfig} */
+/** @type {import("types/internals/client").NextAuthConfig} */
 const __NEXTAUTH = {
  baseUrl: parseUrl(process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
  basePath: parseUrl(process.env.NEXTAUTH_URL).basePath,
@@ -60,15 +60,9 @@ if (typeof window !== 'undefined' && !__NEXTAUTH._eventListenersAdded) {
 }

 // Context to store session data globally
+/** @type {import("types/internals/client").SessionContext} */
 const SessionContext = createContext()

-/**
- * React Hook that gives you access
- * to the logged in user's session data.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#usesession)
- * @type {import(".").UseSession}
- */
 export function useSession (session) {
  const context = useContext(SessionContext)
  if (context) return context
@@ -143,14 +137,6 @@ function _useSessionHook (session) {
  return [data, loading]
 }

-/**
- * Can be called client or server side to return a session asynchronously.
- * It calls `/api/auth/session` and returns a promise with a session object,
- * or null if no session exists.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getsession)
- * @type {import(".").GetSession}
- */
 export async function getSession (ctx) {
  const session = await _fetchData('session', ctx)
  if (ctx?.triggerEvent ?? true) {
@@ -159,39 +145,14 @@ export async function getSession (ctx) {
  return session
 }

-/**
- * Returns the current Cross Site Request Forgery Token (CSRF Token)
- * required to make POST requests (e.g. for signing in and signing out).
- * You likely only need to use this if you are not using the built-in
- * `signIn()` and `signOut()` methods.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getcsrftoken)
- * @type {import(".").GetCsrfToken}
- */
 async function getCsrfToken (ctx) {
  return (await _fetchData('csrf', ctx))?.csrfToken
 }

-/**
- * It calls `/api/auth/providers` and returns
- * a list of the currently configured authentication providers.
- * It can be useful if you are creating a dynamic custom sign in page.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getproviders)
- * @type {import(".").GetProviders}
- */
 export async function getProviders () {
  return _fetchData('providers')
 }

-/**
- * Client-side method to initiate a signin flow
- * or send the user to the signin page listing all possible providers.
- * Automatically adds the CSRF token to the request.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#signin)
- * @type {import(".").SignIn}
- */
 export async function signIn (provider, options = {}, authorizationParams = {}) {
  const {
    callbackUrl = window.location,
@@ -255,13 +216,6 @@ export async function signIn (provider, options = {}, authorizationParams = {})
  }
 }

-/**
- * Signs the user out, by removing the session cookie.
- * Automatically adds the CSRF token to the request.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#signout)
- * @type {import(".").SignOut}
- */
 export async function signOut (options = {}) {
  const {
    callbackUrl = window.location,
@@ -298,7 +252,6 @@ export async function signOut (options = {}) {
 // Method to set options. The documented way is to use the provider, but this
 // method is being left in as an alternative, that will be helpful if/when we
 // expose a vanilla JavaScript version that doesn't depend on React.
-/** @type {import(".").SetOptions} */
 export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {}) {
  if (baseUrl) __NEXTAUTH.baseUrl = baseUrl
  if (basePath) __NEXTAUTH.basePath = basePath
@@ -321,14 +274,6 @@ export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {})
  }
 }

-/**
- * Provider to wrap the app in to make session data available globally.
- * Can also be used to throttle the number of requests to the endpoint
- * `/api/auth/session`.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#provider)
- * @type {import(".").Provider}
- */
 export function Provider ({ children, session, options }) {
  setOptions(options)
  return createElement(
@@ -387,13 +332,13 @@ function BroadcastChannel (name = 'nextauth.message') {
  return {
    /**
     * Get notified by other tabs/windows.
-     * @param {(message: import(".").BroadcastMessage) => void} onReceive
+     * @param {(message: import("types/internals/client").BroadcastMessage) => void} onReceive
     */
    receive (onReceive) {
      if (typeof window === 'undefined') return
      window.addEventListener('storage', async (event) => {
        if (event.key !== name) return
-        /** @type {import(".").BroadcastMessage} */
+        /** @type {import("types/internals/client").BroadcastMessage} */
        const message = JSON.parse(event.newValue)
        if (message?.event !== 'session' || !message?.data) return

--- a/src/lib/jwt.js
+++ b/src/lib/jwt.js
@@ -106,7 +106,8 @@ async function getToken (params) {
    // or not set (e.g. development or test instance) case use unprefixed name
    secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')),
    cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token',
-    raw = false
+    raw = false,
+    decode: _decode = decode
  } = params
  if (!req) throw new Error('Must pass `req` to JWT getToken()')

@@ -126,7 +127,7 @@ async function getToken (params) {
  }

  try {
-    return decode({ token, ...params })
+    return _decode({ token, ...params })
  } catch {
    return null
  }
--- a/src/lib/logger.d.ts
+++ b/src/lib/logger.d.ts
@@ -1,10 +0,0 @@
-export interface LoggerInstance {
-  warn: (code?: string, ...message: unknown[]) => void
-  error: (code?: string, ...message: unknown[]) => void
-  debug: (code?: string, ...message: unknown[]) => void
-}
-
-export declare function proxyLogger (logger: LoggerInstance, basePath: string): LoggerInstance
-
-const _logger: LoggerInstance
-export default _logger
--- a/src/lib/logger.js
+++ b/src/lib/logger.js
@@ -1,34 +1,31 @@
-/** @type {import("./logger").LoggerInstance} */
+/** @type {import("types").LoggerInstance} */
 const _logger = {
-  error (code, ...message) {
+  error(code, ...message) {
    console.error(
      `[next-auth][error][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/errors#${code.toLowerCase()}`,
      ...message
    )
  },
-  warn (code, ...message) {
+  warn(code, ...message) {
    console.warn(
      `[next-auth][warn][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/warnings#${code.toLowerCase()}`,
      ...message
    )
  },
-  debug (code, ...message) {
+  debug(code, ...message) {
    if (!process?.env?._NEXTAUTH_DEBUG) return
-    console.log(
-      `[next-auth][debug][${code.toLowerCase()}]`,
-      ...message
-    )
-  }
+    console.log(`[next-auth][debug][${code.toLowerCase()}]`, ...message)
+  },
 }

 /**
 * Override the built-in logger.
 * Any `undefined` level will use the default logger.
- * @param {Partial<import("./logger").LoggerInstance>} newLogger
+ * @param {Partial<import("types").LoggerInstance>} newLogger
 */
-export function setLogger (newLogger = {}) {
+export function setLogger(newLogger = {}) {
  if (newLogger.error) _logger.error = newLogger.error
  if (newLogger.warn) _logger.warn = newLogger.warn
  if (newLogger.debug) _logger.debug = newLogger.debug
@@ -38,13 +35,13 @@ export default _logger

 /**
 * Serializes client-side log messages and sends them to the server
- * @param {import("./logger").LoggerInstance} logger
+ * @param {import("types").LoggerInstance} logger
 * @param {string} basePath
- * @return {import("./logger").LoggerInstance}
+ * @return {import("types").LoggerInstance}
 */
-export function proxyLogger (logger = _logger, basePath) {
+export function proxyLogger(logger = _logger, basePath) {
  try {
-    if (typeof window === 'undefined') {
+    if (typeof window === "undefined") {
      return logger
    }

@@ -57,21 +54,23 @@ export function proxyLogger (logger = _logger, basePath) {
        const body = new URLSearchParams({
          level,
          code,
-          message: JSON.stringify(message.map(m => {
-            if (m instanceof Error) {
-              // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
-              return { name: m.name, message: m.message, stack: m.stack }
-            }
-            return m
-          }))
+          message: JSON.stringify(
+            message.map((m) => {
+              if (m instanceof Error) {
+                // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+                return { name: m.name, message: m.message, stack: m.stack }
+              }
+              return m
+            })
+          ),
        })
        if (navigator.sendBeacon) {
          return navigator.sendBeacon(url, body)
        }
        return fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body,
        })
      }
    }
--- a/src/providers/apple.js
+++ b/src/providers/apple.js
@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Apple(options) {
  return {
-    id: 'apple',
-    name: 'Apple',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'name email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://appleid.apple.com/auth/token',
-    authorizationUrl: 'https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post',
+    id: "apple",
+    name: "Apple",
+    type: "oauth",
+    version: "2.0",
+    scope: "name email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://appleid.apple.com/auth/token",
+    authorizationUrl:
+      "https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post",
    profileUrl: null,
    idToken: true,
-    profile: (profile) => {
+    profile(profile) {
      // The name of the user will only return on first login
      return {
        id: profile.sub,
-        name: profile.user != null ? profile.user.name.firstName + ' ' + profile.user.name.lastName : null,
-        email: profile.email
+        name:
+          profile.user != null
+            ? profile.user.name.firstName + " " + profile.user.name.lastName
+            : null,
+        email: profile.email,
      }
    },
    clientId: null,
    clientSecret: {
      teamId: null,
      privateKey: null,
-      keyId: null
+      keyId: null,
    },
-    protection: 'none', // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
-    ...options
+    protection: "none", // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
+    ...options,
  }
 }
--- a/src/providers/atlassian.js
+++ b/src/providers/atlassian.js
@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Atlassian(options) {
  return {
-    id: 'atlassian',
-    name: 'Atlassian',
-    type: 'oauth',
-    version: '2.0',
+    id: "atlassian",
+    name: "Atlassian",
+    type: "oauth",
+    version: "2.0",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
-    accessTokenUrl: 'https://auth.atlassian.com/oauth/token',
+    accessTokenUrl: "https://auth.atlassian.com/oauth/token",
    authorizationUrl:
-      'https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent',
-    profileUrl: 'https://api.atlassian.com/me',
-    profile: (profile) => {
+      "https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent",
+    profileUrl: "https://api.atlassian.com/me",
+    profile(profile) {
      return {
        id: profile.account_id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/auth0.js
+++ b/src/providers/auth0.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Auth0(options) {
  return {
-    id: 'auth0',
-    name: 'Auth0',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    scope: 'openid email profile',
+    id: "auth0",
+    name: "Auth0",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    scope: "openid email profile",
    accessTokenUrl: `https://${options.domain}/oauth/token`,
    authorizationUrl: `https://${options.domain}/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.nickname,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/azure-ad-b2c.js
+++ b/src/providers/azure-ad-b2c.js
@@ -1,24 +1,24 @@
-export default (options) => {
-  const tenant = options.tenantId ? options.tenantId : 'common'
+export default function AzureADB2C(options) {
+  const tenant = options.tenantId ? options.tenantId : "common"

  return {
-    id: 'azure-ad-b2c',
-    name: 'Azure Active Directory B2C',
-    type: 'oauth',
-    version: '2.0',
+    id: "azure-ad-b2c",
+    name: "Azure Active Directory B2C",
+    type: "oauth",
+    version: "2.0",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
    accessTokenUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
    authorizationUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize?response_type=code&response_mode=query`,
-    profileUrl: 'https://graph.microsoft.com/v1.0/me/',
-    profile: (profile) => {
+    profileUrl: "https://graph.microsoft.com/v1.0/me/",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.displayName,
-        email: profile.userPrincipalName
+        email: profile.userPrincipalName,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/basecamp.js
+++ b/src/providers/basecamp.js
@@ -1,20 +1,22 @@
-export default (options) => {
+export default function Basecamp(options) {
  return {
-    id: 'basecamp',
-    name: 'Basecamp',
-    type: 'oauth',
-    version: '2.0',
-    accessTokenUrl: 'https://launchpad.37signals.com/authorization/token?type=web_server',
-    authorizationUrl: 'https://launchpad.37signals.com/authorization/new?type=web_server',
-    profileUrl: 'https://launchpad.37signals.com/authorization.json',
-    profile: (profile) => {
+    id: "basecamp",
+    name: "Basecamp",
+    type: "oauth",
+    version: "2.0",
+    accessTokenUrl:
+      "https://launchpad.37signals.com/authorization/token?type=web_server",
+    authorizationUrl:
+      "https://launchpad.37signals.com/authorization/new?type=web_server",
+    profileUrl: "https://launchpad.37signals.com/authorization.json",
+    profile(profile) {
      return {
        id: profile.identity.id,
        name: `${profile.identity.first_name} ${profile.identity.last_name}`,
        email: profile.identity.email_address,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/battlenet.js
+++ b/src/providers/battlenet.js
@@ -1,29 +1,29 @@
-export default (options) => {
+export default function BattleNet(options) {
  const { region } = options
  return {
-    id: 'battlenet',
-    name: 'Battle.net',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "battlenet",
+    name: "Battle.net",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/token'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/token"
        : `https://${region}.battle.net/oauth/token`,
    authorizationUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/authorize?response_type=code'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/authorize?response_type=code"
        : `https://${region}.battle.net/oauth/authorize?response_type=code`,
-    profileUrl: 'https://us.battle.net/oauth/userinfo',
-    profile: (profile) => {
+    profileUrl: "https://us.battle.net/oauth/userinfo",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.battletag,
        email: null,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/box.js
+++ b/src/providers/box.js
@@ -1,22 +1,23 @@
-export default (options) => {
+export default function Box(options) {
  return {
-    id: 'box',
-    name: 'Box',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.box.com/oauth2/token',
-    authorizationUrl: 'https://account.box.com/api/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.box.com/2.0/users/me',
-    profile: (profile) => {
+    id: "box",
+    name: "Box",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.box.com/oauth2/token",
+    authorizationUrl:
+      "https://account.box.com/api/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.box.com/2.0/users/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.login,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/bungie.js
+++ b/src/providers/bungie.js
@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Bungie(options) {
  return {
-    id: 'bungie',
-    name: 'Bungie',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { reauth: 'true', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    requestTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    authorizationUrl: 'https://www.bungie.net/en/OAuth/Authorize?response_type=code',
-    profileUrl: 'https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/',
-    profile: (profile) => {
+    id: "bungie",
+    name: "Bungie",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { reauth: "true", grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    requestTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    authorizationUrl:
+      "https://www.bungie.net/en/OAuth/Authorize?response_type=code",
+    profileUrl:
+      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
+    profile(profile) {
      const { bungieNetUser: user } = profile.Response

      return {
        id: user.membershipId,
        name: user.displayName,
-        image: `https://www.bungie.net${user.profilePicturePath.startsWith('/') ? '' : '/'}${user.profilePicturePath}`,
-        email: null
+        image: `https://www.bungie.net${
+          user.profilePicturePath.startsWith("/") ? "" : "/"
+        }${user.profilePicturePath}`,
+        email: null,
      }
    },
    headers: {
-      'X-API-Key': null
+      "X-API-Key": null,
    },
    clientId: null,
    clientSecret: null,
-    ...options
+    ...options,
  }
 }
--- a/src/providers/cognito.js
+++ b/src/providers/cognito.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Cognito(options) {
  const { domain } = options
  return {
-    id: 'cognito',
-    name: 'Cognito',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "cognito",
+    name: "Cognito",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${domain}/oauth2/token`,
    authorizationUrl: `https://${domain}/oauth2/authorize?response_type=code`,
    profileUrl: `https://${domain}/oauth2/userInfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.username,
        email: profile.email,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/credentials.js
+++ b/src/providers/credentials.js
@@ -1,10 +1,10 @@
-export default (options) => {
+export default function Credentials(options) {
  return {
-    id: 'credentials',
-    name: 'Credentials',
-    type: 'credentials',
+    id: "credentials",
+    name: "Credentials",
+    type: "credentials",
    authorize: null,
    credentials: null,
-    ...options
+    ...options,
  }
 }
--- a/src/providers/discord.js
+++ b/src/providers/discord.js
@@ -1,29 +1,30 @@
-export default (options) => {
+export default function Discord(options) {
  return {
-    id: 'discord',
-    name: 'Discord',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identify email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://discord.com/api/oauth2/token',
-    authorizationUrl: 'https://discord.com/api/oauth2/authorize?response_type=code&prompt=none',
-    profileUrl: 'https://discord.com/api/users/@me',
-    profile: (profile) => {
+    id: "discord",
+    name: "Discord",
+    type: "oauth",
+    version: "2.0",
+    scope: "identify email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://discord.com/api/oauth2/token",
+    authorizationUrl:
+      "https://discord.com/api/oauth2/authorize?response_type=code&prompt=none",
+    profileUrl: "https://discord.com/api/users/@me",
+    profile(profile) {
      if (profile.avatar === null) {
        const defaultAvatarNumber = parseInt(profile.discriminator) % 5
        profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`
      } else {
-        const format = profile.avatar.startsWith('a_') ? 'gif' : 'png'
+        const format = profile.avatar.startsWith("a_") ? "gif" : "png"
        profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
      }
      return {
        id: profile.id,
        name: profile.username,
        image: profile.image_url,
-        email: profile.email
+        email: profile.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/email.js
+++ b/src/providers/email.js
@@ -1,48 +1,54 @@
-import nodemailer from 'nodemailer'
-import logger from '../lib/logger'
+import nodemailer from "nodemailer"
+import logger from "../lib/logger"

-export default (options) => {
+export default function Email(options) {
  return {
-    id: 'email',
-    type: 'email',
-    name: 'Email',
+    id: "email",
+    type: "email",
+    name: "Email",
    // Server can be an SMTP connection string or a nodemailer config object
    server: {
-      host: 'localhost',
+      host: "localhost",
      port: 25,
      auth: {
-        user: '',
-        pass: ''
-      }
+        user: "",
+        pass: "",
+      },
    },
-    from: 'NextAuth <no-reply@example.com>',
-    maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
+    from: "NextAuth <no-reply@example.com>",
+    maxAge: 24 * 60 * 60,
    sendVerificationRequest,
-    ...options
+    ...options,
  }
 }

