fix(ts): extract EmailConfigServerOptions to interface

refactor(ts): de-duplicate types (#1690 )
* refactor(ts): deduplicate internal types * refactor(ts): ease up providers typings * test(ts): fix failing TS tests * test(ts): rename TS property to fix test * docs(ts): mention TS docs in README.md * feat(ts): move/update client types * refactor(TS): rename some types * test(ts): fix client tests * docs(ts): move function descriptions to .d.ts * chore: fix lint error * refactor(ts): separate internal types * chore: simplify build-types script * chore: update type import paths in src * chore(build): create root files at build * chore: remove unnecessary .npmignore * chore: run prettier on types * fix(ts): clean up jwt types * fix(ts): make getToken return type depend on raw param * docs(page): explain page errors, add theming note * docs(ts): add JSDoc to NextAuthOptions props * chore(ts): remove unused import * docs(ts): change JSDOC docs notation * refactor(build): extract module entries into enum * chore(ts): move ClientSafeProvider * chore(ts): simplify GetTokenParams generic * style(lint): fix linting errors * chore: re-add generic extension to GetTokenParams
2026-05-01 10:55:20 +00:00 · 2021-04-19 17:02:53 +02:00 · 2021-04-19 16:54:03 +02:00 · 2021-04-18 13:47:02 +02:00 · 2021-04-14 20:22:51 +02:00 · 2021-04-10 23:48:26 +02:00
124 changed files with 911 additions and 1736 deletions
--- a/test/.env.example
+++ b/test/.env.example
@@ -1,6 +1,5 @@
-# To be able to run tests:
-# 1. copy to the root folder and rename to .env
-# 2. Populate with values
+# Rename file to .env and populate values
+# to be able to run tests
 NEXTAUTH_URL=http://localhost:3000
 NEXTAUTH_TWITTER_ID=
 NEXTAUTH_TWITTER_SECRET=
--- a/app/.env.local.example
+++ b/app/.env.local.example
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +0,0 @@
-/types/ @balazsorban44 @lluia
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,6 +1,5 @@
 test:
  - test/**/*
-  - types/tests/**/*

 documentation:
  - www/**/*
@@ -33,7 +32,4 @@ client:

 pages:
  - src/server/pages/**/*
-  - www/docs/configuration/pages.md
-
-TypeScript:
-  - types/**/*
+  - www/docs/configuration/pages.md
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,22 +4,22 @@ name: Lint/Build

 on:
  push:
-    branches:
-      - main
-      - beta
-      - next
+    branches: 
+     - main
+     - beta
+     - next
  pull_request:
    branches:
-      - main
-      - beta
-      - next
+     - main
+     - beta
+     - next

 jobs:
  lint-and-build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        node-version: [12, 14, 16]
+        node-version: [10, 12, 14]
    steps:
      - uses: actions/checkout@v2
      - name: Use Node.js ${{ matrix.node-version }}
@@ -29,4 +29,4 @@ jobs:
      - name: Install dependencies
        uses: bahmutov/npm-install@v1
      - run: npm run lint
-      - run: npm run build
+      - run: npm run build
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -30,7 +30,7 @@ jobs:

    strategy:
      matrix:
-        node-version: [12, 14, 16]
+        node-version: [10, 12, 14]

    steps:
      - uses: actions/checkout@v2
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,14 +2,14 @@ name: Release
 on:
  push:
    branches:
-      - "main"
-      - "beta"
-      - "next"
-      - "3.x"
+      - 'main'
+      - 'beta'
+      - 'next'
+      - '3.x'
  pull_request:
 jobs:
  release:
-    name: "Release"
+    name: 'Release'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@@ -20,6 +20,7 @@ jobs:
          node-version: 14
      - name: Install dependencies
        uses: bahmutov/npm-install@v1
+      - run: npm run build
      - run: npx semantic-release@17
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/types.yml
+++ b/.github/workflows/types.yml
@@ -19,8 +19,6 @@ jobs:
      - uses: actions/checkout@v2
      - name: Use Node.js
        uses: actions/setup-node@v1
-        with:
-          node-version: 14
      - name: Install dependencies
        uses: bahmutov/npm-install@v1
      - name: Check types
--- a/.gitignore
+++ b/.gitignore
@@ -25,27 +25,8 @@ node_modules
 # Generated files
 .docusaurus
 .cache-loader
+.next
 www/providers.json
-src/providers/index.js
-/internals
-/adapters.d.ts
-/adapters.js
-/client.d.ts
-/client.js
-/index.d.ts
-/index.js
-/jwt.d.ts
-/jwt.js
-/providers.d.ts
-/providers.js
-/errors.js
-/errors.d.ts
-
-# Development app
-app/next-auth
-app/dist/css
-app/package-lock.json
-app/yarn.lock

 # VS
 /.vs/slnx.sqlite-journal
@@ -58,4 +39,4 @@ app/yarn.lock
 /_work

 # Prisma migrations
-/prisma/migrations
+/prisma/migrations
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -32,17 +32,17 @@ cd next-auth

 2. Install packages:
 ```sh
-npm i && npm dev:setup
+npm i
 ```

 3. Populate `.env.local`:
   
-    Copy `app/.env.local.example` to `app/.env.local`, and add your env variables for each provider you want to test.
+    Copy `.env.local.example` to `.env.local`, and add your env variables for each provider you want to test.

 > NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
-> You can find the next-auth config under`app/pages/api/auth/[...nextauth].js`.
+> You can find the next-auth config under`pages/api/auth/[...nextauth].js`.

-1. Start the dev application/server:
+1. Start the dev application/server and CSS watching:
 ```sh
 npm run dev
 ```
@@ -57,23 +57,11 @@ If you need an example project to link to, you can use [next-auth-example](https

 When running `npm run dev`, you start a Next.js dev server on `http://localhost:3000`, which includes hot reloading out of the box. Make changes on any of the files in `src` and see the changes immediately.

-> NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered. (Improving this through a PR is very welcome!)
-
-> NOTE: The setup is as follows: The development application lives inside the `app` folder, and whenever you make a change to the `src` folder in the root (where next-auth is), it gets copied into `app` every time (gitignored), so Next.js can pick them up and apply hot reloading. This is to avoid some annoying issues with how symlinks are working with different React builds, and also to provide a super-fast feedback loop while developing core features.
-
-#### Providers
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
-2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
-
-That's it! 🎉 Others will be able to discover this provider much more easily now!
-
-You can look at the existing built-in providers for inspiration.
+>NOTE: When working on CSS, you will need to manually refresh the page after changes. (Improving this through a PR is very welcome!)

 #### Databases

-Included is a Docker Compose file that starts up MySQL, PostgreSQL, and MongoDB databases on localhost.
+Included is a Docker Compose file that starts up MySQL, Postgres, and MongoDB databases on localhost.

 It will use port `3306`, `5432`, and `27017` on localhost respectively; please make sure those ports are not used by other services on localhost.

--- a/test/Dockerfile
+++ b/test/Dockerfile
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
--- a/app/README.md
+++ b/app/README.md
@@ -1,6 +0,0 @@
-# NextAuth.js Development App
-
-This folder contains a Next.js app using NextAuth.js for local development. See the following section on how to start:
-
-[Setting up local environment
-](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md#setting-up-local-environment)
--- a/app/jsconfig.json
+++ b/app/jsconfig.json
@@ -1,5 +0,0 @@
-{
-  "compilerOptions": {
-    "baseUrl": "."
-  }
-}
--- a/app/next.config.js
+++ b/app/next.config.js
@@ -1,19 +0,0 @@
-const path = require("path")
-
-module.exports = {
-  webpack(config) {
-    config.resolve = {
-      ...config.resolve,
-      alias: {
-        ...config.resolve.alias,
-        "next-auth$": path.join(process.cwd(), "next-auth/server"),
-        "next-auth/client$": path.join(process.cwd(), "next-auth/client"),
-        "next-auth/jwt$": path.join(process.cwd(), "next-auth/lib/jwt"),
-        "next-auth/adapters": path.join(process.cwd(), "next-auth/adapters"),
-        "next-auth/providers": path.join(process.cwd(), "next-auth/providers"),
-      },
-    }
-
-    return config
-  },
-}
--- a/app/package.json
+++ b/app/package.json
@@ -1,25 +0,0 @@
-{
-  "name": "next-auth-app",
-  "version": "1.0.0",
-  "description": "NextAuth.js Developer app",
-  "private": true,
-  "scripts": {
-    "dev": "npm-run-all --parallel copy:app dev:css dev:next",
-    "dev:next": "next dev",
-    "copy:app": "cpx \"../src/**/*\" next-auth --watch",
-    "copy:css": "cpx \"../dist/css/**/*\" dist/css --watch",
-    "watch:css": "cd .. && npm run watch:css",
-    "dev:css": "npm-run-all --parallel watch:css copy:css",
-    "start": "next start"
-  },
-  "license": "ISC",
-  "dependencies": {
-    "next": "^10.1.3",
-    "react": "^17.0.2",
-    "react-dom": "^17.0.2"
-  },
-  "devDependencies": {
-    "cpx": "^1.5.0",
-    "npm-run-all": "^4.1.5"
-  }
-}
--- a/app/components/access-denied.js
+++ b/app/components/access-denied.js
--- a/app/components/footer.js
+++ b/app/components/footer.js
--- a/app/components/footer.module.css
+++ b/app/components/footer.module.css
--- a/app/components/header.js
+++ b/app/components/header.js
--- a/app/components/header.module.css
+++ b/app/components/header.module.css
--- a/app/components/layout.js
+++ b/app/components/layout.js
--- a/config/babel.config.json
+++ b/config/babel.config.json
@@ -2,9 +2,6 @@
  "presets": [
    ["@babel/preset-env", { "targets": { "esmodules": true } }]
  ],
-  "plugins": [
-    "@babel/plugin-proposal-class-properties"
-  ],
  "comments": false,
  "overrides": [
    {
--- a/config/build.js
+++ b/config/build.js
@@ -7,18 +7,14 @@ const MODULE_ENTRIES = {
  PROVIDERS: "providers",
  ADAPTERS: "adapters",
  JWT: "jwt",
-  ERRORS: "errors",
 }

-// Building submodule entries
-
 const BUILD_TARGETS = {
  [`${MODULE_ENTRIES.SERVER}.js`]: "module.exports = require('./dist/server').default\n",
  [`${MODULE_ENTRIES.CLIENT}.js`]: "module.exports = require('./dist/client').default\n",
  [`${MODULE_ENTRIES.ADAPTERS}.js`]: "module.exports = require('./dist/adapters').default\n",
  [`${MODULE_ENTRIES.PROVIDERS}.js`]: "module.exports = require('./dist/providers').default\n",
  [`${MODULE_ENTRIES.JWT}.js`]: "module.exports = require('./dist/lib/jwt').default\n",
-  [`${MODULE_ENTRIES.ERRORS}.js`]: "module.exports = require('./dist/lib/errors').default\n",
 }

 Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
@@ -28,15 +24,12 @@ Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
  })
 })

-// Building types
-
 const TYPES_TARGETS = [
  `${MODULE_ENTRIES.SERVER}.d.ts`,
  `${MODULE_ENTRIES.CLIENT}.d.ts`,
  `${MODULE_ENTRIES.ADAPTERS}.d.ts`,
  `${MODULE_ENTRIES.PROVIDERS}.d.ts`,
  `${MODULE_ENTRIES.JWT}.d.ts`,
-  `${MODULE_ENTRIES.ERRORS}.d.ts`,
  "internals",
 ]

