fix(build): fix release

#1677 seemed to miss this

.github/labeler.yml

@@ -1,6 +1,5 @@
 test:
   - test/**/*
-  - types/tests/**/*
 
 documentation:
   - www/**/*
@@ -33,7 +32,4 @@ client:
 
 pages:
   - src/server/pages/**/*
-  - www/docs/configuration/pages.md
-
-TypeScript:
-  - types/**/*
+  - www/docs/configuration/pages.md

.gitignore

@@ -27,7 +27,6 @@ node_modules
 .cache-loader
 .next
 www/providers.json
-src/providers/index.js
 
 # VS
 /.vs/slnx.sqlite-journal

.npmignore

@@ -0,0 +1,3 @@
+./types/tests/
+./types/tests/tsconfig.json
+./types/tests/tslint.json

.prettierrc

@@ -0,0 +1,3 @@
+{
+  "semi": false
+}

CONTRIBUTING.md

@@ -16,7 +16,7 @@ Anyone can be a contributor. Either you found a typo, or you have an awesome fea
 * The latest changes are always in `main`, so please make your Pull Request against that branch.
 * Pull Requests should be raised for any change
 * Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-* We use ESLint/Prettier for linting/formatting, so please run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
+* Run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this extension](https://marketplace.visualstudio.com/items?itemName=chenxsan.vscode-standardjs) to fix lint issues in development)
 * We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
 * If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request
 
@@ -42,7 +42,7 @@ npm i
 > NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
 > You can find the next-auth config under`pages/api/auth/[...nextauth].js`.
 
-1. Start the dev application/server:
+1. Start the dev application/server and CSS watching:
 ```sh
 npm run dev
 ```
@@ -59,19 +59,9 @@ When running `npm run dev`, you start a Next.js dev server on `http://localhost:
 
 >NOTE: When working on CSS, you will need to manually refresh the page after changes. (Improving this through a PR is very welcome!)
 
-#### Providers
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
-2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
-
-That's it! 🎉 Others will be able to discover this provider much more easily now!
-
-You can look at the existing built-in providers for inspiration.
-
 #### Databases
 
-Included is a Docker Compose file that starts up MySQL, PostgreSQL, and MongoDB databases on localhost.
+Included is a Docker Compose file that starts up MySQL, Postgres, and MongoDB databases on localhost.
 
 It will use port `3306`, `5432`, and `27017` on localhost respectively; please make sure those ports are not used by other services on localhost.
 

README.md

@@ -84,9 +84,13 @@ Advanced options allow you to define your own routines to handle controlling wha
 
 ### TypeScript
 
-NextAuth.js comes with built-in types. For more information and usage, check out the [TypeScript section](https://next-auth.js.org/getting-started/typescript) in the documentaion.
+You can install the appropriate types via the following command:
 
-The package at `@types/next-auth` is now deprecated.
+```
+npm install --save-dev @types/next-auth
+```
+
+As of now, TypeScript is a community effort. If you encounter any problems with the types package, please create an issue at [DefinitelyTyped](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/next-auth). Alternatively, you can open a pull request directly with your fixes there. We welcome anyone to start a discussion on migrating this package to TypeScript, or how to improve the TypeScript experience in general.
 
 ## Example
 

adapters.js

@@ -0,0 +1 @@
+module.exports = require('./dist/adapters').default

client.js

@@ -0,0 +1 @@
+module.exports = require('./dist/client').default

config/build-types.js

@@ -0,0 +1,23 @@
+const fs = require('fs')
+const path = require('path')
+
+const BUILD_TARGETS = [
+  'index.d.ts',
+  'client.d.ts',
+  'adapters.d.ts',
+  'providers.d.ts',
+  'jwt.d.ts',
+  '_next.d.ts',
+  '_utils.d.ts'
+]
+
+BUILD_TARGETS.forEach((target) => {
+  fs.copyFile(
+    path.resolve('types', target),
+    path.join(process.cwd(), target),
+    (err) => {
+      if (err) throw err
+      console.log(`[build-types] copying "${target}" to root folder`)
+    }
+  )
+})

config/build.js

@@ -1,86 +0,0 @@
-const fs = require("fs-extra")
-const path = require("path")
-
-const MODULE_ENTRIES = {
-  SERVER: "index",
-  CLIENT: "client",
-  PROVIDERS: "providers",
-  ADAPTERS: "adapters",
-  JWT: "jwt",
-}
-
-// Building submodule entries
-
-const BUILD_TARGETS = {
-  [`${MODULE_ENTRIES.SERVER}.js`]: "module.exports = require('./dist/server').default\n",
-  [`${MODULE_ENTRIES.CLIENT}.js`]: "module.exports = require('./dist/client').default\n",
-  [`${MODULE_ENTRIES.ADAPTERS}.js`]: "module.exports = require('./dist/adapters').default\n",
-  [`${MODULE_ENTRIES.PROVIDERS}.js`]: "module.exports = require('./dist/providers').default\n",
-  [`${MODULE_ENTRIES.JWT}.js`]: "module.exports = require('./dist/lib/jwt').default\n",
-}
-
-Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
-  fs.writeFile(path.join(process.cwd(), target), content, (err) => {
-    if (err) throw err
-    console.log(`[build] created "${target}" in root folder`)
-  })
-})
-
-// Building types
-
-const TYPES_TARGETS = [
-  `${MODULE_ENTRIES.SERVER}.d.ts`,
-  `${MODULE_ENTRIES.CLIENT}.d.ts`,
-  `${MODULE_ENTRIES.ADAPTERS}.d.ts`,
-  `${MODULE_ENTRIES.PROVIDERS}.d.ts`,
-  `${MODULE_ENTRIES.JWT}.d.ts`,
-  "internals",
-]
-
-TYPES_TARGETS.forEach((target) => {
-  fs.copy(
-    path.resolve("types", target),
-    path.join(process.cwd(), target),
-    (err) => {
-      if (err) throw err
-      console.log(`[build-types] copying "${target}" to root folder`)
-    }
-  )
-})
-
-// Building providers
-
-const providersDir = path.join(process.cwd(), "/src/providers")
-
-const files = fs.readdirSync(providersDir, "utf8")
-
-let importLines = ""
-let exportLines = `export default {\n`
-files.forEach((file) => {
-  const provider = fs.readFileSync(path.join(providersDir, file), "utf8")
-  try {
-    // NOTE: If this fails, the default export probably wasn't a named function.
-    // Always use a named function as default export.
-    // Eg.: export default function YourProvider ...
-    const { functionName } = provider.match(
-      /export default function (?<functionName>.+)\s?\(/
-    ).groups
-
-    importLines += `import ${functionName} from "./${file}"\n`
-    exportLines += `  ${functionName},\n`
-  } catch (error) {
-    console.error(
-      [
-        `\nThe provider file '${file}' should have a single named default export`,
-        "Example: 'export default function YourProvider'\n\n",
-      ].join("\n")
-    )
-    process.exit(1)
-  }
-})
-exportLines += `}\n`
-
-fs.writeFile(
-  path.join(process.cwd(), "src/providers/index.js"),
-  [importLines, exportLines].join("\n")
-)

index.js

@@ -0,0 +1 @@
+module.exports = require('./dist/server')

jwt.js

@@ -0,0 +1 @@
+module.exports = require('./dist/lib/jwt').default

package.json

@@ -7,11 +7,11 @@
   "author": "Iain Collins <me@iaincollins.com>",
   "main": "index.js",
   "scripts": {
-    "build": "npm run build:js && npm run build:css",
-    "build:js": "node ./config/build.js && babel --config-file ./config/babel.config.json src --out-dir dist",
+    "build": "npm run build:js && npm run build:css && npm run build:types",
+    "build:js": "babel --config-file ./config/babel.config.json src --out-dir dist",
     "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir dist && node config/wrap-css.js",
-    "dev:with-css": "next | npm run watch:css",
-    "dev": "next",
+    "build:types": "node ./config/build-types.js",
+    "dev": "next | npm run watch:css",
     "watch": "npm run watch:js | npm run watch:css",
     "watch:js": "babel --config-file ./config/babel.config.json --watch src --out-dir dist",
     "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir dist",
@@ -31,8 +31,8 @@
     "prepublishOnly": "npm run build",
     "publish:beta": "npm publish --tag beta",
     "publish:canary": "npm publish --tag canary",
-    "lint": "eslint .",
-    "lint:fix": "eslint . --fix"
+    "lint": "ts-standard",
+    "lint:fix": "ts-standard --fix"
   },
   "files": [
     "dist",
@@ -46,7 +46,8 @@
     "client.d.ts",
     "jwt.js",
     "jwt.d.ts",
-    "internals"
+    "_next.d.ts",
+    "_utils.d.ts"
   ],
   "license": "ISC",
   "dependencies": {
@@ -84,8 +85,6 @@
     "@semantic-release/npm": "7.0.8",
     "@semantic-release/release-notes-generator": "^9.0.1",
     "@types/react": "^17.0.0",
-    "@typescript-eslint/eslint-plugin": "^4.22.0",
-    "@typescript-eslint/parser": "^4.22.0",
     "autoprefixer": "^9.7.6",
     "babel-preset-preact": "^2.0.0",
     "conventional-changelog-conventionalcommits": "4.4.0",
@@ -93,12 +92,6 @@
     "dotenv": "^8.2.0",
     "dtslint": "^4.0.8",
     "eslint": "^7.19.0",
-    "eslint-config-prettier": "^8.2.0",
-    "eslint-config-standard-with-typescript": "^19.0.1",
-    "eslint-plugin-import": "^2.22.1",
-    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.3.1",
-    "eslint-plugin-standard": "^5.0.0",
     "mocha": "^8.1.3",
     "mongodb": "^3.5.9",
     "mssql": "^6.2.1",
@@ -114,34 +107,21 @@
     "puppeteer-extra-plugin-stealth": "^2.6.1",
     "react": "^17.0.1",
     "react-dom": "^17.0.1",
+    "ts-standard": "^10.0.0",
     "typescript": "^4.1.3"
   },
-  "prettier": {
-    "semi": false
-  },
-  "eslintConfig": {
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-      "project": "./tsconfig.json"
-    },
-    "extends": [
-      "standard-with-typescript",
-      "prettier"
-    ],
-    "ignorePatterns": [
-      "node_modules",
-      "test",
+  "ts-standard": {
+    "project": "./tsconfig.json",
+    "ignore": [
+      "test/",
       "next-env.d.ts",
-      "types",
-      "www",
-      ".next",
-      "dist"
+      "types/"
     ],
-    "globals": {
-      "localStorage": "readonly",
-      "location": "readonly",
-      "fetch": "readonly"
-    }
+    "globals": [
+      "localStorage",
+      "location",
+      "fetch"
+    ]
   },
   "funding": [
     {

pages/api/auth/[...nextauth].js

@@ -6,27 +6,6 @@ import Providers from 'next-auth/providers'
 // const prisma = new PrismaClient()
 
 export default NextAuth({
-  // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
-  // cookies: {
-  //   csrfToken: {
-  //     name: 'next-auth.csrf-token',
-  //     options: {
-  //       httpOnly: true,
-  //       sameSite: 'none',
-  //       path: '/',
-  //       secure: true
-  //     }
-  //   },
-  //   pkceCodeVerifier: {
-  //     name: 'next-auth.pkce.code_verifier',
-  //     options: {
-  //       httpOnly: true,
-  //       sameSite: 'none',
-  //       path: '/',
-  //       secure: true
-  //     }
-  //   }
-  // },
   providers: [
     Providers.Email({
       server: process.env.EMAIL_SERVER,
@@ -40,11 +19,6 @@ export default NextAuth({
       clientId: process.env.AUTH0_ID,
       clientSecret: process.env.AUTH0_SECRET,
       domain: process.env.AUTH0_DOMAIN,
-      // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
-      // protection: ["pkce", "state"],
-      // authorizationParams: {
-      //   response_mode: 'form_post'
-      // }
       protection: 'pkce'
     }),
     Providers.Twitter({

pages/credentials.js

@@ -1,4 +1,3 @@
-// eslint-disable-next-line no-use-before-define
 import * as React from 'react'
 import { signIn, signOut, useSession } from 'next-auth/client'
 import Layout from 'components/layout'

pages/email.js

@@ -1,4 +1,3 @@
-// eslint-disable-next-line no-use-before-define
 import * as React from 'react'
 import { signIn, signOut, useSession } from 'next-auth/client'
 import Layout from 'components/layout'

providers.js

@@ -0,0 +1 @@
+module.exports = require('./dist/providers').default

src/client/index.d.ts

@@ -0,0 +1,103 @@
+import * as React from 'react'
+import { GetServerSidePropsContext } from 'next'
+
+interface DefaultSession {
+  user: {
+    name: string | null
+    email: string | null
+    image: string | null
+  }
+  expires: Date | string
+}
+
+interface BroadcastMessage {
+  event?: 'session'
+  data?: {
+    trigger?: 'signout' | 'getSession'
+  }
+  clientId: string
+  timestamp: number
+}
+
+type GetSession<S extends Record<string, unknown> = DefaultSession> = (options: {
+  ctx?: GetServerSidePropsContext
+  req?: GetServerSidePropsContext['req']
+  event?: 'storage' | 'timer' | 'hidden' | string
+  triggerEvent?: boolean
+}) => Promise<S>
+
+export interface NextAuthConfig {
+  baseUrl: string
+  basePath: string
+  baseUrlServer: string
+  basePathServer: string
+  /** 0 means disabled (don't send); 60 means send every 60 seconds */
+  keepAlive: number
+  /** 0 means disabled (only use cache); 60 means sync if last checked > 60 seconds ago */
+  clientMaxAge: number
+  /** Used for timestamp since last sycned (in seconds) */
+  _clientLastSync: number
+  /** Stores timer for poll interval */
+  _clientSyncTimer: ReturnType<typeof setTimeout>
+  /** Tracks if event listeners have been added */
+  _eventListenersAdded: boolean
+  /** Stores last session response from hook */
+  _clientSession: DefaultSession | null | undefined
+  /** Used to store to function export by getSession() hook */
+  _getSession: any
+}
+
+export type GetCsrfToken = (
+  ctxOrReq: GetServerSidePropsContext & GetServerSidePropsContext['req']
+) => Promise<string | null>
+
+export interface SessionOptions {
+  baseUrl?: string
+  basePath?: string
+  clientMaxAge?: number
+  keepAlive?: number
+}
+
+export type Provider<S extends Record<string, unknown> = DefaultSession > = (options: {
+  children: React.ReactNode
+  session: S
+  options: SessionOptions
+}) => React.ReactNode
+
+export type SetOptions = (options: SessionOptions) => void
+
+export type SessionContext = React.createContext<[DefaultSession | null, boolean]>
+
+export type UseSession = () => [any, boolean]
+
+export type GetProviders = () => Promise<any[]>
+
+// Sign in types
+
+export interface SignInOptions {
+  /** Defaults to the current URL. */
+  callbackUrl?: string
+  redirect?: boolean
+}
+export interface SignInResponse {
+  error: string | null
+  status: number
+  ok: boolean
+  url: string | null
+}
+
+export type SignIn<AuthorizationParams = Record<string, string>> = (
+  provider?: string,
+  options?: SignInOptions,
+  authorizationParams?: AuthorizationParams
+) => SignInResponse
+
+// Sign out types
+
+interface SignOutResponse<RedirectType extends boolean=true> {
+  /** Defaults to the current URL. */
+  callbackUrl?: string
+  redirect?: RedirectType
+}
+
+export type SignOut<RedirectType extends boolean = true> = (params: SignOutResponse<RedirectType>) => RedirectType extends true ? Promise<{url?: string} | undefined> : undefined

src/client/index.js

@@ -18,7 +18,7 @@ import parseUrl from '../lib/parse-url'
 //    relative URLs are valid in that context and so defaults to empty.
 // 2. When invoked server side the value is picked up from an environment
 //    variable and defaults to 'http://localhost:3000'.
-/** @type {import("types/internals/client").NextAuthConfig} */
+/** @type {import(".").NextAuthConfig} */
 const __NEXTAUTH = {
   baseUrl: parseUrl(process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
   basePath: parseUrl(process.env.NEXTAUTH_URL).basePath,
@@ -60,9 +60,15 @@ if (typeof window !== 'undefined' && !__NEXTAUTH._eventListenersAdded) {
 }
 
 // Context to store session data globally
-/** @type {import("types/internals/client").SessionContext} */
 const SessionContext = createContext()
 
+/**
+ * React Hook that gives you access
+ * to the logged in user's session data.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#usesession)
+ * @type {import(".").UseSession}
+ */
 export function useSession (session) {
   const context = useContext(SessionContext)
   if (context) return context
@@ -137,6 +143,14 @@ function _useSessionHook (session) {
   return [data, loading]
 }
 
+/**
+ * Can be called client or server side to return a session asynchronously.
+ * It calls `/api/auth/session` and returns a promise with a session object,
+ * or null if no session exists.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getsession)
+ * @type {import(".").GetSession}
+ */
 export async function getSession (ctx) {
   const session = await _fetchData('session', ctx)
   if (ctx?.triggerEvent ?? true) {
@@ -145,14 +159,39 @@ export async function getSession (ctx) {
   return session
 }
 
+/**
+ * Returns the current Cross Site Request Forgery Token (CSRF Token)
+ * required to make POST requests (e.g. for signing in and signing out).
+ * You likely only need to use this if you are not using the built-in
+ * `signIn()` and `signOut()` methods.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getcsrftoken)
+ * @type {import(".").GetCsrfToken}
+ */
 async function getCsrfToken (ctx) {
   return (await _fetchData('csrf', ctx))?.csrfToken
 }
 
+/**
+ * It calls `/api/auth/providers` and returns
+ * a list of the currently configured authentication providers.
+ * It can be useful if you are creating a dynamic custom sign in page.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#getproviders)
+ * @type {import(".").GetProviders}
+ */
 export async function getProviders () {
   return _fetchData('providers')
 }
 
+/**
+ * Client-side method to initiate a signin flow
+ * or send the user to the signin page listing all possible providers.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signin)
+ * @type {import(".").SignIn}
+ */
 export async function signIn (provider, options = {}, authorizationParams = {}) {
   const {
     callbackUrl = window.location,
@@ -216,6 +255,13 @@ export async function signIn (provider, options = {}, authorizationParams = {})
   }
 }
 
+/**
+ * Signs the user out, by removing the session cookie.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signout)
+ * @type {import(".").SignOut}
+ */
 export async function signOut (options = {}) {
   const {
     callbackUrl = window.location,
@@ -252,6 +298,7 @@ export async function signOut (options = {}) {
 // Method to set options. The documented way is to use the provider, but this
 // method is being left in as an alternative, that will be helpful if/when we
 // expose a vanilla JavaScript version that doesn't depend on React.
+/** @type {import(".").SetOptions} */
 export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {}) {
   if (baseUrl) __NEXTAUTH.baseUrl = baseUrl
   if (basePath) __NEXTAUTH.basePath = basePath
@@ -274,6 +321,14 @@ export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {})
   }
 }
 