-const sendVerificationRequest = ({ identifier: email, url, baseUrl, provider }) => {
+const sendVerificationRequest = ({
+  identifier: email,
+  url,
+  baseUrl,
+  provider,
+}) => {
  return new Promise((resolve, reject) => {
    const { server, from } = provider
    // Strip protocol from URL and use domain as site name
-    const site = baseUrl.replace(/^https?:\/\//, '')
+    const site = baseUrl.replace(/^https?:\/\//, "")

-    nodemailer
-      .createTransport(server)
-      .sendMail({
+    nodemailer.createTransport(server).sendMail(
+      {
        to: email,
        from,
        subject: `Sign in to ${site}`,
        text: text({ url, site, email }),
-        html: html({ url, site, email })
-      }, (error) => {
+        html: html({ url, site, email }),
+      },
+      (error) => {
        if (error) {
-          logger.error('SEND_VERIFICATION_EMAIL_ERROR', email, error)
-          return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
+          logger.error("SEND_VERIFICATION_EMAIL_ERROR", email, error)
+          return reject(new Error("SEND_VERIFICATION_EMAIL_ERROR", error))
        }
        return resolve()
-      })
+      }
+    )
  })
 }

@@ -52,16 +58,16 @@ const html = ({ url, site, email }) => {
  // email address and the domain from being turned into a hyperlink by email
  // clients like Outlook and Apple mail, as this is confusing because it seems
  // like they are supposed to click on their email address to sign in.
-  const escapedEmail = `${email.replace(/\./g, '&#8203;.')}`
-  const escapedSite = `${site.replace(/\./g, '&#8203;.')}`
+  const escapedEmail = `${email.replace(/\./g, "&#8203;.")}`
+  const escapedSite = `${site.replace(/\./g, "&#8203;.")}`

  // Some simple styling options
-  const backgroundColor = '#f9f9f9'
-  const textColor = '#444444'
-  const mainBackgroundColor = '#ffffff'
-  const buttonBackgroundColor = '#346df1'
-  const buttonBorderColor = '#346df1'
-  const buttonTextColor = '#ffffff'
+  const backgroundColor = "#f9f9f9"
+  const textColor = "#444444"
+  const mainBackgroundColor = "#ffffff"
+  const buttonBackgroundColor = "#346df1"
+  const buttonBorderColor = "#346df1"
+  const buttonTextColor = "#ffffff"

  return `
 <body style="background: ${backgroundColor};">
--- a/src/providers/eveonline.js
+++ b/src/providers/eveonline.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function EVEOnline(options) {
  return {
-    id: 'eveonline',
-    name: 'EVE Online',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.eveonline.com/oauth/token',
-    authorizationUrl: 'https://login.eveonline.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://login.eveonline.com/oauth/verify',
-    profile: (profile) => {
+    id: "eveonline",
+    name: "EVE Online",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.eveonline.com/oauth/token",
+    authorizationUrl:
+      "https://login.eveonline.com/oauth/authorize?response_type=code",
+    profileUrl: "https://login.eveonline.com/oauth/verify",
+    profile(profile) {
      return {
        id: profile.CharacterID,
        name: profile.CharacterName,
        image: `https://image.eveonline.com/Character/${profile.CharacterID}_128.jpg`,
-        email: null
+        email: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/facebook.js
+++ b/src/providers/facebook.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Facebook(options) {
  return {
-    id: 'facebook',
-    name: 'Facebook',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
-    accessTokenUrl: 'https://graph.facebook.com/oauth/access_token',
-    authorizationUrl: 'https://www.facebook.com/v7.0/dialog/oauth?response_type=code',
-    profileUrl: 'https://graph.facebook.com/me?fields=email,name,picture',
-    profile: (profile) => {
+    id: "facebook",
+    name: "Facebook",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
+    accessTokenUrl: "https://graph.facebook.com/oauth/access_token",
+    authorizationUrl:
+      "https://www.facebook.com/v7.0/dialog/oauth?response_type=code",
+    profileUrl: "https://graph.facebook.com/me?fields=email,name,picture",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture.data.url
+        image: profile.picture.data.url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/faceit.js
+++ b/src/providers/faceit.js
@@ -1,25 +1,28 @@
-export default (options) => {
+export default function FACEIT(options) {
  return {
-    id: 'faceit',
-    name: 'FACEIT',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
+    id: "faceit",
+    name: "FACEIT",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
    headers: {
-      Authorization: `Basic ${Buffer.from(`${options.clientId}:${options.clientSecret}`).toString('base64')}`
+      Authorization: `Basic ${Buffer.from(
+        `${options.clientId}:${options.clientSecret}`
+      ).toString("base64")}`,
    },
-    accessTokenUrl: 'https://api.faceit.com/auth/v1/oauth/token',
-    authorizationUrl: 'https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code',
-    profileUrl: 'https://api.faceit.com/auth/v1/resources/userinfo',
-    profile (profile) {
+    accessTokenUrl: "https://api.faceit.com/auth/v1/oauth/token",
+    authorizationUrl:
+      "https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code",
+    profileUrl: "https://api.faceit.com/auth/v1/resources/userinfo",
+    profile(profile) {
      const { guid: id, nickname: name, email, picture: image } = profile
      return {
        id,
        name,
        email,
-        image
+        image,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/foursquare.js
+++ b/src/providers/foursquare.js
@@ -1,22 +1,23 @@
-export default ({ apiVersion, ...options }) => {
+export default function Foursquare(options) {
+  const { apiVersion } = options
  return {
-    id: 'foursquare',
-    name: 'Foursquare',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://foursquare.com/oauth2/access_token',
+    id: "foursquare",
+    name: "Foursquare",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://foursquare.com/oauth2/access_token",
    authorizationUrl:
-      'https://foursquare.com/oauth2/authenticate?response_type=code',
+      "https://foursquare.com/oauth2/authenticate?response_type=code",
    profileUrl: `https://api.foursquare.com/v2/users/self?v=${apiVersion}`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.id,
        name: `${profile.firstName} ${profile.lastName}`,
        image: `${profile.prefix}original${profile.suffix}`,
-        email: profile.contact.email
+        email: profile.contact.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/fusionauth.js
+++ b/src/providers/fusionauth.js
@@ -1,27 +1,27 @@
-export default (options) => {
+export default function FusionAuth(options) {
  let authorizationUrl = `https://${options.domain}/oauth2/authorize?response_type=code`
  if (options.tenantId) {
    authorizationUrl += `&tenantId=${options.tenantId}`
  }

  return {
-    id: 'fusionauth',
-    name: 'FusionAuth',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "fusionauth",
+    name: "FusionAuth",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${options.domain}/oauth2/token`,
    authorizationUrl,
    profileUrl: `https://${options.domain}/oauth2/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/github.js
+++ b/src/providers/github.js
@@ -1,21 +1,21 @@
-export default (options) => {
+export default function GitHub(options) {
  return {
-    id: 'github',
-    name: 'GitHub',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user',
-    accessTokenUrl: 'https://github.com/login/oauth/access_token',
-    authorizationUrl: 'https://github.com/login/oauth/authorize',
-    profileUrl: 'https://api.github.com/user',
-    profile: (profile) => {
+    id: "github",
+    name: "GitHub",
+    type: "oauth",
+    version: "2.0",
+    scope: "user",
+    accessTokenUrl: "https://github.com/login/oauth/access_token",
+    authorizationUrl: "https://github.com/login/oauth/authorize",
+    profileUrl: "https://api.github.com/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name || profile.login,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/gitlab.js
+++ b/src/providers/gitlab.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function GitLab(options) {
  return {
-    id: 'gitlab',
-    name: 'GitLab',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read_user',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://gitlab.com/oauth/token',
-    authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://gitlab.com/api/v4/user',
-    profile: (profile) => {
+    id: "gitlab",
+    name: "GitLab",
+    type: "oauth",
+    version: "2.0",
+    scope: "read_user",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://gitlab.com/oauth/token",
+    authorizationUrl: "https://gitlab.com/oauth/authorize?response_type=code",
+    profileUrl: "https://gitlab.com/api/v4/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.username,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/google.js
+++ b/src/providers/google.js
@@ -1,23 +1,25 @@
-export default (options) => {
+export default function Google(options) {
  return {
-    id: 'google',
-    name: 'Google',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.google.com/o/oauth2/token',
-    requestTokenUrl: 'https://accounts.google.com/o/oauth2/auth',
-    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth?response_type=code',
-    profileUrl: 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json',
-    profile: (profile) => {
+    id: "google",
+    name: "Google",
+    type: "oauth",
+    version: "2.0",
+    scope:
+      "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
+    requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
+    authorizationUrl:
+      "https://accounts.google.com/o/oauth2/auth?response_type=code",
+    profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/identity-server4.js
+++ b/src/providers/identity-server4.js
@@ -1,17 +1,17 @@
-export default (options) => {
+export default function IdentityServer4(options) {
  return {
-    id: 'identity-server4',
-    name: 'IdentityServer4',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "identity-server4",
+    name: "IdentityServer4",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${options.domain}/connect/token`,
    authorizationUrl: `https://${options.domain}/connect/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/connect/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return { ...profile, id: profile.sub }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/index.js
+++ b/src/providers/index.js
@@ -1,83 +0,0 @@
-import Apple from './apple'
-import Atlassian from './atlassian'
-import Auth0 from './auth0'
-import AzureADB2C from './azure-ad-b2c'
-import Basecamp from './basecamp'
-import BattleNet from './battlenet'
-import Box from './box'
-import Bungie from './bungie'
-import Cognito from './cognito'
-import Credentials from './credentials'
-import Discord from './discord'
-import Email from './email'
-import EVEOnline from './eveonline'
-import Facebook from './facebook'
-import FACEIT from './faceit'
-import Foursquare from './foursquare'
-import FusionAuth from './fusionauth'
-import GitHub from './github'
-import GitLab from './gitlab'
-import Google from './google'
-import IdentityServer4 from './identity-server4'
-import Instagram from './instagram'
-import Kakao from './kakao'
-import LINE from './line'
-import LinkedIn from './linkedin'
-import MailRu from './mailru'
-import Medium from './medium'
-import Netlify from './netlify'
-import Okta from './okta'
-import Osso from './osso'
-import Reddit from './reddit'
-import Salesforce from './salesforce'
-import Slack from './slack'
-import Spotify from './spotify'
-import Strava from './strava'
-import Twitch from './twitch'
-import Twitter from './twitter'
-import VK from './vk'
-import Yandex from './yandex'
-import Zoho from './zoho'
-
-export default {
-  Apple,
-  Atlassian,
-  Auth0,
-  AzureADB2C,
-  Basecamp,
-  BattleNet,
-  Box,
-  Bungie,
-  Cognito,
-  Credentials,
-  Discord,
-  Email,
-  EVEOnline,
-  Facebook,
-  FACEIT,
-  Foursquare,
-  FusionAuth,
-  GitHub,
-  GitLab,
-  Google,
-  IdentityServer4,
-  Instagram,
-  Kakao,
-  LINE,
-  LinkedIn,
-  MailRu,
-  Medium,
-  Netlify,
-  Okta,
-  Osso,
-  Reddit,
-  Salesforce,
-  Slack,
-  Spotify,
-  Strava,
-  Twitch,
-  Twitter,
-  VK,
-  Yandex,
-  Zoho
-}
--- a/src/providers/instagram.js
+++ b/src/providers/instagram.js
@@ -1,5 +1,5 @@
 /**
- * @param {import("../server").Provider} options
+ * @type {import("types/providers").OAuthProvider} options
 * @example
 *
 * ```js
@@ -22,29 +22,29 @@
 * </button>
 * ...
 * ```
- * *Resources:*
- * - [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram)
- * - [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started)
- * - [Configuration](https://developers.facebook.com/apps)
+ * [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram) | [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started) | [Configuration](https://developers.facebook.com/apps)
 */
-export default function Instagram (options) {
+export default function Instagram(options) {
  return {
-    id: 'instagram',
-    name: 'Instagram',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user_profile',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.instagram.com/oauth/access_token',
-    authorizationUrl: 'https://api.instagram.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://graph.instagram.com/me?fields=id,username,account_type,name',
-    async profile (profile) {
+    id: "instagram",
+    name: "Instagram",
+    type: "oauth",
+    version: "2.0",
+    scope: "user_profile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.instagram.com/oauth/access_token",
+    authorizationUrl:
+      "https://api.instagram.com/oauth/authorize?response_type=code",
+    profileUrl:
+      "https://graph.instagram.com/me?fields=id,username,account_type,name",
+    async profile(profile) {
      return {
        id: profile.id,
        name: profile.username,
        email: null,
-        image: null
+        image: null,
      }
-    }
+    },
+    ...options,
  }
 }
--- a/src/providers/kakao.js
+++ b/src/providers/kakao.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Kakao(options) {
  return {
-    id: 'kakao',
-    name: 'Kakao',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://kauth.kakao.com/oauth/token',
-    authorizationUrl: 'https://kauth.kakao.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://kapi.kakao.com/v2/user/me',
-    profile: (profile) => {
+    id: "kakao",
+    name: "Kakao",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://kauth.kakao.com/oauth/token",
+    authorizationUrl:
+      "https://kauth.kakao.com/oauth/authorize?response_type=code",
+    profileUrl: "https://kapi.kakao.com/v2/user/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.kakao_account?.profile.nickname,
        email: profile.kakao_account?.email,
-        image: profile.kakao_account?.profile.profile_image_url
+        image: profile.kakao_account?.profile.profile_image_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/line.js
+++ b/src/providers/line.js
@@ -1,22 +1,23 @@
-export default (options) => {
+export default function LINE(options) {
  return {
-    id: 'line',
-    name: 'LINE',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'profile openid',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.line.me/oauth2/v2.1/token',
-    authorizationUrl: 'https://access.line.me/oauth2/v2.1/authorize?response_type=code',
-    profileUrl: 'https://api.line.me/v2/profile',
-    profile: (profile) => {
+    id: "line",
+    name: "LINE",
+    type: "oauth",
+    version: "2.0",
+    scope: "profile openid",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.line.me/oauth2/v2.1/token",
+    authorizationUrl:
+      "https://access.line.me/oauth2/v2.1/authorize?response_type=code",
+    profileUrl: "https://api.line.me/v2/profile",
+    profile(profile) {
      return {
        id: profile.userId,
        name: profile.displayName,
        email: null,
-        image: profile.pictureUrl
+        image: profile.pictureUrl,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/linkedin.js
+++ b/src/providers/linkedin.js
@@ -1,26 +1,28 @@
-export default (options) => {
+export default function LinkedIn(options) {
  return {
-    id: 'linkedin',
-    name: 'LinkedIn',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'r_liteprofile',
+    id: "linkedin",
+    name: "LinkedIn",
+    type: "oauth",
+    version: "2.0",
+    scope: "r_liteprofile",
    params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
      client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
    },
-    accessTokenUrl: 'https://www.linkedin.com/oauth/v2/accessToken',
-    authorizationUrl: 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
-    profileUrl: 'https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)',
-    profile: (profile) => {
+    accessTokenUrl: "https://www.linkedin.com/oauth/v2/accessToken",
+    authorizationUrl:
+      "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
+    profileUrl:
+      "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)",
+    profile(profile) {
      return {
        id: profile.id,
-        name: profile.localizedFirstName + ' ' + profile.localizedLastName,
+        name: profile.localizedFirstName + " " + profile.localizedLastName,
        email: null,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/mailru.js
+++ b/src/providers/mailru.js
@@ -1,25 +1,25 @@
-export default (options) => {
+export default function MailRu(options) {
  return {
-    id: 'mailru',
-    name: 'Mail.ru',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'userinfo',
+    id: "mailru",
+    name: "Mail.ru",
+    type: "oauth",
+    version: "2.0",
+    scope: "userinfo",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
-    accessTokenUrl: 'https://oauth.mail.ru/token',
-    requestTokenUrl: 'https://oauth.mail.ru/token',
-    authorizationUrl: 'https://oauth.mail.ru/login?response_type=code',
-    profileUrl: 'https://oauth.mail.ru/userinfo',
-    profile: (profile) => {
+    accessTokenUrl: "https://oauth.mail.ru/token",
+    requestTokenUrl: "https://oauth.mail.ru/token",
+    authorizationUrl: "https://oauth.mail.ru/login?response_type=code",
+    profileUrl: "https://oauth.mail.ru/userinfo",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.image
+        image: profile.image,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/medium.js
+++ b/src/providers/medium.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Medium(options) {
  return {
-    id: 'medium',
-    name: 'Medium',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'basicProfile',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.medium.com/v1/tokens',
-    authorizationUrl: 'https://medium.com/m/oauth/authorize?response_type=code',
-    profileUrl: 'https://api.medium.com/v1/me',
-    profile: (profile) => {
+    id: "medium",
+    name: "Medium",
+    type: "oauth",
+    version: "2.0",
+    scope: "basicProfile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.medium.com/v1/tokens",
+    authorizationUrl: "https://medium.com/m/oauth/authorize?response_type=code",
+    profileUrl: "https://api.medium.com/v1/me",
+    profile(profile) {
      return {
        id: profile.data.id,
        name: profile.data.name,
        email: null,
-        image: profile.data.imageUrl
+        image: profile.data.imageUrl,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/netlify.js
+++ b/src/providers/netlify.js
@@ -1,21 +1,21 @@
-export default (options) => {
+export default function Netlify(options) {
  return {
-    id: 'netlify',
-    name: 'Netlify',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.netlify.com/oauth/token',
-    authorizationUrl: 'https://app.netlify.com/authorize?response_type=code',
-    profileUrl: 'https://api.netlify.com/api/v1/user',
-    profile: (profile) => {
+    id: "netlify",
+    name: "Netlify",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.netlify.com/oauth/token",
+    authorizationUrl: "https://app.netlify.com/authorize?response_type=code",
+    profileUrl: "https://api.netlify.com/api/v1/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.full_name,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/okta.js
+++ b/src/providers/okta.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Okta(options) {
  return {
-    id: 'okta',
-    name: 'Okta',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
+    id: "okta",
+    name: "Okta",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
    params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
      client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
    },
    // These will be different depending on the Org.
    accessTokenUrl: `https://${options.domain}/v1/token`,
    authorizationUrl: `https://${options.domain}/v1/authorize/?response_type=code`,
    profileUrl: `https://${options.domain}/v1/userinfo/`,
-    profile: (profile) => {
+    profile(profile) {
      return { ...profile, id: profile.sub }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/osso.js
+++ b/src/providers/osso.js
@@ -1,20 +1,20 @@
-export default (options) => {
+export default function Osso(options) {
  return {
-    id: 'osso',
-    name: 'SAML SSO',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
+    id: "osso",
+    name: "SAML SSO",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${options.domain}/oauth/token`,
    authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/oauth/me`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name || profile.email,
-        email: profile.email
+        email: profile.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/reddit.js
+++ b/src/providers/reddit.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Reddit(options) {
  return {
-    id: 'reddit',
-    name: 'Reddit',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identity',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: ' https://www.reddit.com/api/v1/access_token',
+    id: "reddit",
+    name: "Reddit",
+    type: "oauth",
+    version: "2.0",
+    scope: "identity",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: " https://www.reddit.com/api/v1/access_token",
    authorizationUrl:
-      'https://www.reddit.com/api/v1/authorize?response_type=code',
-    profileUrl: 'https://oauth.reddit.com/api/v1/me',
-    profile: (profile) => {
+      "https://www.reddit.com/api/v1/authorize?response_type=code",
+    profileUrl: "https://oauth.reddit.com/api/v1/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        image: null,
-        email: null
+        email: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/salesforce.js
+++ b/src/providers/salesforce.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Salesforce(options) {
  return {
-    id: 'salesforce',
-    name: 'Salesforce',
-    type: 'oauth',
-    version: '2.0',
-    params: { display: 'page', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.salesforce.com/services/oauth2/token',
-    authorizationUrl: 'https://login.salesforce.com/services/oauth2/authorize?response_type=code',
-    profileUrl: 'https://login.salesforce.com/services/oauth2/userinfo',
-    protection: 'none', // REVIEW: Can we use "pkce" ?
-    profile: (profile) => {
+    id: "salesforce",
+    name: "Salesforce",
+    type: "oauth",
+    version: "2.0",
+    params: { display: "page", grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.salesforce.com/services/oauth2/token",
+    authorizationUrl:
+      "https://login.salesforce.com/services/oauth2/authorize?response_type=code",
+    profileUrl: "https://login.salesforce.com/services/oauth2/userinfo",
+    protection: "none",
+    profile(profile) {
      return {
        ...profile,
        id: profile.user_id,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/slack.js
+++ b/src/providers/slack.js
@@ -1,24 +1,26 @@
-export default (options) => {
+export default function Slack(options) {
  return {
-    id: 'slack',
-    name: 'Slack',
-    type: 'oauth',
-    version: '2.0',
+    id: "slack",
+    name: "Slack",
+    type: "oauth",
+    version: "2.0",
    scope: [],
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
-    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
-    authorizationParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
-    profileUrl: 'https://slack.com/api/users.identity',
-    profile: (profile) => {
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://slack.com/api/oauth.v2.access",
+    authorizationUrl: "https://slack.com/oauth/v2/authorize",
+    authorizationParams: {
+      user_scope: "identity.basic,identity.email,identity.avatar",
+    },
+    profileUrl: "https://slack.com/api/users.identity",
+    profile(profile) {
      const { user } = profile
      return {
        id: user.id,
        name: user.name,
        image: user.image_512,
-        email: user.email
+        email: user.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/spotify.js
+++ b/src/providers/spotify.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Spotify(options) {
  return {
-    id: 'spotify',
-    name: 'Spotify',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user-read-email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.spotify.com/api/token',
+    id: "spotify",
+    name: "Spotify",
+    type: "oauth",
+    version: "2.0",
+    scope: "user-read-email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.spotify.com/api/token",
    authorizationUrl:
-      'https://accounts.spotify.com/authorize?response_type=code',
-    profileUrl: 'https://api.spotify.com/v1/me',
-    profile: (profile) => {
+      "https://accounts.spotify.com/authorize?response_type=code",
+    profileUrl: "https://api.spotify.com/v1/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.display_name,
        email: profile.email,
-        image: profile.images?.[0]?.url
+        image: profile.images?.[0]?.url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/strava.js
+++ b/src/providers/strava.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Strava(options) {
  return {
-    id: 'strava',
-    name: 'Strava',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.strava.com/api/v3/oauth/token',
+    id: "strava",
+    name: "Strava",
+    type: "oauth",
+    version: "2.0",
+    scope: "read",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.strava.com/api/v3/oauth/token",
    authorizationUrl:
-      'https://www.strava.com/api/v3/oauth/authorize?response_type=code',
-    profileUrl: 'https://www.strava.com/api/v3/athlete',
-    profile: (profile) => {
+      "https://www.strava.com/api/v3/oauth/authorize?response_type=code",
+    profileUrl: "https://www.strava.com/api/v3/athlete",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.firstname,
-        image: profile.profile
+        image: profile.profile,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/twitch.js
+++ b/src/providers/twitch.js
@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Twitch(options) {
  return {
-    id: 'twitch',
-    name: 'Twitch',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user:read:email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://id.twitch.tv/oauth2/token',
+    id: "twitch",
+    name: "Twitch",
+    type: "oauth",
+    version: "2.0",
+    scope: "user:read:email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://id.twitch.tv/oauth2/token",
    authorizationUrl:
-      'https://id.twitch.tv/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.twitch.tv/helix/users',
-    profile: (profile) => {
+      "https://id.twitch.tv/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.twitch.tv/helix/users",
+    profile(profile) {
      const data = profile.data[0]
      return {
        id: data.id,
        name: data.display_name,
        image: data.profile_image_url,
-        email: data.email
+        email: data.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/twitter.js
+++ b/src/providers/twitter.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Twitter(options) {
  return {
-    id: 'twitter',
-    name: 'Twitter',
-    type: 'oauth',
-    version: '1.0A',
-    scope: '',
-    accessTokenUrl: 'https://api.twitter.com/oauth/access_token',
-    requestTokenUrl: 'https://api.twitter.com/oauth/request_token',
-    authorizationUrl: 'https://api.twitter.com/oauth/authenticate',
+    id: "twitter",
+    name: "Twitter",
+    type: "oauth",
+    version: "1.0A",
+    scope: "",
+    accessTokenUrl: "https://api.twitter.com/oauth/access_token",
+    requestTokenUrl: "https://api.twitter.com/oauth/request_token",
+    authorizationUrl: "https://api.twitter.com/oauth/authenticate",
    profileUrl:
-      'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
-    profile: (profile) => {
+      "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
+    profile(profile) {
      return {
        id: profile.id_str,
        name: profile.name,
        email: profile.email,
-        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, '.jpg')
+        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, ".jpg"),
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/vk.js
+++ b/src/providers/vk.js
@@ -1,30 +1,29 @@
-export default (options) => {
-  const apiVersion = '5.126' // https://vk.com/dev/versions
+export default function VK(options) {
+  const apiVersion = "5.126" // https://vk.com/dev/versions