@@ -50,42 +43,3 @@ TYPES_TARGETS.forEach((target) => {
    }
  )
 })
-
-// Building providers
-
-const providersDir = path.join(process.cwd(), "/src/providers")
-
-const files = fs
-  .readdirSync(providersDir, "utf8")
-  .filter((file) => file !== "index.js")
-
-let importLines = ""
-let exportLines = `export default {\n`
-files.forEach((file) => {
-  const provider = fs.readFileSync(path.join(providersDir, file), "utf8")
-  try {
-    // NOTE: If this fails, the default export probably wasn't a named function.
-    // Always use a named function as default export.
-    // Eg.: export default function YourProvider ...
-    const { functionName } = provider.match(
-      /export default function (?<functionName>.+)\s?\(/
-    ).groups
-
-    importLines += `import ${functionName} from "./${file}"\n`
-    exportLines += `  ${functionName},\n`
-  } catch (error) {
-    console.error(
-      [
-        `\nThe provider file '${file}' should have a single named default export`,
-        "Example: 'export default function YourProvider'\n\n",
-      ].join("\n")
-    )
-    process.exit(1)
-  }
-})
-exportLines += `}\n`
-
-fs.writeFile(
-  path.join(process.cwd(), "src/providers/index.js"),
-  [importLines, exportLines].join("\n")
-)
--- a/app/next-env.d.ts
+++ b/app/next-env.d.ts
--- a/package-lock.json
+++ b/package-lock.json
@@ -991,183 +991,19 @@
      }
    },
    "@babel/plugin-proposal-class-properties": {
-      "version": "7.13.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.13.0.tgz",
-      "integrity": "sha512-KnTDjFNC1g+45ka0myZNvSBFLhNCLN+GeGYLDEA8Oq7MZ6yMgfLoIRh86GRT0FjtJhZw8JyUskP9uvj5pHM9Zg==",
+      "version": "7.12.1",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.12.1.tgz",
+      "integrity": "sha512-cKp3dlQsFsEs5CWKnN7BnSHOd0EOW8EKpEjkoz1pO2E5KzIDNV9Ros1b0CnmbVgAGXJubOYVBOGCT1OmJwOI7w==",
      "dev": true,
      "requires": {
-        "@babel/helper-create-class-features-plugin": "^7.13.0",
-        "@babel/helper-plugin-utils": "^7.13.0"
+        "@babel/helper-create-class-features-plugin": "^7.12.1",
+        "@babel/helper-plugin-utils": "^7.10.4"
      },
      "dependencies": {
-        "@babel/code-frame": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.13.tgz",
-          "integrity": "sha512-HV1Cm0Q3ZrpCR93tkWOYiuYIgLxZXZFVG2VgK+MBWjUqZTundupbfx2aXarXuw5Ko5aMcjtJgbSs4vUGBS5v6g==",
-          "dev": true,
-          "requires": {
-            "@babel/highlight": "^7.12.13"
-          }
-        },
-        "@babel/generator": {
-          "version": "7.13.16",
-          "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.13.16.tgz",
-          "integrity": "sha512-grBBR75UnKOcUWMp8WoDxNsWCFl//XCK6HWTrBQKTr5SV9f5g0pNOjdyzi/DTBv12S9GnYPInIXQBTky7OXEMg==",
-          "dev": true,
-          "requires": {
-            "@babel/types": "^7.13.16",
-            "jsesc": "^2.5.1",
-            "source-map": "^0.5.0"
-          }
-        },
-        "@babel/helper-create-class-features-plugin": {
-          "version": "7.13.11",
-          "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.13.11.tgz",
-          "integrity": "sha512-ays0I7XYq9xbjCSvT+EvysLgfc3tOkwCULHjrnscGT3A9qD4sk3wXnJ3of0MAWsWGjdinFvajHU2smYuqXKMrw==",
-          "dev": true,
-          "requires": {
-            "@babel/helper-function-name": "^7.12.13",
-            "@babel/helper-member-expression-to-functions": "^7.13.0",
-            "@babel/helper-optimise-call-expression": "^7.12.13",
-            "@babel/helper-replace-supers": "^7.13.0",
-            "@babel/helper-split-export-declaration": "^7.12.13"
-          }
-        },
-        "@babel/helper-function-name": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.12.13.tgz",
-          "integrity": "sha512-TZvmPn0UOqmvi5G4vvw0qZTpVptGkB1GL61R6lKvrSdIxGm5Pky7Q3fpKiIkQCAtRCBUwB0PaThlx9vebCDSwA==",
-          "dev": true,
-          "requires": {
-            "@babel/helper-get-function-arity": "^7.12.13",
-            "@babel/template": "^7.12.13",
-            "@babel/types": "^7.12.13"
-          }
-        },
-        "@babel/helper-get-function-arity": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.12.13.tgz",
-          "integrity": "sha512-DjEVzQNz5LICkzN0REdpD5prGoidvbdYk1BVgRUOINaWJP2t6avB27X1guXK1kXNrX0WMfsrm1A/ZBthYuIMQg==",
-          "dev": true,
-          "requires": {
-            "@babel/types": "^7.12.13"
-          }
-        },
-        "@babel/helper-member-expression-to-functions": {
-          "version": "7.13.12",
-          "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.13.12.tgz",
-          "integrity": "sha512-48ql1CLL59aKbU94Y88Xgb2VFy7a95ykGRbJJaaVv+LX5U8wFpLfiGXJJGUozsmA1oEh/o5Bp60Voq7ACyA/Sw==",
-          "dev": true,
-          "requires": {
-            "@babel/types": "^7.13.12"
-          }
-        },
-        "@babel/helper-optimise-call-expression": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.12.13.tgz",
-          "integrity": "sha512-BdWQhoVJkp6nVjB7nkFWcn43dkprYauqtk++Py2eaf/GRDFm5BxRqEIZCiHlZUGAVmtwKcsVL1dC68WmzeFmiA==",
-          "dev": true,
-          "requires": {
-            "@babel/types": "^7.12.13"
-          }
-        },
        "@babel/helper-plugin-utils": {
-          "version": "7.13.0",
-          "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.13.0.tgz",
-          "integrity": "sha512-ZPafIPSwzUlAoWT8DKs1W2VyF2gOWthGd5NGFMsBcMMol+ZhK+EQY/e6V96poa6PA/Bh+C9plWN0hXO1uB8AfQ==",
-          "dev": true
-        },
-        "@babel/helper-replace-supers": {
-          "version": "7.13.12",
-          "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.13.12.tgz",
-          "integrity": "sha512-Gz1eiX+4yDO8mT+heB94aLVNCL+rbuT2xy4YfyNqu8F+OI6vMvJK891qGBTqL9Uc8wxEvRW92Id6G7sDen3fFw==",
-          "dev": true,
-          "requires": {
-            "@babel/helper-member-expression-to-functions": "^7.13.12",
-            "@babel/helper-optimise-call-expression": "^7.12.13",
-            "@babel/traverse": "^7.13.0",
-            "@babel/types": "^7.13.12"
-          }
-        },
-        "@babel/helper-split-export-declaration": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.12.13.tgz",
-          "integrity": "sha512-tCJDltF83htUtXx5NLcaDqRmknv652ZWCHyoTETf1CXYJdPC7nohZohjUgieXhv0hTJdRf2FjDueFehdNucpzg==",
-          "dev": true,
-          "requires": {
-            "@babel/types": "^7.12.13"
-          }
-        },
-        "@babel/helper-validator-identifier": {
-          "version": "7.12.11",
-          "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz",
-          "integrity": "sha512-np/lG3uARFybkoHokJUmf1QfEvRVCPbmQeUQpKow5cQ3xWrV9i3rUHodKDJPQfTVX61qKi+UdYk8kik84n7XOw==",
-          "dev": true
-        },
-        "@babel/highlight": {
-          "version": "7.13.10",
-          "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.13.10.tgz",
-          "integrity": "sha512-5aPpe5XQPzflQrFwL1/QoeHkP2MsA4JCntcXHRhEsdsfPVkvPi2w7Qix4iV7t5S/oC9OodGrggd8aco1g3SZFg==",
-          "dev": true,
-          "requires": {
-            "@babel/helper-validator-identifier": "^7.12.11",
-            "chalk": "^2.0.0",
-            "js-tokens": "^4.0.0"
-          }
-        },
-        "@babel/parser": {
-          "version": "7.13.16",
-          "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.13.16.tgz",
-          "integrity": "sha512-6bAg36mCwuqLO0hbR+z7PHuqWiCeP7Dzg73OpQwsAB1Eb8HnGEz5xYBzCfbu+YjoaJsJs+qheDxVAuqbt3ILEw==",
-          "dev": true
-        },
-        "@babel/template": {
-          "version": "7.12.13",
-          "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.13.tgz",
-          "integrity": "sha512-/7xxiGA57xMo/P2GVvdEumr8ONhFOhfgq2ihK3h1e6THqzTAkHbkXgB0xI9yeTfIUoH3+oAeHhqm/I43OTbbjA==",
-          "dev": true,
-          "requires": {
-            "@babel/code-frame": "^7.12.13",
-            "@babel/parser": "^7.12.13",
-            "@babel/types": "^7.12.13"
-          }
-        },
-        "@babel/traverse": {
-          "version": "7.13.17",
-          "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.13.17.tgz",
-          "integrity": "sha512-BMnZn0R+X6ayqm3C3To7o1j7Q020gWdqdyP50KEoVqaCO2c/Im7sYZSmVgvefp8TTMQ+9CtwuBp0Z1CZ8V3Pvg==",
-          "dev": true,
-          "requires": {
-            "@babel/code-frame": "^7.12.13",
-            "@babel/generator": "^7.13.16",
-            "@babel/helper-function-name": "^7.12.13",
-            "@babel/helper-split-export-declaration": "^7.12.13",
-            "@babel/parser": "^7.13.16",
-            "@babel/types": "^7.13.17",
-            "debug": "^4.1.0",
-            "globals": "^11.1.0"
-          }
-        },
-        "@babel/types": {
-          "version": "7.13.17",
-          "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.13.17.tgz",
-          "integrity": "sha512-RawydLgxbOPDlTLJNtoIypwdmAy//uQIzlKt2+iBiJaRlVuI6QLUxVAyWGNfOzp8Yu4L4lLIacoCyTNtpb4wiA==",
-          "dev": true,
-          "requires": {
-            "@babel/helper-validator-identifier": "^7.12.11",
-            "to-fast-properties": "^2.0.0"
-          }
-        },
-        "globals": {
-          "version": "11.12.0",
-          "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
-          "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
-          "dev": true
-        },
-        "js-tokens": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-          "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+          "version": "7.10.4",
+          "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz",
+          "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==",
          "dev": true
        }
      }
@@ -4496,12 +4332,6 @@
            "yallist": "^3.0.2"
          }
        },
-        "y18n": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
-          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
-          "dev": true
-        },
        "yallist": {
          "version": "3.1.1",
          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
@@ -4862,6 +4692,11 @@
            "strip-ansi": "^6.0.0"
          }
        },
+        "y18n": {
+          "version": "5.0.5",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
+          "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
+        },
        "yargs": {
          "version": "16.2.0",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -6238,12 +6073,6 @@
          "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
          "dev": true
        },
-        "y18n": {
-          "version": "4.0.3",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
-          "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==",
-          "dev": true
-        },
        "yargs": {
          "version": "15.4.1",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
@@ -8601,9 +8430,9 @@
      }
    },
    "jose": {
-      "version": "1.28.1",
-      "resolved": "https://registry.npmjs.org/jose/-/jose-1.28.1.tgz",
-      "integrity": "sha512-6JK28rFu5ENp/yxMwM+iN7YeaInnY9B9Bggjkz5fuwLiJhbVrl2O4SJr65bdNBPl9y27fdC3Mymh+FVCvozLIg==",
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-1.28.0.tgz",
+      "integrity": "sha512-JmfDRzt/HSj8ipd9TsDtEHoLUnLYavG+7e8F6s1mx2jfVSfXOTaFQsJUydbjJpTnTDHP1+yKL9Ke7ktS/a0Eiw==",
      "requires": {
        "@panva/asn1.js": "^1.0.0"
      }
@@ -13636,9 +13465,8 @@
          "dev": true
        },
        "y18n": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
-          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "version": "4.0.0",
+          "bundled": true,
          "dev": true
        },
        "yallist": {
@@ -14682,12 +14510,6 @@
            "is-number": "^7.0.0"
          }
        },
-        "y18n": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
-          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
-          "dev": true
-        },
        "yargs": {
          "version": "15.3.1",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.3.1.tgz",
@@ -18007,6 +17829,11 @@
            "strip-ansi": "^6.0.0"
          }
        },
+        "y18n": {
+          "version": "5.0.5",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
+          "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
+        },
        "yargs": {
          "version": "16.2.0",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -18838,9 +18665,10 @@
      "dev": true
    },
    "y18n": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz",
-      "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg=="
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
+      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
+      "dev": true
    },
    "yallist": {
      "version": "4.0.0",
@@ -19007,12 +18835,6 @@
            "strip-ansi": "^5.0.0"
          }
        },
-        "y18n": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
-          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
-          "dev": true
-        },
        "yargs-parser": {
          "version": "13.1.2",
          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz",
@@ -19142,12 +18964,6 @@
            "strip-ansi": "^5.0.0"
          }
        },
-        "y18n": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
-          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
-          "dev": true
-        },
        "yargs": {
          "version": "14.2.3",
          "resolved": "https://registry.npmjs.org/yargs/-/yargs-14.2.3.tgz",
--- a/package.json
+++ b/package.json
@@ -6,34 +6,11 @@
  "repository": "https://github.com/nextauthjs/next-auth.git",
  "author": "Iain Collins <me@iaincollins.com>",
  "main": "index.js",
-  "types": "./index.d.ts",
-  "keywords": [
-    "react",
-    "nodejs",
-    "oauth",
-    "jwt",
-    "oauth2",
-    "authentication",
-    "nextjs",
-    "csrf",
-    "oidc",
-    "nextauth"
-  ],
-  "exports": {
-    ".": "./dist/server/index.js",
-    "./jwt": "./dist/lib/jwt.js",
-    "./adapters": "./dist/adapters/index.js",
-    "./client": "./dist/client/index.js",
-    "./providers": "./dist/providers/index.js",
-    "./providers/*": "./dist/providers/*.js",
-    "./errors": "./dist/lib/errors.js"
-  },
  "scripts": {
    "build": "npm run build:js && npm run build:css",
-    "build:js": "node ./config/build.js && babel --config-file ./config/babel.config.json src --out-dir dist",
+    "build:js": "babel --config-file ./config/babel.config.json src --out-dir dist && node ./config/build.js",
    "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir dist && node config/wrap-css.js",
-    "dev:setup": "npm run build:css && cd app && npm i",
-    "dev": "cd app && npm run dev",
+    "dev": "next | npm run watch:css",
    "watch": "npm run watch:js | npm run watch:css",
    "watch:js": "babel --config-file ./config/babel.config.json --watch src --out-dir dist",
    "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir dist",
@@ -66,8 +43,6 @@
    "adapters.d.ts",
    "client.js",
    "client.d.ts",
-    "errors.js",
-    "errors.d.ts",
    "jwt.js",
    "jwt.d.ts",
    "internals"
@@ -101,7 +76,6 @@
  "devDependencies": {
    "@babel/cli": "^7.8.4",
    "@babel/core": "^7.9.6",
-    "@babel/plugin-proposal-class-properties": "^7.13.0",
    "@babel/preset-env": "^7.9.6",
    "@prisma/client": "^2.16.1",
    "@semantic-release/commit-analyzer": "^8.0.1",
@@ -168,20 +142,6 @@
      "fetch": "readonly"
    }
  },
-  "release": {
-    "branches": [
-      "+([0-9])?(.{+([0-9]),x}).x",
-      "main",
-      {
-        "name": "beta",
-        "prerelease": true
-      },
-      {
-        "name": "next",
-        "prerelease": true
-      }
-    ]
-  },
  "funding": [
    {
      "type": "github",
--- a/app/pages/_app.js
+++ b/app/pages/_app.js
@@ -1,9 +1,9 @@
-import { Provider } from "next-auth/client"
-import "./styles.css"
+import { Provider } from 'next-auth/client'
+import './styles.css'