+/**
+ * Provider to wrap the app in to make session data available globally.
+ * Can also be used to throttle the number of requests to the endpoint
+ * `/api/auth/session`.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#provider)
+ * @type {import(".").Provider}
+ */
 export function Provider ({ children, session, options }) {
   setOptions(options)
   return createElement(
@@ -332,13 +387,13 @@ function BroadcastChannel (name = 'nextauth.message') {
   return {
     /**
      * Get notified by other tabs/windows.
-     * @param {(message: import("types/internals/client").BroadcastMessage) => void} onReceive
+     * @param {(message: import(".").BroadcastMessage) => void} onReceive
      */
     receive (onReceive) {
       if (typeof window === 'undefined') return
       window.addEventListener('storage', async (event) => {
         if (event.key !== name) return
-        /** @type {import("types/internals/client").BroadcastMessage} */
+        /** @type {import(".").BroadcastMessage} */
         const message = JSON.parse(event.newValue)
         if (message?.event !== 'session' || !message?.data) return
 

src/lib/jwt.js

@@ -106,8 +106,7 @@ async function getToken (params) {
     // or not set (e.g. development or test instance) case use unprefixed name
     secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')),
     cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token',
-    raw = false,
-    decode: _decode = decode
+    raw = false
   } = params
   if (!req) throw new Error('Must pass `req` to JWT getToken()')
 
@@ -127,7 +126,7 @@ async function getToken (params) {
   }
 
   try {
-    return _decode({ token, ...params })
+    return decode({ token, ...params })
   } catch {
     return null
   }

src/lib/logger.d.ts

@@ -0,0 +1,10 @@
+export interface LoggerInstance {
+  warn: (code?: string, ...message: unknown[]) => void
+  error: (code?: string, ...message: unknown[]) => void
+  debug: (code?: string, ...message: unknown[]) => void
+}
+
+export declare function proxyLogger (logger: LoggerInstance, basePath: string): LoggerInstance
+
+const _logger: LoggerInstance
+export default _logger

src/lib/logger.js

@@ -1,31 +1,34 @@
-/** @type {import("types").LoggerInstance} */
+/** @type {import("./logger").LoggerInstance} */
 const _logger = {
-  error(code, ...message) {
+  error (code, ...message) {
     console.error(
       `[next-auth][error][${code.toLowerCase()}]`,
       `\nhttps://next-auth.js.org/errors#${code.toLowerCase()}`,
       ...message
     )
   },
-  warn(code, ...message) {
+  warn (code, ...message) {
     console.warn(
       `[next-auth][warn][${code.toLowerCase()}]`,
       `\nhttps://next-auth.js.org/warnings#${code.toLowerCase()}`,
       ...message
     )
   },
-  debug(code, ...message) {
+  debug (code, ...message) {
     if (!process?.env?._NEXTAUTH_DEBUG) return
-    console.log(`[next-auth][debug][${code.toLowerCase()}]`, ...message)
-  },
+    console.log(
+      `[next-auth][debug][${code.toLowerCase()}]`,
+      ...message
+    )
+  }
 }
 
 /**
  * Override the built-in logger.
  * Any `undefined` level will use the default logger.
- * @param {Partial<import("types").LoggerInstance>} newLogger
+ * @param {Partial<import("./logger").LoggerInstance>} newLogger
  */
-export function setLogger(newLogger = {}) {
+export function setLogger (newLogger = {}) {
   if (newLogger.error) _logger.error = newLogger.error
   if (newLogger.warn) _logger.warn = newLogger.warn
   if (newLogger.debug) _logger.debug = newLogger.debug
@@ -35,13 +38,13 @@ export default _logger
 
 /**
  * Serializes client-side log messages and sends them to the server
- * @param {import("types").LoggerInstance} logger
+ * @param {import("./logger").LoggerInstance} logger
  * @param {string} basePath
- * @return {import("types").LoggerInstance}
+ * @return {import("./logger").LoggerInstance}
  */
-export function proxyLogger(logger = _logger, basePath) {
+export function proxyLogger (logger = _logger, basePath) {
   try {
-    if (typeof window === "undefined") {
+    if (typeof window === 'undefined') {
       return logger
     }
 
@@ -54,23 +57,21 @@ export function proxyLogger(logger = _logger, basePath) {
         const body = new URLSearchParams({
           level,
           code,
-          message: JSON.stringify(
-            message.map((m) => {
-              if (m instanceof Error) {
-                // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
-                return { name: m.name, message: m.message, stack: m.stack }
-              }
-              return m
-            })
-          ),
+          message: JSON.stringify(message.map(m => {
+            if (m instanceof Error) {
+              // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+              return { name: m.name, message: m.message, stack: m.stack }
+            }
+            return m
+          }))
         })
         if (navigator.sendBeacon) {
           return navigator.sendBeacon(url, body)
         }
         return fetch(url, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body,
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body
         })
       }
     }

src/providers/apple.js

@@ -1,34 +1,30 @@
-export default function Apple(options) {
+export default (options) => {
   return {
-    id: "apple",
-    name: "Apple",
-    type: "oauth",
-    version: "2.0",
-    scope: "name email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://appleid.apple.com/auth/token",
-    authorizationUrl:
-      "https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post",
+    id: 'apple',
+    name: 'Apple',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'name email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://appleid.apple.com/auth/token',
+    authorizationUrl: 'https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post',
     profileUrl: null,
     idToken: true,
-    profile(profile) {
+    profile: (profile) => {
       // The name of the user will only return on first login
       return {
         id: profile.sub,
-        name:
-          profile.user != null
-            ? profile.user.name.firstName + " " + profile.user.name.lastName
-            : null,
-        email: profile.email,
+        name: profile.user != null ? profile.user.name.firstName + ' ' + profile.user.name.lastName : null,
+        email: profile.email
       }
     },
     clientId: null,
     clientSecret: {
       teamId: null,
       privateKey: null,
-      keyId: null,
+      keyId: null
     },
-    protection: "none", // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
-    ...options,
+    protection: 'none', // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
+    ...options
   }
 }

src/providers/atlassian.js

@@ -1,24 +1,24 @@
-export default function Atlassian(options) {
+export default (options) => {
   return {
-    id: "atlassian",
-    name: "Atlassian",
-    type: "oauth",
-    version: "2.0",
+    id: 'atlassian',
+    name: 'Atlassian',
+    type: 'oauth',
+    version: '2.0',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
     },
-    accessTokenUrl: "https://auth.atlassian.com/oauth/token",
+    accessTokenUrl: 'https://auth.atlassian.com/oauth/token',
     authorizationUrl:
-      "https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent",
-    profileUrl: "https://api.atlassian.com/me",
-    profile(profile) {
+      'https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent',
+    profileUrl: 'https://api.atlassian.com/me',
+    profile: (profile) => {
       return {
         id: profile.account_id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture,
+        image: profile.picture
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/auth0.js

@@ -1,22 +1,22 @@
-export default function Auth0(options) {
+export default (options) => {
   return {
-    id: "auth0",
-    name: "Auth0",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    scope: "openid email profile",
+    id: 'auth0',
+    name: 'Auth0',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    scope: 'openid email profile',
     accessTokenUrl: `https://${options.domain}/oauth/token`,
     authorizationUrl: `https://${options.domain}/authorize?response_type=code`,
     profileUrl: `https://${options.domain}/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
       return {
         id: profile.sub,
         name: profile.nickname,
         email: profile.email,
-        image: profile.picture,
+        image: profile.picture
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/azure-ad-b2c.js

@@ -1,24 +1,24 @@
-export default function AzureADB2C(options) {
-  const tenant = options.tenantId ? options.tenantId : "common"
+export default (options) => {
+  const tenant = options.tenantId ? options.tenantId : 'common'
 
   return {
-    id: "azure-ad-b2c",
-    name: "Azure Active Directory B2C",
-    type: "oauth",
-    version: "2.0",
+    id: 'azure-ad-b2c',
+    name: 'Azure Active Directory B2C',
+    type: 'oauth',
+    version: '2.0',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
     },
     accessTokenUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
     authorizationUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize?response_type=code&response_mode=query`,
-    profileUrl: "https://graph.microsoft.com/v1.0/me/",
-    profile(profile) {
+    profileUrl: 'https://graph.microsoft.com/v1.0/me/',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.displayName,
-        email: profile.userPrincipalName,
+        email: profile.userPrincipalName
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/basecamp.js

@@ -1,22 +1,20 @@
-export default function Basecamp(options) {
+export default (options) => {
   return {
-    id: "basecamp",
-    name: "Basecamp",
-    type: "oauth",
-    version: "2.0",
-    accessTokenUrl:
-      "https://launchpad.37signals.com/authorization/token?type=web_server",
-    authorizationUrl:
-      "https://launchpad.37signals.com/authorization/new?type=web_server",
-    profileUrl: "https://launchpad.37signals.com/authorization.json",
-    profile(profile) {
+    id: 'basecamp',
+    name: 'Basecamp',
+    type: 'oauth',
+    version: '2.0',
+    accessTokenUrl: 'https://launchpad.37signals.com/authorization/token?type=web_server',
+    authorizationUrl: 'https://launchpad.37signals.com/authorization/new?type=web_server',
+    profileUrl: 'https://launchpad.37signals.com/authorization.json',
+    profile: (profile) => {
       return {
         id: profile.identity.id,
         name: `${profile.identity.first_name} ${profile.identity.last_name}`,
         email: profile.identity.email_address,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/battlenet.js

@@ -1,29 +1,29 @@
-export default function BattleNet(options) {
+export default (options) => {
   const { region } = options
   return {
-    id: "battlenet",
-    name: "Battle.net",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid",
-    params: { grant_type: "authorization_code" },
+    id: 'battlenet',
+    name: 'Battle.net',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid',
+    params: { grant_type: 'authorization_code' },
     accessTokenUrl:
-      region === "CN"
-        ? "https://www.battlenet.com.cn/oauth/token"
+      region === 'CN'
+        ? 'https://www.battlenet.com.cn/oauth/token'
         : `https://${region}.battle.net/oauth/token`,
     authorizationUrl:
-      region === "CN"
-        ? "https://www.battlenet.com.cn/oauth/authorize?response_type=code"
+      region === 'CN'
+        ? 'https://www.battlenet.com.cn/oauth/authorize?response_type=code'
         : `https://${region}.battle.net/oauth/authorize?response_type=code`,
-    profileUrl: "https://us.battle.net/oauth/userinfo",
-    profile(profile) {
+    profileUrl: 'https://us.battle.net/oauth/userinfo',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.battletag,
         email: null,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/box.js

@@ -1,23 +1,22 @@
-export default function Box(options) {
+export default (options) => {
   return {
-    id: "box",
-    name: "Box",
-    type: "oauth",
-    version: "2.0",
-    scope: "",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.box.com/oauth2/token",
-    authorizationUrl:
-      "https://account.box.com/api/oauth2/authorize?response_type=code",
-    profileUrl: "https://api.box.com/2.0/users/me",
-    profile(profile) {
+    id: 'box',
+    name: 'Box',
+    type: 'oauth',
+    version: '2.0',
+    scope: '',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.box.com/oauth2/token',
+    authorizationUrl: 'https://account.box.com/api/oauth2/authorize?response_type=code',
+    profileUrl: 'https://api.box.com/2.0/users/me',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.login,
-        image: profile.avatar_url,
+        image: profile.avatar_url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/bungie.js

@@ -1,34 +1,30 @@
-export default function Bungie(options) {
+export default (options) => {
   return {
-    id: "bungie",
-    name: "Bungie",
-    type: "oauth",
-    version: "2.0",
-    scope: "",
-    params: { reauth: "true", grant_type: "authorization_code" },
-    accessTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
-    requestTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
-    authorizationUrl:
-      "https://www.bungie.net/en/OAuth/Authorize?response_type=code",
-    profileUrl:
-      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
-    profile(profile) {
+    id: 'bungie',
+    name: 'Bungie',
+    type: 'oauth',
+    version: '2.0',
+    scope: '',
+    params: { reauth: 'true', grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
+    requestTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
+    authorizationUrl: 'https://www.bungie.net/en/OAuth/Authorize?response_type=code',
+    profileUrl: 'https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/',
+    profile: (profile) => {
       const { bungieNetUser: user } = profile.Response
 
       return {
         id: user.membershipId,
         name: user.displayName,
-        image: `https://www.bungie.net${
-          user.profilePicturePath.startsWith("/") ? "" : "/"
-        }${user.profilePicturePath}`,
-        email: null,
+        image: `https://www.bungie.net${user.profilePicturePath.startsWith('/') ? '' : '/'}${user.profilePicturePath}`,
+        email: null
       }
     },
     headers: {
-      "X-API-Key": null,
+      'X-API-Key': null
     },
     clientId: null,
     clientSecret: null,
-    ...options,
+    ...options
   }
 }

src/providers/cognito.js

@@ -1,23 +1,23 @@
-export default function Cognito(options) {
+export default (options) => {
   const { domain } = options
   return {
-    id: "cognito",
-    name: "Cognito",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
-    params: { grant_type: "authorization_code" },
+    id: 'cognito',
+    name: 'Cognito',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
+    params: { grant_type: 'authorization_code' },
     accessTokenUrl: `https://${domain}/oauth2/token`,
     authorizationUrl: `https://${domain}/oauth2/authorize?response_type=code`,
     profileUrl: `https://${domain}/oauth2/userInfo`,
-    profile(profile) {
+    profile: (profile) => {
       return {
         id: profile.sub,
         name: profile.username,
         email: profile.email,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/credentials.js

@@ -1,10 +1,10 @@
-export default function Credentials(options) {
+export default (options) => {
   return {
-    id: "credentials",
-    name: "Credentials",
-    type: "credentials",
+    id: 'credentials',
+    name: 'Credentials',
+    type: 'credentials',
     authorize: null,
     credentials: null,
-    ...options,
+    ...options
   }
 }

src/providers/discord.js

@@ -1,30 +1,29 @@
-export default function Discord(options) {
+export default (options) => {
   return {
-    id: "discord",
-    name: "Discord",
-    type: "oauth",
-    version: "2.0",
-    scope: "identify email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://discord.com/api/oauth2/token",
-    authorizationUrl:
-      "https://discord.com/api/oauth2/authorize?response_type=code&prompt=none",
-    profileUrl: "https://discord.com/api/users/@me",
-    profile(profile) {
+    id: 'discord',
+    name: 'Discord',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'identify email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://discord.com/api/oauth2/token',
+    authorizationUrl: 'https://discord.com/api/oauth2/authorize?response_type=code&prompt=none',
+    profileUrl: 'https://discord.com/api/users/@me',
+    profile: (profile) => {
       if (profile.avatar === null) {
         const defaultAvatarNumber = parseInt(profile.discriminator) % 5
         profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`
       } else {
-        const format = profile.avatar.startsWith("a_") ? "gif" : "png"
+        const format = profile.avatar.startsWith('a_') ? 'gif' : 'png'
         profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
       }
       return {
         id: profile.id,
         name: profile.username,
         image: profile.image_url,
-        email: profile.email,
+        email: profile.email
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/email.js

@@ -1,54 +1,48 @@
-import nodemailer from "nodemailer"
-import logger from "../lib/logger"
+import nodemailer from 'nodemailer'
+import logger from '../lib/logger'
 
-export default function Email(options) {
+export default (options) => {
   return {
-    id: "email",
-    type: "email",
-    name: "Email",
+    id: 'email',
+    type: 'email',
+    name: 'Email',
     // Server can be an SMTP connection string or a nodemailer config object
     server: {
-      host: "localhost",
+      host: 'localhost',
       port: 25,
       auth: {
-        user: "",
-        pass: "",
-      },
+        user: '',
+        pass: ''
+      }
     },
-    from: "NextAuth <no-reply@example.com>",
-    maxAge: 24 * 60 * 60,
+    from: 'NextAuth <no-reply@example.com>',
+    maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
     sendVerificationRequest,
-    ...options,
+    ...options
   }
 }
 
-const sendVerificationRequest = ({
-  identifier: email,
-  url,
-  baseUrl,
-  provider,
-}) => {
+const sendVerificationRequest = ({ identifier: email, url, baseUrl, provider }) => {
   return new Promise((resolve, reject) => {
     const { server, from } = provider
     // Strip protocol from URL and use domain as site name
-    const site = baseUrl.replace(/^https?:\/\//, "")
+    const site = baseUrl.replace(/^https?:\/\//, '')
 
-    nodemailer.createTransport(server).sendMail(
-      {
+    nodemailer
+      .createTransport(server)
+      .sendMail({
         to: email,
         from,
         subject: `Sign in to ${site}`,
         text: text({ url, site, email }),
-        html: html({ url, site, email }),
-      },
-      (error) => {
+        html: html({ url, site, email })
+      }, (error) => {
         if (error) {
-          logger.error("SEND_VERIFICATION_EMAIL_ERROR", email, error)
-          return reject(new Error("SEND_VERIFICATION_EMAIL_ERROR", error))
+          logger.error('SEND_VERIFICATION_EMAIL_ERROR', email, error)
+          return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
         }
         return resolve()
-      }
-    )
+      })
   })
 }
 
@@ -58,16 +52,16 @@ const html = ({ url, site, email }) => {
   // email address and the domain from being turned into a hyperlink by email
   // clients like Outlook and Apple mail, as this is confusing because it seems
   // like they are supposed to click on their email address to sign in.
-  const escapedEmail = `${email.replace(/\./g, "&#8203;.")}`
-  const escapedSite = `${site.replace(/\./g, "&#8203;.")}`
+  const escapedEmail = `${email.replace(/\./g, '&#8203;.')}`
+  const escapedSite = `${site.replace(/\./g, '&#8203;.')}`
 
   // Some simple styling options
-  const backgroundColor = "#f9f9f9"
-  const textColor = "#444444"
-  const mainBackgroundColor = "#ffffff"
-  const buttonBackgroundColor = "#346df1"
-  const buttonBorderColor = "#346df1"
-  const buttonTextColor = "#ffffff"
+  const backgroundColor = '#f9f9f9'
+  const textColor = '#444444'
+  const mainBackgroundColor = '#ffffff'
+  const buttonBackgroundColor = '#346df1'
+  const buttonBorderColor = '#346df1'
+  const buttonTextColor = '#ffffff'
 
   return `
 <body style="background: ${backgroundColor};">

src/providers/eveonline.js

@@ -1,22 +1,21 @@
-export default function EVEOnline(options) {
+export default (options) => {
   return {
-    id: "eveonline",
-    name: "EVE Online",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://login.eveonline.com/oauth/token",
-    authorizationUrl:
-      "https://login.eveonline.com/oauth/authorize?response_type=code",
-    profileUrl: "https://login.eveonline.com/oauth/verify",
-    profile(profile) {
+    id: 'eveonline',
+    name: 'EVE Online',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://login.eveonline.com/oauth/token',
+    authorizationUrl: 'https://login.eveonline.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://login.eveonline.com/oauth/verify',
+    profile: (profile) => {
       return {
         id: profile.CharacterID,
         name: profile.CharacterName,
         image: `https://image.eveonline.com/Character/${profile.CharacterID}_128.jpg`,
-        email: null,
+        email: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/facebook.js

@@ -1,22 +1,21 @@
-export default function Facebook(options) {
+export default (options) => {
   return {
-    id: "facebook",
-    name: "Facebook",
-    type: "oauth",
-    version: "2.0",
-    scope: "email",
-    accessTokenUrl: "https://graph.facebook.com/oauth/access_token",
-    authorizationUrl:
-      "https://www.facebook.com/v7.0/dialog/oauth?response_type=code",
-    profileUrl: "https://graph.facebook.com/me?fields=email,name,picture",
-    profile(profile) {
+    id: 'facebook',
+    name: 'Facebook',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'email',
+    accessTokenUrl: 'https://graph.facebook.com/oauth/access_token',
+    authorizationUrl: 'https://www.facebook.com/v7.0/dialog/oauth?response_type=code',
+    profileUrl: 'https://graph.facebook.com/me?fields=email,name,picture',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture.data.url,
+        image: profile.picture.data.url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/faceit.js