  return {
-    id: 'vk',
-    name: 'VK',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
+    id: "vk",
+    name: "VK",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
    accessTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
    requestTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    authorizationUrl:
-      `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
+    authorizationUrl: `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
    profileUrl: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
    profile: (result) => {
      const profile = result.response?.[0] ?? {}

      return {
        id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(' '),
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
        email: profile.email,
-        image: profile.photo_100
+        image: profile.photo_100,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/yandex.js
+++ b/src/providers/yandex.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Yandex(options) {
  return {
-    id: 'yandex',
-    name: 'Yandex',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'login:email login:info',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://oauth.yandex.ru/token',
-    requestTokenUrl: 'https://oauth.yandex.ru/token',
-    authorizationUrl: 'https://oauth.yandex.ru/authorize?response_type=code',
-    profileUrl: 'https://login.yandex.ru/info?format=json',
-    profile: (profile) => {
+    id: "yandex",
+    name: "Yandex",
+    type: "oauth",
+    version: "2.0",
+    scope: "login:email login:info",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://oauth.yandex.ru/token",
+    requestTokenUrl: "https://oauth.yandex.ru/token",
+    authorizationUrl: "https://oauth.yandex.ru/authorize?response_type=code",
+    profileUrl: "https://login.yandex.ru/info?format=json",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.real_name,
        email: profile.default_email,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/zoho.js
+++ b/src/providers/zoho.js
@@ -1,22 +1,23 @@
-export default (options) => {
+export default function Zoho(options) {
  return {
-    id: 'zoho',
-    name: 'Zoho',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'AaaServer.profile.Read',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.zoho.com/oauth/v2/token',
-    authorizationUrl: 'https://accounts.zoho.com/oauth/v2/auth?response_type=code',
-    profileUrl: 'https://accounts.zoho.com/oauth/user/info',
-    profile: (profile) => {
+    id: "zoho",
+    name: "Zoho",
+    type: "oauth",
+    version: "2.0",
+    scope: "AaaServer.profile.Read",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.zoho.com/oauth/v2/token",
+    authorizationUrl:
+      "https://accounts.zoho.com/oauth/v2/auth?response_type=code",
+    profileUrl: "https://accounts.zoho.com/oauth/user/info",
+    profile(profile) {
      return {
        id: profile.ZUID,
        name: `${profile.First_Name} ${profile.Last_Name}`,
        email: profile.Email,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/server/index.d.ts
+++ b/src/server/index.d.ts
@@ -1,94 +0,0 @@
-import { NextApiHandler, NextApiRequest, NextApiResponse } from 'next'
-import { LoggerInstance } from 'src/lib/logger'
-import { CallbacksOptions } from './lib/callbacks'
-import { CookiesOptions } from './lib/cookie'
-import { EventsOptions } from './lib/events'
-
-export interface Provider {
-  id: string
-  name: string
-  type: string
-  version: string
-  params: Record<string, unknown>
-  scope: string
-  accessTokenUrl: string
-  authorizationUrl: string
-  profileUrl?: string
-  grant_type?: string
-  profile?: (profile: any) => Promise<any>
-}
-
-/** @docs https://next-auth.js.org/configuration/options */
-export interface NextAuthOptions {
-  /** @docs https://next-auth.js.org/configuration/options#theme */
-  theme?: 'auto' | 'dark' | 'light'
-  /** @docs https://next-auth.js.org/configuration/options#providers */
-  providers: Provider[]
-  /** @docs https://next-auth.js.org/configuration/options#database */
-  database?: any
-  /** @docs https://next-auth.js.org/configuration/options#secret */
-  secret?: any
-  /** @docs https://next-auth.js.org/configuration/options#session */
-  session?: any
-  /** @docs https://next-auth.js.org/configuration/options#jwt */
-  jwt?: any
-  /** @docs https://next-auth.js.org/configuration/options#pages */
-  pages?: {
-    signIn?: string
-    signOut?: string
-    /** Error code passed in query string as ?error= */
-    error?: string
-    verifyRequest?: string
-    /** If set, new users will be directed here on first sign in */
-    newUser?: string
-  }
-  /**
-   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
-   * Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as
-   * they allow you to implement access controls without a database and
-   * to integrate with external databases or APIs.
-   * @docs https://next-auth.js.org/configuration/options#callbacks
-   */
-  callbacks?: CallbacksOptions
-  /** @docs https://next-auth.js.org/configuration/options#events */
-  events?: EventsOptions
-  /** @docs https://next-auth.js.org/configuration/options#adapter */
-  adapter?: any
-  /** @docs https://next-auth.js.org/configuration/options#debug */
-  debug?: boolean
-  /** @docs https://next-auth.js.org/configuration/options#usesecurecookies */
-  useSecureCookies?: boolean
-  /** @docs https://next-auth.js.org/configuration/options#cookies */
-  cookies?: CookiesOptions
-  /** @docs https://next-auth.js.org/configuration/options#logger */
-  logger: LoggerInstance
-}
-
-/** Options that are the same both in internal and user provided options. */
-export type NextAuthSharedOptions = 'pages' | 'jwt' | 'events' | 'callbacks' | 'cookies' | 'secret' | 'adapter' | 'theme' | 'debug' | 'logger'
-
-export interface NextAuthInternalOptions extends Pick<NextAuthOptions, NextAuthSharedOptions> {
-  pkce?: {
-    code_verifier?: string
-    /**
-     * Could be `"plain"`, but not recommended.
-     * We ignore it for now.
-     * @spec https://tools.ietf.org/html/rfc7636#section-4.2.
-     */
-    code_challenge_method?: 'S256'
-  }
-  provider?: Provider
-  baseUrl?: string
-  basePath?: string
-  action?: string
-  csrfToken?: string
-}
-
-export interface NextAuthRequest extends NextApiRequest {
-  options: NextAuthInternalOptions
-}
-
-export interface NextAuthResponse extends NextApiResponse {}
-
-export declare function NextAuthHandler (req: NextAuthRequest, res: NextAuthResponse, options: NextAuthOptions): ReturnType<NextApiHandler>
-export declare function NextAuthHandler (options: NextAuthOptions): ReturnType<NextApiHandler>
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -6,12 +6,12 @@ import * as cookie from './lib/cookie'
 import * as defaultEvents from './lib/default-events'
 import * as defaultCallbacks from './lib/default-callbacks'
 import parseProviders from './lib/providers'
-import callbackUrlHandler from './lib/callback-url-handler'
-import extendRes from './lib/extend-req'
 import * as routes from './routes'
 import renderPage from './pages'
-import csrfTokenHandler from './lib/csrf-token-handler'
 import createSecret from './lib/create-secret'
+import callbackUrlHandler from './lib/callback-url-handler'
+import extendRes from './lib/extend-res'
+import csrfTokenHandler from './lib/csrf-token-handler'
 import * as pkce from './lib/oauth/pkce-handler'
 import * as state from './lib/oauth/state-handler'

@@ -24,7 +24,7 @@ if (!process.env.NEXTAUTH_URL) {
 /**
 * @param {import("next").NextApiRequest} req
 * @param {import("next").NextApiResponse} res
- * @param {import(".").NextAuthOptions} userOptions
+ * @param {import("types").NextAuthOptions} userOptions
 */
 async function NextAuthHandler (req, res, userOptions) {
  if (userOptions.logger) {
@@ -67,16 +67,18 @@ async function NextAuthHandler (req, res, userOptions) {

    const secret = createSecret({ userOptions, basePath, baseUrl })

-    const { csrfToken, csrfTokenVerified } = csrfTokenHandler(req, res, cookies, secret)
-
    const providers = parseProviders({ providers: userOptions.providers, baseUrl, basePath })
    const provider = providers.find(({ id }) => id === providerId)

-    if (provider &&
-      provider.type === 'oauth' && provider.version?.startsWith('2') &&
-       (!provider.protection && provider.state !== false)
-    ) {
-      provider.protection = 'state' // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
+    // Protection only works on OAuth 2.x providers
+    if (provider?.type === 'oauth' && provider.version?.startsWith('2')) {
+      // When provider.state is undefined, we still want this to pass
+      if (!provider.protection && provider.state !== false) {
+        // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
+        provider.protection = ['state']
+      } else if (typeof provider.protection === 'string') {
+        provider.protection = [provider.protection]
+      }
    }

    const maxAge = 30 * 24 * 60 * 60 // Sessions expire after 30 days of being idle
@@ -103,7 +105,6 @@ async function NextAuthHandler (req, res, userOptions) {
      provider,
      cookies,
      secret,
-      csrfToken,
      providers,
      // Session options
      session: {
@@ -134,6 +135,7 @@ async function NextAuthHandler (req, res, userOptions) {
      logger
    }