 // Use the <Provider> to improve performance and allow components that call
 // `useSession()` anywhere in your application to access the `session` object.
-export default function App({ Component, pageProps }) {
+export default function App ({ Component, pageProps }) {
  return (
    <Provider
      // Provider options are not required but can be useful in situations where
@@ -21,7 +21,7 @@ export default function App({ Component, pageProps }) {
        //
        // Note: If a session has expired when keep alive is triggered, all open
        // windows / tabs will be updated to reflect the user is signed out.
-        keepAlive: 0,
+        keepAlive: 0
      }}
      session={pageProps.session}
    >
--- a/app/pages/api-example.js
+++ b/app/pages/api-example.js
--- a/app/pages/api/auth/[...nextauth].js
+++ b/app/pages/api/auth/[...nextauth].js
@@ -6,27 +6,6 @@ import Providers from 'next-auth/providers'
 // const prisma = new PrismaClient()

 export default NextAuth({
-  // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
-  // cookies: {
-  //   csrfToken: {
-  //     name: 'next-auth.csrf-token',
-  //     options: {
-  //       httpOnly: true,
-  //       sameSite: 'none',
-  //       path: '/',
-  //       secure: true
-  //     }
-  //   },
-  //   pkceCodeVerifier: {
-  //     name: 'next-auth.pkce.code_verifier',
-  //     options: {
-  //       httpOnly: true,
-  //       sameSite: 'none',
-  //       path: '/',
-  //       secure: true
-  //     }
-  //   }
-  // },
  providers: [
    Providers.Email({
      server: process.env.EMAIL_SERVER,
@@ -40,11 +19,6 @@ export default NextAuth({
      clientId: process.env.AUTH0_ID,
      clientSecret: process.env.AUTH0_SECRET,
      domain: process.env.AUTH0_DOMAIN,
-      // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
-      // protection: ["pkce", "state"],
-      // authorizationParams: {
-      //   response_mode: 'form_post'
-      // }
      protection: 'pkce'
    }),
    Providers.Twitter({
@@ -82,6 +56,6 @@ export default NextAuth({
  // Prisma Database Adapter
  // To configure this app to use the schema in `prisma/schema.prisma` run:
  // npx prisma generate
-  // npx prisma migrate dev
+  // npx prisma migrate dev --preview-feature
  // adapter: Adapters.Prisma.Adapter({ prisma })
 })
--- a/app/pages/api/examples/jwt.js
+++ b/app/pages/api/examples/jwt.js
--- a/app/pages/api/examples/protected.js
+++ b/app/pages/api/examples/protected.js
--- a/app/pages/api/examples/session.js
+++ b/app/pages/api/examples/session.js
--- a/app/pages/client.js
+++ b/app/pages/client.js
--- a/app/pages/credentials.js
+++ b/app/pages/credentials.js
--- a/app/pages/email.js
+++ b/app/pages/email.js
--- a/app/pages/index.js
+++ b/app/pages/index.js
--- a/app/pages/policy.js
+++ b/app/pages/policy.js
--- a/app/pages/protected-ssr.js
+++ b/app/pages/protected-ssr.js
--- a/app/pages/protected.js
+++ b/app/pages/protected.js
--- a/app/pages/server.js
+++ b/app/pages/server.js
--- a/app/pages/styles.css
+++ b/app/pages/styles.css
--- a/app/prisma/schema.prisma
+++ b/app/prisma/schema.prisma
--- a/release.config.js
+++ b/release.config.js
@@ -0,0 +1,8 @@
+module.exports = {
+  branches: [
+    '+([0-9])?(.{+([0-9]),x}).x',
+    'main',
+    { name: 'beta', prerelease: true },
+    { name: 'next', prerelease: true }
+  ]
+}
--- a/src/client/index.js
+++ b/src/client/index.js
@@ -145,7 +145,7 @@ export async function getSession (ctx) {
  return session
 }

-export async function getCsrfToken (ctx) {
+async function getCsrfToken (ctx) {
  return (await _fetchData('csrf', ctx))?.csrfToken
 }

--- a/src/lib/errors.js
+++ b/src/lib/errors.js
@@ -1,98 +1,39 @@
-/**
- * Same as the default `Error`, but it is JSON serializable.
- * @source https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
- */
 export class UnknownError extends Error {
-  constructor(error) {
-    // Support passing error or string
-    super(error?.message ?? error)
-    this.name = "UnknownError"
-    if (error instanceof Error) {
-      this.stack = error.stack
-    }
+  constructor (message) {
+    super(message)
+    this.name = 'UnknownError'
  }

-  toJSON() {
+  toJSON () {
    return {
-      name: this.name,
-      message: this.message,
-      stack: this.stack,
+      error: {
+        name: this.name,
+        message: this.message
+        // stack: this.stack
+      }
    }
  }
 }

+export class CreateUserError extends UnknownError {
+  constructor (message) {
+    super(message)
+    this.name = 'CreateUserError'
+  }
+}
+
+// Thrown when an Email address is already associated with an account
+// but the user is trying an OAuth account that is not linked to it.
+export class AccountNotLinkedError extends UnknownError {
+  constructor (message) {
+    super(message)
+    this.name = 'AccountNotLinkedError'
+  }
+}
+
 export class OAuthCallbackError extends UnknownError {
-  name = "OAuthCallbackError"
-}
-
-/**
- * Thrown when an Email address is already associated with an account
- * but the user is trying an OAuth account that is not linked to it.
- */
-export class AccountNotLinkedError extends UnknownError {
-  name = "AccountNotLinkedError"
-}
-
-export class CreateUserError extends UnknownError {
-  name = "CreateUserError"
-}
-
-export class GetUserError extends UnknownError {
-  name = "GetUserError"
-}
-
-export class GetUserByEmailError extends UnknownError {
-  name = "GetUserByEmailError"
-}
-
-export class GetUserByIdError extends UnknownError {
-  name = "GetUserByIdError"
-}
-
-export class GetUserByProviderAccountIdError extends UnknownError {
-  name = "GetUserByProviderAccountIdError"
-}
-
-export class UpdateUserError extends UnknownError {
-  name = "UpdateUserError"
-}
-
-export class DeleteUserError extends UnknownError {
-  name = "DeleteUserError"
-}
-
-export class LinkAccountError extends UnknownError {
-  name = "LinkAccountError"
-}
-
-export class UnlinkAccountError extends UnknownError {
-  name = "UnlinkAccountError"
-}
-
-export class CreateSessionError extends UnknownError {
-  name = "CreateSessionError"
-}
-
-export class GetSessionError extends UnknownError {
-  name = "GetSessionError"
-}
-
-export class UpdateSessionError extends UnknownError {
-  name = "UpdateSessionError"
-}
-
-export class DeleteSessionError extends UnknownError {
-  name = "DeleteSessionError"
-}
-
-export class CreateVerificationRequestError extends UnknownError {
-  name = "CreateVerificationRequestError"
-}
-
-export class GetVerificationRequestError extends UnknownError {
-  name = "GetVerificationRequestError"
-}
-
-export class DeleteVerificationRequestError extends UnknownError {
-  name = "DeleteVerificationRequestError"
+  constructor (message) {
+    super(message)
+    this.name = 'OAuthCallbackError'
+  }
 }
--- a/src/lib/jwt.js
+++ b/src/lib/jwt.js
@@ -1,33 +1,33 @@
-import crypto from "crypto"
-import jose from "jose"
-import logger from "./logger"
+import crypto from 'crypto'
+import jose from 'jose'
+import logger from './logger'

 // Set default algorithm to use for auto-generated signing key
-const DEFAULT_SIGNATURE_ALGORITHM = "HS512"
+const DEFAULT_SIGNATURE_ALGORITHM = 'HS512'

 // Set default algorithm for auto-generated symmetric encryption key
-const DEFAULT_ENCRYPTION_ALGORITHM = "A256GCM"
+const DEFAULT_ENCRYPTION_ALGORITHM = 'A256GCM'

 // Use encryption or not by default
 const DEFAULT_ENCRYPTION_ENABLED = false

 const DEFAULT_MAX_AGE = 30 * 24 * 60 * 60 // 30 days

-export async function encode({
+async function encode ({
  token = {},
  maxAge = DEFAULT_MAX_AGE,
  secret,
  signingKey,
  signingOptions = {
-    expiresIn: `${maxAge}s`,
+    expiresIn: `${maxAge}s`
  },
  encryptionKey,
  encryptionOptions = {
-    alg: "dir",
+    alg: 'dir',
    enc: DEFAULT_ENCRYPTION_ALGORITHM,
-    zip: "DEF",
+    zip: 'DEF'
  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED,
+  encryption = DEFAULT_ENCRYPTION_ENABLED
 } = {}) {
  // Signing Key
  const _signingKey = signingKey
@@ -49,7 +49,7 @@ export async function encode({
  return signedToken
 }

-export async function decode({
+async function decode ({
  secret,
  token,
  maxAge = DEFAULT_MAX_AGE,
@@ -57,14 +57,14 @@ export async function decode({
  verificationKey = signingKey, // Optional (defaults to encryptionKey)
  verificationOptions = {
    maxTokenAge: `${maxAge}s`,
-    algorithms: [DEFAULT_SIGNATURE_ALGORITHM],
+    algorithms: [DEFAULT_SIGNATURE_ALGORITHM]
  },
  encryptionKey,
  decryptionKey = encryptionKey, // Optional (defaults to encryptionKey)
  decryptionOptions = {
-    algorithms: [DEFAULT_ENCRYPTION_ALGORITHM],
+    algorithms: [DEFAULT_ENCRYPTION_ALGORITHM]
  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED,
+  encryption = DEFAULT_ENCRYPTION_ENABLED
 } = {}) {
  if (!token) return null

@@ -77,12 +77,8 @@ export async function decode({
      : getDerivedEncryptionKey(secret)

    // Decrypt token
-    const decryptedToken = jose.JWE.decrypt(
-      token,
-      _encryptionKey,
-      decryptionOptions
-    )
-    tokenToVerify = decryptedToken.toString("utf8")
+    const decryptedToken = jose.JWE.decrypt(token, _encryptionKey, decryptionOptions)
+    tokenToVerify = decryptedToken.toString('utf8')
  }