@@ -1,28 +1,25 @@
-export default function FACEIT(options) {
+export default (options) => {
   return {
-    id: "faceit",
-    name: "FACEIT",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
+    id: 'faceit',
+    name: 'FACEIT',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
     headers: {
-      Authorization: `Basic ${Buffer.from(
-        `${options.clientId}:${options.clientSecret}`
-      ).toString("base64")}`,
+      Authorization: `Basic ${Buffer.from(`${options.clientId}:${options.clientSecret}`).toString('base64')}`
     },
-    accessTokenUrl: "https://api.faceit.com/auth/v1/oauth/token",
-    authorizationUrl:
-      "https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code",
-    profileUrl: "https://api.faceit.com/auth/v1/resources/userinfo",
-    profile(profile) {
+    accessTokenUrl: 'https://api.faceit.com/auth/v1/oauth/token',
+    authorizationUrl: 'https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code',
+    profileUrl: 'https://api.faceit.com/auth/v1/resources/userinfo',
+    profile (profile) {
       const { guid: id, nickname: name, email, picture: image } = profile
       return {
         id,
         name,
         email,
-        image,
+        image
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/foursquare.js

@@ -1,23 +1,22 @@
-export default function Foursquare(options) {
-  const { apiVersion } = options
+export default ({ apiVersion, ...options }) => {
   return {
-    id: "foursquare",
-    name: "Foursquare",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://foursquare.com/oauth2/access_token",
+    id: 'foursquare',
+    name: 'Foursquare',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://foursquare.com/oauth2/access_token',
     authorizationUrl:
-      "https://foursquare.com/oauth2/authenticate?response_type=code",
+      'https://foursquare.com/oauth2/authenticate?response_type=code',
     profileUrl: `https://api.foursquare.com/v2/users/self?v=${apiVersion}`,
-    profile(profile) {
+    profile: (profile) => {
       return {
         id: profile.id,
         name: `${profile.firstName} ${profile.lastName}`,
         image: `${profile.prefix}original${profile.suffix}`,
-        email: profile.contact.email,
+        email: profile.contact.email
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/fusionauth.js

@@ -1,27 +1,27 @@
-export default function FusionAuth(options) {
+export default (options) => {
   let authorizationUrl = `https://${options.domain}/oauth2/authorize?response_type=code`
   if (options.tenantId) {
     authorizationUrl += `&tenantId=${options.tenantId}`
   }
 
   return {
-    id: "fusionauth",
-    name: "FusionAuth",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid",
-    params: { grant_type: "authorization_code" },
+    id: 'fusionauth',
+    name: 'FusionAuth',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid',
+    params: { grant_type: 'authorization_code' },
     accessTokenUrl: `https://${options.domain}/oauth2/token`,
     authorizationUrl,
     profileUrl: `https://${options.domain}/oauth2/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
       return {
         id: profile.sub,
         name: profile.name,
         email: profile.email,
-        image: profile.picture,
+        image: profile.picture
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/github.js

@@ -1,21 +1,21 @@
-export default function GitHub(options) {
+export default (options) => {
   return {
-    id: "github",
-    name: "GitHub",
-    type: "oauth",
-    version: "2.0",
-    scope: "user",
-    accessTokenUrl: "https://github.com/login/oauth/access_token",
-    authorizationUrl: "https://github.com/login/oauth/authorize",
-    profileUrl: "https://api.github.com/user",
-    profile(profile) {
+    id: 'github',
+    name: 'GitHub',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user',
+    accessTokenUrl: 'https://github.com/login/oauth/access_token',
+    authorizationUrl: 'https://github.com/login/oauth/authorize',
+    profileUrl: 'https://api.github.com/user',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name || profile.login,
         email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/gitlab.js

@@ -1,22 +1,22 @@
-export default function GitLab(options) {
+export default (options) => {
   return {
-    id: "gitlab",
-    name: "GitLab",
-    type: "oauth",
-    version: "2.0",
-    scope: "read_user",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://gitlab.com/oauth/token",
-    authorizationUrl: "https://gitlab.com/oauth/authorize?response_type=code",
-    profileUrl: "https://gitlab.com/api/v4/user",
-    profile(profile) {
+    id: 'gitlab',
+    name: 'GitLab',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'read_user',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://gitlab.com/oauth/token',
+    authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://gitlab.com/api/v4/user',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.username,
         email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/google.js

@@ -1,25 +1,23 @@
-export default function Google(options) {
+export default (options) => {
   return {
-    id: "google",
-    name: "Google",
-    type: "oauth",
-    version: "2.0",
-    scope:
-      "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
-    requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
-    authorizationUrl:
-      "https://accounts.google.com/o/oauth2/auth?response_type=code",
-    profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
-    profile(profile) {
+    id: 'google',
+    name: 'Google',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.google.com/o/oauth2/token',
+    requestTokenUrl: 'https://accounts.google.com/o/oauth2/auth',
+    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth?response_type=code',
+    profileUrl: 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture,
+        image: profile.picture
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/identity-server4.js

@@ -1,17 +1,17 @@
-export default function IdentityServer4(options) {
+export default (options) => {
   return {
-    id: "identity-server4",
-    name: "IdentityServer4",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
-    params: { grant_type: "authorization_code" },
+    id: 'identity-server4',
+    name: 'IdentityServer4',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
+    params: { grant_type: 'authorization_code' },
     accessTokenUrl: `https://${options.domain}/connect/token`,
     authorizationUrl: `https://${options.domain}/connect/authorize?response_type=code`,
     profileUrl: `https://${options.domain}/connect/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
       return { ...profile, id: profile.sub }
     },
-    ...options,
+    ...options
   }
 }

src/providers/index.js

@@ -0,0 +1,83 @@
+import Apple from './apple'
+import Atlassian from './atlassian'
+import Auth0 from './auth0'
+import AzureADB2C from './azure-ad-b2c'
+import Basecamp from './basecamp'
+import BattleNet from './battlenet'
+import Box from './box'
+import Bungie from './bungie'
+import Cognito from './cognito'
+import Credentials from './credentials'
+import Discord from './discord'
+import Email from './email'
+import EVEOnline from './eveonline'
+import Facebook from './facebook'
+import FACEIT from './faceit'
+import Foursquare from './foursquare'
+import FusionAuth from './fusionauth'
+import GitHub from './github'
+import GitLab from './gitlab'
+import Google from './google'
+import IdentityServer4 from './identity-server4'
+import Instagram from './instagram'
+import Kakao from './kakao'
+import LINE from './line'
+import LinkedIn from './linkedin'
+import MailRu from './mailru'
+import Medium from './medium'
+import Netlify from './netlify'
+import Okta from './okta'
+import Osso from './osso'
+import Reddit from './reddit'
+import Salesforce from './salesforce'
+import Slack from './slack'
+import Spotify from './spotify'
+import Strava from './strava'
+import Twitch from './twitch'
+import Twitter from './twitter'
+import VK from './vk'
+import Yandex from './yandex'
+import Zoho from './zoho'
+
+export default {
+  Apple,
+  Atlassian,
+  Auth0,
+  AzureADB2C,
+  Basecamp,
+  BattleNet,
+  Box,
+  Bungie,
+  Cognito,
+  Credentials,
+  Discord,
+  Email,
+  EVEOnline,
+  Facebook,
+  FACEIT,
+  Foursquare,
+  FusionAuth,
+  GitHub,
+  GitLab,
+  Google,
+  IdentityServer4,
+  Instagram,
+  Kakao,
+  LINE,
+  LinkedIn,
+  MailRu,
+  Medium,
+  Netlify,
+  Okta,
+  Osso,
+  Reddit,
+  Salesforce,
+  Slack,
+  Spotify,
+  Strava,
+  Twitch,
+  Twitter,
+  VK,
+  Yandex,
+  Zoho
+}

src/providers/instagram.js

@@ -1,5 +1,5 @@
 /**
- * @type {import("types/providers").OAuthProvider} options
+ * @param {import("../server").Provider} options
  * @example
  *
  * ```js
@@ -22,29 +22,30 @@
  * </button>
  * ...
  * ```
- * [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram) | [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started) | [Configuration](https://developers.facebook.com/apps)
+ * *Resources:*
+ * - [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram)
+ * - [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started)
+ * - [Configuration](https://developers.facebook.com/apps)
  */
-export default function Instagram(options) {
+export default function Instagram (options) {
   return {
-    id: "instagram",
-    name: "Instagram",
-    type: "oauth",
-    version: "2.0",
-    scope: "user_profile",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.instagram.com/oauth/access_token",
-    authorizationUrl:
-      "https://api.instagram.com/oauth/authorize?response_type=code",
-    profileUrl:
-      "https://graph.instagram.com/me?fields=id,username,account_type,name",
-    async profile(profile) {
+    id: 'instagram',
+    name: 'Instagram',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user_profile',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.instagram.com/oauth/access_token',
+    authorizationUrl: 'https://api.instagram.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://graph.instagram.com/me?fields=id,username,account_type,name',
+    async profile (profile) {
       return {
         id: profile.id,
         name: profile.username,
         email: null,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/kakao.js

@@ -1,22 +1,21 @@
-export default function Kakao(options) {
+export default (options) => {
   return {
-    id: "kakao",
-    name: "Kakao",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://kauth.kakao.com/oauth/token",
-    authorizationUrl:
-      "https://kauth.kakao.com/oauth/authorize?response_type=code",
-    profileUrl: "https://kapi.kakao.com/v2/user/me",
-    profile(profile) {
+    id: 'kakao',
+    name: 'Kakao',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://kauth.kakao.com/oauth/token',
+    authorizationUrl: 'https://kauth.kakao.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://kapi.kakao.com/v2/user/me',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.kakao_account?.profile.nickname,
         email: profile.kakao_account?.email,
-        image: profile.kakao_account?.profile.profile_image_url,
+        image: profile.kakao_account?.profile.profile_image_url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/line.js

@@ -1,23 +1,22 @@
-export default function LINE(options) {
+export default (options) => {
   return {
-    id: "line",
-    name: "LINE",
-    type: "oauth",
-    version: "2.0",
-    scope: "profile openid",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.line.me/oauth2/v2.1/token",
-    authorizationUrl:
-      "https://access.line.me/oauth2/v2.1/authorize?response_type=code",
-    profileUrl: "https://api.line.me/v2/profile",
-    profile(profile) {
+    id: 'line',
+    name: 'LINE',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'profile openid',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.line.me/oauth2/v2.1/token',
+    authorizationUrl: 'https://access.line.me/oauth2/v2.1/authorize?response_type=code',
+    profileUrl: 'https://api.line.me/v2/profile',
+    profile: (profile) => {
       return {
         id: profile.userId,
         name: profile.displayName,
         email: null,
-        image: profile.pictureUrl,
+        image: profile.pictureUrl
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/linkedin.js

@@ -1,28 +1,26 @@
-export default function LinkedIn(options) {
+export default (options) => {
   return {
-    id: "linkedin",
-    name: "LinkedIn",
-    type: "oauth",
-    version: "2.0",
-    scope: "r_liteprofile",
+    id: 'linkedin',
+    name: 'LinkedIn',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'r_liteprofile',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code',
       client_id: options.clientId,
-      client_secret: options.clientSecret,
+      client_secret: options.clientSecret
     },
-    accessTokenUrl: "https://www.linkedin.com/oauth/v2/accessToken",
-    authorizationUrl:
-      "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
-    profileUrl:
-      "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)",
-    profile(profile) {
+    accessTokenUrl: 'https://www.linkedin.com/oauth/v2/accessToken',
+    authorizationUrl: 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
+    profileUrl: 'https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)',
+    profile: (profile) => {
       return {
         id: profile.id,
-        name: profile.localizedFirstName + " " + profile.localizedLastName,
+        name: profile.localizedFirstName + ' ' + profile.localizedLastName,
         email: null,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/mailru.js

@@ -1,25 +1,25 @@
-export default function MailRu(options) {
+export default (options) => {
   return {
-    id: "mailru",
-    name: "Mail.ru",
-    type: "oauth",
-    version: "2.0",
-    scope: "userinfo",
+    id: 'mailru',
+    name: 'Mail.ru',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'userinfo',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
     },
-    accessTokenUrl: "https://oauth.mail.ru/token",
-    requestTokenUrl: "https://oauth.mail.ru/token",
-    authorizationUrl: "https://oauth.mail.ru/login?response_type=code",
-    profileUrl: "https://oauth.mail.ru/userinfo",
-    profile(profile) {
+    accessTokenUrl: 'https://oauth.mail.ru/token',
+    requestTokenUrl: 'https://oauth.mail.ru/token',
+    authorizationUrl: 'https://oauth.mail.ru/login?response_type=code',
+    profileUrl: 'https://oauth.mail.ru/userinfo',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.image,
+        image: profile.image
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/medium.js

@@ -1,22 +1,22 @@
-export default function Medium(options) {
+export default (options) => {
   return {
-    id: "medium",
-    name: "Medium",
-    type: "oauth",
-    version: "2.0",
-    scope: "basicProfile",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.medium.com/v1/tokens",
-    authorizationUrl: "https://medium.com/m/oauth/authorize?response_type=code",
-    profileUrl: "https://api.medium.com/v1/me",
-    profile(profile) {
+    id: 'medium',
+    name: 'Medium',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'basicProfile',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.medium.com/v1/tokens',
+    authorizationUrl: 'https://medium.com/m/oauth/authorize?response_type=code',
+    profileUrl: 'https://api.medium.com/v1/me',
+    profile: (profile) => {
       return {
         id: profile.data.id,
         name: profile.data.name,
         email: null,
-        image: profile.data.imageUrl,
+        image: profile.data.imageUrl
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/netlify.js

@@ -1,21 +1,21 @@
-export default function Netlify(options) {
+export default (options) => {
   return {
-    id: "netlify",
-    name: "Netlify",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.netlify.com/oauth/token",
-    authorizationUrl: "https://app.netlify.com/authorize?response_type=code",
-    profileUrl: "https://api.netlify.com/api/v1/user",
-    profile(profile) {
+    id: 'netlify',
+    name: 'Netlify',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.netlify.com/oauth/token',
+    authorizationUrl: 'https://app.netlify.com/authorize?response_type=code',
+    profileUrl: 'https://api.netlify.com/api/v1/user',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.full_name,
         email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/okta.js

@@ -1,22 +1,22 @@
-export default function Okta(options) {
+export default (options) => {
   return {
-    id: "okta",
-    name: "Okta",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
+    id: 'okta',
+    name: 'Okta',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code',
       client_id: options.clientId,
-      client_secret: options.clientSecret,
+      client_secret: options.clientSecret
     },
     // These will be different depending on the Org.
     accessTokenUrl: `https://${options.domain}/v1/token`,
     authorizationUrl: `https://${options.domain}/v1/authorize/?response_type=code`,
     profileUrl: `https://${options.domain}/v1/userinfo/`,
-    profile(profile) {
+    profile: (profile) => {
       return { ...profile, id: profile.sub }
     },
-    ...options,
+    ...options
   }
 }

src/providers/osso.js

@@ -1,20 +1,20 @@
-export default function Osso(options) {
+export default (options) => {
   return {
-    id: "osso",
-    name: "SAML SSO",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
+    id: 'osso',
+    name: 'SAML SSO',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
     accessTokenUrl: `https://${options.domain}/oauth/token`,
     authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
     profileUrl: `https://${options.domain}/oauth/me`,
-    profile(profile) {
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name || profile.email,
-        email: profile.email,
+        email: profile.email
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/reddit.js

@@ -1,23 +1,23 @@
-export default function Reddit(options) {
+export default (options) => {
   return {
-    id: "reddit",
-    name: "Reddit",
-    type: "oauth",
-    version: "2.0",
-    scope: "identity",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: " https://www.reddit.com/api/v1/access_token",
+    id: 'reddit',
+    name: 'Reddit',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'identity',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: ' https://www.reddit.com/api/v1/access_token',
     authorizationUrl:
-      "https://www.reddit.com/api/v1/authorize?response_type=code",
-    profileUrl: "https://oauth.reddit.com/api/v1/me",
-    profile(profile) {
+      'https://www.reddit.com/api/v1/authorize?response_type=code',
+    profileUrl: 'https://oauth.reddit.com/api/v1/me',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.name,
         image: null,
-        email: null,
+        email: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/salesforce.js

@@ -1,22 +1,21 @@
-export default function Salesforce(options) {
+export default (options) => {
   return {
-    id: "salesforce",
-    name: "Salesforce",
-    type: "oauth",
-    version: "2.0",
-    params: { display: "page", grant_type: "authorization_code" },
-    accessTokenUrl: "https://login.salesforce.com/services/oauth2/token",
-    authorizationUrl:
-      "https://login.salesforce.com/services/oauth2/authorize?response_type=code",
-    profileUrl: "https://login.salesforce.com/services/oauth2/userinfo",
-    protection: "none",
-    profile(profile) {
+    id: 'salesforce',
+    name: 'Salesforce',
+    type: 'oauth',
+    version: '2.0',
+    params: { display: 'page', grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://login.salesforce.com/services/oauth2/token',
+    authorizationUrl: 'https://login.salesforce.com/services/oauth2/authorize?response_type=code',
+    profileUrl: 'https://login.salesforce.com/services/oauth2/userinfo',
+    protection: 'none', // REVIEW: Can we use "pkce" ?
+    profile: (profile) => {
       return {
         ...profile,
         id: profile.user_id,
-        image: profile.picture,
+        image: profile.picture
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/slack.js

@@ -1,26 +1,24 @@
-export default function Slack(options) {
+export default (options) => {
   return {
-    id: "slack",
-    name: "Slack",
-    type: "oauth",
-    version: "2.0",
+    id: 'slack',
+    name: 'Slack',
+    type: 'oauth',
+    version: '2.0',
     scope: [],
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://slack.com/api/oauth.v2.access",
-    authorizationUrl: "https://slack.com/oauth/v2/authorize",
-    authorizationParams: {
-      user_scope: "identity.basic,identity.email,identity.avatar",
-    },
-    profileUrl: "https://slack.com/api/users.identity",
-    profile(profile) {
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
+    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
+    authorizationParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
+    profileUrl: 'https://slack.com/api/users.identity',
+    profile: (profile) => {
       const { user } = profile
       return {
         id: user.id,
         name: user.name,
         image: user.image_512,
-        email: user.email,
+        email: user.email
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/spotify.js

@@ -1,23 +1,23 @@
-export default function Spotify(options) {
+export default (options) => {
   return {
-    id: "spotify",
-    name: "Spotify",
-    type: "oauth",
-    version: "2.0",
-    scope: "user-read-email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.spotify.com/api/token",
+    id: 'spotify',
+    name: 'Spotify',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user-read-email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.spotify.com/api/token',
     authorizationUrl:
-      "https://accounts.spotify.com/authorize?response_type=code",
-    profileUrl: "https://api.spotify.com/v1/me",
-    profile(profile) {
+      'https://accounts.spotify.com/authorize?response_type=code',
+    profileUrl: 'https://api.spotify.com/v1/me',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.display_name,
         email: profile.email,
-        image: profile.images?.[0]?.url,
+        image: profile.images?.[0]?.url
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/strava.js