+    csrfTokenHandler(req, res)
    await callbackUrlHandler(req, res)

    const render = renderPage(req, res)
@@ -146,7 +148,7 @@ async function NextAuthHandler (req, res, userOptions) {
        case 'session':
          return routes.session(req, res)
        case 'csrf':
-          return res.json({ csrfToken })
+          return res.json({ csrfToken: req.options.csrfToken })
        case 'signin':
          if (pages.signIn) {
            let signinUrl = `${pages.signIn}${pages.signIn.includes('?') ? '&' : '?'}callbackUrl=${req.options.callbackUrl}`
@@ -199,7 +201,7 @@ async function NextAuthHandler (req, res, userOptions) {
      switch (action) {
        case 'signin':
          // Verified CSRF Token required for all sign in routes
-          if (csrfTokenVerified && provider) {
+          if (req.options.csrfTokenVerified && provider) {
            if (await pkce.handleSignin(req, res)) return
            if (await state.handleSignin(req, res)) return
            return routes.signin(req, res)
@@ -208,14 +210,14 @@ async function NextAuthHandler (req, res, userOptions) {
          return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
        case 'signout':
          // Verified CSRF Token required for signout
-          if (csrfTokenVerified) {
+          if (req.options.csrfTokenVerified) {
            return routes.signout(req, res)
          }
          return res.redirect(`${baseUrl}${basePath}/signout?csrf=true`)
        case 'callback':
          if (provider) {
            // Verified CSRF Token required for credentials providers only
-            if (provider.type === 'credentials' && !csrfTokenVerified) {
+            if (provider.type === 'credentials' && !req.options.csrfTokenVerified) {
              return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
            }

--- a/src/server/lib/callbacks.d.ts
+++ b/src/server/lib/callbacks.d.ts
@@ -1,7 +0,0 @@
-
-export interface CallbacksOptions {
-  signIn?: (user: any, account: any, profile: any) => Promise<never | string>
-  jwt?: (token: any, user: any, account: any, profile: any, isNewUser?: boolean) => Promise<any>
-  session?: (session: any, userOrToken: any) => Promise<any>
-  redirect?: (url: string, baseUrl: string) => Promise<string>
-}
--- a/src/server/lib/cookie.d.ts
+++ b/src/server/lib/cookie.d.ts
@@ -1,16 +0,0 @@
-export interface CookieOption {
-  name: string
-  options: {
-    httpOnly: boolean
-    sameSite: string
-    path?: string
-    secure: boolean
-  }
-}
-
-export interface CookiesOptions {
-  sessionToken: CookieOption
-  callbackUrl: CookieOption
-  csrfToken: CookieOption
-  pkceCodeVerifier: CookieOption
-}
--- a/src/server/lib/cookie.js
+++ b/src/server/lib/cookie.js
@@ -9,7 +9,8 @@
 * (with fixes for specific issues) to keep dependancy size down.
 */
 export function set (res, name, value, options = {}) {
-  const stringValue = typeof value === 'object' ? 'j:' + JSON.stringify(value) : String(value)
+  const stringValue =
+    typeof value === 'object' ? 'j:' + JSON.stringify(value) : String(value)

  if ('maxAge' in options) {
    options.expires = new Date(Date.now() + options.maxAge)
@@ -19,7 +20,9 @@ export function set (res, name, value, options = {}) {
  // Preserve any existing cookies that have already been set in the same session
  let setCookieHeader = res.getHeader('Set-Cookie') || []
  // If not an array (i.e. a string with a single cookie) convert it into an array
-  if (!Array.isArray(setCookieHeader)) { setCookieHeader = [setCookieHeader] }
+  if (!Array.isArray(setCookieHeader)) {
+    setCookieHeader = [setCookieHeader]
+  }
  setCookieHeader.push(_serialize(name, String(stringValue), options))
  res.setHeader('Set-Cookie', setCookieHeader)
 }
@@ -30,32 +33,44 @@ function _serialize (name, val, options) {
  const opt = options || {}
  const enc = opt.encode || encodeURIComponent

-  if (typeof enc !== 'function') { throw new TypeError('option encode is invalid') }
+  if (typeof enc !== 'function') {
+    throw new TypeError('option encode is invalid')
+  }

-  if (!fieldContentRegExp.test(name)) { throw new TypeError('argument name is invalid') }
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError('argument name is invalid')
+  }

  const value = enc(val)

-  if (value && !fieldContentRegExp.test(value)) { throw new TypeError('argument val is invalid') }
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError('argument val is invalid')
+  }

  let str = name + '=' + value

  if (opt.maxAge != null) {
    const maxAge = opt.maxAge - 0

-    if (isNaN(maxAge) || !isFinite(maxAge)) { throw new TypeError('option maxAge is invalid') }
+    if (isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError('option maxAge is invalid')
+    }

    str += '; Max-Age=' + Math.floor(maxAge)
  }

  if (opt.domain) {
-    if (!fieldContentRegExp.test(opt.domain)) { throw new TypeError('option domain is invalid') }
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError('option domain is invalid')
+    }

    str += '; Domain=' + opt.domain
  }

  if (opt.path) {
-    if (!fieldContentRegExp.test(opt.path)) { throw new TypeError('option path is invalid') }
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError('option path is invalid')
+    }

    str += '; Path=' + opt.path
  } else {
@@ -73,12 +88,19 @@ function _serialize (name, val, options) {
    str += '; Expires=' + expires
  }

-  if (opt.httpOnly) { str += '; HttpOnly' }
+  if (opt.httpOnly) {
+    str += '; HttpOnly'
+  }

-  if (opt.secure) { str += '; Secure' }
+  if (opt.secure) {
+    str += '; Secure'
+  }

  if (opt.sameSite) {
-    const sameSite = typeof opt.sameSite === 'string' ? opt.sameSite.toLowerCase() : opt.sameSite
+    const sameSite =
+      typeof opt.sameSite === 'string'
+        ? opt.sameSite.toLowerCase()
+        : opt.sameSite

    switch (sameSite) {
      case true:
@@ -110,7 +132,7 @@ function _serialize (name, val, options) {
 * For more on prefixes see https://googlechrome.github.io/samples/cookie-prefixes/
 *
 * @TODO Review cookie settings (names, options)
- * @return {import("./cookie").CookiesOptions}
+ * @return {import("types").CookiesOptions}
 */
 export function defaultCookies (useSecureCookies) {
  const cookiePrefix = useSecureCookies ? '__Secure-' : ''
--- a/src/server/lib/csrf-token-handler.js
+++ b/src/server/lib/csrf-token-handler.js
@@ -14,29 +14,30 @@ import * as cookie from './cookie'
 * For more details, see the following OWASP links:
 * https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
 * https://owasp.org/www-chapter-london/assets/slides/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf
+ * @param {import("..").NextAuthRequest} req
+ * @param {import("..").NextAuthResponse} res
 */
-export default function csrfTokenHandler (req, res, cookies, secret) {
-  const { csrfToken: csrfTokenFromRequest } = req.body
-
-  let csrfTokenFromCookie
-  let csrfTokenVerified = false
-  if (req.cookies[cookies.csrfToken.name]) {
-    const [csrfTokenValue, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
-    if (csrfTokenHash === createHash('sha256').update(`${csrfTokenValue}${secret}`).digest('hex')) {
+export default function csrfTokenHandler (req, res) {
+  const { cookies, secret } = req.options
+  if (cookies.csrfToken.name in req.cookies) {
+    const [csrfToken, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
+    const expectedCsrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
+    if (csrfTokenHash === expectedCsrfTokenHash) {
      // If hash matches then we trust the CSRF token value
-      csrfTokenFromCookie = csrfTokenValue
-
-      // If this is a POST request and the CSRF Token in the Post request matches
-      // the cookie we have already verified is one we have set, then token is verified!
-      if (req.method === 'POST' && csrfTokenFromCookie === csrfTokenFromRequest) { csrfTokenVerified = true }
+      // If this is a POST request and the CSRF Token in the POST request matches
+      // the cookie we have already verified is the one we have set, then the token is verified!
+      const csrfTokenVerified = req.method === 'POST' && csrfToken === req.body.csrfToken
+      req.options.csrfToken = csrfToken
+      req.options.csrfTokenVerified = csrfTokenVerified
+      return
    }
  }
-  if (!csrfTokenFromCookie) {
-    // If no csrfToken - because it's not been set yet, or because the hash doesn't match
-    // (e.g. because it's been modifed or because the secret has changed) create a new token.
-    csrfTokenFromCookie = randomBytes(32).toString('hex')
-    const newCsrfTokenCookie = `${csrfTokenFromCookie}|${createHash('sha256').update(`${csrfTokenFromCookie}${secret}`).digest('hex')}`
-    cookie.set(res, cookies.csrfToken.name, newCsrfTokenCookie, cookies.csrfToken.options)
-  }
-  return { csrfToken: csrfTokenFromCookie, csrfTokenVerified }
+  // If no csrfToken from cookie - because it's not been set yet,
+  // or because the hash doesn't match (e.g. because it's been modifed or because the secret has changed)
+  // create a new token.
+  const csrfToken = randomBytes(32).toString('hex')
+  const csrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
+  const csrfTokenCookie = `${csrfToken}|${csrfTokenHash}`
+  cookie.set(res, cookies.csrfToken.name, csrfTokenCookie, cookies.csrfToken.options)
+  req.options.csrfToken = csrfToken
 }
--- a/src/server/lib/events.d.ts
+++ b/src/server/lib/events.d.ts
@@ -1,12 +0,0 @@
-export type EventType=
-  | 'signIn'
-  | 'signOut'
-  | 'createUser'
-  | 'updateUser'
-  | 'linkAccount'
-  | 'session'
-  | 'error'
-
-export type EventCallback = (message: any) => Promise<void>
-
-export type EventsOptions = Partial<Record<EventType, EventCallback>>
--- a/src/server/lib/extend-res.js
+++ b/src/server/lib/extend-res.js
--- a/src/server/lib/oauth/callback.js
+++ b/src/server/lib/oauth/callback.js
@@ -1,19 +1,19 @@
-import { decode as jwtDecode } from 'jsonwebtoken'
-import oAuthClient from './client'
-import logger from '../../../lib/logger'
-import { OAuthCallbackError } from '../../../lib/errors'
+import { decode as jwtDecode } from "jsonwebtoken"
+import oAuthClient from "./client"
+import logger from "../../../lib/logger"
+import { OAuthCallbackError } from "../../../lib/errors"

-/** @param {import("../..").NextAuthRequest} req */
-export default async function oAuthCallback (req) {
+/** @param {import("types/internals").NextAuthRequest} req */
+export default async function oAuthCallback(req) {
  const { provider, pkce } = req.options
  const client = oAuthClient(provider)

-  if (provider.version?.startsWith('2.')) {
+  if (provider.version?.startsWith("2.")) {
    // The "user" object is specific to the Apple provider and is provided on first sign in
    // e.g. {"name":{"firstName":"Johnny","lastName":"Appleseed"},"email":"johnny.appleseed@nextauth.com"}
    let { code, user } = req.query // eslint-disable-line camelcase

-    if (req.method === 'POST') {
+    if (req.method === "POST") {
      try {
        const body = JSON.parse(JSON.stringify(req.body))
        if (body.error) {
@@ -23,25 +23,35 @@ export default async function oAuthCallback (req) {
        code = body.code
        user = body.user != null ? JSON.parse(body.user) : null
      } catch (error) {
-        logger.error('OAUTH_CALLBACK_HANDLER_ERROR', error, req.body, provider.id, code)
+        logger.error(
+          "OAUTH_CALLBACK_HANDLER_ERROR",
+          error,
+          req.body,
+          provider.id,
+          code
+        )
        throw error
      }
    }

    // REVIEW: Is this used by any of the providers?
    // Pass authToken in header by default (unless 'useAuthTokenHeader: false' is set)
-    if (Object.prototype.hasOwnProperty.call(provider, 'useAuthTokenHeader')) {
+    if (Object.prototype.hasOwnProperty.call(provider, "useAuthTokenHeader")) {
      client.useAuthorizationHeaderforGET(provider.useAuthTokenHeader)
    } else {
      client.useAuthorizationHeaderforGET(true)
    }

    try {
-      const tokens = await client.getOAuthAccessToken(code, provider, pkce.code_verifier)
+      const tokens = await client.getOAuthAccessToken(
+        code,
+        provider,
+        pkce.code_verifier
+      )
      let profileData
      if (provider.idToken) {
        if (!tokens?.id_token) {
-          throw new OAuthCallbackError('Missing JWT ID Token')
+          throw new OAuthCallbackError("Missing JWT ID Token")
        }

        // Support services that use OpenID ID Tokens to encode profile data
@@ -52,26 +62,28 @@ export default async function oAuthCallback (req) {

      return getProfile({ profileData, provider, tokens, user })
    } catch (error) {
-      logger.error('OAUTH_GET_ACCESS_TOKEN_ERROR', error, provider.id, code)
+      logger.error("OAUTH_GET_ACCESS_TOKEN_ERROR", error, provider.id, code)
      throw error
    }
  }

  try {
    // Handle OAuth v1.x
-    const {
-      oauth_token: oauthToken, oauth_verifier: oauthVerifier
-    } = req.query
-    const tokens = await client.getOAuthAccessToken(oauthToken, null, oauthVerifier)
+    // eslint-disable-next-line camelcase
+    const { oauth_token, oauth_verifier } = req.query
+
+    // eslint-disable-next-line camelcase
+    const { token_secret } = await client.getOAuthRequestToken(provider.params)
+    const tokens = await client.getOAuthAccessToken(oauth_token, token_secret, oauth_verifier)
    const profileData = await client.get(
      provider.profileUrl,
-      tokens.accessToken,
-      tokens.refreshToken
+      tokens.oauth_token,
+      tokens.oauth_token_secret
    )

    return getProfile({ profileData, tokens, provider })
  } catch (error) {
-    logger.error('OAUTH_V1_GET_ACCESS_TOKEN_ERROR', error)
+    logger.error("OAUTH_V1_GET_ACCESS_TOKEN_ERROR", error)
    throw error
  }
 }
@@ -89,15 +101,19 @@ export default async function oAuthCallback (req) {
 *     expires_in?: string | Date | null
 *     refresh_token?: string
 *     id_token?: string
+ *     token?: string
+ *     token_secret?: string
+ *     tokenSecret?: string
+ *     params?: any
 *   }
 *   provider: import("../..").Provider
 *   user?: object
 * }} profileParams
 */
-async function getProfile ({ profileData, tokens, provider, user }) {
+async function getProfile({ profileData, tokens, provider, user }) {
  try {
    // Convert profileData into an object if it's a string
-    if (typeof profileData === 'string' || profileData instanceof String) {
+    if (typeof profileData === "string" || profileData instanceof String) {
      profileData = JSON.parse(profileData)
    }

@@ -106,22 +122,22 @@ async function getProfile ({ profileData, tokens, provider, user }) {
      profileData.user = user
    }

-    logger.debug('PROFILE_DATA', profileData)
+    logger.debug("PROFILE_DATA", profileData)

    const profile = await provider.profile(profileData, tokens)
    // Return profile, raw profile and auth provider details
    return {
      profile: {
        ...profile,
-        email: profile.email?.toLowerCase() ?? null
+        email: profile.email?.toLowerCase() ?? null,
      },
      account: {
        provider: provider.id,
        type: provider.type,
        id: profile.id,
-        ...tokens
+        ...tokens,
      },
-      OAuthProfile: profileData
+      OAuthProfile: profileData,
    }
  } catch (exception) {
    // If we didn't get a response either there was a problem with the provider
@@ -131,11 +147,11 @@ async function getProfile ({ profileData, tokens, provider, user }) {
    // all providers, so we return an empty object; the user should then be
    // redirected back to the sign up page. We log the error to help developers
    // who might be trying to debug this when configuring a new provider.
-    logger.error('OAUTH_PARSE_PROFILE_ERROR', exception, profileData)
+    logger.error("OAUTH_PARSE_PROFILE_ERROR", exception, profileData)
    return {
      profile: null,
      account: null,
-      OAuthProfile: profileData
+      OAuthProfile: profileData,
    }
  }
 }
--- a/src/server/lib/oauth/client.js
+++ b/src/server/lib/oauth/client.js
@@ -7,7 +7,7 @@ import { sign as jwtSign } from 'jsonwebtoken'
 * @TODO Refactor to remove dependancy on 'oauth' package
 * It is already quite monkey patched, we don't use all the features and and it
 * would be easier to maintain if all the code was native to next-auth.
- * @param {import("../..").Provider} provider
+ * @param {import("types/providers").OAuthConfig} provider
 */
 export default function oAuthClient (provider) {
  if (provider.version?.startsWith('2.')) {
@@ -54,23 +54,36 @@ export default function oAuthClient (provider) {
  const originalGetOAuth1AccessToken = oauth1Client.getOAuthAccessToken.bind(oauth1Client)
  oauth1Client.getOAuthAccessToken = (...args) => {
    return new Promise((resolve, reject) => {
-      originalGetOAuth1AccessToken(...args, (error, accessToken, refreshToken, results) => {
+      // eslint-disable-next-line camelcase
+      originalGetOAuth1AccessToken(...args, (error, oauth_token, oauth_token_secret, params) => {
        if (error) {
          return reject(error)
        }
-        resolve({ accessToken, refreshToken, results })
+
+        resolve({
+          // TODO: Remove, this is only kept for backward compativility
+          // These are not in the OAuth 1.x spec
+          accessToken: oauth_token,
+          refreshToken: oauth_token_secret,
+          results: params,
+
+          oauth_token,
+          oauth_token_secret,
+          params
+        })
      })
    })
  }

  const originalGetOAuthRequestToken = oauth1Client.getOAuthRequestToken.bind(oauth1Client)
-  oauth1Client.getOAuthRequestToken = (...args) => {
+  oauth1Client.getOAuthRequestToken = (params = {}) => {
    return new Promise((resolve, reject) => {
-      originalGetOAuthRequestToken(...args, (error, oauthToken) => {
+      // eslint-disable-next-line camelcase
+      originalGetOAuthRequestToken(params, (error, oauth_token, oauth_token_secret, params) => {
        if (error) {
          return reject(error)
        }
-        resolve(oauthToken)
+        resolve({ oauth_token, oauth_token_secret, params })
      })
    })
  }
@@ -88,7 +101,7 @@ export default function oAuthClient (provider) {
 /**
 * Ported from https://github.com/ciaranj/node-oauth/blob/a7f8a1e21c362eb4ed2039431fb9ac2ae749f26a/lib/oauth2.js
 * @param {string} code
- * @param {import("../..").Provider} provider
+ * @param {import("types/providers").OAuthConfig} provider
 * @param {string | undefined} codeVerifier
 */
 async function getOAuth2AccessToken (code, provider, codeVerifier) {
@@ -136,7 +149,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
    headers.Authorization = `Bearer ${code}`
  }