  // Signing Key
@@ -103,22 +99,16 @@ export async function decode({
 * raw?: boolean
 * }} params
 */
-export async function getToken(params) {
+async function getToken (params) {
  const {
    req,
    // Use secure prefix for cookie name, unless URL is NEXTAUTH_URL is http://
    // or not set (e.g. development or test instance) case use unprefixed name
-    secureCookie = !(
-      !process.env.NEXTAUTH_URL ||
-      process.env.NEXTAUTH_URL.startsWith("http://")
-    ),
-    cookieName = secureCookie
-      ? "__Secure-next-auth.session-token"
-      : "next-auth.session-token",
-    raw = false,
-    decode: _decode = decode,
+    secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')),
+    cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token',
+    raw = false
  } = params
-  if (!req) throw new Error("Must pass `req` to JWT getToken()")
+  if (!req) throw new Error('Must pass `req` to JWT getToken()')

  // Try to get token from cookie
  let token = req.cookies[cookieName]
@@ -126,8 +116,8 @@ export async function getToken(params) {
  // If cookie not found in cookie look for bearer token in authorization header.
  // This allows clients that pass through tokens in headers rather than as
  // cookies to use this helper function.
-  if (!token && req.headers.authorization?.split(" ")[0] === "Bearer") {
-    const urlEncodedToken = req.headers.authorization.split(" ")[1]
+  if (!token && req.headers.authorization?.split(' ')[0] === 'Bearer') {
+    const urlEncodedToken = req.headers.authorization.split(' ')[1]
    token = decodeURIComponent(urlEncodedToken)
  }

@@ -136,7 +126,7 @@ export async function getToken(params) {
  }

  try {
-    return _decode({ token, ...params })
+    return decode({ token, ...params })
  } catch {
    return null
  }
@@ -147,7 +137,7 @@ let DERIVED_SIGNING_KEY_WARNING = false
 let DERIVED_ENCRYPTION_KEY_WARNING = false

 // Do the better hkdf of Node.js one added in `v15.0.0` and Third Party one
-function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
+function hkdf (secret, { byteLength, encryptionInfo, digest = 'sha256' }) {
  if (crypto.hkdfSync) {
    return Buffer.from(
      crypto.hkdfSync(
@@ -159,50 +149,39 @@ function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
      )
    )
  }
-  return require("futoin-hkdf")(secret, byteLength, {
-    info: encryptionInfo,
-    hash: digest,
-  })
+  return require('futoin-hkdf')(secret, byteLength, { info: encryptionInfo, hash: digest })
 }

-function getDerivedSigningKey(secret) {
+function getDerivedSigningKey (secret) {
  if (!DERIVED_SIGNING_KEY_WARNING) {
-    logger.warn("JWT_AUTO_GENERATED_SIGNING_KEY")
+    logger.warn('JWT_AUTO_GENERATED_SIGNING_KEY')
    DERIVED_SIGNING_KEY_WARNING = true
  }

  const buffer = hkdf(secret, {
    byteLength: 64,
-    encryptionInfo: "NextAuth.js Generated Signing Key",
-  })
-  const key = jose.JWK.asKey(buffer, {
-    alg: DEFAULT_SIGNATURE_ALGORITHM,
-    use: "sig",
-    kid: "nextauth-auto-generated-signing-key",
+    encryptionInfo: 'NextAuth.js Generated Signing Key'
  })
+  const key = jose.JWK.asKey(buffer, { alg: DEFAULT_SIGNATURE_ALGORITHM, use: 'sig', kid: 'nextauth-auto-generated-signing-key' })
  return key
 }

-function getDerivedEncryptionKey(secret) {
+function getDerivedEncryptionKey (secret) {
  if (!DERIVED_ENCRYPTION_KEY_WARNING) {
-    logger.warn("JWT_AUTO_GENERATED_ENCRYPTION_KEY")
+    logger.warn('JWT_AUTO_GENERATED_ENCRYPTION_KEY')
    DERIVED_ENCRYPTION_KEY_WARNING = true
  }

  const buffer = hkdf(secret, {
    byteLength: 32,
-    encryptionInfo: "NextAuth.js Generated Encryption Key",
-  })
-  const key = jose.JWK.asKey(buffer, {
-    alg: DEFAULT_ENCRYPTION_ALGORITHM,
-    use: "enc",
-    kid: "nextauth-auto-generated-encryption-key",
+    encryptionInfo: 'NextAuth.js Generated Encryption Key'
  })
+  const key = jose.JWK.asKey(buffer, { alg: DEFAULT_ENCRYPTION_ALGORITHM, use: 'enc', kid: 'nextauth-auto-generated-encryption-key' })
  return key
 }

 export default {
  encode,
  decode,
-  getToken,
+  getToken
 }
--- a/src/lib/logger.js
+++ b/src/lib/logger.js
@@ -1,23 +1,26 @@
 /** @type {import("types").LoggerInstance} */
 const _logger = {
-  error(code, ...message) {
+  error (code, ...message) {
    console.error(
      `[next-auth][error][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/errors#${code.toLowerCase()}`,
      ...message
    )
  },
-  warn(code, ...message) {
+  warn (code, ...message) {
    console.warn(
      `[next-auth][warn][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/warnings#${code.toLowerCase()}`,
      ...message
    )
  },
-  debug(code, ...message) {
+  debug (code, ...message) {
    if (!process?.env?._NEXTAUTH_DEBUG) return
-    console.log(`[next-auth][debug][${code.toLowerCase()}]`, ...message)
-  },
+    console.log(
+      `[next-auth][debug][${code.toLowerCase()}]`,
+      ...message
+    )
+  }
 }

 /**
@@ -25,7 +28,7 @@ const _logger = {
 * Any `undefined` level will use the default logger.
 * @param {Partial<import("types").LoggerInstance>} newLogger
 */
-export function setLogger(newLogger = {}) {
+export function setLogger (newLogger = {}) {
  if (newLogger.error) _logger.error = newLogger.error
  if (newLogger.warn) _logger.warn = newLogger.warn
  if (newLogger.debug) _logger.debug = newLogger.debug
@@ -39,13 +42,13 @@ export default _logger
 * @param {string} basePath
 * @return {import("types").LoggerInstance}
 */
-export function proxyLogger(logger = _logger, basePath) {
+export function proxyLogger (logger = _logger, basePath) {
  try {
-    if (typeof window === "undefined") {
+    if (typeof window === 'undefined') {
      return logger
    }

-    const clientLogger = {}
+    const clientLogger = console
    for (const level in logger) {
      clientLogger[level] = (code, ...message) => {
        _logger[level](code, ...message) // Log on client as usual
@@ -54,23 +57,21 @@ export function proxyLogger(logger = _logger, basePath) {
        const body = new URLSearchParams({
          level,
          code,
-          message: JSON.stringify(
-            message.map((m) => {
-              if (m instanceof Error) {
-                // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
-                return { name: m.name, message: m.message, stack: m.stack }
-              }
-              return m
-            })
-          ),
+          message: JSON.stringify(message.map(m => {
+            if (m instanceof Error) {
+              // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+              return { name: m.name, message: m.message, stack: m.stack }
+            }
+            return m
+          }))
        })
        if (navigator.sendBeacon) {
          return navigator.sendBeacon(url, body)
        }
        return fetch(url, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body,
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body
        })
      }
    }
--- a/src/providers/apple.js
+++ b/src/providers/apple.js
@@ -1,34 +1,30 @@
-export default function Apple(options) {
+export default (options) => {
  return {
-    id: "apple",
-    name: "Apple",
-    type: "oauth",
-    version: "2.0",
-    scope: "name email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://appleid.apple.com/auth/token",
-    authorizationUrl:
-      "https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post",
+    id: 'apple',
+    name: 'Apple',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'name email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://appleid.apple.com/auth/token',
+    authorizationUrl: 'https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post',
    profileUrl: null,
    idToken: true,
-    profile(profile) {
+    profile: (profile) => {
      // The name of the user will only return on first login
      return {
        id: profile.sub,
-        name:
-          profile.user != null
-            ? profile.user.name.firstName + " " + profile.user.name.lastName
-            : null,
-        email: profile.email,
+        name: profile.user != null ? profile.user.name.firstName + ' ' + profile.user.name.lastName : null,
+        email: profile.email
      }
    },
    clientId: null,
    clientSecret: {
      teamId: null,
      privateKey: null,
-      keyId: null,
+      keyId: null
    },
-    protection: "none", // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
-    ...options,
+    protection: 'none', // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
+    ...options
  }
 }
--- a/src/providers/atlassian.js
+++ b/src/providers/atlassian.js
@@ -1,24 +1,24 @@
-export default function Atlassian(options) {
+export default (options) => {
  return {
-    id: "atlassian",
-    name: "Atlassian",
-    type: "oauth",
-    version: "2.0",
+    id: 'atlassian',
+    name: 'Atlassian',
+    type: 'oauth',
+    version: '2.0',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
    },
-    accessTokenUrl: "https://auth.atlassian.com/oauth/token",
+    accessTokenUrl: 'https://auth.atlassian.com/oauth/token',
    authorizationUrl:
-      "https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent",
-    profileUrl: "https://api.atlassian.com/me",
-    profile(profile) {
+      'https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent',
+    profileUrl: 'https://api.atlassian.com/me',
+    profile: (profile) => {
      return {
        id: profile.account_id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture,
+        image: profile.picture
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/auth0.js
+++ b/src/providers/auth0.js
@@ -1,22 +1,22 @@
-export default function Auth0(options) {
+export default (options) => {
  return {
-    id: "auth0",
-    name: "Auth0",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    scope: "openid email profile",
+    id: 'auth0',
+    name: 'Auth0',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    scope: 'openid email profile',
    accessTokenUrl: `https://${options.domain}/oauth/token`,
    authorizationUrl: `https://${options.domain}/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
      return {
        id: profile.sub,
        name: profile.nickname,
        email: profile.email,
-        image: profile.picture,
+        image: profile.picture
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/azure-ad-b2c.js
+++ b/src/providers/azure-ad-b2c.js
@@ -1,24 +1,24 @@
-export default function AzureADB2C(options) {
-  const tenant = options.tenantId ? options.tenantId : "common"
+export default (options) => {
+  const tenant = options.tenantId ? options.tenantId : 'common'

  return {
-    id: "azure-ad-b2c",
-    name: "Azure Active Directory B2C",
-    type: "oauth",
-    version: "2.0",
+    id: 'azure-ad-b2c',
+    name: 'Azure Active Directory B2C',
+    type: 'oauth',
+    version: '2.0',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
    },
    accessTokenUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
    authorizationUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize?response_type=code&response_mode=query`,
-    profileUrl: "https://graph.microsoft.com/v1.0/me/",
-    profile(profile) {
+    profileUrl: 'https://graph.microsoft.com/v1.0/me/',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.displayName,
-        email: profile.userPrincipalName,
+        email: profile.userPrincipalName
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/basecamp.js
+++ b/src/providers/basecamp.js
@@ -1,22 +1,20 @@
-export default function Basecamp(options) {
+export default (options) => {
  return {
-    id: "basecamp",
-    name: "Basecamp",
-    type: "oauth",
-    version: "2.0",
-    accessTokenUrl:
-      "https://launchpad.37signals.com/authorization/token?type=web_server",
-    authorizationUrl:
-      "https://launchpad.37signals.com/authorization/new?type=web_server",
-    profileUrl: "https://launchpad.37signals.com/authorization.json",
-    profile(profile) {
+    id: 'basecamp',
+    name: 'Basecamp',
+    type: 'oauth',
+    version: '2.0',
+    accessTokenUrl: 'https://launchpad.37signals.com/authorization/token?type=web_server',
+    authorizationUrl: 'https://launchpad.37signals.com/authorization/new?type=web_server',
+    profileUrl: 'https://launchpad.37signals.com/authorization.json',
+    profile: (profile) => {
      return {
        id: profile.identity.id,
        name: `${profile.identity.first_name} ${profile.identity.last_name}`,
        email: profile.identity.email_address,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/battlenet.js
+++ b/src/providers/battlenet.js
@@ -1,29 +1,29 @@
-export default function BattleNet(options) {
+export default (options) => {
  const { region } = options
  return {
-    id: "battlenet",
-    name: "Battle.net",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid",
-    params: { grant_type: "authorization_code" },
+    id: 'battlenet',
+    name: 'Battle.net',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid',
+    params: { grant_type: 'authorization_code' },
    accessTokenUrl:
-      region === "CN"
-        ? "https://www.battlenet.com.cn/oauth/token"
+      region === 'CN'
+        ? 'https://www.battlenet.com.cn/oauth/token'
        : `https://${region}.battle.net/oauth/token`,
    authorizationUrl:
-      region === "CN"
-        ? "https://www.battlenet.com.cn/oauth/authorize?response_type=code"
+      region === 'CN'
+        ? 'https://www.battlenet.com.cn/oauth/authorize?response_type=code'
        : `https://${region}.battle.net/oauth/authorize?response_type=code`,
-    profileUrl: "https://us.battle.net/oauth/userinfo",
-    profile(profile) {
+    profileUrl: 'https://us.battle.net/oauth/userinfo',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.battletag,
        email: null,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/box.js
+++ b/src/providers/box.js
@@ -1,23 +1,22 @@
-export default function Box(options) {
+export default (options) => {
  return {
-    id: "box",
-    name: "Box",
-    type: "oauth",
-    version: "2.0",
-    scope: "",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.box.com/oauth2/token",
-    authorizationUrl:
-      "https://account.box.com/api/oauth2/authorize?response_type=code",
-    profileUrl: "https://api.box.com/2.0/users/me",
-    profile(profile) {
+    id: 'box',
+    name: 'Box',
+    type: 'oauth',
+    version: '2.0',
+    scope: '',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.box.com/oauth2/token',
+    authorizationUrl: 'https://account.box.com/api/oauth2/authorize?response_type=code',
+    profileUrl: 'https://api.box.com/2.0/users/me',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.login,
-        image: profile.avatar_url,
+        image: profile.avatar_url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/bungie.js
+++ b/src/providers/bungie.js
@@ -1,34 +1,30 @@
-export default function Bungie(options) {
+export default (options) => {
  return {
-    id: "bungie",
-    name: "Bungie",
-    type: "oauth",
-    version: "2.0",
-    scope: "",
-    params: { reauth: "true", grant_type: "authorization_code" },
-    accessTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
-    requestTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
-    authorizationUrl:
-      "https://www.bungie.net/en/OAuth/Authorize?response_type=code",
-    profileUrl:
-      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
-    profile(profile) {
+    id: 'bungie',
+    name: 'Bungie',
+    type: 'oauth',
+    version: '2.0',
+    scope: '',
+    params: { reauth: 'true', grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
+    requestTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
+    authorizationUrl: 'https://www.bungie.net/en/OAuth/Authorize?response_type=code',
+    profileUrl: 'https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/',
+    profile: (profile) => {
      const { bungieNetUser: user } = profile.Response