@@ -1,22 +1,22 @@
-export default function Strava(options) {
+export default (options) => {
   return {
-    id: "strava",
-    name: "Strava",
-    type: "oauth",
-    version: "2.0",
-    scope: "read",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://www.strava.com/api/v3/oauth/token",
+    id: 'strava',
+    name: 'Strava',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'read',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://www.strava.com/api/v3/oauth/token',
     authorizationUrl:
-      "https://www.strava.com/api/v3/oauth/authorize?response_type=code",
-    profileUrl: "https://www.strava.com/api/v3/athlete",
-    profile(profile) {
+      'https://www.strava.com/api/v3/oauth/authorize?response_type=code',
+    profileUrl: 'https://www.strava.com/api/v3/athlete',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.firstname,
-        image: profile.profile,
+        image: profile.profile
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/twitch.js

@@ -1,24 +1,24 @@
-export default function Twitch(options) {
+export default (options) => {
   return {
-    id: "twitch",
-    name: "Twitch",
-    type: "oauth",
-    version: "2.0",
-    scope: "user:read:email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://id.twitch.tv/oauth2/token",
+    id: 'twitch',
+    name: 'Twitch',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user:read:email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://id.twitch.tv/oauth2/token',
     authorizationUrl:
-      "https://id.twitch.tv/oauth2/authorize?response_type=code",
-    profileUrl: "https://api.twitch.tv/helix/users",
-    profile(profile) {
+      'https://id.twitch.tv/oauth2/authorize?response_type=code',
+    profileUrl: 'https://api.twitch.tv/helix/users',
+    profile: (profile) => {
       const data = profile.data[0]
       return {
         id: data.id,
         name: data.display_name,
         image: data.profile_image_url,
-        email: data.email,
+        email: data.email
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/twitter.js

@@ -1,23 +1,23 @@
-export default function Twitter(options) {
+export default (options) => {
   return {
-    id: "twitter",
-    name: "Twitter",
-    type: "oauth",
-    version: "1.0A",
-    scope: "",
-    accessTokenUrl: "https://api.twitter.com/oauth/access_token",
-    requestTokenUrl: "https://api.twitter.com/oauth/request_token",
-    authorizationUrl: "https://api.twitter.com/oauth/authenticate",
+    id: 'twitter',
+    name: 'Twitter',
+    type: 'oauth',
+    version: '1.0A',
+    scope: '',
+    accessTokenUrl: 'https://api.twitter.com/oauth/access_token',
+    requestTokenUrl: 'https://api.twitter.com/oauth/request_token',
+    authorizationUrl: 'https://api.twitter.com/oauth/authenticate',
     profileUrl:
-      "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
-    profile(profile) {
+      'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
+    profile: (profile) => {
       return {
         id: profile.id_str,
         name: profile.name,
         email: profile.email,
-        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, ".jpg"),
+        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, '.jpg')
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/vk.js

@@ -1,29 +1,30 @@
-export default function VK(options) {
-  const apiVersion = "5.126" // https://vk.com/dev/versions
+export default (options) => {
+  const apiVersion = '5.126' // https://vk.com/dev/versions
 
   return {
-    id: "vk",
-    name: "VK",
-    type: "oauth",
-    version: "2.0",
-    scope: "email",
+    id: 'vk',
+    name: 'VK',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'email',
     params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
     },
     accessTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
     requestTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    authorizationUrl: `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
+    authorizationUrl:
+      `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
     profileUrl: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
     profile: (result) => {
       const profile = result.response?.[0] ?? {}
 
       return {
         id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(' '),
         email: profile.email,
-        image: profile.photo_100,
+        image: profile.photo_100
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/yandex.js

@@ -1,23 +1,23 @@
-export default function Yandex(options) {
+export default (options) => {
   return {
-    id: "yandex",
-    name: "Yandex",
-    type: "oauth",
-    version: "2.0",
-    scope: "login:email login:info",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://oauth.yandex.ru/token",
-    requestTokenUrl: "https://oauth.yandex.ru/token",
-    authorizationUrl: "https://oauth.yandex.ru/authorize?response_type=code",
-    profileUrl: "https://login.yandex.ru/info?format=json",
-    profile(profile) {
+    id: 'yandex',
+    name: 'Yandex',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'login:email login:info',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://oauth.yandex.ru/token',
+    requestTokenUrl: 'https://oauth.yandex.ru/token',
+    authorizationUrl: 'https://oauth.yandex.ru/authorize?response_type=code',
+    profileUrl: 'https://login.yandex.ru/info?format=json',
+    profile: (profile) => {
       return {
         id: profile.id,
         name: profile.real_name,
         email: profile.default_email,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/providers/zoho.js

@@ -1,23 +1,22 @@
-export default function Zoho(options) {
+export default (options) => {
   return {
-    id: "zoho",
-    name: "Zoho",
-    type: "oauth",
-    version: "2.0",
-    scope: "AaaServer.profile.Read",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.zoho.com/oauth/v2/token",
-    authorizationUrl:
-      "https://accounts.zoho.com/oauth/v2/auth?response_type=code",
-    profileUrl: "https://accounts.zoho.com/oauth/user/info",
-    profile(profile) {
+    id: 'zoho',
+    name: 'Zoho',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'AaaServer.profile.Read',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.zoho.com/oauth/v2/token',
+    authorizationUrl: 'https://accounts.zoho.com/oauth/v2/auth?response_type=code',
+    profileUrl: 'https://accounts.zoho.com/oauth/user/info',
+    profile: (profile) => {
       return {
         id: profile.ZUID,
         name: `${profile.First_Name} ${profile.Last_Name}`,
         email: profile.Email,
-        image: null,
+        image: null
       }
     },
-    ...options,
+    ...options
   }
 }

src/server/index.d.ts

@@ -0,0 +1,94 @@
+import { NextApiHandler, NextApiRequest, NextApiResponse } from 'next'
+import { LoggerInstance } from 'src/lib/logger'
+import { CallbacksOptions } from './lib/callbacks'
+import { CookiesOptions } from './lib/cookie'
+import { EventsOptions } from './lib/events'
+
+export interface Provider {
+  id: string
+  name: string
+  type: string
+  version: string
+  params: Record<string, unknown>
+  scope: string
+  accessTokenUrl: string
+  authorizationUrl: string
+  profileUrl?: string
+  grant_type?: string
+  profile?: (profile: any) => Promise<any>
+}
+
+/** @docs https://next-auth.js.org/configuration/options */
+export interface NextAuthOptions {
+  /** @docs https://next-auth.js.org/configuration/options#theme */
+  theme?: 'auto' | 'dark' | 'light'
+  /** @docs https://next-auth.js.org/configuration/options#providers */
+  providers: Provider[]
+  /** @docs https://next-auth.js.org/configuration/options#database */
+  database?: any
+  /** @docs https://next-auth.js.org/configuration/options#secret */
+  secret?: any
+  /** @docs https://next-auth.js.org/configuration/options#session */
+  session?: any
+  /** @docs https://next-auth.js.org/configuration/options#jwt */
+  jwt?: any
+  /** @docs https://next-auth.js.org/configuration/options#pages */
+  pages?: {
+    signIn?: string
+    signOut?: string
+    /** Error code passed in query string as ?error= */
+    error?: string
+    verifyRequest?: string
+    /** If set, new users will be directed here on first sign in */
+    newUser?: string
+  }
+  /**
+   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
+   * Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as
+   * they allow you to implement access controls without a database and
+   * to integrate with external databases or APIs.
+   * @docs https://next-auth.js.org/configuration/options#callbacks
+   */
+  callbacks?: CallbacksOptions
+  /** @docs https://next-auth.js.org/configuration/options#events */
+  events?: EventsOptions
+  /** @docs https://next-auth.js.org/configuration/options#adapter */
+  adapter?: any
+  /** @docs https://next-auth.js.org/configuration/options#debug */
+  debug?: boolean
+  /** @docs https://next-auth.js.org/configuration/options#usesecurecookies */
+  useSecureCookies?: boolean
+  /** @docs https://next-auth.js.org/configuration/options#cookies */
+  cookies?: CookiesOptions
+  /** @docs https://next-auth.js.org/configuration/options#logger */
+  logger: LoggerInstance
+}
+
+/** Options that are the same both in internal and user provided options. */
+export type NextAuthSharedOptions = 'pages' | 'jwt' | 'events' | 'callbacks' | 'cookies' | 'secret' | 'adapter' | 'theme' | 'debug' | 'logger'
+
+export interface NextAuthInternalOptions extends Pick<NextAuthOptions, NextAuthSharedOptions> {
+  pkce?: {
+    code_verifier?: string
+    /**
+     * Could be `"plain"`, but not recommended.
+     * We ignore it for now.
+     * @spec https://tools.ietf.org/html/rfc7636#section-4.2.
+     */
+    code_challenge_method?: 'S256'
+  }
+  provider?: Provider
+  baseUrl?: string
+  basePath?: string
+  action?: string
+  csrfToken?: string
+}
+
+export interface NextAuthRequest extends NextApiRequest {
+  options: NextAuthInternalOptions
+}
+
+export interface NextAuthResponse extends NextApiResponse {}
+
+export declare function NextAuthHandler (req: NextAuthRequest, res: NextAuthResponse, options: NextAuthOptions): ReturnType<NextApiHandler>
+export declare function NextAuthHandler (options: NextAuthOptions): ReturnType<NextApiHandler>

src/server/index.js

@@ -6,12 +6,12 @@ import * as cookie from './lib/cookie'
 import * as defaultEvents from './lib/default-events'
 import * as defaultCallbacks from './lib/default-callbacks'
 import parseProviders from './lib/providers'
+import callbackUrlHandler from './lib/callback-url-handler'
+import extendRes from './lib/extend-req'
 import * as routes from './routes'
 import renderPage from './pages'
-import createSecret from './lib/create-secret'
-import callbackUrlHandler from './lib/callback-url-handler'
-import extendRes from './lib/extend-res'
 import csrfTokenHandler from './lib/csrf-token-handler'
+import createSecret from './lib/create-secret'
 import * as pkce from './lib/oauth/pkce-handler'
 import * as state from './lib/oauth/state-handler'
 
@@ -24,7 +24,7 @@ if (!process.env.NEXTAUTH_URL) {
 /**
  * @param {import("next").NextApiRequest} req
  * @param {import("next").NextApiResponse} res
- * @param {import("types").NextAuthOptions} userOptions
+ * @param {import(".").NextAuthOptions} userOptions
  */
 async function NextAuthHandler (req, res, userOptions) {
   if (userOptions.logger) {
@@ -67,18 +67,16 @@ async function NextAuthHandler (req, res, userOptions) {
 
     const secret = createSecret({ userOptions, basePath, baseUrl })
 
+    const { csrfToken, csrfTokenVerified } = csrfTokenHandler(req, res, cookies, secret)
+
     const providers = parseProviders({ providers: userOptions.providers, baseUrl, basePath })
     const provider = providers.find(({ id }) => id === providerId)
 
-    // Protection only works on OAuth 2.x providers
-    if (provider?.type === 'oauth' && provider.version?.startsWith('2')) {
-      // When provider.state is undefined, we still want this to pass
-      if (!provider.protection && provider.state !== false) {
-        // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
-        provider.protection = ['state']
-      } else if (typeof provider.protection === 'string') {
-        provider.protection = [provider.protection]
-      }
+    if (provider &&
+      provider.type === 'oauth' && provider.version?.startsWith('2') &&
+       (!provider.protection && provider.state !== false)
+    ) {
+      provider.protection = 'state' // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
     }
 
     const maxAge = 30 * 24 * 60 * 60 // Sessions expire after 30 days of being idle
@@ -105,6 +103,7 @@ async function NextAuthHandler (req, res, userOptions) {
       provider,
       cookies,
       secret,
+      csrfToken,
       providers,
       // Session options
       session: {
@@ -135,7 +134,6 @@ async function NextAuthHandler (req, res, userOptions) {
       logger
     }
 
-    csrfTokenHandler(req, res)
     await callbackUrlHandler(req, res)
 
     const render = renderPage(req, res)
@@ -148,7 +146,7 @@ async function NextAuthHandler (req, res, userOptions) {
         case 'session':
           return routes.session(req, res)
         case 'csrf':
-          return res.json({ csrfToken: req.options.csrfToken })
+          return res.json({ csrfToken })
         case 'signin':
           if (pages.signIn) {
             let signinUrl = `${pages.signIn}${pages.signIn.includes('?') ? '&' : '?'}callbackUrl=${req.options.callbackUrl}`
@@ -201,7 +199,7 @@ async function NextAuthHandler (req, res, userOptions) {
       switch (action) {
         case 'signin':
           // Verified CSRF Token required for all sign in routes
-          if (req.options.csrfTokenVerified && provider) {
+          if (csrfTokenVerified && provider) {
             if (await pkce.handleSignin(req, res)) return
             if (await state.handleSignin(req, res)) return
             return routes.signin(req, res)
@@ -210,14 +208,14 @@ async function NextAuthHandler (req, res, userOptions) {
           return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
         case 'signout':
           // Verified CSRF Token required for signout
-          if (req.options.csrfTokenVerified) {
+          if (csrfTokenVerified) {
             return routes.signout(req, res)
           }
           return res.redirect(`${baseUrl}${basePath}/signout?csrf=true`)
         case 'callback':
           if (provider) {
             // Verified CSRF Token required for credentials providers only
-            if (provider.type === 'credentials' && !req.options.csrfTokenVerified) {
+            if (provider.type === 'credentials' && !csrfTokenVerified) {
               return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
             }
 

src/server/lib/callbacks.d.ts

@@ -0,0 +1,7 @@
+
+export interface CallbacksOptions {
+  signIn?: (user: any, account: any, profile: any) => Promise<never | string>
+  jwt?: (token: any, user: any, account: any, profile: any, isNewUser?: boolean) => Promise<any>
+  session?: (session: any, userOrToken: any) => Promise<any>
+  redirect?: (url: string, baseUrl: string) => Promise<string>
+}

src/server/lib/cookie.d.ts

@@ -0,0 +1,16 @@
+export interface CookieOption {
+  name: string
+  options: {
+    httpOnly: boolean
+    sameSite: string
+    path?: string
+    secure: boolean
+  }
+}
+
+export interface CookiesOptions {
+  sessionToken: CookieOption
+  callbackUrl: CookieOption
+  csrfToken: CookieOption
+  pkceCodeVerifier: CookieOption
+}

src/server/lib/cookie.js

@@ -9,8 +9,7 @@
  * (with fixes for specific issues) to keep dependancy size down.
  */
 export function set (res, name, value, options = {}) {
-  const stringValue =
-    typeof value === 'object' ? 'j:' + JSON.stringify(value) : String(value)
+  const stringValue = typeof value === 'object' ? 'j:' + JSON.stringify(value) : String(value)
 
   if ('maxAge' in options) {
     options.expires = new Date(Date.now() + options.maxAge)
@@ -20,9 +19,7 @@ export function set (res, name, value, options = {}) {
   // Preserve any existing cookies that have already been set in the same session
   let setCookieHeader = res.getHeader('Set-Cookie') || []
   // If not an array (i.e. a string with a single cookie) convert it into an array
-  if (!Array.isArray(setCookieHeader)) {
-    setCookieHeader = [setCookieHeader]
-  }
+  if (!Array.isArray(setCookieHeader)) { setCookieHeader = [setCookieHeader] }
   setCookieHeader.push(_serialize(name, String(stringValue), options))
   res.setHeader('Set-Cookie', setCookieHeader)
 }
@@ -33,44 +30,32 @@ function _serialize (name, val, options) {
   const opt = options || {}
   const enc = opt.encode || encodeURIComponent
 
-  if (typeof enc !== 'function') {
-    throw new TypeError('option encode is invalid')
-  }
+  if (typeof enc !== 'function') { throw new TypeError('option encode is invalid') }
 
-  if (!fieldContentRegExp.test(name)) {
-    throw new TypeError('argument name is invalid')
-  }
+  if (!fieldContentRegExp.test(name)) { throw new TypeError('argument name is invalid') }
 
   const value = enc(val)
 
-  if (value && !fieldContentRegExp.test(value)) {
-    throw new TypeError('argument val is invalid')
-  }
+  if (value && !fieldContentRegExp.test(value)) { throw new TypeError('argument val is invalid') }
 
   let str = name + '=' + value
 
   if (opt.maxAge != null) {
     const maxAge = opt.maxAge - 0
 
-    if (isNaN(maxAge) || !isFinite(maxAge)) {
-      throw new TypeError('option maxAge is invalid')
-    }
+    if (isNaN(maxAge) || !isFinite(maxAge)) { throw new TypeError('option maxAge is invalid') }
 
     str += '; Max-Age=' + Math.floor(maxAge)
   }
 
   if (opt.domain) {
-    if (!fieldContentRegExp.test(opt.domain)) {
-      throw new TypeError('option domain is invalid')
-    }
+    if (!fieldContentRegExp.test(opt.domain)) { throw new TypeError('option domain is invalid') }
 
     str += '; Domain=' + opt.domain
   }
 
   if (opt.path) {
-    if (!fieldContentRegExp.test(opt.path)) {
-      throw new TypeError('option path is invalid')
-    }
+    if (!fieldContentRegExp.test(opt.path)) { throw new TypeError('option path is invalid') }
 
     str += '; Path=' + opt.path
   } else {
@@ -88,19 +73,12 @@ function _serialize (name, val, options) {
     str += '; Expires=' + expires
   }
 
-  if (opt.httpOnly) {
-    str += '; HttpOnly'
-  }
+  if (opt.httpOnly) { str += '; HttpOnly' }
 
-  if (opt.secure) {
-    str += '; Secure'
-  }
+  if (opt.secure) { str += '; Secure' }
 
   if (opt.sameSite) {
-    const sameSite =
-      typeof opt.sameSite === 'string'
-        ? opt.sameSite.toLowerCase()
-        : opt.sameSite
+    const sameSite = typeof opt.sameSite === 'string' ? opt.sameSite.toLowerCase() : opt.sameSite
 
     switch (sameSite) {
       case true:
@@ -132,7 +110,7 @@ function _serialize (name, val, options) {
  * For more on prefixes see https://googlechrome.github.io/samples/cookie-prefixes/
  *
  * @TODO Review cookie settings (names, options)
- * @return {import("types").CookiesOptions}
+ * @return {import("./cookie").CookiesOptions}
  */
 export function defaultCookies (useSecureCookies) {
   const cookiePrefix = useSecureCookies ? '__Secure-' : ''

src/server/lib/csrf-token-handler.js

@@ -14,30 +14,29 @@ import * as cookie from './cookie'
  * For more details, see the following OWASP links:
  * https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
  * https://owasp.org/www-chapter-london/assets/slides/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf
- * @param {import("..").NextAuthRequest} req
- * @param {import("..").NextAuthResponse} res
  */
-export default function csrfTokenHandler (req, res) {
-  const { cookies, secret } = req.options
-  if (cookies.csrfToken.name in req.cookies) {
-    const [csrfToken, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
-    const expectedCsrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
-    if (csrfTokenHash === expectedCsrfTokenHash) {
+export default function csrfTokenHandler (req, res, cookies, secret) {
+  const { csrfToken: csrfTokenFromRequest } = req.body
+
+  let csrfTokenFromCookie
+  let csrfTokenVerified = false
+  if (req.cookies[cookies.csrfToken.name]) {
+    const [csrfTokenValue, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
+    if (csrfTokenHash === createHash('sha256').update(`${csrfTokenValue}${secret}`).digest('hex')) {
       // If hash matches then we trust the CSRF token value
-      // If this is a POST request and the CSRF Token in the POST request matches
-      // the cookie we have already verified is the one we have set, then the token is verified!
-      const csrfTokenVerified = req.method === 'POST' && csrfToken === req.body.csrfToken
-      req.options.csrfToken = csrfToken
-      req.options.csrfTokenVerified = csrfTokenVerified
-      return
+      csrfTokenFromCookie = csrfTokenValue
+
+      // If this is a POST request and the CSRF Token in the Post request matches
+      // the cookie we have already verified is one we have set, then token is verified!
+      if (req.method === 'POST' && csrfTokenFromCookie === csrfTokenFromRequest) { csrfTokenVerified = true }
     }
   }
-  // If no csrfToken from cookie - because it's not been set yet,
-  // or because the hash doesn't match (e.g. because it's been modifed or because the secret has changed)
-  // create a new token.
-  const csrfToken = randomBytes(32).toString('hex')
-  const csrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
-  const csrfTokenCookie = `${csrfToken}|${csrfTokenHash}`
-  cookie.set(res, cookies.csrfToken.name, csrfTokenCookie, cookies.csrfToken.options)
-  req.options.csrfToken = csrfToken
+  if (!csrfTokenFromCookie) {
+    // If no csrfToken - because it's not been set yet, or because the hash doesn't match
+    // (e.g. because it's been modifed or because the secret has changed) create a new token.
+    csrfTokenFromCookie = randomBytes(32).toString('hex')
+    const newCsrfTokenCookie = `${csrfTokenFromCookie}|${createHash('sha256').update(`${csrfTokenFromCookie}${secret}`).digest('hex')}`
+    cookie.set(res, cookies.csrfToken.name, newCsrfTokenCookie, cookies.csrfToken.options)
+  }
+  return { csrfToken: csrfTokenFromCookie, csrfTokenVerified }
 }

src/server/lib/events.d.ts

@@ -0,0 +1,12 @@
+export type EventType=
+  | 'signIn'
+  | 'signOut'
+  | 'createUser'
+  | 'updateUser'
+  | 'linkAccount'
+  | 'session'
+  | 'error'
+
+export type EventCallback = (message: any) => Promise<void>
+
+export type EventsOptions = Partial<Record<EventType, EventCallback>>

src/server/lib/oauth/callback.js

@@ -1,19 +1,19 @@
-import { decode as jwtDecode } from "jsonwebtoken"
-import oAuthClient from "./client"
-import logger from "../../../lib/logger"
-import { OAuthCallbackError } from "../../../lib/errors"
+import { decode as jwtDecode } from 'jsonwebtoken'
+import oAuthClient from './client'
+import logger from '../../../lib/logger'
+import { OAuthCallbackError } from '../../../lib/errors'
 