-  if (provider.protection === 'pkce') {
+  if (provider.protection.includes('pkce')) {
    params.code_verifier = codeVerifier
  }

@@ -196,7 +209,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
 *
 * 18/08/2020 @robertcraigie added results parameter to pass data to an optional request preparer.
 * e.g. see providers/bungie
- * @param {import("../..").Provider} provider
+ * @param {import("types/providers").OAuthConfig} provider
 * @param {string} accessToken
 * @param {any} results
 */
--- a/src/server/lib/oauth/pkce-handler.js
+++ b/src/server/lib/oauth/pkce-handler.js
@@ -10,13 +10,14 @@ const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds

 /**
 * Adds `code_verifier` to `req.options.pkce`, and removes the corresponding cookie
- * @param {import("../..").NextAuthRequest} req
- * @param {import("../..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export async function handleCallback (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
+    // Provider does not support PKCE, nothing to do.
+    if (!provider.protection?.includes('pkce')) {
      return
    }

@@ -44,13 +45,13 @@ export async function handleCallback (req, res) {

 /**
 * Adds `code_challenge` and `code_challenge_method` to `req.options.pkce`.
- * @param {import("../..").NextAuthRequest} req
- * @param {import("../..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export async function handleSignin (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
+    if (!provider.protection?.includes('pkce')) { // Provider does not support PKCE, nothing to do.
      return
    }
    // Started login flow, add generated pkce to req.options and (encrypted) code_verifier to a cookie
--- a/src/server/lib/oauth/state-handler.js
+++ b/src/server/lib/oauth/state-handler.js
@@ -6,17 +6,18 @@ import { OAuthCallbackError } from '../../../lib/errors'
 * For OAuth 2.0 flows, if the provider supports state,
 * check if state matches the one sent on signin
 * (a hash of the NextAuth.js CSRF token).
- * @param {import("../..").NextAuthRequest} req
- * @param {import("../..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export async function handleCallback (req, res) {
  const { csrfToken, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
+    // Provider does not support state, nothing to do.
+    if (!provider.protection?.includes('state')) {
      return
    }

-    const { state } = req.query
+    const state = req.query.state || req.body.state
    const expectedState = createHash('sha256').update(csrfToken).digest('hex')

    logger.debug(
@@ -35,13 +36,13 @@ export async function handleCallback (req, res) {

 /**
 * Adds CSRF token to the authorizationParams.
- * @param {import("../..").NextAuthRequest} req
- * @param {import("../..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export async function handleSignin (req, res) {
  const { provider, baseUrl, basePath, csrfToken } = req.options
  try {
-    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
+    if (!provider.protection?.includes('state')) { // Provider does not support state, nothing to do.
      return
    }

--- a/src/server/lib/signin/oauth.js
+++ b/src/server/lib/signin/oauth.js
@@ -1,17 +1,21 @@
 import oAuthClient from '../oauth/client'
 import logger from '../../../lib/logger'

-/** @param {import("../..").NextAuthRequest} req */
+/** @param {import("types/internals").NextAuthRequest} req */
 export default async function getAuthorizationUrl (req) {
  const { provider } = req.options

+  delete req.query?.nextauth
+  const params = {
+    ...provider.authorizationParams,
+    ...req.query
+  }
+
  const client = oAuthClient(provider)
  if (provider.version?.startsWith('2.')) {
-    delete req.query?.nextauth
    // Handle OAuth v2.x
    let url = client.getAuthorizeUrl({
-      ...provider.authorizationParams,
-      ...req.query,
+      ...params,
      redirect_uri: provider.callbackUrl,
      scope: provider.scope
    })
@@ -34,8 +38,12 @@ export default async function getAuthorizationUrl (req) {
  }

  try {
-    const oAuthToken = await client.getOAuthRequestToken()
-    const url = `${provider.authorizationUrl}?oauth_token=${oAuthToken}`
+    const tokens = await client.getOAuthRequestToken(params)
+    const url = `${provider.authorizationUrl}?${new URLSearchParams({
+      oauth_token: tokens.oauth_token,
+      oauth_token_secret: tokens.oauth_token_secret,
+      ...tokens.params
+    })}`
    logger.debug('GET_AUTHORIZATION_URL', url)
    return url
  } catch (error) {
--- a/src/server/pages/error.js
+++ b/src/server/pages/error.js
@@ -7,7 +7,7 @@ import { h } from 'preact' // eslint-disable-line no-unused-vars
 *   baseUrl: string
 *   basePath: string
 *   error?: string
- *   res: import("..").NextAuthResponse
+ *   res: import("types/internals").NextAuthResponse
 * }} params
 */
 export default function error ({ baseUrl, basePath, error = 'default', res }) {
@@ -52,7 +52,7 @@ export default function error ({ baseUrl, basePath, error = 'default', res }) {
    }
  }

-  const { statusCode, heading, message, signin } = errors[error.toLowerCase()]
+  const { statusCode, heading, message, signin } = errors[error.toLowerCase()] ?? errors.default

  res.status(statusCode)

--- a/src/server/routes/callback.js
+++ b/src/server/routes/callback.js
@@ -6,8 +6,8 @@ import dispatchEvent from '../lib/dispatch-event'

 /**
 * Handle callbacks from login services
- * @param {import("..").NextAuthRequest} req
- * @param {import("..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export default async function callback (req, res) {
  const {
@@ -262,7 +262,8 @@ export default async function callback (req, res) {
    const defaultJwtPayload = {
      name: user.name,
      email: user.email,
-      picture: user.image
+      picture: user.image,
+      sub: user.id?.toString()
    }
    const jwtPayload = await callbacks.jwt(defaultJwtPayload, user, account, userObjectReturnedFromAuthorizeHandler, false)