      return {
        id: user.membershipId,
        name: user.displayName,
-        image: `https://www.bungie.net${
-          user.profilePicturePath.startsWith("/") ? "" : "/"
-        }${user.profilePicturePath}`,
-        email: null,
+        image: `https://www.bungie.net${user.profilePicturePath.startsWith('/') ? '' : '/'}${user.profilePicturePath}`,
+        email: null
      }
    },
    headers: {
-      "X-API-Key": null,
+      'X-API-Key': null
    },
    clientId: null,
    clientSecret: null,
-    ...options,
+    ...options
  }
 }
--- a/src/providers/cognito.js
+++ b/src/providers/cognito.js
@@ -1,23 +1,23 @@
-export default function Cognito(options) {
+export default (options) => {
  const { domain } = options
  return {
-    id: "cognito",
-    name: "Cognito",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
-    params: { grant_type: "authorization_code" },
+    id: 'cognito',
+    name: 'Cognito',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
+    params: { grant_type: 'authorization_code' },
    accessTokenUrl: `https://${domain}/oauth2/token`,
    authorizationUrl: `https://${domain}/oauth2/authorize?response_type=code`,
    profileUrl: `https://${domain}/oauth2/userInfo`,
-    profile(profile) {
+    profile: (profile) => {
      return {
        id: profile.sub,
        name: profile.username,
        email: profile.email,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/credentials.js
+++ b/src/providers/credentials.js
@@ -1,10 +1,10 @@
-export default function Credentials(options) {
+export default (options) => {
  return {
-    id: "credentials",
-    name: "Credentials",
-    type: "credentials",
+    id: 'credentials',
+    name: 'Credentials',
+    type: 'credentials',
    authorize: null,
    credentials: null,
-    ...options,
+    ...options
  }
 }
--- a/src/providers/discord.js
+++ b/src/providers/discord.js
@@ -1,30 +1,29 @@
-export default function Discord(options) {
+export default (options) => {
  return {
-    id: "discord",
-    name: "Discord",
-    type: "oauth",
-    version: "2.0",
-    scope: "identify email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://discord.com/api/oauth2/token",
-    authorizationUrl:
-      "https://discord.com/api/oauth2/authorize?response_type=code&prompt=none",
-    profileUrl: "https://discord.com/api/users/@me",
-    profile(profile) {
+    id: 'discord',
+    name: 'Discord',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'identify email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://discord.com/api/oauth2/token',
+    authorizationUrl: 'https://discord.com/api/oauth2/authorize?response_type=code&prompt=none',
+    profileUrl: 'https://discord.com/api/users/@me',
+    profile: (profile) => {
      if (profile.avatar === null) {
        const defaultAvatarNumber = parseInt(profile.discriminator) % 5
        profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`
      } else {
-        const format = profile.avatar.startsWith("a_") ? "gif" : "png"
+        const format = profile.avatar.startsWith('a_') ? 'gif' : 'png'
        profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
      }
      return {
        id: profile.id,
        name: profile.username,
        image: profile.image_url,
-        email: profile.email,
+        email: profile.email
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/email.js
+++ b/src/providers/email.js
@@ -1,54 +1,48 @@
-import nodemailer from "nodemailer"
-import logger from "../lib/logger"
+import nodemailer from 'nodemailer'
+import logger from '../lib/logger'

-export default function Email(options) {
+export default (options) => {
  return {
-    id: "email",
-    type: "email",
-    name: "Email",
+    id: 'email',
+    type: 'email',
+    name: 'Email',
    // Server can be an SMTP connection string or a nodemailer config object
    server: {
-      host: "localhost",
+      host: 'localhost',
      port: 25,
      auth: {
-        user: "",
-        pass: "",
-      },
+        user: '',
+        pass: ''
+      }
    },
-    from: "NextAuth <no-reply@example.com>",
-    maxAge: 24 * 60 * 60,
+    from: 'NextAuth <no-reply@example.com>',
+    maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
    sendVerificationRequest,
-    ...options,
+    ...options
  }
 }

-const sendVerificationRequest = ({
-  identifier: email,
-  url,
-  baseUrl,
-  provider,
-}) => {
+const sendVerificationRequest = ({ identifier: email, url, baseUrl, provider }) => {
  return new Promise((resolve, reject) => {
    const { server, from } = provider
    // Strip protocol from URL and use domain as site name
-    const site = baseUrl.replace(/^https?:\/\//, "")
+    const site = baseUrl.replace(/^https?:\/\//, '')

-    nodemailer.createTransport(server).sendMail(
-      {
+    nodemailer
+      .createTransport(server)
+      .sendMail({
        to: email,
        from,
        subject: `Sign in to ${site}`,
        text: text({ url, site, email }),
-        html: html({ url, site, email }),
-      },
-      (error) => {
+        html: html({ url, site, email })
+      }, (error) => {
        if (error) {
-          logger.error("SEND_VERIFICATION_EMAIL_ERROR", email, error)
-          return reject(new Error("SEND_VERIFICATION_EMAIL_ERROR", error))
+          logger.error('SEND_VERIFICATION_EMAIL_ERROR', email, error)
+          return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
        }
        return resolve()
-      }
-    )
+      })
  })
 }

@@ -58,16 +52,16 @@ const html = ({ url, site, email }) => {
  // email address and the domain from being turned into a hyperlink by email
  // clients like Outlook and Apple mail, as this is confusing because it seems
  // like they are supposed to click on their email address to sign in.
-  const escapedEmail = `${email.replace(/\./g, "&#8203;.")}`
-  const escapedSite = `${site.replace(/\./g, "&#8203;.")}`
+  const escapedEmail = `${email.replace(/\./g, '&#8203;.')}`
+  const escapedSite = `${site.replace(/\./g, '&#8203;.')}`

  // Some simple styling options
-  const backgroundColor = "#f9f9f9"
-  const textColor = "#444444"
-  const mainBackgroundColor = "#ffffff"
-  const buttonBackgroundColor = "#346df1"
-  const buttonBorderColor = "#346df1"
-  const buttonTextColor = "#ffffff"
+  const backgroundColor = '#f9f9f9'
+  const textColor = '#444444'
+  const mainBackgroundColor = '#ffffff'
+  const buttonBackgroundColor = '#346df1'
+  const buttonBorderColor = '#346df1'
+  const buttonTextColor = '#ffffff'

  return `
 <body style="background: ${backgroundColor};">
--- a/src/providers/eveonline.js
+++ b/src/providers/eveonline.js
@@ -1,22 +1,21 @@
-export default function EVEOnline(options) {
+export default (options) => {
  return {
-    id: "eveonline",
-    name: "EVE Online",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://login.eveonline.com/oauth/token",
-    authorizationUrl:
-      "https://login.eveonline.com/oauth/authorize?response_type=code",
-    profileUrl: "https://login.eveonline.com/oauth/verify",
-    profile(profile) {
+    id: 'eveonline',
+    name: 'EVE Online',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://login.eveonline.com/oauth/token',
+    authorizationUrl: 'https://login.eveonline.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://login.eveonline.com/oauth/verify',
+    profile: (profile) => {
      return {
        id: profile.CharacterID,
        name: profile.CharacterName,
        image: `https://image.eveonline.com/Character/${profile.CharacterID}_128.jpg`,
-        email: null,
+        email: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/facebook.js
+++ b/src/providers/facebook.js
@@ -1,22 +1,21 @@
-export default function Facebook(options) {
+export default (options) => {
  return {
-    id: "facebook",
-    name: "Facebook",
-    type: "oauth",
-    version: "2.0",
-    scope: "email",
-    accessTokenUrl: "https://graph.facebook.com/oauth/access_token",
-    authorizationUrl:
-      "https://www.facebook.com/v7.0/dialog/oauth?response_type=code",
-    profileUrl: "https://graph.facebook.com/me?fields=email,name,picture",
-    profile(profile) {
+    id: 'facebook',
+    name: 'Facebook',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'email',
+    accessTokenUrl: 'https://graph.facebook.com/oauth/access_token',
+    authorizationUrl: 'https://www.facebook.com/v7.0/dialog/oauth?response_type=code',
+    profileUrl: 'https://graph.facebook.com/me?fields=email,name,picture',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture.data.url,
+        image: profile.picture.data.url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/faceit.js
+++ b/src/providers/faceit.js
@@ -1,28 +1,25 @@
-export default function FACEIT(options) {
+export default (options) => {
  return {
-    id: "faceit",
-    name: "FACEIT",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
+    id: 'faceit',
+    name: 'FACEIT',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
    headers: {
-      Authorization: `Basic ${Buffer.from(
-        `${options.clientId}:${options.clientSecret}`
-      ).toString("base64")}`,
+      Authorization: `Basic ${Buffer.from(`${options.clientId}:${options.clientSecret}`).toString('base64')}`
    },
-    accessTokenUrl: "https://api.faceit.com/auth/v1/oauth/token",
-    authorizationUrl:
-      "https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code",
-    profileUrl: "https://api.faceit.com/auth/v1/resources/userinfo",
-    profile(profile) {
+    accessTokenUrl: 'https://api.faceit.com/auth/v1/oauth/token',
+    authorizationUrl: 'https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code',
+    profileUrl: 'https://api.faceit.com/auth/v1/resources/userinfo',
+    profile (profile) {
      const { guid: id, nickname: name, email, picture: image } = profile
      return {
        id,
        name,
        email,
-        image,
+        image
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/foursquare.js
+++ b/src/providers/foursquare.js
@@ -1,23 +1,22 @@
-export default function Foursquare(options) {
-  const { apiVersion } = options
+export default ({ apiVersion, ...options }) => {
  return {
-    id: "foursquare",
-    name: "Foursquare",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://foursquare.com/oauth2/access_token",
+    id: 'foursquare',
+    name: 'Foursquare',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://foursquare.com/oauth2/access_token',
    authorizationUrl:
-      "https://foursquare.com/oauth2/authenticate?response_type=code",
+      'https://foursquare.com/oauth2/authenticate?response_type=code',
    profileUrl: `https://api.foursquare.com/v2/users/self?v=${apiVersion}`,
-    profile(profile) {
+    profile: (profile) => {
      return {
        id: profile.id,
        name: `${profile.firstName} ${profile.lastName}`,
        image: `${profile.prefix}original${profile.suffix}`,
-        email: profile.contact.email,
+        email: profile.contact.email
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/fusionauth.js
+++ b/src/providers/fusionauth.js
@@ -1,27 +1,27 @@
-export default function FusionAuth(options) {
+export default (options) => {
  let authorizationUrl = `https://${options.domain}/oauth2/authorize?response_type=code`
  if (options.tenantId) {
    authorizationUrl += `&tenantId=${options.tenantId}`
  }