-/** @param {import("types/internals").NextAuthRequest} req */
-export default async function oAuthCallback(req) {
+/** @param {import("../..").NextAuthRequest} req */
+export default async function oAuthCallback (req) {
   const { provider, pkce } = req.options
   const client = oAuthClient(provider)
 
-  if (provider.version?.startsWith("2.")) {
+  if (provider.version?.startsWith('2.')) {
     // The "user" object is specific to the Apple provider and is provided on first sign in
     // e.g. {"name":{"firstName":"Johnny","lastName":"Appleseed"},"email":"johnny.appleseed@nextauth.com"}
     let { code, user } = req.query // eslint-disable-line camelcase
 
-    if (req.method === "POST") {
+    if (req.method === 'POST') {
       try {
         const body = JSON.parse(JSON.stringify(req.body))
         if (body.error) {
@@ -23,35 +23,25 @@ export default async function oAuthCallback(req) {
         code = body.code
         user = body.user != null ? JSON.parse(body.user) : null
       } catch (error) {
-        logger.error(
-          "OAUTH_CALLBACK_HANDLER_ERROR",
-          error,
-          req.body,
-          provider.id,
-          code
-        )
+        logger.error('OAUTH_CALLBACK_HANDLER_ERROR', error, req.body, provider.id, code)
         throw error
       }
     }
 
     // REVIEW: Is this used by any of the providers?
     // Pass authToken in header by default (unless 'useAuthTokenHeader: false' is set)
-    if (Object.prototype.hasOwnProperty.call(provider, "useAuthTokenHeader")) {
+    if (Object.prototype.hasOwnProperty.call(provider, 'useAuthTokenHeader')) {
       client.useAuthorizationHeaderforGET(provider.useAuthTokenHeader)
     } else {
       client.useAuthorizationHeaderforGET(true)
     }
 
     try {
-      const tokens = await client.getOAuthAccessToken(
-        code,
-        provider,
-        pkce.code_verifier
-      )
+      const tokens = await client.getOAuthAccessToken(code, provider, pkce.code_verifier)
       let profileData
       if (provider.idToken) {
         if (!tokens?.id_token) {
-          throw new OAuthCallbackError("Missing JWT ID Token")
+          throw new OAuthCallbackError('Missing JWT ID Token')
         }
 
         // Support services that use OpenID ID Tokens to encode profile data
@@ -62,28 +52,26 @@ export default async function oAuthCallback(req) {
 
       return getProfile({ profileData, provider, tokens, user })
     } catch (error) {
-      logger.error("OAUTH_GET_ACCESS_TOKEN_ERROR", error, provider.id, code)
+      logger.error('OAUTH_GET_ACCESS_TOKEN_ERROR', error, provider.id, code)
       throw error
     }
   }
 
   try {
     // Handle OAuth v1.x
-    // eslint-disable-next-line camelcase
-    const { oauth_token, oauth_verifier } = req.query
-
-    // eslint-disable-next-line camelcase
-    const { token_secret } = await client.getOAuthRequestToken(provider.params)
-    const tokens = await client.getOAuthAccessToken(oauth_token, token_secret, oauth_verifier)
+    const {
+      oauth_token: oauthToken, oauth_verifier: oauthVerifier
+    } = req.query
+    const tokens = await client.getOAuthAccessToken(oauthToken, null, oauthVerifier)
     const profileData = await client.get(
       provider.profileUrl,
-      tokens.oauth_token,
-      tokens.oauth_token_secret
+      tokens.accessToken,
+      tokens.refreshToken
     )
 
     return getProfile({ profileData, tokens, provider })
   } catch (error) {
-    logger.error("OAUTH_V1_GET_ACCESS_TOKEN_ERROR", error)
+    logger.error('OAUTH_V1_GET_ACCESS_TOKEN_ERROR', error)
     throw error
   }
 }
@@ -101,19 +89,15 @@ export default async function oAuthCallback(req) {
  *     expires_in?: string | Date | null
  *     refresh_token?: string
  *     id_token?: string
- *     token?: string
- *     token_secret?: string
- *     tokenSecret?: string
- *     params?: any
  *   }
  *   provider: import("../..").Provider
  *   user?: object
  * }} profileParams
  */
-async function getProfile({ profileData, tokens, provider, user }) {
+async function getProfile ({ profileData, tokens, provider, user }) {
   try {
     // Convert profileData into an object if it's a string
-    if (typeof profileData === "string" || profileData instanceof String) {
+    if (typeof profileData === 'string' || profileData instanceof String) {
       profileData = JSON.parse(profileData)
     }
 
@@ -122,22 +106,22 @@ async function getProfile({ profileData, tokens, provider, user }) {
       profileData.user = user
     }
 
-    logger.debug("PROFILE_DATA", profileData)
+    logger.debug('PROFILE_DATA', profileData)
 
     const profile = await provider.profile(profileData, tokens)
     // Return profile, raw profile and auth provider details
     return {
       profile: {
         ...profile,
-        email: profile.email?.toLowerCase() ?? null,
+        email: profile.email?.toLowerCase() ?? null
       },
       account: {
         provider: provider.id,
         type: provider.type,
         id: profile.id,
-        ...tokens,
+        ...tokens
       },
-      OAuthProfile: profileData,
+      OAuthProfile: profileData
     }
   } catch (exception) {
     // If we didn't get a response either there was a problem with the provider
@@ -147,11 +131,11 @@ async function getProfile({ profileData, tokens, provider, user }) {
     // all providers, so we return an empty object; the user should then be
     // redirected back to the sign up page. We log the error to help developers
     // who might be trying to debug this when configuring a new provider.
-    logger.error("OAUTH_PARSE_PROFILE_ERROR", exception, profileData)
+    logger.error('OAUTH_PARSE_PROFILE_ERROR', exception, profileData)
     return {
       profile: null,
       account: null,
-      OAuthProfile: profileData,
+      OAuthProfile: profileData
     }
   }
 }

src/server/lib/oauth/client.js

@@ -7,7 +7,7 @@ import { sign as jwtSign } from 'jsonwebtoken'
  * @TODO Refactor to remove dependancy on 'oauth' package
  * It is already quite monkey patched, we don't use all the features and and it
  * would be easier to maintain if all the code was native to next-auth.
- * @param {import("types/providers").OAuthConfig} provider
+ * @param {import("../..").Provider} provider
  */
 export default function oAuthClient (provider) {
   if (provider.version?.startsWith('2.')) {
@@ -54,36 +54,23 @@ export default function oAuthClient (provider) {
   const originalGetOAuth1AccessToken = oauth1Client.getOAuthAccessToken.bind(oauth1Client)
   oauth1Client.getOAuthAccessToken = (...args) => {
     return new Promise((resolve, reject) => {
-      // eslint-disable-next-line camelcase
-      originalGetOAuth1AccessToken(...args, (error, oauth_token, oauth_token_secret, params) => {
+      originalGetOAuth1AccessToken(...args, (error, accessToken, refreshToken, results) => {
         if (error) {
           return reject(error)
         }
-
-        resolve({
-          // TODO: Remove, this is only kept for backward compativility
-          // These are not in the OAuth 1.x spec
-          accessToken: oauth_token,
-          refreshToken: oauth_token_secret,
-          results: params,
-
-          oauth_token,
-          oauth_token_secret,
-          params
-        })
+        resolve({ accessToken, refreshToken, results })
       })
     })
   }
 
   const originalGetOAuthRequestToken = oauth1Client.getOAuthRequestToken.bind(oauth1Client)
-  oauth1Client.getOAuthRequestToken = (params = {}) => {
+  oauth1Client.getOAuthRequestToken = (...args) => {
     return new Promise((resolve, reject) => {
-      // eslint-disable-next-line camelcase
-      originalGetOAuthRequestToken(params, (error, oauth_token, oauth_token_secret, params) => {
+      originalGetOAuthRequestToken(...args, (error, oauthToken) => {
         if (error) {
           return reject(error)
         }
-        resolve({ oauth_token, oauth_token_secret, params })
+        resolve(oauthToken)
       })
     })
   }
@@ -101,7 +88,7 @@ export default function oAuthClient (provider) {
 /**
  * Ported from https://github.com/ciaranj/node-oauth/blob/a7f8a1e21c362eb4ed2039431fb9ac2ae749f26a/lib/oauth2.js
  * @param {string} code
- * @param {import("types/providers").OAuthConfig} provider
+ * @param {import("../..").Provider} provider
  * @param {string | undefined} codeVerifier
  */
 async function getOAuth2AccessToken (code, provider, codeVerifier) {
@@ -149,7 +136,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
     headers.Authorization = `Bearer ${code}`
   }
 
-  if (provider.protection.includes('pkce')) {
+  if (provider.protection === 'pkce') {
     params.code_verifier = codeVerifier
   }
 
@@ -209,7 +196,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
  *
  * 18/08/2020 @robertcraigie added results parameter to pass data to an optional request preparer.
  * e.g. see providers/bungie
- * @param {import("types/providers").OAuthConfig} provider
+ * @param {import("../..").Provider} provider
  * @param {string} accessToken
  * @param {any} results
  */

src/server/lib/oauth/pkce-handler.js

@@ -10,14 +10,13 @@ const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
 
 /**
  * Adds `code_verifier` to `req.options.pkce`, and removes the corresponding cookie
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("../..").NextAuthRequest} req
+ * @param {import("../..").NextAuthResponse} res
  */
 export async function handleCallback (req, res) {
   const { cookies, provider, baseUrl, basePath } = req.options
   try {
-    // Provider does not support PKCE, nothing to do.
-    if (!provider.protection?.includes('pkce')) {
+    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
       return
     }
 
@@ -45,13 +44,13 @@ export async function handleCallback (req, res) {
 
 /**
  * Adds `code_challenge` and `code_challenge_method` to `req.options.pkce`.
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("../..").NextAuthRequest} req
+ * @param {import("../..").NextAuthResponse} res
  */
 export async function handleSignin (req, res) {
   const { cookies, provider, baseUrl, basePath } = req.options
   try {
-    if (!provider.protection?.includes('pkce')) { // Provider does not support PKCE, nothing to do.
+    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
       return
     }
     // Started login flow, add generated pkce to req.options and (encrypted) code_verifier to a cookie

src/server/lib/oauth/state-handler.js

@@ -6,18 +6,17 @@ import { OAuthCallbackError } from '../../../lib/errors'
  * For OAuth 2.0 flows, if the provider supports state,
  * check if state matches the one sent on signin
  * (a hash of the NextAuth.js CSRF token).
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("../..").NextAuthRequest} req
+ * @param {import("../..").NextAuthResponse} res
  */
 export async function handleCallback (req, res) {
   const { csrfToken, provider, baseUrl, basePath } = req.options
   try {
-    // Provider does not support state, nothing to do.
-    if (!provider.protection?.includes('state')) {
+    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
       return
     }
 
-    const state = req.query.state || req.body.state
+    const { state } = req.query
     const expectedState = createHash('sha256').update(csrfToken).digest('hex')
 
     logger.debug(
@@ -36,13 +35,13 @@ export async function handleCallback (req, res) {
 
 /**
  * Adds CSRF token to the authorizationParams.
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("../..").NextAuthRequest} req
+ * @param {import("../..").NextAuthResponse} res
  */
 export async function handleSignin (req, res) {
   const { provider, baseUrl, basePath, csrfToken } = req.options
   try {
-    if (!provider.protection?.includes('state')) { // Provider does not support state, nothing to do.
+    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
       return
     }
 

src/server/lib/signin/oauth.js

@@ -1,21 +1,17 @@
 import oAuthClient from '../oauth/client'
 import logger from '../../../lib/logger'
 
-/** @param {import("types/internals").NextAuthRequest} req */
+/** @param {import("../..").NextAuthRequest} req */
 export default async function getAuthorizationUrl (req) {
   const { provider } = req.options
 
-  delete req.query?.nextauth
-  const params = {
-    ...provider.authorizationParams,
-    ...req.query
-  }
-
   const client = oAuthClient(provider)
   if (provider.version?.startsWith('2.')) {
+    delete req.query?.nextauth
     // Handle OAuth v2.x
     let url = client.getAuthorizeUrl({
-      ...params,
+      ...provider.authorizationParams,
+      ...req.query,
       redirect_uri: provider.callbackUrl,
       scope: provider.scope
     })
@@ -38,12 +34,8 @@ export default async function getAuthorizationUrl (req) {
   }
 
   try {
-    const tokens = await client.getOAuthRequestToken(params)
-    const url = `${provider.authorizationUrl}?${new URLSearchParams({
-      oauth_token: tokens.oauth_token,
-      oauth_token_secret: tokens.oauth_token_secret,
-      ...tokens.params
-    })}`
+    const oAuthToken = await client.getOAuthRequestToken()
+    const url = `${provider.authorizationUrl}?oauth_token=${oAuthToken}`
     logger.debug('GET_AUTHORIZATION_URL', url)
     return url
   } catch (error) {

src/server/pages/error.js

@@ -7,7 +7,7 @@ import { h } from 'preact' // eslint-disable-line no-unused-vars
  *   baseUrl: string
  *   basePath: string
  *   error?: string
- *   res: import("types/internals").NextAuthResponse
+ *   res: import("..").NextAuthResponse
  * }} params
  */
 export default function error ({ baseUrl, basePath, error = 'default', res }) {
@@ -52,7 +52,7 @@ export default function error ({ baseUrl, basePath, error = 'default', res }) {
     }
   }
 
-  const { statusCode, heading, message, signin } = errors[error.toLowerCase()] ?? errors.default
+  const { statusCode, heading, message, signin } = errors[error.toLowerCase()]
 
   res.status(statusCode)
 

src/server/routes/callback.js

@@ -6,8 +6,8 @@ import dispatchEvent from '../lib/dispatch-event'
 
 /**
  * Handle callbacks from login services
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("..").NextAuthRequest} req
+ * @param {import("..").NextAuthResponse} res
  */
 export default async function callback (req, res) {
   const {
@@ -262,8 +262,7 @@ export default async function callback (req, res) {
     const defaultJwtPayload = {
       name: user.name,
       email: user.email,
-      picture: user.image,
-      sub: user.id?.toString()
+      picture: user.image
     }
     const jwtPayload = await callbacks.jwt(defaultJwtPayload, user, account, userObjectReturnedFromAuthorizeHandler, false)
 

src/server/routes/providers.js

@@ -2,8 +2,8 @@
  * Return a JSON object with a list of all OAuth providers currently configured
  * and their signin and callback URLs. This makes it possible to automatically
  * generate buttons for all providers when rendering client side.
- * @param {import("types/internals").NextAuthRequest} req
- * @param {import("types/internals").NextAuthResponse} res
+ * @param {import("..").NextAuthRequest} req
+ * @param {import("..").NextAuthResponse} res
  */
 export default function providers (req, res) {
   const { providers } = req.options

tsconfig.json

@@ -3,9 +3,6 @@
     "strictNullChecks": true,
     "baseUrl": ".",
     "paths": {
-      "types": [
-        "./types"
-      ],
       "next-auth": [
         "./src/server"
       ],
@@ -43,8 +40,7 @@
   "include": [
     "next-env.d.ts",
     "**/*.ts",
-    "**/*.tsx",
-    "**/*.js"
+    "**/*.tsx"
   ],
   "exclude": [
     "node_modules"

types/_utils.d.ts

@@ -0,0 +1,12 @@
+export type NonNullParams<T> = {
+  [K in keyof T]: T[K] extends Record<string, unknown>
+    ? NonNullParams<T[K]>
+    : NonNullable<T[K]>
+}
+
+export type NullableParams<T> = {
+  [K in keyof T]: T[K] | undefined | null
+}
+
+export type WithAdditionalParams<T extends Record<string, any>> = T &
+  Record<string, unknown>

types/adapters.d.ts

@@ -1,7 +1,6 @@
-import { AppOptions } from "./internals"
 import { ConnectionOptions, EntitySchema } from "typeorm"
-import { User } from "."
-import { AppProvider } from "./internals/providers"
+import { AppOptions, User } from "."
+import { AppProvider } from "./providers"
 
 export interface Profile {
   id: string
@@ -100,7 +99,7 @@ interface Adapter<
 
 type Schema<T = any> = EntitySchema<T>["options"]
 
-interface BuiltInAdapters {
+interface Adapters {
   Default: TypeORMAdapter["Adapter"]
   TypeORM: TypeORMAdapter
   Prisma: PrismaAdapter
@@ -171,6 +170,8 @@ interface PrismaAdapter {
   }) => Adapter
 }
 
+declare const Adapters: Adapters
+
 declare class TypeORMAccountModel {
   compoundId: string
   userId: number
@@ -228,13 +229,10 @@ declare class TypeORMVerificationRequestModel implements VerificationRequest {
   constructor(identifier: string, token: string, expires: Date)
 }
 
-declare const Adapters: BuiltInAdapters
-
 export default Adapters
-
 export {
   Adapter,
-  BuiltInAdapters as Adapters,
+  Adapters,
   TypeORMAdapter,
   TypeORMAccountModel,
   TypeORMUserModel,

types/client.d.ts

@@ -1,218 +1,97 @@
-import * as React from "react"
+import { FC } from "react"
 import { IncomingMessage } from "http"
+import { WithAdditionalParams } from "./_utils"
 import { Session } from "."
-import { ProviderType } from "./providers"
+import { AppProvider, DefaultProviders, Providers } from "./providers"
 