--- a/src/server/routes/providers.js
+++ b/src/server/routes/providers.js
@@ -2,8 +2,8 @@
 * Return a JSON object with a list of all OAuth providers currently configured
 * and their signin and callback URLs. This makes it possible to automatically
 * generate buttons for all providers when rendering client side.
- * @param {import("..").NextAuthRequest} req
- * @param {import("..").NextAuthResponse} res
+ * @param {import("types/internals").NextAuthRequest} req
+ * @param {import("types/internals").NextAuthResponse} res
 */
 export default function providers (req, res) {
  const { providers } = req.options
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -3,6 +3,9 @@
    "strictNullChecks": true,
    "baseUrl": ".",
    "paths": {
+      "types": [
+        "./types"
+      ],
      "next-auth": [
        "./src/server"
      ],
@@ -40,7 +43,8 @@
  "include": [
    "next-env.d.ts",
    "**/*.ts",
-    "**/*.tsx"
+    "**/*.tsx",
+    "**/*.js"
  ],
  "exclude": [
    "node_modules"
--- a/types/adapters.d.ts
+++ b/types/adapters.d.ts
@@ -0,0 +1,244 @@
+import { AppOptions } from "./internals"
+import { ConnectionOptions, EntitySchema } from "typeorm"
+import { User } from "."
+import { AppProvider } from "./internals/providers"
+
+export interface Profile {
+  id: string
+  name: string
+  email: string | null
+  image?: string | null
+}
+
+export interface Session {
+  userId: string | number | object
+  expires: Date
+  sessionToken: string
+  accessToken: string
+}
+
+export interface VerificationRequest {
+  identifier: string
+  token: string
+  expires: Date
+}
+
+export interface SendVerificationRequestParams {
+  identifier: string
+  url: string
+  token: string
+  baseUrl: string
+  provider: AppProvider
+}
+
+export type EmailAppProvider = AppProvider & {
+  sendVerificationRequest: (
+    params: SendVerificationRequestParams
+  ) => Promise<void>
+  maxAge: number | undefined
+}
+
+export interface AdapterInstance<
+  TUser,
+  TProfile,
+  TSession,
+  TVerificationRequest
+> {
+  createUser: (profile: TProfile) => Promise<TUser>
+  getUser: (id: string) => Promise<TUser | null>
+  getUserByEmail: (email: string) => Promise<TUser | null>
+  getUserByProviderAccountId: (
+    providerId: string,
+    providerAccountId: string
+  ) => Promise<TUser | null>
+  updateUser: (user: TUser) => Promise<TUser>
+  linkAccount: (
+    userId: string,
+    providerId: string,
+    providerType: string,
+    providerAccountId: string,
+    refreshToken: string,
+    accessToken: string,
+    accessTokenExpires: number
+  ) => Promise<void>
+  createSession: (user: TUser) => Promise<TSession>
+  getSession: (sessionToken: string) => Promise<TSession | null>
+  updateSession: (session: TSession, force?: boolean) => Promise<TSession>
+  deleteSession: (sessionToken: string) => Promise<void>
+  createVerificationRequest?: (
+    email: string,
+    url: string,
+    token: string,
+    secret: string,
+    provider: EmailAppProvider,
+    options: AppOptions
+  ) => Promise<TVerificationRequest>
+  getVerificationRequest?: (
+    email: string,
+    verificationToken: string,
+    secret: string,
+    provider: AppProvider
+  ) => Promise<TVerificationRequest | null>
+  deleteVerificationRequest?: (
+    email: string,
+    verificationToken: string,
+    secret: string,
+    provider: AppProvider
+  ) => Promise<void>
+}
+
+interface Adapter<
+  TUser extends User = any,
+  TProfile extends Profile = any,
+  TSession extends Session = any,
+  TVerificationRequest extends VerificationRequest = any
+> {
+  getAdapter: (
+    appOptions: AppOptions
+  ) => Promise<AdapterInstance<TUser, TProfile, TSession, TVerificationRequest>>
+}
+
+type Schema<T = any> = EntitySchema<T>["options"]
+
+interface BuiltInAdapters {
+  Default: TypeORMAdapter["Adapter"]
+  TypeORM: TypeORMAdapter
+  Prisma: PrismaAdapter
+}
+
+/**
+ * TODO: fix auto-type schema
+ */
+
+interface TypeORMAdapter<
+  A extends TypeORMAccountModel = any,
+  U extends TypeORMUserModel = any,
+  S extends TypeORMSessionModel = any,
+  VR extends TypeORMVerificationRequestModel = any
+> {
+  Adapter: (
+    typeOrmConfig: ConnectionOptions,
+    options?: {
+      models?: {
+        Account?: {
+          model: A
+          schema: Schema<A>
+        }
+        User?: {
+          model: U
+          schema: Schema<U>
+        }
+        Session?: {
+          model: S
+          schema: Schema<S>
+        }
+        VerificationRequest?: {
+          model: VR
+          schema: Schema<VR>
+        }
+      }
+    }
+  ) => Adapter<U, Profile, S, VR>
+  Models: {
+    Account: {
+      model: TypeORMAccountModel
+      schema: Schema<TypeORMAccountModel>
+    }
+    User: {
+      model: TypeORMUserModel
+      schema: Schema<TypeORMUserModel>
+    }
+    Session: {
+      model: TypeORMSessionModel
+      schema: Schema<TypeORMSessionModel>
+    }
+    VerificationRequest: {
+      model: TypeORMVerificationRequestModel
+      schema: Schema<TypeORMVerificationRequestModel>
+    }
+  }
+}
+
+interface PrismaAdapter {
+  Adapter: (config: {
+    prisma: any
+    modelMapping?: {
+      User: string
+      Account: string
+      Session: string
+      VerificationRequest: string
+    }
+  }) => Adapter
+}
+
+declare class TypeORMAccountModel {
+  compoundId: string
+  userId: number
+  providerType: string
+  providerId: string
+  providerAccountId: string
+  refreshToken?: string
+  accessToken?: string
+  accessTokenExpires?: Date
+
+  constructor(
+    userId: number,
+    providerId: string,
+    providerType: string,
+    providerAccountId: string,
+    refreshToken?: string,
+    accessToken?: string,
+    accessTokenExpires?: Date
+  )
+}
+
+declare class TypeORMUserModel implements User {
+  name?: string
+  email?: string
+  image?: string
+  emailVerified?: Date
+
+  constructor(
+    name?: string,
+    email?: string,
+    image?: string,
+    emailVerified?: Date
+  )
+}
+
+declare class TypeORMSessionModel implements Session {
+  userId: number
+  expires: Date
+  sessionToken: string
+  accessToken: string
+
+  constructor(
+    userId: number,
+    expires: Date,
+    sessionToken?: string,
+    accessToken?: string
+  )
+}
+
+declare class TypeORMVerificationRequestModel implements VerificationRequest {
+  identifier: string
+  token: string
+  expires: Date
+
+  constructor(identifier: string, token: string, expires: Date)
+}
+
+declare const Adapters: BuiltInAdapters
+
+export default Adapters
+
+export {
+  Adapter,
+  BuiltInAdapters as Adapters,
+  TypeORMAdapter,
+  TypeORMAccountModel,
+  TypeORMUserModel,
+  TypeORMSessionModel,
+  TypeORMVerificationRequestModel,
+  PrismaAdapter,
+}
--- a/types/client.d.ts
+++ b/types/client.d.ts
@@ -0,0 +1,218 @@
+import * as React from "react"
+import { IncomingMessage } from "http"
+import { Session } from "."
+import { ProviderType } from "./providers"
+
+export interface CtxOrReq {
+  req?: IncomingMessage
+  ctx?: { req: IncomingMessage }
+}
+
+/***************
+ * Session types
+ **************/
+
+export type GetSessionOptions = CtxOrReq & {
+  event?: "storage" | "timer" | "hidden" | string
+  triggerEvent?: boolean
+}
+
+/**
+ * React Hook that gives you access
+ * to the logged in user's session data.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#usesession)
+ */
+export function useSession(): [Session | null, boolean]
+
+/**
+ * Can be called client or server side to return a session asynchronously.
+ * It calls `/api/auth/session` and returns a promise with a session object,
+ * or null if no session exists.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getsession)
+ */
+export function getSession(options: GetSessionOptions): Promise<Session | null>
+
+/**
+ * Alias for `getSession`
+ * @docs https://next-auth.js.org/getting-started/client#getsession
+ */
+export const session: typeof getSession
+
+/*******************
+ * CSRF Token types
+ ******************/
+
+/**
+ * Returns the current Cross Site Request Forgery Token (CSRF Token)
+ * required to make POST requests (e.g. for signing in and signing out).
+ * You likely only need to use this if you are not using the built-in
+ * `signIn()` and `signOut()` methods.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getcsrftoken)
+ */
+export function getCsrfToken(ctxOrReq: CtxOrReq): Promise<string | null>
+
+/**
+ * Alias for `getCsrfToken`
+ * @docs https://next-auth.js.org/getting-started/client#getcsrftoken
+ */
+export const csrfToken: typeof getCsrfToken
+
+/******************
+ * Providers types
+ *****************/
+
+export interface ClientSafeProvider {
+  id: string
+  name: string
+  type: ProviderType
+  signinUrl: string
+  callbackUrl: string
+}
+
+/**
+ * It calls `/api/auth/providers` and returns
+ * a list of the currently configured authentication providers.
+ * It can be useful if you are creating a dynamic custom sign in page.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getproviders)
+ */
+export function getProviders(): Promise<Record<
+  string,
+  ClientSafeProvider
+> | null>
+
+/**
+ * Alias for `getProviders`
+ * @docs https://next-auth.js.org/getting-started/client#getproviders
+ */
+export const providers: typeof getProviders
+
+/****************
+ * Sign in types
+ ***************/
+
+export type RedirectableProvider = "email" | "credentials"
+
+export type SignInProvider = RedirectableProvider | string | undefined
+
+export interface SignInOptions extends Record<string, unknown> {
+  /**
+   * Defaults to the current URL.
+   * @docs https://next-auth.js.org/getting-started/client#specifying-a-callbackurl
+   */
+  callbackUrl?: string
+  /** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option */
+  redirect?: boolean
+}
+
+export interface SignInResponse {
+  error: string | undefined
+  status: number
+  ok: boolean
+  url: string | null
+}
+
+/** Match `inputType` of `new URLSearchParams(inputType)` */
+export type SignInAuthorisationParams =
+  | string
+  | string[][]
+  | Record<string, string>
+  | URLSearchParams
+
+/**
+ * Client-side method to initiate a signin flow
+ * or send the user to the signin page listing all possible providers.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signin)
+ */
+export function signIn<P extends SignInProvider = undefined>(
+  provider?: P,
+  options?: SignInOptions,
+  authorizationParams?: SignInAuthorisationParams
+): Promise<
+  P extends RedirectableProvider ? SignInResponse | undefined : undefined
+>
+
+/**
+ * Alias for `signIn`
+ * @docs https://next-auth.js.org/getting-started/client#signin
+ */
+export const signin: typeof signIn
+
+/****************
+ * Sign out types
+ ****************/
+
+/** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
+export interface SignOutResponse {
+  url: string
+}
+
+export interface SignOutParams<R extends boolean = true> {
+  /** @docs https://next-auth.js.org/getting-started/client#specifying-a-callbackurl-1 */
+  callbackUrl?: string
+  /** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
+  redirect?: R
+}
+
+/**
+ * Signs the user out, by removing the session cookie.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signout)
+ */
+export function signOut<R extends boolean = true>(
+  params?: SignOutParams<R>
+): Promise<R extends true ? undefined : SignOutResponse>
+
+/**
+ * @docs https://next-auth.js.org/getting-started/client#signout
+ * Alias for `signOut`
+ */
+export const signout: typeof signOut
+/************************
+ * SessionProvider types
+ ***********************/
+
+/** @docs: https://next-auth.js.org/getting-started/client#options */
+export interface SessionProviderOptions {
+  baseUrl?: string
+  basePath?: string
+  clientMaxAge?: number
+  keepAlive?: number
+}
+
+/**
+ * Provider to wrap the app in to make session data available globally.
+ * Can also be used to throttle the number of requests to the endpoint
+ * `/api/auth/session`.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#provider)
+ */
+export type SessionProvider = React.FC<{
+  children: React.ReactNode
+  session?: Session
+  options?: SessionProviderOptions
+}>
+
+/**
+ * Provider to wrap the app in to make session data available globally.
+ * Can also be used to throttle the number of requests to the endpoint
+ * `/api/auth/session`.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#provider)
+ */
+export const Provider: SessionProvider
+
+/** @docs: https://next-auth.js.org/getting-started/client#options */
+export function setOptions(options: SessionProviderOptions): void
+
+/**
+ * Alias for `setOptions`
+ * @docs: https://next-auth.js.org/getting-started/client#options
+ */
+export const options: typeof setOptions
--- a/types/index.d.ts
+++ b/types/index.d.ts
@@ -0,0 +1,413 @@
+// Minimum TypeScript Version: 3.5
+
+/// <reference types="node" />
+
+import { ConnectionOptions } from "typeorm"
+import { Adapter } from "./adapters"
+import { JWTOptions, JWT } from "./jwt"
+import { AppProviders } from "./providers"
+import {
+  Awaitable,
+  NextApiRequest,
+  NextApiResponse,
+  NextApiHandler,
+} from "./internals/utils"
+
+/**
+ * Configure your NextAuth instance
+ *
+ * [Documentation](https://next-auth.js.org/configuration/options#options)
+ */
+export interface NextAuthOptions {
+  /**
+   * An array of authentication providers for signing in
+   * (e.g. Google, Facebook, Twitter, GitHub, Email, etc) in any order.
+   * This can be one of the built-in providers or an object with a custom provider.
+   * * **Default value**: `[]`
+   * * **Required**: *Yes*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#providers) | [Providers documentation](https://next-auth.js.org/configuration/providers)
+   */
+  providers: AppProviders
+  /**
+   * A database connection string or configuration object.
+   * * **Default value**: `null`
+   * * **Required**: *No (unless using email provider)*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#database) | [Databases](https://next-auth.js.org/configuration/databases)
+   */
+  database?: string | Record<string, any> | ConnectionOptions
+  /**
+   * A random string used to hash tokens, sign cookies and generate cryptographic keys.
+   * If not specified is uses a hash of all configuration options, including Client ID / Secrets for entropy.
+   * The default behavior is volatile, and **it is strongly recommended** you explicitly specify a value
+   * to avoid invalidating end user sessions when configuration changes are deployed.
+   * * **Default value**: `string` (SHA hash of the "options" object)
+   * * **Required**: No - **but strongly recommended**!
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#secret)
+   */
+  secret?: string
+  /**
+   * Configure your session like if you want to use JWT or a database,
+   * how long until an idle session expires, or to throttle write operations in case you are using a database.
+   * * **Default value**: See the documentation page
+   * * **Required**: No
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#session)
+   */
+  session?: SessionOptions
+  /**
+   * JSON Web Tokens can be used for session tokens if enabled with the `session: { jwt: true }` option.
+   * JSON Web Tokens are enabled by default if you have not specified a database.
+   * By default JSON Web Tokens are signed (JWS) but not encrypted (JWE),
+   * as JWT encryption adds additional overhead and comes with some caveats.
+   * You can enable encryption by setting `encryption: true`.
+   * * **Default value**: See the documentation page
+   * * **Required**: *No*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#jwt)
+   */
+  jwt?: JWTOptions
+  /**
+   * Specify URLs to be used if you want to create custom sign in, sign out and error pages.
+   * Pages specified will override the corresponding built-in page.
+   * * **Default value**: `{}`
+   * * **Required**: *No*
+   * @example
+   *
+   * ```js
+   *   pages: {
+   *     signIn: '/auth/signin',
+   *     signOut: '/auth/signout',
+   *     error: '/auth/error',
+   *     verifyRequest: '/auth/verify-request',
+   *     newUser: null
+   *   }
+   * ```
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#pages) | [Pages documentation](https://next-auth.js.org/configuration/pages)
+   */
+  pages?: PagesOptions
+  /**
+   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
+   * Callbacks are *extremely powerful*, especially in scenarios involving JSON Web Tokens
+   * as they **allow you to implement access controls without a database** and to **integrate with external databases or APIs**.
+   * * **Default value**: See the Callbacks documentation
+   * * **Required**: *No*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#callbacks) | [Callbacks documentation](https://next-auth.js.org/configuration/callbacks)
+   */
+  callbacks?: CallbacksOptions
+  /**
+   * Events are asynchronous functions that do not return a response, they are useful for audit logging.
+   * You can specify a handler for any of these events below - e.g. for debugging or to create an audit log.
+   * The content of the message object varies depending on the flow
+   * (e.g. OAuth or Email authentication flow, JWT or database sessions, etc),
+   * but typically contains a user object and/or contents of the JSON Web Token
+   * and other information relevant to the event.
+   * * **Default value**: `{}`
+   * * **Required**: *No*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#events) | [Events documentation](https://next-auth.js.org/configuration/events)
+   */
+  events?: EventsOptions
+  /**
+   * By default NextAuth.js uses a database adapter that uses TypeORM and supports MySQL, MariaDB, Postgres and MongoDB and SQLite databases.
+   * An alternative adapter that uses Prisma, which currently supports MySQL, MariaDB and Postgres, is also included.
+   * You can use the adapter option to use the Prisma adapter - or pass in your own adapter
+   * if you want to use a database that is not supported by one of the built-in adapters.
+   * * **Default value**: TypeORM adapter
+   * * **Required**: *No*
+   *
+   * - ⚠ If the `adapter` option is specified it overrides the `database` option, only specify one or the other.
+   * - ⚠ Adapters are being migrated to their own home in a Community maintained repository.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#adapter) |
+   * [Default adapter](https://next-auth.js.org/schemas/adapters#typeorm-adapter) |
+   * [Community adapters](https://github.com/nextauthjs/adapters)
+   */
+  adapter?: Adapter
+  /**
+   * Set debug to true to enable debug messages for authentication and database operations.
+   * * **Default value**: `false`
+   * * **Required**: *No*
+   *
+   * - ⚠ If you added a custom `logger`, this setting is ignored.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#debug) | [Logger documentation](https://next-auth.js.org/configuration/options#logger)
+   */
+  debug?: boolean
+  /**
+   * Override any of the logger levels (`undefined` levels will use the built-in logger),
+   * and intercept logs in NextAuth. You can use this option to send NextAuth logs to a third-party logging service.
+   * * **Default value**: `console`
+   * * **Required**: *No*
+   *
+   * @example
+   *
+   * ```js
+   * // /pages/api/auth/[...nextauth].js
+   * import log from "logging-service"
+   * export default NextAuth({
+   *   logger: {
+   *     error(code, ...message) {
+   *       log.error(code, message)
+   *     },
+   *     warn(code, ...message) {
+   *       log.warn(code, message)
+   *     },
+   *     debug(code, ...message) {
+   *       log.debug(code, message)
+   *     }
+   *   }
+   * })
+   * ```
+   *
+   * - ⚠ When set, the `debug` option is ignored
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#logger) |
+   * [Debug documentation](https://next-auth.js.org/configuration/options#debug)
+   */
+  logger?: LoggerInstance
+  /**
+   * Changes the theme of pages.
+   * Set to `"light"` if you want to force pages to always be light.
+   * Set to `"dark"` if you want to force pages to always be dark.
+   * Set to `"auto"`, (or leave this option out)if you want the pages to follow the preferred system theme.
+   * * **Default value**: `"auto"`
+   * * **Required**: *No*
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#theme) | [Pages documentation]("https://next-auth.js.org/configuration/pages")
+   */
+  theme?: "auto" | "dark" | "light"
+  /**
+   * When set to `true` then all cookies set by NextAuth.js will only be accessible from HTTPS URLs.
+   * This option defaults to `false` on URLs that start with `http://` (e.g. http://localhost:3000) for developer convenience.
+   * You can manually set this option to `false` to disable this security feature and allow cookies
+   * to be accessible from non-secured URLs (this is not recommended).
+   * * **Default value**: `true` for HTTPS and `false` for HTTP sites
+   * * **Required**: No
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#usesecurecookies)
+   *
+   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
+   * but **may have complex implications** or side effects.
+   * You should **try to avoid using advanced options** unless you are very comfortable using them.
+   */
+  useSecureCookies?: boolean
+  /**