  return {
-    id: "fusionauth",
-    name: "FusionAuth",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid",
-    params: { grant_type: "authorization_code" },
+    id: 'fusionauth',
+    name: 'FusionAuth',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid',
+    params: { grant_type: 'authorization_code' },
    accessTokenUrl: `https://${options.domain}/oauth2/token`,
    authorizationUrl,
    profileUrl: `https://${options.domain}/oauth2/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
      return {
        id: profile.sub,
        name: profile.name,
        email: profile.email,
-        image: profile.picture,
+        image: profile.picture
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/github.js
+++ b/src/providers/github.js
@@ -1,21 +1,21 @@
-export default function GitHub(options) {
+export default (options) => {
  return {
-    id: "github",
-    name: "GitHub",
-    type: "oauth",
-    version: "2.0",
-    scope: "user",
-    accessTokenUrl: "https://github.com/login/oauth/access_token",
-    authorizationUrl: "https://github.com/login/oauth/authorize",
-    profileUrl: "https://api.github.com/user",
-    profile(profile) {
+    id: 'github',
+    name: 'GitHub',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user',
+    accessTokenUrl: 'https://github.com/login/oauth/access_token',
+    authorizationUrl: 'https://github.com/login/oauth/authorize',
+    profileUrl: 'https://api.github.com/user',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name || profile.login,
        email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/gitlab.js
+++ b/src/providers/gitlab.js
@@ -1,22 +1,22 @@
-export default function GitLab(options) {
+export default (options) => {
  return {
-    id: "gitlab",
-    name: "GitLab",
-    type: "oauth",
-    version: "2.0",
-    scope: "read_user",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://gitlab.com/oauth/token",
-    authorizationUrl: "https://gitlab.com/oauth/authorize?response_type=code",
-    profileUrl: "https://gitlab.com/api/v4/user",
-    profile(profile) {
+    id: 'gitlab',
+    name: 'GitLab',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'read_user',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://gitlab.com/oauth/token',
+    authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://gitlab.com/api/v4/user',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.username,
        email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/google.js
+++ b/src/providers/google.js
@@ -1,25 +1,23 @@
-export default function Google(options) {
+export default (options) => {
  return {
-    id: "google",
-    name: "Google",
-    type: "oauth",
-    version: "2.0",
-    scope:
-      "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
-    requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
-    authorizationUrl:
-      "https://accounts.google.com/o/oauth2/auth?response_type=code",
-    profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
-    profile(profile) {
+    id: 'google',
+    name: 'Google',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.google.com/o/oauth2/token',
+    requestTokenUrl: 'https://accounts.google.com/o/oauth2/auth',
+    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth?response_type=code',
+    profileUrl: 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture,
+        image: profile.picture
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/identity-server4.js
+++ b/src/providers/identity-server4.js
@@ -1,17 +1,17 @@
-export default function IdentityServer4(options) {
+export default (options) => {
  return {
-    id: "identity-server4",
-    name: "IdentityServer4",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
-    params: { grant_type: "authorization_code" },
+    id: 'identity-server4',
+    name: 'IdentityServer4',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
+    params: { grant_type: 'authorization_code' },
    accessTokenUrl: `https://${options.domain}/connect/token`,
    authorizationUrl: `https://${options.domain}/connect/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/connect/userinfo`,
-    profile(profile) {
+    profile: (profile) => {
      return { ...profile, id: profile.sub }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/index.js
+++ b/src/providers/index.js
@@ -0,0 +1,83 @@
+import Apple from './apple'
+import Atlassian from './atlassian'
+import Auth0 from './auth0'
+import AzureADB2C from './azure-ad-b2c'
+import Basecamp from './basecamp'
+import BattleNet from './battlenet'
+import Box from './box'
+import Bungie from './bungie'
+import Cognito from './cognito'
+import Credentials from './credentials'
+import Discord from './discord'
+import Email from './email'
+import EVEOnline from './eveonline'
+import Facebook from './facebook'
+import FACEIT from './faceit'
+import Foursquare from './foursquare'
+import FusionAuth from './fusionauth'
+import GitHub from './github'
+import GitLab from './gitlab'
+import Google from './google'
+import IdentityServer4 from './identity-server4'
+import Instagram from './instagram'
+import Kakao from './kakao'
+import LINE from './line'
+import LinkedIn from './linkedin'
+import MailRu from './mailru'
+import Medium from './medium'
+import Netlify from './netlify'
+import Okta from './okta'
+import Osso from './osso'
+import Reddit from './reddit'
+import Salesforce from './salesforce'
+import Slack from './slack'
+import Spotify from './spotify'
+import Strava from './strava'
+import Twitch from './twitch'
+import Twitter from './twitter'
+import VK from './vk'
+import Yandex from './yandex'
+import Zoho from './zoho'
+
+export default {
+  Apple,
+  Atlassian,
+  Auth0,
+  AzureADB2C,
+  Basecamp,
+  BattleNet,
+  Box,
+  Bungie,
+  Cognito,
+  Credentials,
+  Discord,
+  Email,
+  EVEOnline,
+  Facebook,
+  FACEIT,
+  Foursquare,
+  FusionAuth,
+  GitHub,
+  GitLab,
+  Google,
+  IdentityServer4,
+  Instagram,
+  Kakao,
+  LINE,
+  LinkedIn,
+  MailRu,
+  Medium,
+  Netlify,
+  Okta,
+  Osso,
+  Reddit,
+  Salesforce,
+  Slack,
+  Spotify,
+  Strava,
+  Twitch,
+  Twitter,
+  VK,
+  Yandex,
+  Zoho
+}
--- a/src/providers/kakao.js
+++ b/src/providers/kakao.js
@@ -1,22 +1,21 @@
-export default function Kakao(options) {
+export default (options) => {
  return {
-    id: "kakao",
-    name: "Kakao",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://kauth.kakao.com/oauth/token",
-    authorizationUrl:
-      "https://kauth.kakao.com/oauth/authorize?response_type=code",
-    profileUrl: "https://kapi.kakao.com/v2/user/me",
-    profile(profile) {
+    id: 'kakao',
+    name: 'Kakao',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://kauth.kakao.com/oauth/token',
+    authorizationUrl: 'https://kauth.kakao.com/oauth/authorize?response_type=code',
+    profileUrl: 'https://kapi.kakao.com/v2/user/me',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.kakao_account?.profile.nickname,
        email: profile.kakao_account?.email,
-        image: profile.kakao_account?.profile.profile_image_url,
+        image: profile.kakao_account?.profile.profile_image_url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/line.js
+++ b/src/providers/line.js
@@ -1,23 +1,22 @@
-export default function LINE(options) {
+export default (options) => {
  return {
-    id: "line",
-    name: "LINE",
-    type: "oauth",
-    version: "2.0",
-    scope: "profile openid",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.line.me/oauth2/v2.1/token",
-    authorizationUrl:
-      "https://access.line.me/oauth2/v2.1/authorize?response_type=code",
-    profileUrl: "https://api.line.me/v2/profile",
-    profile(profile) {
+    id: 'line',
+    name: 'LINE',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'profile openid',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.line.me/oauth2/v2.1/token',
+    authorizationUrl: 'https://access.line.me/oauth2/v2.1/authorize?response_type=code',
+    profileUrl: 'https://api.line.me/v2/profile',
+    profile: (profile) => {
      return {
        id: profile.userId,
        name: profile.displayName,
        email: null,
-        image: profile.pictureUrl,
+        image: profile.pictureUrl
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/linkedin.js
+++ b/src/providers/linkedin.js
@@ -1,28 +1,26 @@
-export default function LinkedIn(options) {
+export default (options) => {
  return {
-    id: "linkedin",
-    name: "LinkedIn",
-    type: "oauth",
-    version: "2.0",
-    scope: "r_liteprofile",
+    id: 'linkedin',
+    name: 'LinkedIn',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'r_liteprofile',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code',
      client_id: options.clientId,
-      client_secret: options.clientSecret,
+      client_secret: options.clientSecret
    },
-    accessTokenUrl: "https://www.linkedin.com/oauth/v2/accessToken",
-    authorizationUrl:
-      "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
-    profileUrl:
-      "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)",
-    profile(profile) {
+    accessTokenUrl: 'https://www.linkedin.com/oauth/v2/accessToken',
+    authorizationUrl: 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
+    profileUrl: 'https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)',
+    profile: (profile) => {
      return {
        id: profile.id,
-        name: profile.localizedFirstName + " " + profile.localizedLastName,
+        name: profile.localizedFirstName + ' ' + profile.localizedLastName,
        email: null,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/mailchimp.js
+++ b/src/providers/mailchimp.js
@@ -1,22 +0,0 @@
-export default function Mailchimp(options) {
-  return {
-    id: 'mailchimp',
-    name: 'Mailchimp',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.mailchimp.com/oauth2/token',
-    authorizationUrl: 'https://login.mailchimp.com/oauth2/authorize?response_type=code',
-    profileUrl: 'https://login.mailchimp.com/oauth2/metadata',
-    profile: (profile) => {
-      return {
-        id: profile.login.login_id,
-        name: profile.accountname,
-        email: profile.login.email,
-        image: null
-      }
-    },
-    ...options
-  }
-}
--- a/src/providers/mailru.js
+++ b/src/providers/mailru.js
@@ -1,25 +1,25 @@
-export default function MailRu(options) {
+export default (options) => {
  return {
-    id: "mailru",
-    name: "Mail.ru",
-    type: "oauth",
-    version: "2.0",
-    scope: "userinfo",
+    id: 'mailru',
+    name: 'Mail.ru',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'userinfo',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
    },
-    accessTokenUrl: "https://oauth.mail.ru/token",
-    requestTokenUrl: "https://oauth.mail.ru/token",
-    authorizationUrl: "https://oauth.mail.ru/login?response_type=code",
-    profileUrl: "https://oauth.mail.ru/userinfo",
-    profile(profile) {
+    accessTokenUrl: 'https://oauth.mail.ru/token',
+    requestTokenUrl: 'https://oauth.mail.ru/token',
+    authorizationUrl: 'https://oauth.mail.ru/login?response_type=code',
+    profileUrl: 'https://oauth.mail.ru/userinfo',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.image,
+        image: profile.image
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/medium.js
+++ b/src/providers/medium.js
@@ -1,22 +1,22 @@
-export default function Medium(options) {
+export default (options) => {
  return {
-    id: "medium",
-    name: "Medium",
-    type: "oauth",
-    version: "2.0",
-    scope: "basicProfile",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.medium.com/v1/tokens",
-    authorizationUrl: "https://medium.com/m/oauth/authorize?response_type=code",
-    profileUrl: "https://api.medium.com/v1/me",
-    profile(profile) {
+    id: 'medium',
+    name: 'Medium',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'basicProfile',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.medium.com/v1/tokens',
+    authorizationUrl: 'https://medium.com/m/oauth/authorize?response_type=code',
+    profileUrl: 'https://api.medium.com/v1/me',
+    profile: (profile) => {
      return {
        id: profile.data.id,
        name: profile.data.name,
        email: null,
-        image: profile.data.imageUrl,
+        image: profile.data.imageUrl
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/netlify.js
+++ b/src/providers/netlify.js
@@ -1,21 +1,21 @@
-export default function Netlify(options) {
+export default (options) => {
  return {
-    id: "netlify",
-    name: "Netlify",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://api.netlify.com/oauth/token",
-    authorizationUrl: "https://app.netlify.com/authorize?response_type=code",
-    profileUrl: "https://api.netlify.com/api/v1/user",
-    profile(profile) {
+    id: 'netlify',
+    name: 'Netlify',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.netlify.com/oauth/token',
+    authorizationUrl: 'https://app.netlify.com/authorize?response_type=code',
+    profileUrl: 'https://api.netlify.com/api/v1/user',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.full_name,
        email: profile.email,
-        image: profile.avatar_url,
+        image: profile.avatar_url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/okta.js
+++ b/src/providers/okta.js
@@ -1,22 +1,22 @@
-export default function Okta(options) {
+export default (options) => {
  return {
-    id: "okta",
-    name: "Okta",
-    type: "oauth",
-    version: "2.0",
-    scope: "openid profile email",
+    id: 'okta',
+    name: 'Okta',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'openid profile email',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code',
      client_id: options.clientId,
-      client_secret: options.clientSecret,
+      client_secret: options.clientSecret
    },
    // These will be different depending on the Org.
    accessTokenUrl: `https://${options.domain}/v1/token`,
    authorizationUrl: `https://${options.domain}/v1/authorize/?response_type=code`,
    profileUrl: `https://${options.domain}/v1/userinfo/`,
-    profile(profile) {
+    profile: (profile) => {
      return { ...profile, id: profile.sub }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/osso.js
+++ b/src/providers/osso.js
@@ -1,20 +1,20 @@
-export default function Osso(options) {
+export default (options) => {
  return {
-    id: "osso",
-    name: "SAML SSO",
-    type: "oauth",
-    version: "2.0",
-    params: { grant_type: "authorization_code" },
+    id: 'osso',
+    name: 'SAML SSO',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
    accessTokenUrl: `https://${options.domain}/oauth/token`,
    authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/oauth/me`,
-    profile(profile) {
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name || profile.email,
-        email: profile.email,
+        email: profile.email
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/reddit.js
+++ b/src/providers/reddit.js
@@ -1,23 +1,23 @@
-export default function Reddit(options) {
+export default (options) => {
  return {
-    id: "reddit",
-    name: "Reddit",
-    type: "oauth",
-    version: "2.0",
-    scope: "identity",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: " https://www.reddit.com/api/v1/access_token",
+    id: 'reddit',
+    name: 'Reddit',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'identity',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: ' https://www.reddit.com/api/v1/access_token',
    authorizationUrl:
-      "https://www.reddit.com/api/v1/authorize?response_type=code",
-    profileUrl: "https://oauth.reddit.com/api/v1/me",
-    profile(profile) {
+      'https://www.reddit.com/api/v1/authorize?response_type=code',
+    profileUrl: 'https://oauth.reddit.com/api/v1/me',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.name,
        image: null,
-        email: null,
+        email: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/salesforce.js
+++ b/src/providers/salesforce.js
@@ -1,22 +1,21 @@
-export default function Salesforce(options) {
+export default (options) => {
  return {
-    id: "salesforce",
-    name: "Salesforce",
-    type: "oauth",
-    version: "2.0",
-    params: { display: "page", grant_type: "authorization_code" },
-    accessTokenUrl: "https://login.salesforce.com/services/oauth2/token",
-    authorizationUrl:
-      "https://login.salesforce.com/services/oauth2/authorize?response_type=code",
-    profileUrl: "https://login.salesforce.com/services/oauth2/userinfo",
-    protection: "none",
-    profile(profile) {
+    id: 'salesforce',
+    name: 'Salesforce',
+    type: 'oauth',
+    version: '2.0',
+    params: { display: 'page', grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://login.salesforce.com/services/oauth2/token',
+    authorizationUrl: 'https://login.salesforce.com/services/oauth2/authorize?response_type=code',
+    profileUrl: 'https://login.salesforce.com/services/oauth2/userinfo',
+    protection: 'none', // REVIEW: Can we use "pkce" ?
+    profile: (profile) => {
      return {
        ...profile,
        id: profile.user_id,
-        image: profile.picture,
+        image: profile.picture
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/slack.js
+++ b/src/providers/slack.js
@@ -1,26 +1,24 @@
-export default function Slack(options) {
+export default (options) => {
  return {
-    id: "slack",
-    name: "Slack",
-    type: "oauth",
-    version: "2.0",
+    id: 'slack',
+    name: 'Slack',
+    type: 'oauth',
+    version: '2.0',
    scope: [],
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://slack.com/api/oauth.v2.access",
-    authorizationUrl: "https://slack.com/oauth/v2/authorize",
-    authorizationParams: {
-      user_scope: "identity.basic,identity.email,identity.avatar",
-    },
-    profileUrl: "https://slack.com/api/users.identity",
-    profile(profile) {
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
+    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
+    authorizationParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
+    profileUrl: 'https://slack.com/api/users.identity',
+    profile: (profile) => {
      const { user } = profile
      return {
        id: user.id,
        name: user.name,
        image: user.image_512,
-        email: user.email,
+        email: user.email
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/spotify.js
+++ b/src/providers/spotify.js
@@ -1,23 +1,23 @@
-export default function Spotify(options) {
+export default (options) => {
  return {
-    id: "spotify",
-    name: "Spotify",
-    type: "oauth",
-    version: "2.0",
-    scope: "user-read-email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.spotify.com/api/token",
+    id: 'spotify',
+    name: 'Spotify',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user-read-email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.spotify.com/api/token',
    authorizationUrl:
-      "https://accounts.spotify.com/authorize?response_type=code",
-    profileUrl: "https://api.spotify.com/v1/me",
-    profile(profile) {
+      'https://accounts.spotify.com/authorize?response_type=code',
+    profileUrl: 'https://api.spotify.com/v1/me',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.display_name,
        email: profile.email,
-        image: profile.images?.[0]?.url,
+        image: profile.images?.[0]?.url
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/strava.js
+++ b/src/providers/strava.js
@@ -1,22 +1,22 @@
-export default function Strava(options) {
+export default (options) => {
  return {
-    id: "strava",
-    name: "Strava",
-    type: "oauth",
-    version: "2.0",
-    scope: "read",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://www.strava.com/api/v3/oauth/token",
+    id: 'strava',
+    name: 'Strava',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'read',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://www.strava.com/api/v3/oauth/token',
    authorizationUrl:
-      "https://www.strava.com/api/v3/oauth/authorize?response_type=code",
-    profileUrl: "https://www.strava.com/api/v3/athlete",
-    profile(profile) {
+      'https://www.strava.com/api/v3/oauth/authorize?response_type=code',
+    profileUrl: 'https://www.strava.com/api/v3/athlete',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.firstname,
-        image: profile.profile,
+        image: profile.profile
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/twitch.js
+++ b/src/providers/twitch.js
@@ -1,24 +1,24 @@
-export default function Twitch(options) {
+export default (options) => {
  return {
-    id: "twitch",
-    name: "Twitch",
-    type: "oauth",
-    version: "2.0",
-    scope: "user:read:email",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://id.twitch.tv/oauth2/token",
+    id: 'twitch',
+    name: 'Twitch',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'user:read:email',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://id.twitch.tv/oauth2/token',
    authorizationUrl:
-      "https://id.twitch.tv/oauth2/authorize?response_type=code",
-    profileUrl: "https://api.twitch.tv/helix/users",
-    profile(profile) {
+      'https://id.twitch.tv/oauth2/authorize?response_type=code',
+    profileUrl: 'https://api.twitch.tv/helix/users',
+    profile: (profile) => {
      const data = profile.data[0]
      return {
        id: data.id,
        name: data.display_name,
        image: data.profile_image_url,
-        email: data.email,
+        email: data.email
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/twitter.js
+++ b/src/providers/twitter.js
@@ -1,23 +1,23 @@
-export default function Twitter(options) {
+export default (options) => {
  return {
-    id: "twitter",
-    name: "Twitter",
-    type: "oauth",
-    version: "1.0A",
-    scope: "",
-    accessTokenUrl: "https://api.twitter.com/oauth/access_token",
-    requestTokenUrl: "https://api.twitter.com/oauth/request_token",
-    authorizationUrl: "https://api.twitter.com/oauth/authenticate",
+    id: 'twitter',
+    name: 'Twitter',
+    type: 'oauth',
+    version: '1.0A',
+    scope: '',
+    accessTokenUrl: 'https://api.twitter.com/oauth/access_token',
+    requestTokenUrl: 'https://api.twitter.com/oauth/request_token',
+    authorizationUrl: 'https://api.twitter.com/oauth/authenticate',
    profileUrl:
-      "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
-    profile(profile) {
+      'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
+    profile: (profile) => {
      return {
        id: profile.id_str,
        name: profile.name,
        email: profile.email,
-        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, ".jpg"),
+        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, '.jpg')
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/vk.js
+++ b/src/providers/vk.js
@@ -1,29 +1,30 @@
-export default function VK(options) {
-  const apiVersion = "5.126" // https://vk.com/dev/versions
+export default (options) => {
+  const apiVersion = '5.126' // https://vk.com/dev/versions