-export interface CtxOrReq {
-  req?: IncomingMessage
-  ctx?: { req: IncomingMessage }
+interface ContextProviderProps {
+  session: WithAdditionalParams<Session> | null | undefined
+  options?: SetOptionsParams
 }
 
-/***************
- * Session types
- **************/
-
-export type GetSessionOptions = CtxOrReq & {
-  event?: "storage" | "timer" | "hidden" | string
-  triggerEvent?: boolean
-}
-
-/**
- * React Hook that gives you access
- * to the logged in user's session data.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#usesession)
- */
-export function useSession(): [Session | null, boolean]
-
-/**
- * Can be called client or server side to return a session asynchronously.
- * It calls `/api/auth/session` and returns a promise with a session object,
- * or null if no session exists.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getsession)
- */
-export function getSession(options: GetSessionOptions): Promise<Session | null>
-
-/**
- * Alias for `getSession`
- * @docs https://next-auth.js.org/getting-started/client#getsession
- */
-export const session: typeof getSession
-
-/*******************
- * CSRF Token types
- ******************/
-
-/**
- * Returns the current Cross Site Request Forgery Token (CSRF Token)
- * required to make POST requests (e.g. for signing in and signing out).
- * You likely only need to use this if you are not using the built-in
- * `signIn()` and `signOut()` methods.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getcsrftoken)
- */
-export function getCsrfToken(ctxOrReq: CtxOrReq): Promise<string | null>
-
-/**
- * Alias for `getCsrfToken`
- * @docs https://next-auth.js.org/getting-started/client#getcsrftoken
- */
-export const csrfToken: typeof getCsrfToken
-
-/******************
- * Providers types
- *****************/
-
-export interface ClientSafeProvider {
-  id: string
-  name: string
-  type: ProviderType
-  signinUrl: string
-  callbackUrl: string
-}
-
-/**
- * It calls `/api/auth/providers` and returns
- * a list of the currently configured authentication providers.
- * It can be useful if you are creating a dynamic custom sign in page.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#getproviders)
- */
-export function getProviders(): Promise<Record<
-  string,
-  ClientSafeProvider
-> | null>
-
-/**
- * Alias for `getProviders`
- * @docs https://next-auth.js.org/getting-started/client#getproviders
- */
-export const providers: typeof getProviders
-
-/****************
- * Sign in types
- ***************/
-
-export type RedirectableProvider = "email" | "credentials"
-
-export type SignInProvider = RedirectableProvider | string | undefined
-
-export interface SignInOptions extends Record<string, unknown> {
-  /**
-   * Defaults to the current URL.
-   * @docs https://next-auth.js.org/getting-started/client#specifying-a-callbackurl
-   */
-  callbackUrl?: string
-  /** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option */
-  redirect?: boolean
-}
-
-export interface SignInResponse {
-  error: string | undefined
-  status: number
-  ok: boolean
-  url: string | null
-}
-
-/** Match `inputType` of `new URLSearchParams(inputType)` */
-export type SignInAuthorisationParams =
-  | string
-  | string[][]
-  | Record<string, string>
-  | URLSearchParams
-
-/**
- * Client-side method to initiate a signin flow
- * or send the user to the signin page listing all possible providers.
- * Automatically adds the CSRF token to the request.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#signin)
- */
-export function signIn<P extends SignInProvider = undefined>(
-  provider?: P,
-  options?: SignInOptions,
-  authorizationParams?: SignInAuthorisationParams
-): Promise<
-  P extends RedirectableProvider ? SignInResponse | undefined : undefined
->
-
-/**
- * Alias for `signIn`
- * @docs https://next-auth.js.org/getting-started/client#signin
- */
-export const signin: typeof signIn
-
-/****************
- * Sign out types
- ****************/
-
-/** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
-export interface SignOutResponse {
-  url: string
-}
-
-export interface SignOutParams<R extends boolean = true> {
-  /** @docs https://next-auth.js.org/getting-started/client#specifying-a-callbackurl-1 */
-  callbackUrl?: string
-  /** @docs https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
-  redirect?: R
-}
-
-/**
- * Signs the user out, by removing the session cookie.
- * Automatically adds the CSRF token to the request.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#signout)
- */
-export function signOut<R extends boolean = true>(
-  params?: SignOutParams<R>
-): Promise<R extends true ? undefined : SignOutResponse>
-
-/**
- * @docs https://next-auth.js.org/getting-started/client#signout
- * Alias for `signOut`
- */
-export const signout: typeof signOut
-/************************
- * SessionProvider types
- ***********************/
-
-/** @docs: https://next-auth.js.org/getting-started/client#options */
-export interface SessionProviderOptions {
+interface SetOptionsParams {
   baseUrl?: string
   basePath?: string
   clientMaxAge?: number
   keepAlive?: number
 }
 
-/**
- * Provider to wrap the app in to make session data available globally.
- * Can also be used to throttle the number of requests to the endpoint
- * `/api/auth/session`.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#provider)
- */
-export type SessionProvider = React.FC<{
-  children: React.ReactNode
-  session?: Session
-  options?: SessionProviderOptions
-}>
+interface SignInResponse {
+  error: string | undefined
+  status: number
+  ok: boolean
+  url: string | null
+}
 
-/**
- * Provider to wrap the app in to make session data available globally.
- * Can also be used to throttle the number of requests to the endpoint
- * `/api/auth/session`.
- *
- * [Documentation](https://next-auth.js.org/getting-started/client#provider)
- */
-export const Provider: SessionProvider
+type ContextProvider = FC<ContextProviderProps>
 
-/** @docs: https://next-auth.js.org/getting-started/client#options */
-export function setOptions(options: SessionProviderOptions): void
+interface NextContext {
+  req?: IncomingMessage
+  ctx?: { req: IncomingMessage }
+}
 
-/**
- * Alias for `setOptions`
- * @docs: https://next-auth.js.org/getting-started/client#options
- */
-export const options: typeof setOptions
+declare function useSession(): [Session | null | undefined, boolean]
+
+declare function providers(): Promise<Record<
+  keyof DefaultProviders | string,
+  AppProvider
+> | null>
+declare const getProviders: typeof providers
+declare function session(
+  context?: NextContext & {
+    triggerEvent?: boolean
+  }
+): Promise<Session | null>
+declare const getSession: typeof session
+declare function csrfToken(context?: NextContext): Promise<string | null>
+declare const getCsrfToken: typeof csrfToken
+declare function signin(
+  provider: "credentials" | "email",
+  data?: Record<string, unknown> & {
+    callbackUrl?: string
+    redirect?: false
+  },
+  authorizationParams?:
+    | string
+    | string[][]
+    | Record<string, unknown>
+    | URLSearchParams
+): Promise<SignInResponse>
+declare function signin(
+  provider?: string,
+  data?: Record<string, unknown> & {
+    callbackUrl?: string
+    redirect?: boolean
+  },
+  authorizationParams?:
+    | string
+    | string[][]
+    | Record<string, unknown>
+    | URLSearchParams
+): Promise<void>
+declare const signIn: typeof signin
+declare function signout(data?: {
+  callbackUrl?: string
+  redirect?: boolean
+}): Promise<void>
+declare const signOut: typeof signout
+declare function options(options: SetOptionsParams): void
+declare const setOptions: typeof options
+declare const Provider: ContextProvider
+
+export {
+  useSession,
+  session,
+  getSession,
+  providers,
+  getProviders,
+  csrfToken,
+  getCsrfToken,
+  signin,
+  signIn,
+  signout,
+  signOut,
+  options,
+  setOptions,
+  Provider,
+}

types/index.d.ts

@@ -4,319 +4,90 @@
 
 import { ConnectionOptions } from "typeorm"
 import { Adapter } from "./adapters"
-import { JWTOptions, JWT } from "./jwt"
-import { AppProviders } from "./providers"
-import {
-  Awaitable,
-  NextApiRequest,
-  NextApiResponse,
-  NextApiHandler,
-} from "./internals/utils"
+import { JWTEncodeParams, JWTDecodeParams, JWTOptions, JWT } from "./jwt"
+import { AppProvider, Providers } from "./providers"
+import { NextApiRequest, NextApiResponse, NextApiHandler } from "./_next"
+import { NonNullParams, WithAdditionalParams } from "./_utils"
 
-/**
- * Configure your NextAuth instance
- *
- * [Documentation](https://next-auth.js.org/configuration/options#options)
- */
 export interface NextAuthOptions {
-  /**
-   * An array of authentication providers for signing in
-   * (e.g. Google, Facebook, Twitter, GitHub, Email, etc) in any order.
-   * This can be one of the built-in providers or an object with a custom provider.
-   * * **Default value**: `[]`
-   * * **Required**: *Yes*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#providers) | [Providers documentation](https://next-auth.js.org/configuration/providers)
-   */
-  providers: AppProviders
-  /**
-   * A database connection string or configuration object.
-   * * **Default value**: `null`
-   * * **Required**: *No (unless using email provider)*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#database) | [Databases](https://next-auth.js.org/configuration/databases)
-   */
+  providers: Providers
   database?: string | Record<string, any> | ConnectionOptions
-  /**
-   * A random string used to hash tokens, sign cookies and generate cryptographic keys.
-   * If not specified is uses a hash of all configuration options, including Client ID / Secrets for entropy.
-   * The default behavior is volatile, and **it is strongly recommended** you explicitly specify a value
-   * to avoid invalidating end user sessions when configuration changes are deployed.
-   * * **Default value**: `string` (SHA hash of the "options" object)
-   * * **Required**: No - **but strongly recommended**!
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#secret)
-   */
   secret?: string
-  /**
-   * Configure your session like if you want to use JWT or a database,
-   * how long until an idle session expires, or to throttle write operations in case you are using a database.
-   * * **Default value**: See the documentation page
-   * * **Required**: No
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#session)
-   */
   session?: SessionOptions
-  /**
-   * JSON Web Tokens can be used for session tokens if enabled with the `session: { jwt: true }` option.
-   * JSON Web Tokens are enabled by default if you have not specified a database.
-   * By default JSON Web Tokens are signed (JWS) but not encrypted (JWE),
-   * as JWT encryption adds additional overhead and comes with some caveats.
-   * You can enable encryption by setting `encryption: true`.
-   * * **Default value**: See the documentation page
-   * * **Required**: *No*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#jwt)
-   */
   jwt?: JWTOptions
-  /**
-   * Specify URLs to be used if you want to create custom sign in, sign out and error pages.
-   * Pages specified will override the corresponding built-in page.
-   * * **Default value**: `{}`
-   * * **Required**: *No*
-   * @example
-   *
-   * ```js
-   *   pages: {
-   *     signIn: '/auth/signin',
-   *     signOut: '/auth/signout',
-   *     error: '/auth/error',
-   *     verifyRequest: '/auth/verify-request',
-   *     newUser: null
-   *   }
-   * ```
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#pages) | [Pages documentation](https://next-auth.js.org/configuration/pages)
-   */
   pages?: PagesOptions
-  /**
-   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
-   * Callbacks are *extremely powerful*, especially in scenarios involving JSON Web Tokens
-   * as they **allow you to implement access controls without a database** and to **integrate with external databases or APIs**.
-   * * **Default value**: See the Callbacks documentation
-   * * **Required**: *No*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#callbacks) | [Callbacks documentation](https://next-auth.js.org/configuration/callbacks)
-   */
   callbacks?: CallbacksOptions
-  /**
-   * Events are asynchronous functions that do not return a response, they are useful for audit logging.
-   * You can specify a handler for any of these events below - e.g. for debugging or to create an audit log.
-   * The content of the message object varies depending on the flow
-   * (e.g. OAuth or Email authentication flow, JWT or database sessions, etc),
-   * but typically contains a user object and/or contents of the JSON Web Token
-   * and other information relevant to the event.
-   * * **Default value**: `{}`
-   * * **Required**: *No*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#events) | [Events documentation](https://next-auth.js.org/configuration/events)
-   */
-  events?: EventsOptions
-  /**
-   * By default NextAuth.js uses a database adapter that uses TypeORM and supports MySQL, MariaDB, Postgres and MongoDB and SQLite databases.
-   * An alternative adapter that uses Prisma, which currently supports MySQL, MariaDB and Postgres, is also included.
-   * You can use the adapter option to use the Prisma adapter - or pass in your own adapter
-   * if you want to use a database that is not supported by one of the built-in adapters.
-   * * **Default value**: TypeORM adapter
-   * * **Required**: *No*
-   *
-   * - ⚠ If the `adapter` option is specified it overrides the `database` option, only specify one or the other.
-   * - ⚠ Adapters are being migrated to their own home in a Community maintained repository.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#adapter) |
-   * [Default adapter](https://next-auth.js.org/schemas/adapters#typeorm-adapter) |
-   * [Community adapters](https://github.com/nextauthjs/adapters)
-   */
-  adapter?: Adapter
-  /**
-   * Set debug to true to enable debug messages for authentication and database operations.
-   * * **Default value**: `false`
-   * * **Required**: *No*
-   *
-   * - ⚠ If you added a custom `logger`, this setting is ignored.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#debug) | [Logger documentation](https://next-auth.js.org/configuration/options#logger)
-   */
   debug?: boolean
-  /**
-   * Override any of the logger levels (`undefined` levels will use the built-in logger),
-   * and intercept logs in NextAuth. You can use this option to send NextAuth logs to a third-party logging service.
-   * * **Default value**: `console`
-   * * **Required**: *No*
-   *
-   * @example
-   *
-   * ```js
-   * // /pages/api/auth/[...nextauth].js
-   * import log from "logging-service"
-   * export default NextAuth({
-   *   logger: {
-   *     error(code, ...message) {
-   *       log.error(code, message)
-   *     },
-   *     warn(code, ...message) {
-   *       log.warn(code, message)
-   *     },
-   *     debug(code, ...message) {
-   *       log.debug(code, message)
-   *     }
-   *   }
-   * })
-   * ```
-   *
-   * - ⚠ When set, the `debug` option is ignored
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#logger) |
-   * [Debug documentation](https://next-auth.js.org/configuration/options#debug)
-   */
-  logger?: LoggerInstance
-  /**
-   * Changes the theme of pages.
-   * Set to `"light"` if you want to force pages to always be light.
-   * Set to `"dark"` if you want to force pages to always be dark.
-   * Set to `"auto"`, (or leave this option out)if you want the pages to follow the preferred system theme.
-   * * **Default value**: `"auto"`
-   * * **Required**: *No*
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#theme) | [Pages documentation]("https://next-auth.js.org/configuration/pages")
-   */
-  theme?: "auto" | "dark" | "light"
-  /**
-   * When set to `true` then all cookies set by NextAuth.js will only be accessible from HTTPS URLs.
-   * This option defaults to `false` on URLs that start with `http://` (e.g. http://localhost:3000) for developer convenience.
-   * You can manually set this option to `false` to disable this security feature and allow cookies
-   * to be accessible from non-secured URLs (this is not recommended).
-   * * **Default value**: `true` for HTTPS and `false` for HTTP sites
-   * * **Required**: No
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#usesecurecookies)
-   *
-   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
-   * but **may have complex implications** or side effects.
-   * You should **try to avoid using advanced options** unless you are very comfortable using them.
-   */
+  adapter?: Adapter
+  events?: EventsOptions
   useSecureCookies?: boolean
-  /**
-   * You can override the default cookie names and options for any of the cookies used by NextAuth.js.
-   * You can specify one or more cookies with custom properties,
-   * but if you specify custom options for a cookie you must provide all the options for that cookie.
-   * If you use this feature, you will likely want to create conditional behavior
-   * to support setting different cookies policies in development and production builds,
-   * as you will be opting out of the built-in dynamic policy.
-   * * **Default value**: `{}`
-   * * **Required**: No
-   *
-   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
-   * but **may have complex implications** or side effects.
-   * You should **try to avoid using advanced options** unless you are very comfortable using them.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/options#cookies) | [Usage example](https://next-auth.js.org/configuration/options#example)
-   */
   cookies?: CookiesOptions
+  logger?: LoggerInstance
+  theme?: "light" | "dark" | "auto"
 }
 
-/**
- * Override any of the methods, and the rest will use the default logger.
- *
- * [Documentation](https://next-auth.js.org/configuration/options#logger)
- */
 export interface LoggerInstance {
-  warn(code: string, ...message: unknown[]): void
-  error(code: string, ...message: unknown[]): void
-  debug(code: string, ...message: unknown[]): void
+  warn: (code?: string, ...message: unknown[]) => void
+  error: (code?: string, ...message: unknown[]) => void
+  debug: (code?: string, ...message: unknown[]) => void
 }
 
-/**
- * Different tokens returned by OAuth Providers.
- * Some of them are available with different casing,
- * but they refer to the same value.
- */
-export interface TokenSet {
-  accessToken: string
-  idToken?: string
-  refreshToken?: string
-  access_token: string
-  expires_in?: number | null
-  refresh_token?: string
-  id_token?: string
+interface InternalOptions
+  extends Omit<
+    NextAuthOptions,
+    "providers" | "database" | "session" | "useSecureCookie"
+  > {
+  pkce: {
+    code_verifier?: string
+    code_challenge_method?: "S256"
+  }
+  provider?: string
+  baseUrl?: string
+  basePath?: string
+  action?:
+    | "providers"
+    | "session"
+    | "csrf"
+    | "signin"
+    | "signout"
+    | "callback"
+    | "verify-request"
+    | "error"
+  csrfToken?: string
 }
 
-/**
- * Usually contains information about the provider being used
- * and also extends `TokenSet`, which is different tokens returned by OAuth Providers.
- */
-export interface Account extends TokenSet, Record<string, unknown> {
-  id: string
-  provider: string
-  type: string
+export interface AppOptions
+  extends Omit<NextApiRequest, "cookies">,
+    NonNullParams<InternalOptions> {
+  providers: AppProvider[]
 }
 
-/** The OAuth profile returned from your provider */
-export interface Profile extends Record<string, unknown> {
-  sub?: string
-  name?: string
-  email?: string
-  image?: string
+export interface CallbacksOptions {
+  signIn?:
+    | (() => true)
+    | ((
+        user: User,
+        account: Record<string, unknown>,
+        profile: Record<string, unknown>
+      ) => Promise<never | string | boolean>)
+  redirect?: (url: string, baseUrl: string) => Promise<string>
+  session?:
+    | ((session: Session) => WithAdditionalParams<Session>)
+    | ((
+        session: Session,
+        userOrToken: User | JWT
+      ) => Promise<WithAdditionalParams<Session>>)
+  jwt?:
+    | ((token: JWT) => WithAdditionalParams<JWT>)
+    | ((
+        token: JWT,
+        user: User,
+        account: Record<string, unknown>,
+        profile: Record<string, unknown>,
+        isNewUser: boolean
+      ) => Promise<WithAdditionalParams<JWT>>)
 }
 