+   * You can override the default cookie names and options for any of the cookies used by NextAuth.js.
+   * You can specify one or more cookies with custom properties,
+   * but if you specify custom options for a cookie you must provide all the options for that cookie.
+   * If you use this feature, you will likely want to create conditional behavior
+   * to support setting different cookies policies in development and production builds,
+   * as you will be opting out of the built-in dynamic policy.
+   * * **Default value**: `{}`
+   * * **Required**: No
+   *
+   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
+   * but **may have complex implications** or side effects.
+   * You should **try to avoid using advanced options** unless you are very comfortable using them.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/options#cookies) | [Usage example](https://next-auth.js.org/configuration/options#example)
+   */
+  cookies?: CookiesOptions
+}
+
+/**
+ * Override any of the methods, and the rest will use the default logger.
+ *
+ * [Documentation](https://next-auth.js.org/configuration/options#logger)
+ */
+export interface LoggerInstance {
+  warn(code: string, ...message: unknown[]): void
+  error(code: string, ...message: unknown[]): void
+  debug(code: string, ...message: unknown[]): void
+}
+
+/**
+ * Different tokens returned by OAuth Providers.
+ * Some of them are available with different casing,
+ * but they refer to the same value.
+ */
+export interface TokenSet {
+  accessToken: string
+  idToken?: string
+  refreshToken?: string
+  access_token: string
+  expires_in?: number | null
+  refresh_token?: string
+  id_token?: string
+}
+
+/**
+ * Usually contains information about the provider being used
+ * and also extends `TokenSet`, which is different tokens returned by OAuth Providers.
+ */
+export interface Account extends TokenSet, Record<string, unknown> {
+  id: string
+  provider: string
+  type: string
+}
+
+/** The OAuth profile returned from your provider */
+export interface Profile extends Record<string, unknown> {
+  sub?: string
+  name?: string
+  email?: string
+  image?: string
+}
+
+/** [Documentation](https://next-auth.js.org/configuration/callbacks) */
+export interface CallbacksOptions<
+  P extends Record<string, unknown> = Profile,
+  A extends Record<string, unknown> = Account
+> {
+  /**
+   * Use this callback to control if a user is allowed to sign in.
+   * Returning true will continue the sign-in flow.
+   * Throwing an error or returning a string will stop the flow, and redirect the user.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#sign-in-callback)
+   */
+  signIn?(user: User, account: A, profile: P): Awaitable<string | boolean>
+  /**
+   * This callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout).
+   * By default only URLs on the same URL as the site are allowed,
+   * you can use this callback to customise that behaviour.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#redirect-callback)
+   */
+  redirect?(url: string, baseUrl: string): Awaitable<string>
+  /**
+   * This callback is called whenever a session is checked.
+   * (Eg.: invoking the `/api/session` endpoint, using `useSession` or `getSession`)
+   *
+   * - ⚠ By default, only a subset of the token is returned for increased security.
+   * If you want to make something available you added to the token through the `jwt` callback,
+   * you have to explicitely forward it here to make it available to the client.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#session-callback) |
+   * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+   * [`useSession`](https://next-auth.js.org/getting-started/client#usesession) |
+   * [`getSession`](https://next-auth.js.org/getting-started/client#getsession) |
+   *
+   */
+  session?(session: Session, userOrToken: JWT | User): Awaitable<Session>
+  /**
+   * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
+   * or updated (i.e whenever a session is accessed in the client).
+   * Its content is forwarded to the `session` callback,
+   * where you can control what should be returned to the client.
+   * Anything else will be kept from your front-end.
+   *
+   * - ⚠ By default the JWT is signed, but not encrypted.
+   *
+   * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+   * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback)
+   */
+  jwt?(
+    token: JWT,
+    user?: User,
+    account?: A,
+    profile?: P,
+    isNewUser?: boolean
+  ): Awaitable<JWT>
+}
+
+/** [Documentation](https://next-auth.js.org/configuration/options#cookies) */
+export interface CookieOption {
+  name: string
+  options: {
+    httpOnly: boolean
+    sameSite: true | "strict" | "lax" | "none"
+    path?: string
+    secure: boolean
+    maxAge?: number
+    domain?: string
+  }
+}
+
+/** [Documentation](https://next-auth.js.org/configuration/options#cookies) */
+export interface CookiesOptions {
+  sessionToken?: CookieOption
+  callbackUrl?: CookieOption
+  csrfToken?: CookieOption
+  pkceCodeVerifier?: CookieOption
+}
+
+/** [Documentation](https://next-auth.js.org/configuration/events) */
+export type EventType =
+  | "signIn"
+  | "signOut"
+  | "createUser"
+  | "updateUser"
+  | "linkAccount"
+  | "session"
+  | "error"
+
+/** [Documentation](https://next-auth.js.org/configuration/events) */
+export type EventCallback = (message: any) => Promise<void>
+
+/** [Documentation](https://next-auth.js.org/configuration/events) */
+export type EventsOptions = Partial<Record<EventType, EventCallback>>
+
+/** [Documentation](https://next-auth.js.org/configuration/pages) */
+export interface PagesOptions {
+  signIn?: string
+  signOut?: string
+  /** Error code passed in query string as ?error= */
+  error?: string
+  verifyRequest?: string
+  /** If set, new users will be directed here on first sign in */
+  newUser?: string
+}
+
+/**
+ * Returned by `useSession`, `getSession`, returned by the `session` callback
+ * and also the shape received as a prop on the `Provider` React Context
+ *
+ * [`useSession`](https://next-auth.js.org/getting-started/client#usesession) |
+ * [`getSession`](https://next-auth.js.org/getting-started/client#getsession) |
+ * [`Provider`](https://next-auth.js.org/getting-started/client#provider) |
+ * [`session` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback)
+ */
+export interface Session extends Record<string, unknown> {
+  user?: User
+  accessToken?: string
+  expires: string
+}
+
+/** [Documentation](https://next-auth.js.org/configuration/options#session) */
+export interface SessionOptions {
+  jwt?: boolean
+  maxAge?: number
+  updateAge?: number
+}
+
+/**
+ * The shape of the returned object in the OAuth providers' `profile` callback,
+ * available in the `jwt` and `session` callbacks,
+ * or the second parameter of the `session` callback, when using a database.
+ *
+ * [`signIn` callback](https://next-auth.js.org/configuration/callbacks#sign-in-callback) |
+ * [`session` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+ * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
+ * [`profile` OAuth provider callback](https://next-auth.js.org/configuration/providers#using-a-custom-provider)
+ */
+export interface User {
+  name?: string | null
+  email?: string | null
+  image?: string | null
+}
+
+declare function NextAuth(
+  req: NextApiRequest,
+  res: NextApiResponse,
+  options: NextAuthOptions
+): ReturnType<NextApiHandler>
+
+declare function NextAuth(options: NextAuthOptions): ReturnType<NextApiHandler>
+
+export default NextAuth
--- a/types/internals/client.d.ts
+++ b/types/internals/client.d.ts
@@ -0,0 +1,34 @@
+import * as React from "react"
+import { Session } from ".."
+
+export interface BroadcastMessage {
+  event?: "session"
+  data?: {
+    trigger?: "signout" | "getSession"
+  }
+  clientId: string
+  timestamp: number
+}
+
+export interface NextAuthConfig {
+  baseUrl: string
+  basePath: string
+  baseUrlServer: string
+  basePathServer: string
+  /** 0 means disabled (don't send); 60 means send every 60 seconds */
+  keepAlive: number
+  /** 0 means disabled (only use cache); 60 means sync if last checked > 60 seconds ago */
+  clientMaxAge: number
+  /** Used for timestamp since last sycned (in seconds) */
+  _clientLastSync: number
+  /** Stores timer for poll interval */
+  _clientSyncTimer: ReturnType<typeof setTimeout>
+  /** Tracks if event listeners have been added */
+  _eventListenersAdded: boolean
+  /** Stores last session response from hook */
+  _clientSession: Session | null | undefined
+  /** Used to store to function export by getSession() hook */
+  _getSession: any
+}
+
+export type SessionContext = React.Context<Session>
--- a/types/internals/index.d.ts
+++ b/types/internals/index.d.ts
@@ -0,0 +1,50 @@
+import { NextApiRequest, NextApiResponse } from "./utils"
+import { NextAuthOptions } from ".."
+import { AppProvider } from "./providers"
+
+/** Options that are the same both in internal and user provided options. */
+export type NextAuthSharedOptions =
+  | "pages"
+  | "jwt"
+  | "events"
+  | "callbacks"
+  | "cookies"
+  | "secret"
+  | "adapter"
+  | "theme"
+  | "debug"
+  | "logger"
+
+export interface AppOptions
+  extends Pick<NextAuthOptions, NextAuthSharedOptions> {
+  pkce?: {
+    code_verifier?: string
+    /**
+     * Could be `"plain"`, but not recommended.
+     * We ignore it for now.
+     * @spec https://tools.ietf.org/html/rfc7636#section-4.2.
+     */
+    code_challenge_method?: "S256"
+  }
+  provider?: AppProvider
+  providers: AppProvider[]
+  baseUrl?: string
+  basePath?: string
+  action?:
+    | "providers"
+    | "session"
+    | "csrf"
+    | "signin"
+    | "signout"
+    | "callback"
+    | "verify-request"
+    | "error"
+  csrfToken?: string
+  csrfTokenVerified?: boolean
+}
+
+export interface NextAuthRequest extends NextApiRequest {
+  options: AppOptions
+}
+
+export type NextAuthResponse = NextApiResponse
--- a/types/internals/next.d.ts
+++ b/types/internals/next.d.ts
@@ -0,0 +1,40 @@
+import { IncomingMessage, ServerResponse } from "http"
+
+// ------------------------------------------------------
+// Types from next@10,
+// see: https://github.com/microsoft/dtslint/issues/297
+// ------------------------------------------------------
+export interface NextApiRequest extends IncomingMessage {
+  query: {
+    [key: string]: string | string[]
+  }
+  cookies: {
+    [key: string]: string
+  }
+  body: any
+  env: any
+  preview?: boolean
+  previewData?: any
+}
+
+export type Send<T> = (body: T) => void
+
+export type NextApiResponse<T = any> = ServerResponse & {
+  send: Send<T>
+  json: Send<T>
+  status: (statusCode: number) => NextApiResponse<T>
+  redirect: ((url: string) => NextApiResponse<T>) &
+    ((status: number, url: string) => NextApiResponse<T>)
+  setPreviewData: (
+    data: object | string,
+    options?: {
+      maxAge?: number
+    }
+  ) => NextApiResponse<T>
+  clearPreviewData: () => NextApiResponse<T>
+}
+
+export type NextApiHandler<T = any> = (
+  req: NextApiRequest,
+  res: NextApiResponse<T>
+) => void | Promise<void>
--- a/types/internals/providers.d.ts
+++ b/types/internals/providers.d.ts
@@ -0,0 +1,6 @@
+import { CommonProviderOptions } from "../providers"
+
+export interface AppProvider extends CommonProviderOptions {
+  signinUrl: string
+  callbackUrl: string
+}
--- a/types/internals/utils.d.ts
+++ b/types/internals/utils.d.ts
@@ -0,0 +1,42 @@
+import { IncomingMessage, ServerResponse } from "http"
+
+export type Awaitable<T> = T | PromiseLike<T>
+
+// ------------------------------------------------------
+// Types from next@10,
+// see: https://github.com/microsoft/dtslint/issues/297
+// ------------------------------------------------------
+export interface NextApiRequest extends IncomingMessage {
+  query: {
+    [key: string]: string | string[]
+  }
+  cookies: {
+    [key: string]: string
+  }
+  body: any
+  env: any
+  preview?: boolean
+  previewData?: any
+}
+
+export type Send<T> = (body: T) => void
+
+export type NextApiResponse<T = any> = ServerResponse & {
+  send: Send<T>
+  json: Send<T>
+  status: (statusCode: number) => NextApiResponse<T>
+  redirect: ((url: string) => NextApiResponse<T>) &
+    ((status: number, url: string) => NextApiResponse<T>)
+  setPreviewData: (
+    data: object | string,
+    options?: {
+      maxAge?: number
+    }
+  ) => NextApiResponse<T>
+  clearPreviewData: () => NextApiResponse<T>
+}
+
+export type NextApiHandler<T = any> = (
+  req: NextApiRequest,
+  res: NextApiResponse<T>
+) => void | Promise<void>
--- a/types/jwt.d.ts
+++ b/types/jwt.d.ts
@@ -0,0 +1,66 @@
+import { JWT as JoseJWT, JWE } from "jose"
+import { NextApiRequest } from "./internals/utils"
+
+/**
+ * Returned by the `jwt` callback and `getToken`, when using JWT sessions
+ *
+ * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) | [`getToken`](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken)
+ */
+export interface JWT extends Record<string, unknown> {
+  name?: string | null
+  email?: string | null
+  picture?: string | null
+}
+
+export interface JWTEncodeParams {
+  token?: JWT
+  maxAge?: number
+  secret: string | Buffer
+  signingKey?: string
+  signingOptions?: JoseJWT.SignOptions
+  encryptionKey?: string
+  encryptionOptions?: object
+  encryption?: boolean
+}
+
+export function encode(params?: JWTEncodeParams): Promise<string>
+
+export interface JWTDecodeParams {
+  token?: string
+  maxAge?: number
+  secret: string | Buffer
+  signingKey?: string
+  verificationKey?: string
+  verificationOptions?: JoseJWT.VerifyOptions<false>
+  encryptionKey?: string
+  decryptionKey?: string
+  decryptionOptions?: JWE.DecryptOptions<false>
+  encryption?: boolean
+}
+
+export function decode(params?: JWTDecodeParams): Promise<JWT>
+
+export type GetTokenParams<R extends boolean = false> = {
+  req: NextApiRequest
+  secureCookie?: boolean
+  cookieName?: string
+  raw?: R
+  decode?: typeof decode
+  secret?: string
+} & Omit<JWTDecodeParams, "secret">
+
+/** [Documentation](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken) */
+export function getToken<R extends boolean = false>(
+  params?: GetTokenParams<R>
+): Promise<R extends true ? string : JWT | null>
+
+export interface JWTOptions {
+  secret?: string
+  maxAge?: number
+  encryption?: boolean
+  signingKey?: string
+  encryptionKey?: string
+  encode?: typeof encode
+  decode?: typeof decode
+  verificationOptions?: JoseJWT.VerifyOptions<false>
+}
--- a/types/providers.d.ts
+++ b/types/providers.d.ts
@@ -0,0 +1,166 @@
+import { Profile, TokenSet, User } from "."
+import { Awaitable } from "./internals/utils"
+
+export type ProviderType = "oauth" | "email" | "credentials"
+
+export interface CommonProviderOptions {
+  id: string
+  name: string
+  type: ProviderType
+}
+
+/**
+ * OAuth Provider
+ */
+
+type ProtectionType = "pkce" | "state" | "both" | "none"
+
+/**
+ * OAuth provider options
+ *
+ * [Documentation](https://next-auth.js.org/configuration/providers#oauth-provider-options)
+ */
+export interface OAuthConfig<P extends Record<string, unknown> = Profile>
+  extends CommonProviderOptions {
+  authorizationParams?: Record<string, string>
+  headers?: Record<string, any>
+  type: "oauth"
+  version: string
+  scope: string
+  params: { grant_type: string }
+  accessTokenUrl: string
+  requestTokenUrl: string
+  authorizationUrl: string
+  profileUrl: string
+  profile(profile: P, tokens: TokenSet): Awaitable<User & { id: string }>
+  protection?: ProtectionType | ProtectionType[]
+  clientId: string
+  clientSecret:
+    | string
+    // TODO: only allow for Apple
+    | Record<"appleId" | "teamId" | "privateKey" | "keyId", string>
+  idToken?: boolean
+  /**
+   * @deprecated Will be removed in an upcoming major release. Use `protection: ["state"]` instead.
+   */
+  state?: boolean
+
+  // TODO: only allow for BattleNet
+  region?: string
+  // TODO: only allow for some
+  domain?: string
+  // TODO: only allow for Azure Active Directory B2C and FusionAuth
+  tenantId?: string
+}
+
+export type OAuthProviderType =
+  | "Apple"
+  | "Atlassian"
+  | "Auth0"
+  | "AzureADB2C"
+  | "Basecamp"
+  | "BattleNet"
+  | "Box"
+  | "Bungie"
+  | "Cognito"
+  | "Discord"
+  | "EVEOnline"
+  | "Facebook"
+  | "FACEIT"
+  | "Foursquare"
+  | "FusionAuth"
+  | "GitHub"
+  | "GitLab"
+  | "Google"
+  | "IdentityServer4"
+  | "Instagram"
+  | "Kakao"
+  | "LINE"
+  | "LinkedIn"
+  | "MailRu"
+  | "Medium"
+  | "Netlify"
+  | "Okta"
+  | "Osso"
+  | "Reddit"
+  | "Salesforce"
+  | "Slack"
+  | "Spotify"
+  | "Strava"
+  | "Twitch"
+  | "Twitter"
+  | "VK"
+  | "Yandex"
+  | "Zoho"
+
+export type OAuthProvider = (options: Partial<OAuthConfig>) => OAuthConfig
+
+/**
+ * Credentials Provider
+ */
+
+interface CredentialInput {
+  label?: string
+  type?: string
+  value?: string
+  placeholder?: string
+}
+
+interface CredentialsConfig<C extends Record<string, CredentialInput> = {}>
+  extends CommonProviderOptions {
+  type: "credentials"
+  credentials: C
+  authorize(credentials: Record<keyof C, string>): Awaitable<User | null>
+}
+
+export type CredentialsProvider = (
+  options: Partial<CredentialsConfig>
+) => CredentialsConfig
+
+export type CredentialsProviderType = "Credentials"
+
+/** Email Provider */
+
+export interface EmailConfigServerOptions {
+  host: string
+  port: number
+  auth: {
+    user: string
+    pass: string
+  }
+}
+
+export interface EmailConfig extends CommonProviderOptions {
+  type: "email"
+  // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
+  server: string | EmailConfigServerOptions
+  from?: string
+  maxAge?: number
+  sendVerificationRequest(params: {
+    identifier: string
+    url: string
+    baseUrl: string
+    token: string
+    provider: EmailConfig
+  }): Awaitable<void>
+}
+
+export type EmailProvider = (options: Partial<EmailConfig>) => EmailConfig
+
+// TODO: Rename to Token provider
+// when started working on https://github.com/nextauthjs/next-auth/discussions/1465
+export type EmailProviderType = "Email"
+
+export type Provider = OAuthConfig | EmailConfig | CredentialsConfig
+
+export type BuiltInProviders = Record<OAuthProviderType, OAuthProvider> &
+  Record<CredentialsProviderType, CredentialsProvider> &
+  Record<EmailProviderType, EmailProvider>
+
+export type AppProviders = Array<
+  Provider | ReturnType<BuiltInProviders[keyof BuiltInProviders]>
+>
+
+declare const Providers: BuiltInProviders
+
+export default Providers
--- a/types/tests/adapters.test.ts
+++ b/types/tests/adapters.test.ts
@@ -0,0 +1,26 @@
+import Adapters from "next-auth/adapters"
+
+// ExpectType TypeORMAdapter["Adapter"]
+Adapters.Default({
+  type: "sqlite",
+  database: ":memory:",
+  synchronize: true,
+})
+
+// ExpectType TypeORMAdapter
+Adapters.TypeORM.Adapter({
+  type: "sqlite",
+  database: ":memory:",
+  synchronize: true,
+})
+
+// ExpectType PrismaAdapter
+Adapters.Prisma.Adapter({
+  prisma: {},
+  modelMapping: {
+    User: "foo",
+    Account: "bar",
+    Session: "session",
+    VerificationRequest: "foo",
+  },
+})
--- a/types/tests/client.test.ts
+++ b/types/tests/client.test.ts
@@ -0,0 +1,97 @@
+import * as client from "next-auth/client"
+import { nextReq } from "./test-helpers"
+
+const clientSession = {
+  user: {
+    name: "Bruce",
+    email: "bruce@lee.com",
+    image: "path/to/img",
+  },
+  accessToken: "123z",
+  expires: "1234",
+}
+
+// $ExpectType [Session | null, boolean]
+client.useSession()
+
+// $ExpectType Promise<Session | null>
+client.getSession({ req: nextReq })
+
+// $ExpectType Promise<Session | null>
+client.session({ req: nextReq })
+
+// $ExpectType Promise<Record<string, ClientSafeProvider> | null>
+client.getProviders()
+
+// $ExpectType Promise<Record<string, ClientSafeProvider> | null>
+client.providers()
+
+// $ExpectType Promise<string | null>
+client.getCsrfToken({ req: nextReq })
+
+// $ExpectType Promise<string | null>
+client.csrfToken({ req: nextReq })
+
+// $ExpectType Promise<string | null>
+client.csrfToken({ ctx: { req: nextReq } })
+
+// $ExpectType Promise<undefined>
+client.signin("github", { callbackUrl: "foo" }, { login: "username" })
+
+// $ExpectType Promise<SignInResponse | undefined>
+client.signin("credentials", { callbackUrl: "foo", redirect: true })
+
+// $ExpectType Promise<SignInResponse | undefined>
+client.signin("credentials", { redirect: false })
+
+// $ExpectType Promise<SignInResponse | undefined>
+client.signin("email", { callbackUrl: "foo", redirect: false })
+
+// $ExpectType Promise<SignInResponse | undefined>
+client.signin("email", { callbackUrl: "foo", redirect: true })
+
+// $ExpectType Promise<undefined>
+client.signout()
+
+// $ExpectType Promise<undefined>
+client.signout({ callbackUrl: "https://foo.com/callback", redirect: true })
+
+// $ExpectType Promise<SignOutResponse>
+client.signOut({ callbackUrl: "https://foo.com/callback", redirect: false })
+
+// $ExpectType ReactElement<any, any> | null
+client.Provider({
+  children: null,
+  session: clientSession,
+  options: {
+    baseUrl: "https://foo.com",
+    basePath: "/",
+    clientMaxAge: 1234,
+  },
+})
+
+// $ExpectType ReactElement<any, any> | null
+client.Provider({
+  children: null,
+  session: clientSession,
+})
+
+// $ExpectType ReactElement<any, any> | null
+client.Provider({