  return {
-    id: "vk",
-    name: "VK",
-    type: "oauth",
-    version: "2.0",
-    scope: "email",
+    id: 'vk',
+    name: 'VK',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'email',
    params: {
-      grant_type: "authorization_code",
+      grant_type: 'authorization_code'
    },
    accessTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
    requestTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    authorizationUrl: `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
+    authorizationUrl:
+      `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
    profileUrl: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
    profile: (result) => {
      const profile = result.response?.[0] ?? {}

      return {
        id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(' '),
        email: profile.email,
-        image: profile.photo_100,
+        image: profile.photo_100
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/wordpress.js
+++ b/src/providers/wordpress.js
@@ -1,23 +0,0 @@
-export default function WordPress(options) {
-  return {
-    id: "wordpress",
-    name: "WordPress.com",
-    type: "oauth",
-    version: "2.0",
-    scope: "auth",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://public-api.wordpress.com/oauth2/token",
-    authorizationUrl:
-      "https://public-api.wordpress.com/oauth2/authorize?response_type=code",
-    profileUrl: "https://public-api.wordpress.com/rest/v1/me",
-    profile(profile) {
-      return {
-        id: profile.ID,
-        name: profile.display_name,
-        email: profile.email,
-        image: profile.avatar_URL,
-      }
-    },
-    ...options,
-  }
-}
--- a/src/providers/yandex.js
+++ b/src/providers/yandex.js
@@ -1,23 +1,23 @@
-export default function Yandex(options) {
+export default (options) => {
  return {
-    id: "yandex",
-    name: "Yandex",
-    type: "oauth",
-    version: "2.0",
-    scope: "login:email login:info",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://oauth.yandex.ru/token",
-    requestTokenUrl: "https://oauth.yandex.ru/token",
-    authorizationUrl: "https://oauth.yandex.ru/authorize?response_type=code",
-    profileUrl: "https://login.yandex.ru/info?format=json",
-    profile(profile) {
+    id: 'yandex',
+    name: 'Yandex',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'login:email login:info',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://oauth.yandex.ru/token',
+    requestTokenUrl: 'https://oauth.yandex.ru/token',
+    authorizationUrl: 'https://oauth.yandex.ru/authorize?response_type=code',
+    profileUrl: 'https://login.yandex.ru/info?format=json',
+    profile: (profile) => {
      return {
        id: profile.id,
        name: profile.real_name,
        email: profile.default_email,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/providers/zoho.js
+++ b/src/providers/zoho.js
@@ -1,23 +1,22 @@
-export default function Zoho(options) {
+export default (options) => {
  return {
-    id: "zoho",
-    name: "Zoho",
-    type: "oauth",
-    version: "2.0",
-    scope: "AaaServer.profile.Read",
-    params: { grant_type: "authorization_code" },
-    accessTokenUrl: "https://accounts.zoho.com/oauth/v2/token",
-    authorizationUrl:
-      "https://accounts.zoho.com/oauth/v2/auth?response_type=code",
-    profileUrl: "https://accounts.zoho.com/oauth/user/info",
-    profile(profile) {
+    id: 'zoho',
+    name: 'Zoho',
+    type: 'oauth',
+    version: '2.0',
+    scope: 'AaaServer.profile.Read',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://accounts.zoho.com/oauth/v2/token',
+    authorizationUrl: 'https://accounts.zoho.com/oauth/v2/auth?response_type=code',
+    profileUrl: 'https://accounts.zoho.com/oauth/user/info',
+    profile: (profile) => {
      return {
        id: profile.ZUID,
        name: `${profile.First_Name} ${profile.Last_Name}`,
        email: profile.Email,
-        image: null,
+        image: null
      }
    },
-    ...options,
+    ...options
  }
 }
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -6,12 +6,12 @@ import * as cookie from './lib/cookie'
 import * as defaultEvents from './lib/default-events'
 import * as defaultCallbacks from './lib/default-callbacks'
 import parseProviders from './lib/providers'
+import callbackUrlHandler from './lib/callback-url-handler'
+import extendRes from './lib/extend-req'
 import * as routes from './routes'
 import renderPage from './pages'
-import createSecret from './lib/create-secret'
-import callbackUrlHandler from './lib/callback-url-handler'
-import extendRes from './lib/extend-res'
 import csrfTokenHandler from './lib/csrf-token-handler'
+import createSecret from './lib/create-secret'
 import * as pkce from './lib/oauth/pkce-handler'
 import * as state from './lib/oauth/state-handler'

@@ -67,18 +67,16 @@ async function NextAuthHandler (req, res, userOptions) {

    const secret = createSecret({ userOptions, basePath, baseUrl })

+    const { csrfToken, csrfTokenVerified } = csrfTokenHandler(req, res, cookies, secret)
+
    const providers = parseProviders({ providers: userOptions.providers, baseUrl, basePath })
    const provider = providers.find(({ id }) => id === providerId)