-/** [Documentation](https://next-auth.js.org/configuration/callbacks) */
-export interface CallbacksOptions<
-  P extends Record<string, unknown> = Profile,
-  A extends Record<string, unknown> = Account
-> {
-  /**
-   * Use this callback to control if a user is allowed to sign in.
-   * Returning true will continue the sign-in flow.
-   * Throwing an error or returning a string will stop the flow, and redirect the user.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/callbacks#sign-in-callback)
-   */
-  signIn?(user: User, account: A, profile: P): Awaitable<string | boolean>
-  /**
-   * This callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout).
-   * By default only URLs on the same URL as the site are allowed,
-   * you can use this callback to customise that behaviour.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/callbacks#redirect-callback)
-   */
-  redirect?(url: string, baseUrl: string): Awaitable<string>
-  /**
-   * This callback is called whenever a session is checked.
-   * (Eg.: invoking the `/api/session` endpoint, using `useSession` or `getSession`)
-   *
-   * - ⚠ By default, only a subset of the token is returned for increased security.
-   * If you want to make something available you added to the token through the `jwt` callback,
-   * you have to explicitely forward it here to make it available to the client.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/callbacks#session-callback) |
-   * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
-   * [`useSession`](https://next-auth.js.org/getting-started/client#usesession) |
-   * [`getSession`](https://next-auth.js.org/getting-started/client#getsession) |
-   *
-   */
-  session?(session: Session, userOrToken: JWT | User): Awaitable<Session>
-  /**
-   * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
-   * or updated (i.e whenever a session is accessed in the client).
-   * Its content is forwarded to the `session` callback,
-   * where you can control what should be returned to the client.
-   * Anything else will be kept from your front-end.
-   *
-   * - ⚠ By default the JWT is signed, but not encrypted.
-   *
-   * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
-   * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback)
-   */
-  jwt?(
-    token: JWT,
-    user?: User,
-    account?: A,
-    profile?: P,
-    isNewUser?: boolean
-  ): Awaitable<JWT>
-}
-
-/** [Documentation](https://next-auth.js.org/configuration/options#cookies) */
 export interface CookieOption {
   name: string
   options: {
@@ -329,7 +100,6 @@ export interface CookieOption {
   }
 }
 
-/** [Documentation](https://next-auth.js.org/configuration/options#cookies) */
 export interface CookiesOptions {
   sessionToken?: CookieOption
   callbackUrl?: CookieOption
@@ -337,7 +107,6 @@ export interface CookiesOptions {
   pkceCodeVerifier?: CookieOption
 }
 
-/** [Documentation](https://next-auth.js.org/configuration/events) */
 export type EventType =
   | "signIn"
   | "signOut"
@@ -347,67 +116,54 @@ export type EventType =
   | "session"
   | "error"
 
-/** [Documentation](https://next-auth.js.org/configuration/events) */
 export type EventCallback = (message: any) => Promise<void>
 
-/** [Documentation](https://next-auth.js.org/configuration/events) */
 export type EventsOptions = Partial<Record<EventType, EventCallback>>
 
-/** [Documentation](https://next-auth.js.org/configuration/pages) */
 export interface PagesOptions {
   signIn?: string
   signOut?: string
-  /** Error code passed in query string as ?error= */
   error?: string
   verifyRequest?: string
-  /** If set, new users will be directed here on first sign in */
-  newUser?: string
+  newUser?: string | null
 }
 
-/**
- * Returned by `useSession`, `getSession`, returned by the `session` callback
- * and also the shape received as a prop on the `Provider` React Context
- *
- * [`useSession`](https://next-auth.js.org/getting-started/client#usesession) |
- * [`getSession`](https://next-auth.js.org/getting-started/client#getsession) |
- * [`Provider`](https://next-auth.js.org/getting-started/client#provider) |
- * [`session` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback)
- */
-export interface Session extends Record<string, unknown> {
-  user?: User
+export interface Session {
+  user: WithAdditionalParams<User>
   accessToken?: string
   expires: string
 }
 
-/** [Documentation](https://next-auth.js.org/configuration/options#session) */
 export interface SessionOptions {
   jwt?: boolean
   maxAge?: number
   updateAge?: number
 }
 
-/**
- * The shape of the returned object in the OAuth providers' `profile` callback,
- * available in the `jwt` and `session` callbacks,
- * or the second parameter of the `session` callback, when using a database.
- *
- * [`signIn` callback](https://next-auth.js.org/configuration/callbacks#sign-in-callback) |
- * [`session` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
- * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) |
- * [`profile` OAuth provider callback](https://next-auth.js.org/configuration/providers#using-a-custom-provider)
- */
 export interface User {
   name?: string | null
   email?: string | null
   image?: string | null
 }
 
+export interface NextAuthRequest extends NextApiRequest {
+  options: InternalOptions
+}
+export type NextAuthResponse = NextApiResponse
+
+declare function NextAuthHandler(
+  req: NextApiRequest,
+  res: NextApiResponse,
+  options?: NextAuthOptions
+): ReturnType<NextApiHandler>
 declare function NextAuth(
   req: NextApiRequest,
   res: NextApiResponse,
-  options: NextAuthOptions
+  options?: NextAuthOptions
 ): ReturnType<NextApiHandler>
+declare function NextAuth(
+  options: NextAuthOptions
+): ReturnType<typeof NextAuthHandler>
 
-declare function NextAuth(options: NextAuthOptions): ReturnType<NextApiHandler>
-
+export { NextAuthHandler, NextAuth }
 export default NextAuth

types/internals/client.d.ts

@@ -1,34 +0,0 @@
-import * as React from "react"
-import { Session } from ".."
-
-export interface BroadcastMessage {
-  event?: "session"
-  data?: {
-    trigger?: "signout" | "getSession"
-  }
-  clientId: string
-  timestamp: number
-}
-
-export interface NextAuthConfig {
-  baseUrl: string
-  basePath: string
-  baseUrlServer: string
-  basePathServer: string
-  /** 0 means disabled (don't send); 60 means send every 60 seconds */
-  keepAlive: number
-  /** 0 means disabled (only use cache); 60 means sync if last checked > 60 seconds ago */
-  clientMaxAge: number
-  /** Used for timestamp since last sycned (in seconds) */
-  _clientLastSync: number
-  /** Stores timer for poll interval */
-  _clientSyncTimer: ReturnType<typeof setTimeout>
-  /** Tracks if event listeners have been added */
-  _eventListenersAdded: boolean
-  /** Stores last session response from hook */
-  _clientSession: Session | null | undefined
-  /** Used to store to function export by getSession() hook */
-  _getSession: any
-}
-
-export type SessionContext = React.Context<Session>

types/internals/index.d.ts

@@ -1,50 +0,0 @@
-import { NextApiRequest, NextApiResponse } from "./utils"
-import { NextAuthOptions } from ".."
-import { AppProvider } from "./providers"
-
-/** Options that are the same both in internal and user provided options. */
-export type NextAuthSharedOptions =
-  | "pages"
-  | "jwt"
-  | "events"
-  | "callbacks"
-  | "cookies"
-  | "secret"
-  | "adapter"
-  | "theme"
-  | "debug"
-  | "logger"
-
-export interface AppOptions
-  extends Pick<NextAuthOptions, NextAuthSharedOptions> {
-  pkce?: {
-    code_verifier?: string
-    /**
-     * Could be `"plain"`, but not recommended.
-     * We ignore it for now.
-     * @spec https://tools.ietf.org/html/rfc7636#section-4.2.
-     */
-    code_challenge_method?: "S256"
-  }
-  provider?: AppProvider
-  providers: AppProvider[]
-  baseUrl?: string
-  basePath?: string
-  action?:
-    | "providers"
-    | "session"
-    | "csrf"
-    | "signin"
-    | "signout"
-    | "callback"
-    | "verify-request"
-    | "error"
-  csrfToken?: string
-  csrfTokenVerified?: boolean
-}
-
-export interface NextAuthRequest extends NextApiRequest {
-  options: AppOptions
-}
-
-export type NextAuthResponse = NextApiResponse

types/internals/providers.d.ts

@@ -1,6 +0,0 @@
-import { CommonProviderOptions } from "../providers"
-
-export interface AppProvider extends CommonProviderOptions {
-  signinUrl: string
-  callbackUrl: string
-}

types/internals/utils.d.ts

@@ -1,42 +0,0 @@
-import { IncomingMessage, ServerResponse } from "http"
-
-export type Awaitable<T> = T | PromiseLike<T>
-
-// ------------------------------------------------------
-// Types from next@10,
-// see: https://github.com/microsoft/dtslint/issues/297
-// ------------------------------------------------------
-export interface NextApiRequest extends IncomingMessage {
-  query: {
-    [key: string]: string | string[]
-  }
-  cookies: {
-    [key: string]: string
-  }
-  body: any
-  env: any
-  preview?: boolean
-  previewData?: any
-}
-
-export type Send<T> = (body: T) => void
-
-export type NextApiResponse<T = any> = ServerResponse & {
-  send: Send<T>
-  json: Send<T>
-  status: (statusCode: number) => NextApiResponse<T>
-  redirect: ((url: string) => NextApiResponse<T>) &
-    ((status: number, url: string) => NextApiResponse<T>)
-  setPreviewData: (
-    data: object | string,
-    options?: {
-      maxAge?: number
-    }
-  ) => NextApiResponse<T>
-  clearPreviewData: () => NextApiResponse<T>
-}
-
-export type NextApiHandler<T = any> = (
-  req: NextApiRequest,
-  res: NextApiResponse<T>
-) => void | Promise<void>

types/jwt.d.ts

@@ -1,11 +1,7 @@
-import { JWT as JoseJWT, JWE } from "jose"
-import { NextApiRequest } from "./internals/utils"
+import { JWT, JWE } from "jose"
+import { NextApiRequest } from "./_next"
+import { WithAdditionalParams } from "./_utils"
 
-/**
- * Returned by the `jwt` callback and `getToken`, when using JWT sessions
- *
- * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) | [`getToken`](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken)
- */
 export interface JWT extends Record<string, unknown> {
   name?: string | null
   email?: string | null
@@ -13,54 +9,59 @@ export interface JWT extends Record<string, unknown> {
 }
 
 export interface JWTEncodeParams {
-  token?: JWT
+  token?: WithAdditionalParams<JWT>
   maxAge?: number
   secret: string | Buffer
   signingKey?: string
-  signingOptions?: JoseJWT.SignOptions
+  signingOptions?: JWT.SignOptions
   encryptionKey?: string
   encryptionOptions?: object
   encryption?: boolean
 }
 
-export function encode(params?: JWTEncodeParams): Promise<string>
-
 export interface JWTDecodeParams {
   token?: string
   maxAge?: number
   secret: string | Buffer
   signingKey?: string
   verificationKey?: string
-  verificationOptions?: JoseJWT.VerifyOptions<false>
+  verificationOptions?: JWT.VerifyOptions<false>
   encryptionKey?: string
   decryptionKey?: string
   decryptionOptions?: JWE.DecryptOptions<false>
   encryption?: boolean
 }
 
-export function decode(params?: JWTDecodeParams): Promise<JWT>
-
-export type GetTokenParams<R extends boolean = false> = {
-  req: NextApiRequest
-  secureCookie?: boolean
-  cookieName?: string
-  raw?: R
-  decode?: typeof decode
-  secret?: string
-} & Omit<JWTDecodeParams, "secret">
-
-/** [Documentation](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken) */
-export function getToken<R extends boolean = false>(
-  params?: GetTokenParams<R>
-): Promise<R extends true ? string : JWT | null>
-
 export interface JWTOptions {
   secret?: string
   maxAge?: number
   encryption?: boolean
   signingKey?: string
   encryptionKey?: string
-  encode?: typeof encode
-  decode?: typeof decode
-  verificationOptions?: JoseJWT.VerifyOptions<false>
+  encode?: (options: JWTEncodeParams) => Promise<string>
+  decode?: (options: JWTDecodeParams) => Promise<WithAdditionalParams<JWT>>
 }
+
+declare function encode(args?: JWTEncodeParams): Promise<string>
+
+declare function decode(
+  args?: JWTDecodeParams & { token: string }
+): Promise<WithAdditionalParams<JWT>>
+
+declare function getToken(
+  args?: {
+    req: NextApiRequest
+    secureCookie?: boolean
+    cookieName?: string
+    raw?: string
+  } & JWTDecodeParams
+): Promise<WithAdditionalParams<JWT>>
+
+declare function getToken(args?: {
+  req: NextApiRequest
+  secureCookie?: boolean
+  cookieName?: string
+  raw: true
+}): Promise<string>
+
+export { encode, decode, getToken }

types/providers.d.ts

@@ -1,30 +1,14 @@
-import { Profile, TokenSet, User } from "."
-import { Awaitable } from "./internals/utils"
+import { User } from "."
+import { JWT } from "./jwt"
+import { NonNullParams, NullableParams, WithAdditionalParams } from "./_utils"
 
-export type ProviderType = "oauth" | "email" | "credentials"
-
-export interface CommonProviderOptions {
-  id: string
+export interface Provider<
+  T extends string | undefined = undefined,
+  U = T extends string ? "oauth" : string
+> {
+  id: T
   name: string
-  type: ProviderType
-}
-
-/**
- * OAuth Provider
- */
-
-type ProtectionType = "pkce" | "state" | "both" | "none"
-
-/**
- * OAuth provider options
- *
- * [Documentation](https://next-auth.js.org/configuration/providers#oauth-provider-options)
- */
-export interface OAuthConfig<P extends Record<string, unknown> = Profile>
-  extends CommonProviderOptions {
-  authorizationParams?: Record<string, string>
-  headers?: Record<string, any>
-  type: "oauth"
+  type: U extends string ? U : "oauth" | "email" | "credentials"
   version: string
   scope: string
   params: { grant_type: string }
@@ -32,96 +16,97 @@ export interface OAuthConfig<P extends Record<string, unknown> = Profile>
   requestTokenUrl: string
   authorizationUrl: string
   profileUrl: string
-  profile(profile: P, tokens: TokenSet): Awaitable<User & { id: string }>
-  protection?: ProtectionType | ProtectionType[]
+  profile: (
+    profile: Record<string, any>,
+    tokens: any
+  ) => (User & { id: string }) | Promise<User & { id: string }>
   clientId: string
-  clientSecret:
-    | string
-    // TODO: only allow for Apple
-    | Record<"appleId" | "teamId" | "privateKey" | "keyId", string>
+  clientSecret: string | Record<string, unknown>
   idToken?: boolean
-  /**
-   * @deprecated Will be removed in an upcoming major release. Use `protection: ["state"]` instead.
-   */
-  state?: boolean
-
-  // TODO: only allow for BattleNet
-  region?: string
-  // TODO: only allow for some
-  domain?: string
-  // TODO: only allow for Azure Active Directory B2C and FusionAuth
-  tenantId?: string
 }
 
-export type OAuthProviderType =
-  | "Apple"
-  | "Atlassian"
-  | "Auth0"
-  | "AzureADB2C"
-  | "Basecamp"
-  | "BattleNet"
-  | "Box"
-  | "Bungie"
-  | "Cognito"
-  | "Discord"
-  | "EVEOnline"
-  | "Facebook"
-  | "FACEIT"
-  | "Foursquare"
-  | "FusionAuth"
-  | "GitHub"
-  | "GitLab"
-  | "Google"
-  | "IdentityServer4"
-  | "Instagram"
-  | "Kakao"
-  | "LINE"
-  | "LinkedIn"
-  | "MailRu"
-  | "Medium"
-  | "Netlify"
-  | "Okta"
-  | "Osso"
-  | "Reddit"
-  | "Salesforce"
-  | "Slack"
-  | "Spotify"
-  | "Strava"
-  | "Twitch"
-  | "Twitter"
-  | "VK"
-  | "Yandex"
-  | "Zoho"
+export interface AppProvider extends Pick<Provider, "id" | "name" | "type"> {
+  signinUrl: string
+  callbackUrl: string
+}
 
-export type OAuthProvider = (options: Partial<OAuthConfig>) => OAuthConfig
+export interface DefaultProviders {
+  Apple: Apple
+  Attlassian: Atlassian
+  Auth0: Auth0
+  AzureADB2C: AzureADB2C
+  Basecamp: Basecamp
+  BattleNet: BattleNet
+  Box: Box
+  Bungie: Bungie
+  Cognito: Cognito
+  Credentials: Credentials
+  Discord: Discord
+  Email: Email
+  EVEOnline: EVEOnline
+  Facebook: Facebook
+  FACEIT: FACEIT
+  Foursquare: Foursquare
+  FusionAuth: FusionAuth
+  GitHub: GitHub
+  GitLab: GitLab
+  Google: Google
+  IdentityServer4: IdentityServer4
+  Instagram: Instagram
+  Kakao: Kakao
+  LINE: LINE
+  LinkedIn: LinkedIn
+  MailRu: MailRu
+  Medium: Medium
+  Netlify: Netlify
+  Okta: Okta
+  Osso: Osso
+  Reddit: Reddit
+  Salesforce: Salesforce
+  Slack: Slack
+  Spotify: Spotify
+  Strava: Strava
+  Twitch: Twitch
+  Twitter: Twitter
+  VK: VK
+  Yandex: Yandex
+  Zoho: Zoho
+}
+
+export type Providers = Array<
+  Provider | ReturnType<DefaultProviders[keyof DefaultProviders]>
+>
+
+declare const Providers: DefaultProviders
+
+export default Providers
 
 /**
- * Credentials Provider
+ * Email
  */
+type Email = (
+  options: ProviderEmailOptions
+) => NonNullParams<ProviderEmailOptions> & { id: "email"; type: "email" }
 
-interface CredentialInput {
-  label?: string
-  type?: string
-  value?: string
-  placeholder?: string
+interface VerificationRequestParams extends Provider {
+  identifier: string
+  url: string
+  baseUrl: string
+  token: string
+  provider: ProviderEmailOptions
 }
 
-interface CredentialsConfig<C extends Record<string, CredentialInput> = {}>
-  extends CommonProviderOptions {
-  type: "credentials"
-  credentials: C
-  authorize(credentials: Record<keyof C, string>): Awaitable<User | null>
+interface ProviderEmailOptions {
+  name?: string
+  server?: string | ProviderEmailServer
+  from?: string
+  maxAge?: number
+  sendVerificationRequest?: (
+    options: VerificationRequestParams
+  ) => Promise<void>
 }
 
-export type CredentialsProvider = (
-  options: Partial<CredentialsConfig>
-) => CredentialsConfig
-
-export type CredentialsProviderType = "Credentials"
-
-/** Email Provider */
-
-export interface EmailConfigServerOptions {
+interface ProviderEmailServer {
   host: string
   port: number
   auth: {
@@ -130,37 +115,321 @@ export interface EmailConfigServerOptions {
   }
 }
 
-export interface EmailConfig extends CommonProviderOptions {
-  type: "email"
-  // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
-  server: string | EmailConfigServerOptions
-  from?: string
-  maxAge?: number
-  sendVerificationRequest(params: {
-    identifier: string
-    url: string
-    baseUrl: string
-    token: string
-    provider: EmailConfig
-  }): Awaitable<void>
+/**
+ * Credentials
+ */
+type Credentials = (
+  options: ProviderCredentialsOptions
+) => NonNullParams<ProviderCredentialsOptions> & {
+  id: "credentials"
+  type: "credentials"
 }
 
-export type EmailProvider = (options: Partial<EmailConfig>) => EmailConfig
+interface ProviderCredentialsOptions {
+  id?: string
+  name: string
+  credentials: CredentialInput
+  authorize: (credentials: Record<string, string>) => Promise<User | null>
+}
 
-// TODO: Rename to Token provider
-// when started working on https://github.com/nextauthjs/next-auth/discussions/1465
-export type EmailProviderType = "Email"
+interface CredentialInput {
+  [key: string]: {
+    label?: string
+    type?: string
+    value?: string
+    placeholder?: string
+  }
+}
 
-export type Provider = OAuthConfig | EmailConfig | CredentialsConfig
+type OptionsBase = {
+  [K in keyof Omit<Provider, "id">]?: Provider[K]
+}
 
