feat(provider): accept array for protection to support multiple mechanisms (#1565 )

* fix: add protection both option * feat: update docs with new protection value * fix: lint files * refactor: change protection from string to array * chore: reverting unespected change * chore: lint files Co-authored-by: Balázs Orbán <info@balazsorban.com>
docs: fix typo in callbacks.md (#1657 )
2026-05-01 10:55:20 +00:00 · 2021-04-06 19:20:56 +02:00 · 2021-04-05 19:35:26 +02:00 · 2021-04-05 00:25:46 +02:00 · 2021-04-05 00:24:39 +02:00
7 changed files with 38 additions and 24 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -4450,6 +4450,12 @@
            "yallist": "^3.0.2"
          }
        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
        "yallist": {
          "version": "3.1.1",
          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
@@ -4801,11 +4807,6 @@
            "strip-ansi": "^6.0.0"
          }
        },
-        "y18n": {
-          "version": "5.0.5",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
-          "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
-        },
        "yargs": {
          "version": "16.2.0",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -13875,8 +13876,9 @@
          "dev": true
        },
        "y18n": {
-          "version": "4.0.0",
-          "bundled": true,
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
          "dev": true
        },
        "yallist": {
@@ -15042,6 +15044,12 @@
            "is-number": "^7.0.0"
          }
        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
        "yargs": {
          "version": "15.3.1",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.3.1.tgz",
@@ -18834,11 +18842,6 @@
            "strip-ansi": "^6.0.0"
          }
        },
-        "y18n": {
-          "version": "5.0.5",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
-          "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
-        },
        "yargs": {
          "version": "16.2.0",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -19642,10 +19645,9 @@
      "dev": true
    },
    "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
-      "dev": true
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
+      "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
    },
    "yallist": {
      "version": "4.0.0",
@@ -19812,6 +19814,12 @@
            "strip-ansi": "^5.0.0"
          }
        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
        "yargs-parser": {
          "version": "13.1.2",
          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz",
@@ -19941,6 +19949,12 @@
            "strip-ansi": "^5.0.0"
          }
        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
        "yargs": {
          "version": "14.2.3",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-14.2.3.tgz",
--- a/src/server/lib/oauth/client.js
+++ b/src/server/lib/oauth/client.js
@@ -136,7 +136,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
    headers.Authorization = `Bearer ${code}`
  }

-  if (provider.protection === 'pkce') {
+  if ([provider.protection].flat().includes('pkce')) {
    params.code_verifier = codeVerifier
  }

--- a/src/server/lib/oauth/pkce-handler.js
+++ b/src/server/lib/oauth/pkce-handler.js
@@ -16,7 +16,7 @@ const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
 export async function handleCallback (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
+    if (![provider.protection].flat().includes('pkce')) { // Provider does not support PKCE, nothing to do.
      return
    }

@@ -50,7 +50,7 @@ export async function handleCallback (req, res) {
 export async function handleSignin (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
+    if (![provider.protection].flat().includes('pkce')) { // Provider does not support PKCE, nothing to do.
      return
    }
    // Started login flow, add generated pkce to req.options and (encrypted) code_verifier to a cookie
--- a/src/server/lib/oauth/state-handler.js
+++ b/src/server/lib/oauth/state-handler.js
@@ -12,7 +12,7 @@ import { OAuthCallbackError } from '../../../lib/errors'
 export async function handleCallback (req, res) {
  const { csrfToken, provider, baseUrl, basePath } = req.options
  try {
-    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
+    if (![provider.protection].flat().includes('state')) { // Provider does not support state, nothing to do.
      return
    }

@@ -41,7 +41,7 @@ export async function handleCallback (req, res) {
 export async function handleSignin (req, res) {
  const { provider, baseUrl, basePath, csrfToken } = req.options
  try {
-    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
+    if (![provider.protection].flat().includes('state')) { // Provider does not support state, nothing to do.
      return
    }

--- a/www/docs/configuration/callbacks.md
+++ b/www/docs/configuration/callbacks.md
@@ -79,7 +79,7 @@ When using NextAuth.js without a database, the user object it will always be a p
 :::

 :::tip
-If you only want to allow users who already have accounts in the database to sign in, you can check for the existance of a `user.id` property and reject any sign in attempts from accounts that do not have one.
+If you only want to allow users who already have accounts in the database to sign in, you can check for the existence of a `user.id` property and reject any sign in attempts from accounts that do not have one.

 If you are using NextAuth.js without database and want to control who can sign in, you can check their email address or profile against a hard coded list in the `signIn()` callback.
 :::
--- a/www/docs/configuration/providers.md
+++ b/www/docs/configuration/providers.md
@@ -141,7 +141,7 @@ You can look at the existing built-in providers for inspiration.
 |       profile       |       An callback returning an object with the user's info       |            `object`             |    No    |
 |       idToken       |   Set to `true` for services that use ID Tokens (e.g. OpenID)    |            `boolean`            |    No    |
 |       headers       |      Any headers that should be sent to the OAuth provider       |            `object`             |    No    |
-|     protection      | Additional security for OAuth login flows (defaults to `state`)  |     `pkce`, `state`, `none`     |    No    |
+|     protection      | Additional security for OAuth login flows (defaults to `state`)  |`[pkce]`,`[state]`,`[pkce,state]`|    No    |
 |        state        | Same as `protection: "state"`. Being deprecated, use protection. |            `boolean`            |    No    |

 ## Sign in with Email
--- a/www/docs/schemas/adapters.md
+++ b/www/docs/schemas/adapters.md
@@ -185,7 +185,7 @@ Once you have saved your schema, use the Prisma CLI to generate the Prisma Clien
 npx prisma generate
 ```

-To configure you database to use the new schema (i.e. create tables and columns) use the `primsa migrate` command:
+To configure you database to use the new schema (i.e. create tables and columns) use the `prisma migrate` command:

 ```
 npx prisma migrate dev --preview-feature
Author	SHA1	Message	Date
Vinicius CR	5a3ee47337	feat(provider): accept array for protection to support multiple mechanisms (#1565 ) * fix: add protection both option * feat: update docs with new protection value * fix: lint files * refactor: change protection from string to array * chore: reverting unespected change * chore: lint files Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-06 19:20:56 +02:00
bhaveshmishra-code	8dd8f7c48a	docs: fix typo in callbacks.md (#1657 ) Fixed the spelling mistake. existance -> existence	2021-04-05 19:35:26 +02:00
Jaime Martínez Rincón	072c59d85a	docs: fix typo `primsa` (#1652 )	2021-04-05 00:25:46 +02:00
dependabot[bot]	d0e8147a48	chore(deps): bump y18n from 4.0.0 to 4.0.1 (#1631 ) Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-04-05 00:24:39 +02:00