+  children: null,
+  options: {},
+})
+
+// $ExpectType ReactElement<any, any> | null
+client.Provider({
+  children: null,
+  session: {
+    expires: "",
+  },
+  options: {
+    baseUrl: "https://foo.com",
+    basePath: "/",
+    clientMaxAge: 1234,
+    keepAlive: 4321,
+  },
+})
--- a/types/tests/jwt.test.ts
+++ b/types/tests/jwt.test.ts
@@ -0,0 +1,26 @@
+import * as JWTType from "next-auth/jwt"
+import { nextReq } from "./test-helpers"
+
+// $ExpectType Promise<string>
+JWTType.encode({
+  token: { key: "value" },
+  secret: "secret",
+})
+
+// $ExpectType Promise<JWT>
+JWTType.decode({
+  token: "token",
+  secret: "secret",
+})
+
+// $ExpectType Promise<string>
+JWTType.getToken({
+  req: nextReq,
+  raw: true,
+})
+
+// $ExpectType Promise<JWT | null>
+JWTType.getToken({
+  req: nextReq,
+  secret: "secret",
+})
--- a/types/tests/providers.test.ts
+++ b/types/tests/providers.test.ts
@@ -0,0 +1,259 @@
+import Providers from "next-auth/providers"
+
+// $ExpectType EmailConfig
+Providers.Email({
+  server: "path/to/server",
+  from: "path/from",
+})
+
+// $ExpectType EmailConfig
+Providers.Email({
+  server: {
+    host: "host",
+    port: 123,
+    auth: {
+      user: "foo",
+      pass: "123",
+    },
+  },
+  from: "path/from",
+})
+
+// $ExpectType CredentialsConfig<{}>
+Providers.Credentials({
+  id: "login",
+  name: "account",
+  credentials: {
+    user: {
+      label: "Password",
+      type: "password",
+    },
+    password: {
+      label: "Password",
+      type: "password",
+    },
+  },
+  authorize: async (credentials) => {
+    const user = {
+      /* fetched user */
+    }
+    return user
+  },
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Apple({
+  clientId: "foo123",
+  clientSecret: {
+    appleId: "foo@icloud.com",
+    teamId: "foo",
+    privateKey: "123xyz",
+    keyId: "1234",
+  },
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Twitter({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Facebook({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.GitHub({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.GitHub({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  scope: "change:thing read:that",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.GitLab({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Slack({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Google({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Google({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  authorizationUrl: "https://foo.google.com",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Auth0({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  domain: "https://foo.auth0.com",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Auth0({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  domain: "https://foo.auth0.com",
+  profile: () => ({
+    id: "foo123",
+    name: "foo",
+    email: "foo@bar.io",
+    image: "https://foo.auth0.com/image/1.png",
+  }),
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.IdentityServer4({
+  id: "identity-server4",
+  name: "IdentityServer4",
+  scope: "change:thing read:that",
+  domain: "https://foo.is4.com",
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Discord({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  scope: "identify",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Twitch({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Okta({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  domain: "https://foo.auth0.com",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.BattleNet({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  region: "europe",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Box({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Cognito({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  domain: "https://foo.auth0.com",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Yandex({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.LinkedIn({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  scope: "r_emailaddress r_liteprofile",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Spotify({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Spotify({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  scope: "user-read-email",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Basecamp({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Reddit({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.AzureADB2C({
+  clientId: "foo123",
+  clientSecret: "bar123",
+  scope: "offline_access User.Read",
+  tenantId: "tenantId",
+  idToken: true,
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.FusionAuth({
+  name: "FusionAuth",
+  domain: "domain",
+  clientId: "clientId",
+  clientSecret: "clientSecret",
+  tenantId: "tenantId",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.FACEIT({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Instagram({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Kakao({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Osso({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
+
+// $ExpectType OAuthConfig<Profile>
+Providers.Zoho({
+  clientId: "foo123",
+  clientSecret: "bar123",
+})
--- a/types/tests/server.test.ts
+++ b/types/tests/server.test.ts
@@ -0,0 +1,260 @@
+import Providers, { OAuthConfig } from "next-auth/providers"
+import {
+  Adapter,
+  EmailAppProvider,
+  Profile,
+  Session,
+  VerificationRequest,
+} from "next-auth/adapters"
+import NextAuth, * as NextAuthTypes from "next-auth"
+import { IncomingMessage, ServerResponse } from "http"
+import * as JWTType from "next-auth/jwt"
+import { Socket } from "net"
+import { NextApiRequest, NextApiResponse } from "internals/utils"
+import { AppOptions } from "internals"
+import { AppProvider } from "internals/providers"
+
+const req: NextApiRequest = Object.assign(new IncomingMessage(new Socket()), {
+  query: {},
+  cookies: {},
+  body: {},
+  env: {},
+})
+
+const res: NextApiResponse = Object.assign(new ServerResponse(req), {
+  send: (body: string) => undefined,
+  json: (body: string) => undefined,
+  status: (code: number) => res,
+  redirect: (statusOrUrl: number | string, url?: string) => res as any,
+  setPreviewData: (data: object | string) => res,
+  clearPreviewData: () => res,
+})
+
+const pageOptions = {
+  signin: "path/to/signin",
+  signout: "path/to/signout",
+  error: "path/to/error",
+  verifyRequest: "path/to/verify",
+  newUsers: "path/to/signup",
+}
+
+const simpleConfig = {
+  providers: [
+    Providers.GitHub({
+      clientId: "123",
+      clientSecret: "123",
+      scope:
+        "user public_repo repo repo_deployment repo:status read:repo_hook read:org read:public_key read:gpg_key",
+    }),
+  ],
+}
+
+const exampleUser: NextAuthTypes.User = {
+  name: "",
+  image: "",
+  email: "",
+}
+
+const exampleSession: Session = {
+  userId: "",
+  accessToken: "",
+  sessionToken: "",
+  expires: new Date(),
+}
+
+const exampleVerificatoinRequest: VerificationRequest = {
+  identifier: "",
+  token: "",
+  expires: new Date(),
+}
+
+const adapter: Adapter<
+  NextAuthTypes.User,
+  Profile,
+  Session,
+  VerificationRequest
+> = {
+  async getAdapter(appOptions: AppOptions) {
+    return {
+      createUser: async (profile: Profile) => exampleUser,
+      getUser: async (id: string) => exampleUser,
+      getUserByEmail: async (email: string) => exampleUser,
+      getUserByProviderAccountId: async (
+        providerId: string,
+        providerAccountId: string
+      ) => exampleUser,
+      updateUser: async (user: NextAuthTypes.User) => exampleUser,
+      linkAccount: async (
+        userId: string,
+        providerId: string,
+        providerType: string,
+        providerAccountId: string,
+        refreshToken: string,
+        accessToken: string,
+        accessTokenExpires: number
+      ) => undefined,
+      createSession: async (user: NextAuthTypes.User) => exampleSession,
+      getSession: async (sessionToken: string) => exampleSession,
+      updateSession: async (session: Session, force?: boolean) =>
+        exampleSession,
+      deleteSession: async (sessionToken: string) => undefined,
+      createVerificationRequest: async (
+        email: string,
+        url: string,
+        token: string,
+        secret: string,
+        provider: EmailAppProvider,
+        options: AppOptions
+      ) => exampleVerificatoinRequest,
+      getVerificationRequest: async (
+        email: string,
+        verificationToken: string,
+        secret: string,
+        provider: AppProvider
+      ) => exampleVerificatoinRequest,
+      deleteVerificationRequest: async (
+        email: string,
+        verificationToken: string,
+        secret: string,
+        provider: AppProvider
+      ) => undefined,
+    }
+  },
+}
+
+const allConfig = {
+  providers: [
+    Providers.Twitter({
+      clientId: "123",
+      clientSecret: "123",
+    }),
+  ],
+  database: "path/to/db",
+  debug: true,
+  secret: "my secret",
+  session: {
+    jwt: true,
+    maxAge: 365,
+    updateAge: 60,
+  },
+  jwt: {
+    secret: "secret-thing",
+    maxAge: 365,
+    encryption: true,
+    signingKey: "some-key",
+    encryptionKey: "some-key",
+    encode: async () => "foo",
+    decode: async () => ({}),
+  },
+  pages: pageOptions,
+  callbacks: {
+    async signIn(
+      user: NextAuthTypes.User,
+      account: Record<string, unknown>,
+      profile: Record<string, unknown>
+    ) {
+      return true
+    },
+    async redirect(url: string, baseUrl: string) {
+      return "path/to/foo"
+    },
+    async session(
+      session: NextAuthTypes.Session,
+      userOrToken: NextAuthTypes.User
+    ) {
+      return { ...session }
+    },
+    async jwt(
+      token: JWTType.JWT,
+      user?: NextAuthTypes.User,
+      account?: Record<string, unknown>,
+      profile?: Record<string, unknown>,
+      isNewUser?: boolean
+    ) {
+      return token
+    },
+  },
+  events: {
+    async signIn(message: string) {
+      return undefined
+    },
+    async signOut(message: string) {
+      return undefined
+    },
+    async createUser(message: string) {
+      return undefined
+    },
+    async linkAccount(message: string) {
+      return undefined
+    },
+    async session(message: string) {
+      return undefined
+    },
+    async error(message: string) {
+      return undefined
+    },
+  },
+  adapter,
+  useSecureCookies: true,
+  cookies: {
+    sessionToken: {
+      name: "__Secure-next-auth.session-token",
+      options: {
+        httpOnly: true,
+        sameSite: true as true,
+        path: "/",
+        secure: true,
+        domain: "foo.com",
+      },
+    },
+  },
+}
+
+const customProvider: OAuthConfig<{
+  id: string
+  name: string
+  email: string
+  picture: string
+}> = {
+  id: "google",
+  name: "Google",
+  type: "oauth",
+  version: "2.0",
+  scope:
+    "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+  params: { grant_type: "authorization_code" },
+  accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
+  requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
+  authorizationUrl:
+    "https://accounts.google.com/o/oauth2/auth?response_type=code",
+  profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+  async profile(profile, tokens) {
+    return {
+      id: profile.id,
+      name: profile.name,
+      email: profile.email,
+      image: profile.picture,
+    }
+  },
+  clientId: "",
+  clientSecret: "",
+}
+
+const customProviderConfig = {
+  providers: [customProvider],
+}
+
+// $ExpectType void | Promise<void>
+NextAuth(simpleConfig)
+
+// $ExpectType void | Promise<void>
+NextAuth(allConfig)
+
+// $ExpectType void | Promise<void>
+NextAuth(customProviderConfig)
+
+// $ExpectType void | Promise<void>
+NextAuth(req, res, simpleConfig)
+
+// $ExpectType void | Promise<void>
+NextAuth(req, res, allConfig)
--- a/types/tests/test-helpers.ts
+++ b/types/tests/test-helpers.ts
@@ -0,0 +1,13 @@
+import { IncomingMessage } from "http"
+import { Socket } from "net"
+import { NextApiRequest } from "internals/utils"
+
+export const nextReq: NextApiRequest = Object.assign(
+  new IncomingMessage(new Socket()),
+  {
+    query: {},
+    cookies: {},
+    body: {},
+    env: {},
+  }
+)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Balázs Orbán	2becdad990	fix(logger): attempt at fixing infinite loop (#1789 )	2021-04-20 21:22:20 +02:00
Pop Stefan	e3c2c7756d	docs: add Class components tutorial (#1784 )	2021-04-20 17:34:05 +02:00
Balázs Orbán	718f2537cb	build(provider): auto-generate Providers submodule (#1782 )	2021-04-20 17:33:24 +02:00
dogomedia-github	ae26df091d	fix(provider): add sub to defaultJwtPayload for credentials provider. (#1725 ) Co-authored-by: Joseph Chen <jchen@dogomedia.com>	2021-04-20 12:59:48 +02:00
dependabot[bot]	1cbf73b2f6	chore(deps): bump jose from 1.27.2 to 1.28.1 (#1772 ) Bumps [jose](https://github.com/panva/jose) from 1.27.2 to 1.28.1. - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v1.28.1/CHANGELOG.md) - [Commits](https://github.com/panva/jose/compare/v1.27.2...v1.28.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-04-20 12:56:07 +02:00
Balázs Orbán	46b62d723c	feat(ts): expose types from main package (#1773 ) * chore: add beta to release flow/GH actions * feat(ts): expose types from the package (#1665) * chore(types): move existing types to the repo * feat(ts): expose types from the main package * chore(deps): bring back `react-dom` version range * chore(ts): cleanup deps and comments * chore(ci): run types tests on a separate workflow * chore(ci): fix typo on types workflow * fix(ts): correctly export sub-module types (#1677) * chore(types): build types script Adds a script that moves the declaration files we have in `./types` to `./dist` relative to the files they intend to type. This is the first step, we still need to change what we declare in `package.json`, add the script to the CI pipeline if we're happy with it and figure out how to type `next-auth/jwt`. * refactor(lint): fix build-types script * fix(ts): add .d.ts sub-module files to package.json #1677 seemed to miss this * fix(built): typo in package.json * fix(build): fix release * feat(ts): support module augmentation (#1681) * chore(ts): remove unused imports * refactor(ts): clean up CallbackOptions * docs(ts): explain Module Augmentation * docs(ts): don't use @ in folder name "types" * test(ts): make jwt params optional * docs(ts): fix typo (TypeScript -> NextAuth.js) * style: replace ts-standard with eslint/prettier (#1724) * style: move from ts-standard to eslint/prettier * fix: install remaining eslint-config-standard peer deps * fix: add remaining missing dependencies/config Co-authored-by: Balázs Orbán <info@balazsorban.com> * docs(lint): update contributing.md (#1760) Regarding ESLint / Prettier use and link to their VSCode extensions * refactor(ts): de-duplicate types (#1690) * refactor(ts): deduplicate internal types * refactor(ts): ease up providers typings * test(ts): fix failing TS tests * test(ts): rename TS property to fix test * docs(ts): mention TS docs in README.md * feat(ts): move/update client types * refactor(TS): rename some types * test(ts): fix client tests * docs(ts): move function descriptions to .d.ts * chore: fix lint error * refactor(ts): separate internal types * chore: simplify build-types script * chore: update type import paths in src * chore(build): create root files at build * chore: remove unnecessary .npmignore * chore: run prettier on types * fix(ts): clean up jwt types * fix(ts): make getToken return type depend on raw param * docs(page): explain page errors, add theming note * docs(ts): add JSDoc to NextAuthOptions props * chore(ts): remove unused import * docs(ts): change JSDOC docs notation * refactor(build): extract module entries into enum * chore(ts): move ClientSafeProvider * chore(ts): simplify GetTokenParams generic * style(lint): fix linting errors * chore: re-add generic extension to GetTokenParams * fix(ts): extract EmailConfigServerOptions to interface * fix(ts): use relative imports * Merge branch 'main' into beta * Merge main into beta * fix(ts): fix typos, add more links to documentation * test(ts): update JWT getToken test * fix(build): fix tsconfig.json formatting * test(ts): use absolute imports in test files * fix(ts): add missing callbacks JSDoc * docs: mention TS in FAQ, fix typos * docs: fix some typos in the docs Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: Nico Domino <yo@ndo.dev>	2021-04-20 12:20:43 +02:00
Balázs Orbán	457952bb5a	fix(jwt): make decode overrideable in getToken (#1751 )	2021-04-17 12:40:50 +02:00
Balázs Orbán	17b789822d	fix: make oauth_token_secret and oauth_token available (#1322 ) * fix: add oauth_token_secret to requests * chore: remove console.log * refactor: follow casing from response	2021-04-14 21:26:15 +02:00
Ovidiu Dan	fd12194c0c	docs(provider): Explain how to get access to LinkedIn authentication (#1706 )	2021-04-12 18:46:20 +02:00
Balázs Orbán	1c662e9ddc	fix(page): fall back to default error page (#1700 )	2021-04-12 03:56:47 +02:00
Balázs Orbán	968903d227	fix(oauth): support `response_mode=form_post` (#1669 ) * chore: alias dev script to next * feat(core): fallback to body when reading state * refactor: set csrfToken on req.options implicitly Ensures we do this similarly than in other handlers like pkce, state, extendRes, callbackUrlHandler etc. * chore: add code comment for debugging	2021-04-12 00:24:05 +02:00
Balázs Orbán	3dedf6c26c	fix(provider): proper check of protection property (#1694 ) * fix(provider): proper check of protection property * chore: add comment	2021-04-12 00:15:29 +02:00
Amauri Dias	d1dbfe1023	fix: truly replace .flat() to support Node <11 again (#1691 )	2021-04-11 23:20:37 +02:00
David Colón	63171a0271	fix: validate provider existence before looking for protection property (#1687 ) * Fix validation of provider existence before looking for protection property * Use optional chaining	2021-04-11 15:20:01 +02:00
Amauri Dias	872e180339	fix: replace .flat() to support Node <11 again (#1684 )	2021-04-11 10:57:25 +02:00
ifly7charlie	a7709df796	docs: Document the additional parameters in JWT (#1550 ) Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-08 14:00:19 +02:00
Balázs Orbán	dbe283f0fa	refactor: rename extend-res to extend-req	2021-04-07 22:26:54 +02:00
Balázs Orbán	727426bbec	chore(ts): auto-label TypeScript related changes	2021-04-07 20:16:10 +02:00
Vinicius CR	5a3ee47337	feat(provider): accept array for protection to support multiple mechanisms (#1565 ) * fix: add protection both option * feat: update docs with new protection value * fix: lint files * refactor: change protection from string to array * chore: reverting unespected change * chore: lint files Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-06 19:20:56 +02:00
bhaveshmishra-code	8dd8f7c48a	docs: fix typo in callbacks.md (#1657 ) Fixed the spelling mistake. existance -> existence	2021-04-05 19:35:26 +02:00
Jaime Martínez Rincón	072c59d85a	docs: fix typo `primsa` (#1652 )	2021-04-05 00:25:46 +02:00
dependabot[bot]	d0e8147a48	chore(deps): bump y18n from 4.0.0 to 4.0.1 (#1631 ) Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-04-05 00:24:39 +02:00
Jasper Moelker	5bc8f8b986	docs(page): correct getCsrfToken and input types (#1651 ) This fixes the a mismatch between the import (`csrfToken`) and the method (`getCsrfToken`) used in `getInitialProps`/`getServerSideProps`. In addition the form input fields now have their correct type: `email` for email input (for better autocomplete, virtual keyboard support and native validation) and `password` for the password input (to hide password while typing).	2021-04-04 22:01:53 +02:00
hoangbits	136361e1f4	docs: rename command to vercel cli, now cli is deprecated (#1647 )	2021-04-04 11:02:38 +02:00
hoangbits	cc9869592c	docs: fix typo in providers.md (#1641 )	2021-04-02 17:18:40 +02:00
Jay Liew	073da60c3d	docs: Update pages.md (#1592 ) * Update pages.md Updated Credentials Sign-In code example to indicate how to use `getServerSideProps` but still also showing the older `getInitialProps` example * Update www/docs/configuration/pages.md Co-authored-by: Balázs Orbán <info@balazsorban.com> * update documentation to show example using getServerSideProps() Co-authored-by: Balázs Orbán <info@balazsorban.com> Co-authored-by: Jay Liew <jay@haute.tech>	2021-03-31 00:31:31 +02:00
ifly7charlie	aacc34bbfd	docs(error): Add missing error message and technique to resolve (#1549 ) * Add missing error message and technique to resolve * Update errors.md Correct with correct error message and more complete suggestions on resolving it	2021-03-26 23:09:21 +01:00
jgollhardt	074688d10e	docs(provider): fix wrong param name in sendVerificationRequest example (#1595 )	2021-03-26 23:01:25 +01:00
Macarse, Christian Ryan R	b3ffe50c03	docs(provider): removed misleading provider signin link (#1588 )	2021-03-25 22:30:46 +01:00
Shubham Shukla	e6d063825d	fix(provider): added options in instagram provider (#1570 )	2021-03-23 22:28:54 +01:00
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/adapters').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/client').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/lib/jwt').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/providers').default`