-export type BuiltInProviders = Record<OAuthProviderType, OAuthProvider> &
-  Record<CredentialsProviderType, CredentialsProvider> &
-  Record<EmailProviderType, EmailProvider>
+/**
+ * Provider options
+ * @link https://next-auth.js.org/configuration/providers#oauth-provider-options
+ */
+interface ProviderCommonOptions extends OptionsBase {
+  authorizationParams?: Record<string, string>
+  clientId: string
+  clientSecret: string
+  headers?: Record<string, any>
+  idToken?: boolean
+  name?: string
+  protection?: "pkce" | "state" | "both" | "none"
+  state?: boolean
+}
 
-export type AppProviders = Array<
-  Provider | ReturnType<BuiltInProviders[keyof BuiltInProviders]>
->
+/**
+ * Apple
+ */
+type Apple = (
+  options: ProviderAppleOptions
+) => Provider<"apple"> & { protection: "none" }
 
-declare const Providers: BuiltInProviders
+interface ProviderAppleOptions
+  extends Omit<ProviderCommonOptions, "clientSecret"> {
+  name?: string
+  clientId: string
+  clientSecret: Record<"appleId" | "teamId" | "privateKey" | "keyId", string>
+}
 
-export default Providers
+interface ProviderAppleSecret {
+  appleId: string
+  teamId: string
+  privateKey: string
+  keyId: string
+}
+
+/**
+ * Twitter
+ */
+type Twitter = (options: ProviderCommonOptions) => Provider<"twitter">
+
+/**
+ * Facebook
+ */
+type Facebook = (options: ProviderCommonOptions) => Provider<"facebook">
+
+/**
+ * GitHub
+ */
+type GitHub = (options: ProviderGitHubOptions) => Provider<"github">
+
+interface ProviderGitHubOptions extends Omit<ProviderCommonOptions, "scope"> {
+  scope?: string
+}
+
+/**
+ * GitLab
+ */
+type GitLab = (options: ProviderCommonOptions) => Provider<"gitlab">
+
+/**
+ * Slack
+ */
+type Slack = (options: ProviderCommonOptions) => Provider<"slack">
+
+/**
+ * Google
+ */
+type Google = (options: ProviderGoogleOptions) => Provider<"google">
+
+interface ProviderGoogleOptions extends ProviderCommonOptions {
+  authorizationUrl?: string
+}
+
+/**
+ * Auth0
+ */
+type Auth0 = (
+  options: ProviderAuth0Options
+) => Provider<"auth0"> & { domain: string }
+
+interface ProviderAuth0Options extends Omit<ProviderCommonOptions, "profile"> {
+  domain: string
+  profile?: (profile: Auth0Profile) => User & { id: string }
+}
+
+interface Auth0Profile {
+  sub: string
+  nickname: string
+  email: string
+  picture: string
+}
+
+/**
+ * IS4
+ */
+
+type IdentityServer4 = (
+  options: ProviderIS4Options
+) => Provider<"identity-server4" | string> & { domain: string }
+
+interface ProviderIS4Options extends Omit<ProviderCommonOptions, "id"> {
+  id: string
+  scope: string
+  domain: string
+}
+
+/**
+ * Discord
+ */
+type Discord = (options: ProviderCommonOptions) => Provider<"discord">
+
+/**
+ * Twitch
+ */
+type Twitch = (options: ProviderCommonOptions) => Provider<"twitch">
+
+/**
+ * Okta
+ */
+type Okta = (
+  options: ProviderOktaOptions
+) => Provider<"okta"> & { domain: string }
+
+interface ProviderOktaOptions extends ProviderCommonOptions {
+  domain: string
+}
+
+/**
+ * Battle.net
+ */
+type BattleNet = (
+  options: ProviderBattleNetOptions
+) => Provider<"battlenet"> & { region: string }
+
+interface ProviderBattleNetOptions extends ProviderCommonOptions {
+  region: string
+}
+
+/**
+ * Box
+ */
+type Box = (options: ProviderCommonOptions) => Provider<"box">
+
+/**
+ * Cognito
+ */
+type Cognito = (
+  options: ProviderCognitoOptions
+) => Provider<"cognito"> & { domain: string }
+
+interface ProviderCognitoOptions extends ProviderCommonOptions {
+  domain: string
+}
+
+/**
+ * Yandex
+ */
+type Yandex = (options: ProviderCommonOptions) => Provider<"yandex">
+
+/**
+ * LinkedIn
+ */
+type LinkedIn = (options: ProviderLinkedInOptions) => Provider<"linkedin">
+
+interface ProviderLinkedInOptions extends ProviderCommonOptions {
+  scope?: string
+}
+
+/**
+ * Spotify
+ */
+type Spotify = (options: ProviderSpotifyOptions) => Provider<"spotify">
+
+interface ProviderSpotifyOptions extends ProviderCommonOptions {
+  scope?: string
+}
+
+/**
+ * Basecamp
+ */
+type Basecamp = (options: ProviderCommonOptions) => Provider<"basecamp">
+
+/**
+ * Reddit
+ */
+type Reddit = (options: ProviderCommonOptions) => Provider<"reddit">
+
+/**
+ * Atlassian
+ */
+type Atlassian = (options: ProviderCommonOptions) => Provider<"atlassian">
+
+/**
+ * AzureADB2C
+ */
+type AzureADB2C = (
+  options: ProviderAzureADB2COptions
+) => Provider<"azure-ad-b2c">
+
+interface ProviderAzureADB2COptions extends ProviderCommonOptions {
+  tenantId?: string
+}
+
+/**
+ * Bungie
+ */
+type Bungie = (options: ProviderCommonOptions) => Provider<"bungie">
+
+/**
+ * EVEOnline
+ */
+type EVEOnline = (options: ProviderCommonOptions) => Provider<"eveonline">
+
+/**
+ * FACEIT
+ */
+type FACEIT = (options: ProviderCommonOptions) => Provider<"faceit">
+
+/**
+ * Foursquare
+ */
+type Foursquare = (options: ProviderCommonOptions) => Provider<"foursquare">
+
+/**
+ * FusionAuth
+ */
+type FusionAuth = (options: ProviderFusionAuthOptions) => Provider<"fusionauth">
+
+interface ProviderFusionAuthOptions extends ProviderCommonOptions {
+  tenantId?: string
+  domain?: string
+}
+
+/**
+ * Instagram
+ */
+type Instagram = (options: ProviderCommonOptions) => Provider<"instagram">
+
+/**
+ * Kakao
+ */
+type Kakao = (options: ProviderCommonOptions) => Provider<"kakao">
+
+/**
+ * LINE
+ */
+type LINE = (options: ProviderCommonOptions) => Provider<"line">
+
+/**
+ * MailRu
+ */
+type MailRu = (options: ProviderCommonOptions) => Provider<"mailru">
+
+/**
+ * Medium
+ */
+type Medium = (options: ProviderCommonOptions) => Provider<"medium">
+
+/**
+ * Netlify
+ */
+type Netlify = (options: ProviderCommonOptions) => Provider<"netlify">
+
+/**
+ * Osso
+ */
+type Osso = (options: ProviderCommonOptions) => Provider<"osso">
+
+/**
+ * Salesforce
+ */
+type Salesforce = (options: ProviderCommonOptions) => Provider<"salesforce">
+
+/**
+ * Strava
+ */
+type Strava = (options: ProviderCommonOptions) => Provider<"strava">
+
+/**
+ * VK
+ */
+type VK = (options: ProviderCommonOptions) => Provider<"vk">
+
+/**
+ * Zoho
+ */
+type Zoho = (options: ProviderCommonOptions) => Provider<"zoho">

types/tests/adapters.test.ts

@@ -1,4 +1,4 @@
-import Adapters from "next-auth/adapters"
+import Adapters, { TypeORMAdapter } from "next-auth/adapters"
 
 // ExpectType TypeORMAdapter["Adapter"]
 Adapters.Default({

types/tests/client.test.ts

@@ -11,7 +11,7 @@ const clientSession = {
   expires: "1234",
 }
 
-// $ExpectType [Session | null, boolean]
+// $ExpectType [Session | null | undefined, boolean]
 client.useSession()
 
 // $ExpectType Promise<Session | null>
@@ -20,10 +20,10 @@ client.getSession({ req: nextReq })
 // $ExpectType Promise<Session | null>
 client.session({ req: nextReq })
 
-// $ExpectType Promise<Record<string, ClientSafeProvider> | null>
+// $ExpectType Promise<Record<string, AppProvider> | null>
 client.getProviders()
 
-// $ExpectType Promise<Record<string, ClientSafeProvider> | null>
+// $ExpectType Promise<Record<string, AppProvider> | null>
 client.providers()
 
 // $ExpectType Promise<string | null>
@@ -32,36 +32,26 @@ client.getCsrfToken({ req: nextReq })
 // $ExpectType Promise<string | null>
 client.csrfToken({ req: nextReq })
 
-// $ExpectType Promise<string | null>
-client.csrfToken({ ctx: { req: nextReq } })
+// $ExpectType Promise<void>
+client.signin("github", { data: "foo", redirect: false }, { login: "username" })
 
-// $ExpectType Promise<undefined>
-client.signin("github", { callbackUrl: "foo" }, { login: "username" })
+// $ExpectType Promise<SignInResponse>
+client.signin("credentials", { data: "foo", redirect: false })
 
-// $ExpectType Promise<SignInResponse | undefined>
-client.signin("credentials", { callbackUrl: "foo", redirect: true })
+// $ExpectType Promise<SignInResponse>
+client.signin("email", { data: "foo", redirect: false })
 
-// $ExpectType Promise<SignInResponse | undefined>
-client.signin("credentials", { redirect: false })
+// $ExpectType Promise<void>
+client.signin("email", { data: "foo", redirect: true })
 
-// $ExpectType Promise<SignInResponse | undefined>
-client.signin("email", { callbackUrl: "foo", redirect: false })
-
-// $ExpectType Promise<SignInResponse | undefined>
-client.signin("email", { callbackUrl: "foo", redirect: true })
-
-// $ExpectType Promise<undefined>
+// $ExpectType Promise<void>
 client.signout()
 
-// $ExpectType Promise<undefined>
+// $ExpectType Promise<void>
 client.signout({ callbackUrl: "https://foo.com/callback", redirect: true })
 
-// $ExpectType Promise<SignOutResponse>
-client.signOut({ callbackUrl: "https://foo.com/callback", redirect: false })
-
 // $ExpectType ReactElement<any, any> | null
 client.Provider({
-  children: null,
   session: clientSession,
   options: {
     baseUrl: "https://foo.com",
@@ -72,22 +62,18 @@ client.Provider({
 
 // $ExpectType ReactElement<any, any> | null
 client.Provider({
-  children: null,
   session: clientSession,
 })
 
 // $ExpectType ReactElement<any, any> | null
 client.Provider({
-  children: null,
+  session: undefined,
   options: {},
 })
 
 // $ExpectType ReactElement<any, any> | null
 client.Provider({
-  children: null,
-  session: {
-    expires: "",
-  },
+  session: null,
   options: {
     baseUrl: "https://foo.com",
     basePath: "/",

types/tests/jwt.test.ts

@@ -7,7 +7,7 @@ JWTType.encode({
   secret: "secret",
 })
 
-// $ExpectType Promise<JWT>
+// $ExpectType Promise<WithAdditionalParams<JWT>>
 JWTType.decode({
   token: "token",
   secret: "secret",
@@ -19,7 +19,7 @@ JWTType.getToken({
   raw: true,
 })
 
-// $ExpectType Promise<JWT | null>
+// $ExpectType Promise<WithAdditionalParams<JWT>>
 JWTType.getToken({
   req: nextReq,
   secret: "secret",

types/tests/providers.test.ts

@@ -1,12 +1,12 @@
 import Providers from "next-auth/providers"
 
-// $ExpectType EmailConfig
+// $ExpectType NonNullParams<ProviderEmailOptions> & { id: "email"; type: "email"; }
 Providers.Email({
   server: "path/to/server",
   from: "path/from",
 })
 
-// $ExpectType EmailConfig
+// $ExpectType NonNullParams<ProviderEmailOptions> & { id: "email"; type: "email"; }
 Providers.Email({
   server: {
     host: "host",
@@ -19,7 +19,7 @@ Providers.Email({
   from: "path/from",
 })
 
-// $ExpectType CredentialsConfig<{}>
+// $ExpectType NonNullParams<ProviderCredentialsOptions> & { id: "credentials"; type: "credentials"; }
 Providers.Credentials({
   id: "login",
   name: "account",
@@ -41,7 +41,7 @@ Providers.Credentials({
   },
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"apple", "oauth"> & { protection: "none"; }
 Providers.Apple({
   clientId: "foo123",
   clientSecret: {
@@ -52,64 +52,64 @@ Providers.Apple({
   },
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"twitter", "oauth">
 Providers.Twitter({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"facebook", "oauth">
 Providers.Facebook({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"github", "oauth">
 Providers.GitHub({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"github", "oauth">
 Providers.GitHub({
   clientId: "foo123",
   clientSecret: "bar123",
   scope: "change:thing read:that",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"gitlab", "oauth">
 Providers.GitLab({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"slack", "oauth">
 Providers.Slack({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"google", "oauth">
 Providers.Google({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"google", "oauth">
 Providers.Google({
   clientId: "foo123",
   clientSecret: "bar123",
   authorizationUrl: "https://foo.google.com",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"auth0", "oauth"> & { domain: string; }
 Providers.Auth0({
   clientId: "foo123",
   clientSecret: "bar123",
   domain: "https://foo.auth0.com",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"auth0", "oauth"> & { domain: string; }
 Providers.Auth0({
   clientId: "foo123",
   clientSecret: "bar123",
@@ -122,7 +122,7 @@ Providers.Auth0({
   }),
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<string, "oauth"> & { domain: string; }
 Providers.IdentityServer4({
   id: "identity-server4",
   name: "IdentityServer4",
@@ -132,85 +132,85 @@ Providers.IdentityServer4({
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"discord", "oauth">
 Providers.Discord({
   clientId: "foo123",
   clientSecret: "bar123",
   scope: "identify",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"twitch", "oauth">
 Providers.Twitch({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"okta", "oauth"> & { domain: string; }
 Providers.Okta({
   clientId: "foo123",
   clientSecret: "bar123",
   domain: "https://foo.auth0.com",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"battlenet", "oauth"> & { region: string; }
 Providers.BattleNet({
   clientId: "foo123",
   clientSecret: "bar123",
   region: "europe",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"box", "oauth">
 Providers.Box({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"cognito", "oauth"> & { domain: string; }
 Providers.Cognito({
   clientId: "foo123",
   clientSecret: "bar123",
   domain: "https://foo.auth0.com",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"yandex", "oauth">
 Providers.Yandex({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"linkedin", "oauth">
 Providers.LinkedIn({
   clientId: "foo123",
   clientSecret: "bar123",
   scope: "r_emailaddress r_liteprofile",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"spotify", "oauth">
 Providers.Spotify({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"spotify", "oauth">
 Providers.Spotify({
   clientId: "foo123",
   clientSecret: "bar123",
   scope: "user-read-email",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"basecamp", "oauth">
 Providers.Basecamp({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"reddit", "oauth">
 Providers.Reddit({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"azure-ad-b2c", "oauth">
 Providers.AzureADB2C({
   clientId: "foo123",
   clientSecret: "bar123",
@@ -219,7 +219,7 @@ Providers.AzureADB2C({
   idToken: true,
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"fusionauth", "oauth">
 Providers.FusionAuth({
   name: "FusionAuth",
   domain: "domain",
@@ -228,31 +228,31 @@ Providers.FusionAuth({
   tenantId: "tenantId",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"faceit", "oauth">
 Providers.FACEIT({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"instagram", "oauth">
 Providers.Instagram({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"kakao", "oauth">
 Providers.Kakao({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"osso", "oauth">
 Providers.Osso({
   clientId: "foo123",
   clientSecret: "bar123",
 })
 
-// $ExpectType OAuthConfig<Profile>
+// $ExpectType Provider<"zoho", "oauth">
 Providers.Zoho({
   clientId: "foo123",
   clientSecret: "bar123",

types/tests/server.test.ts

@@ -1,5 +1,5 @@
-import Providers, { OAuthConfig } from "next-auth/providers"
-import {
+import Providers, { AppProvider, Provider } from "next-auth/providers"
+import Adapters, {
   Adapter,
   EmailAppProvider,
   Profile,
@@ -10,9 +10,7 @@ import NextAuth, * as NextAuthTypes from "next-auth"
 import { IncomingMessage, ServerResponse } from "http"
 import * as JWTType from "next-auth/jwt"
 import { Socket } from "net"
-import { NextApiRequest, NextApiResponse } from "internals/utils"
-import { AppOptions } from "internals"
-import { AppProvider } from "internals/providers"
+import { NextApiRequest, NextApiResponse } from "next"
 
 const req: NextApiRequest = Object.assign(new IncomingMessage(new Socket()), {
   query: {},
@@ -39,6 +37,7 @@ const pageOptions = {
 }
 
 const simpleConfig = {
+  site: "https://foo.com",
   providers: [
     Providers.GitHub({
       clientId: "123",
@@ -74,7 +73,7 @@ const adapter: Adapter<
   Session,
   VerificationRequest
 > = {
-  async getAdapter(appOptions: AppOptions) {
+  async getAdapter(appOptions: NextAuthTypes.AppOptions) {
     return {
       createUser: async (profile: Profile) => exampleUser,
       getUser: async (id: string) => exampleUser,
@@ -104,7 +103,7 @@ const adapter: Adapter<
         token: string,
         secret: string,
         provider: EmailAppProvider,
-        options: AppOptions
+        options: NextAuthTypes.AppOptions
       ) => exampleVerificatoinRequest,
       getVerificationRequest: async (
         email: string,
@@ -166,10 +165,10 @@ const allConfig = {
     },
     async jwt(
       token: JWTType.JWT,
-      user?: NextAuthTypes.User,
-      account?: Record<string, unknown>,
-      profile?: Record<string, unknown>,
-      isNewUser?: boolean
+      user: NextAuthTypes.User,
+      account: Record<string, unknown>,
+      profile: Record<string, unknown>,
+      isNewUser: boolean
     ) {
       return token
     },
@@ -210,12 +209,7 @@ const allConfig = {
   },
 }
 
-const customProvider: OAuthConfig<{
-  id: string
-  name: string
-  email: string
-  picture: string
-}> = {
+const customProvider: Provider<"google"> = {
   id: "google",
   name: "Google",
   type: "oauth",
@@ -241,6 +235,7 @@ const customProvider: OAuthConfig<{
 }
 
 const customProviderConfig = {
+  site: "https://foo.com",
   providers: [customProvider],
 }
 

types/tests/test-helpers.ts

@@ -1,6 +1,6 @@
-import { IncomingMessage } from "http"
+import { IncomingMessage, ServerResponse } from "http"
 import { Socket } from "net"
-import { NextApiRequest } from "internals/utils"
+import { NextApiRequest } from "next"
 
 export const nextReq: NextApiRequest = Object.assign(
   new IncomingMessage(new Socket()),

types/tsconfig.json

@@ -16,7 +16,8 @@
       "next-auth/providers": ["./providers"],
       "next-auth/adapters": ["./adapters"],
       "next-auth/client": ["./client"],
-      "next-auth/jwt": ["./jwt"]
+      "next-auth/jwt": ["./jwt"],
+      "next": ["./_next"]
     }
   }
 }

types/tslint.json

@@ -1,7 +1,6 @@
 {
   "extends": "dtslint/dtslint.json",
   "rules": {
-    "semicolon": false,
-    "no-redundant-jsdoc": false
+    "semicolon": false
   }
 }