-    // Protection only works on OAuth 2.x providers
-    if (provider?.type === 'oauth' && provider.version?.startsWith('2')) {
-      // When provider.state is undefined, we still want this to pass
-      if (!provider.protection && provider.state !== false) {
-        // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
-        provider.protection = ['state']
-      } else if (typeof provider.protection === 'string') {
-        provider.protection = [provider.protection]
-      }
+    if (provider &&
+      provider.type === 'oauth' && provider.version?.startsWith('2') &&
+       (!provider.protection && provider.state !== false)
+    ) {
+      provider.protection = 'state' // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
    }

    const maxAge = 30 * 24 * 60 * 60 // Sessions expire after 30 days of being idle
@@ -105,6 +103,7 @@ async function NextAuthHandler (req, res, userOptions) {
      provider,
      cookies,
      secret,
+      csrfToken,
      providers,
      // Session options
      session: {
@@ -135,7 +134,6 @@ async function NextAuthHandler (req, res, userOptions) {
      logger
    }

-    csrfTokenHandler(req, res)
    await callbackUrlHandler(req, res)

    const render = renderPage(req, res)
@@ -148,7 +146,7 @@ async function NextAuthHandler (req, res, userOptions) {
        case 'session':
          return routes.session(req, res)
        case 'csrf':
-          return res.json({ csrfToken: req.options.csrfToken })
+          return res.json({ csrfToken })
        case 'signin':
          if (pages.signIn) {
            let signinUrl = `${pages.signIn}${pages.signIn.includes('?') ? '&' : '?'}callbackUrl=${req.options.callbackUrl}`
@@ -201,7 +199,7 @@ async function NextAuthHandler (req, res, userOptions) {
      switch (action) {
        case 'signin':
          // Verified CSRF Token required for all sign in routes
-          if (req.options.csrfTokenVerified && provider) {
+          if (csrfTokenVerified && provider) {
            if (await pkce.handleSignin(req, res)) return
            if (await state.handleSignin(req, res)) return
            return routes.signin(req, res)
@@ -210,14 +208,14 @@ async function NextAuthHandler (req, res, userOptions) {
          return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
        case 'signout':
          // Verified CSRF Token required for signout
-          if (req.options.csrfTokenVerified) {
+          if (csrfTokenVerified) {
            return routes.signout(req, res)
          }
          return res.redirect(`${baseUrl}${basePath}/signout?csrf=true`)
        case 'callback':
          if (provider) {
            // Verified CSRF Token required for credentials providers only
-            if (provider.type === 'credentials' && !req.options.csrfTokenVerified) {
+            if (provider.type === 'credentials' && !csrfTokenVerified) {
              return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
            }

--- a/src/server/lib/csrf-token-handler.js
+++ b/src/server/lib/csrf-token-handler.js
@@ -14,30 +14,29 @@ import * as cookie from './cookie'
 * For more details, see the following OWASP links:
 * https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
 * https://owasp.org/www-chapter-london/assets/slides/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf
- * @param {import("..").NextAuthRequest} req
- * @param {import("..").NextAuthResponse} res
 */
-export default function csrfTokenHandler (req, res) {
-  const { cookies, secret } = req.options
-  if (cookies.csrfToken.name in req.cookies) {
-    const [csrfToken, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
-    const expectedCsrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
-    if (csrfTokenHash === expectedCsrfTokenHash) {
+export default function csrfTokenHandler (req, res, cookies, secret) {
+  const { csrfToken: csrfTokenFromRequest } = req.body
+
+  let csrfTokenFromCookie
+  let csrfTokenVerified = false
+  if (req.cookies[cookies.csrfToken.name]) {
+    const [csrfTokenValue, csrfTokenHash] = req.cookies[cookies.csrfToken.name].split('|')
+    if (csrfTokenHash === createHash('sha256').update(`${csrfTokenValue}${secret}`).digest('hex')) {
      // If hash matches then we trust the CSRF token value
-      // If this is a POST request and the CSRF Token in the POST request matches
-      // the cookie we have already verified is the one we have set, then the token is verified!
-      const csrfTokenVerified = req.method === 'POST' && csrfToken === req.body.csrfToken
-      req.options.csrfToken = csrfToken
-      req.options.csrfTokenVerified = csrfTokenVerified
-      return
+      csrfTokenFromCookie = csrfTokenValue
+
+      // If this is a POST request and the CSRF Token in the Post request matches
+      // the cookie we have already verified is one we have set, then token is verified!
+      if (req.method === 'POST' && csrfTokenFromCookie === csrfTokenFromRequest) { csrfTokenVerified = true }
    }
  }
-  // If no csrfToken from cookie - because it's not been set yet,
-  // or because the hash doesn't match (e.g. because it's been modifed or because the secret has changed)
-  // create a new token.
-  const csrfToken = randomBytes(32).toString('hex')
-  const csrfTokenHash = createHash('sha256').update(`${csrfToken}${secret}`).digest('hex')
-  const csrfTokenCookie = `${csrfToken}|${csrfTokenHash}`
-  cookie.set(res, cookies.csrfToken.name, csrfTokenCookie, cookies.csrfToken.options)
-  req.options.csrfToken = csrfToken
+  if (!csrfTokenFromCookie) {
+    // If no csrfToken - because it's not been set yet, or because the hash doesn't match
+    // (e.g. because it's been modifed or because the secret has changed) create a new token.
+    csrfTokenFromCookie = randomBytes(32).toString('hex')
+    const newCsrfTokenCookie = `${csrfTokenFromCookie}|${createHash('sha256').update(`${csrfTokenFromCookie}${secret}`).digest('hex')}`
+    cookie.set(res, cookies.csrfToken.name, newCsrfTokenCookie, cookies.csrfToken.options)
+  }
+  return { csrfToken: csrfTokenFromCookie, csrfTokenVerified }
 }
--- a/src/server/lib/extend-req.js
+++ b/src/server/lib/extend-req.js
--- a/src/server/lib/oauth/callback.js
+++ b/src/server/lib/oauth/callback.js
@@ -1,19 +1,19 @@
-import { decode as jwtDecode } from "jsonwebtoken"
-import oAuthClient from "./client"
-import logger from "../../../lib/logger"
-import { OAuthCallbackError } from "../../../lib/errors"
+import { decode as jwtDecode } from 'jsonwebtoken'
+import oAuthClient from './client'
+import logger from '../../../lib/logger'
+import { OAuthCallbackError } from '../../../lib/errors'

 /** @param {import("types/internals").NextAuthRequest} req */
-export default async function oAuthCallback(req) {
+export default async function oAuthCallback (req) {
  const { provider, pkce } = req.options
  const client = oAuthClient(provider)

-  if (provider.version?.startsWith("2.")) {
+  if (provider.version?.startsWith('2.')) {
    // The "user" object is specific to the Apple provider and is provided on first sign in
    // e.g. {"name":{"firstName":"Johnny","lastName":"Appleseed"},"email":"johnny.appleseed@nextauth.com"}
    let { code, user } = req.query // eslint-disable-line camelcase

-    if (req.method === "POST") {
+    if (req.method === 'POST') {
      try {
        const body = JSON.parse(JSON.stringify(req.body))
        if (body.error) {
@@ -23,35 +23,25 @@ export default async function oAuthCallback(req) {
        code = body.code
        user = body.user != null ? JSON.parse(body.user) : null
      } catch (error) {
-        logger.error(
-          "OAUTH_CALLBACK_HANDLER_ERROR",
-          error,
-          req.body,
-          provider.id,
-          code
-        )
+        logger.error('OAUTH_CALLBACK_HANDLER_ERROR', error, req.body, provider.id, code)
        throw error
      }
    }

    // REVIEW: Is this used by any of the providers?
    // Pass authToken in header by default (unless 'useAuthTokenHeader: false' is set)
-    if (Object.prototype.hasOwnProperty.call(provider, "useAuthTokenHeader")) {
+    if (Object.prototype.hasOwnProperty.call(provider, 'useAuthTokenHeader')) {
      client.useAuthorizationHeaderforGET(provider.useAuthTokenHeader)
    } else {
      client.useAuthorizationHeaderforGET(true)
    }

    try {
-      const tokens = await client.getOAuthAccessToken(
-        code,
-        provider,
-        pkce.code_verifier
-      )
+      const tokens = await client.getOAuthAccessToken(code, provider, pkce.code_verifier)
      let profileData
      if (provider.idToken) {
        if (!tokens?.id_token) {
-          throw new OAuthCallbackError("Missing JWT ID Token")
+          throw new OAuthCallbackError('Missing JWT ID Token')
        }

        // Support services that use OpenID ID Tokens to encode profile data
@@ -62,28 +52,26 @@ export default async function oAuthCallback(req) {

      return getProfile({ profileData, provider, tokens, user })
    } catch (error) {
-      logger.error("OAUTH_GET_ACCESS_TOKEN_ERROR", error, provider.id, code)
+      logger.error('OAUTH_GET_ACCESS_TOKEN_ERROR', error, provider.id, code)
      throw error
    }
  }

  try {
    // Handle OAuth v1.x
-    // eslint-disable-next-line camelcase
-    const { oauth_token, oauth_verifier } = req.query
-
-    // eslint-disable-next-line camelcase
-    const { token_secret } = await client.getOAuthRequestToken(provider.params)
-    const tokens = await client.getOAuthAccessToken(oauth_token, token_secret, oauth_verifier)
+    const {
+      oauth_token: oauthToken, oauth_verifier: oauthVerifier
+    } = req.query
+    const tokens = await client.getOAuthAccessToken(oauthToken, null, oauthVerifier)
    const profileData = await client.get(
      provider.profileUrl,
-      tokens.oauth_token,
-      tokens.oauth_token_secret
+      tokens.accessToken,
+      tokens.refreshToken
    )

    return getProfile({ profileData, tokens, provider })
  } catch (error) {
-    logger.error("OAUTH_V1_GET_ACCESS_TOKEN_ERROR", error)
+    logger.error('OAUTH_V1_GET_ACCESS_TOKEN_ERROR', error)
    throw error
  }
 }
@@ -93,27 +81,15 @@ export default async function oAuthCallback(req) {
 * Returns profile, raw profile and auth provider details
 * @param {{
 *   profileData: object | string
- *   tokens: {
- *     accessToken: string
- *     idToken?: string
- *     refreshToken?: string
- *     access_token: string
- *     expires_in?: string | Date | null
- *     refresh_token?: string
- *     id_token?: string
- *     token?: string
- *     token_secret?: string
- *     tokenSecret?: string
- *     params?: any
- *   }
- *   provider: import("../..").Provider
+ *   tokens: import("types").TokenSet
+ *   provider: import("types/providers").OAuthConfig
 *   user?: object
 * }} profileParams
 */
-async function getProfile({ profileData, tokens, provider, user }) {
+async function getProfile ({ profileData, tokens, provider, user }) {
  try {
    // Convert profileData into an object if it's a string
-    if (typeof profileData === "string" || profileData instanceof String) {
+    if (typeof profileData === 'string' || profileData instanceof String) {
      profileData = JSON.parse(profileData)
    }

@@ -122,22 +98,22 @@ async function getProfile({ profileData, tokens, provider, user }) {
      profileData.user = user
    }

-    logger.debug("PROFILE_DATA", profileData)
+    logger.debug('PROFILE_DATA', profileData)

    const profile = await provider.profile(profileData, tokens)
    // Return profile, raw profile and auth provider details
    return {
      profile: {
        ...profile,
-        email: profile.email?.toLowerCase() ?? null,
+        email: profile.email?.toLowerCase() ?? null
      },
      account: {
        provider: provider.id,
        type: provider.type,
        id: profile.id,
-        ...tokens,
+        ...tokens
      },
-      OAuthProfile: profileData,
+      OAuthProfile: profileData
    }
  } catch (exception) {
    // If we didn't get a response either there was a problem with the provider
@@ -147,11 +123,11 @@ async function getProfile({ profileData, tokens, provider, user }) {
    // all providers, so we return an empty object; the user should then be
    // redirected back to the sign up page. We log the error to help developers
    // who might be trying to debug this when configuring a new provider.
-    logger.error("OAUTH_PARSE_PROFILE_ERROR", exception, profileData)
+    logger.error('OAUTH_PARSE_PROFILE_ERROR', exception, profileData)
    return {
      profile: null,
      account: null,
-      OAuthProfile: profileData,
+      OAuthProfile: profileData
    }
  }
 }
--- a/src/server/lib/oauth/client.js
+++ b/src/server/lib/oauth/client.js
@@ -54,36 +54,23 @@ export default function oAuthClient (provider) {
  const originalGetOAuth1AccessToken = oauth1Client.getOAuthAccessToken.bind(oauth1Client)
  oauth1Client.getOAuthAccessToken = (...args) => {
    return new Promise((resolve, reject) => {
-      // eslint-disable-next-line camelcase
-      originalGetOAuth1AccessToken(...args, (error, oauth_token, oauth_token_secret, params) => {
+      originalGetOAuth1AccessToken(...args, (error, accessToken, refreshToken, results) => {
        if (error) {
          return reject(error)
        }
-
-        resolve({
-          // TODO: Remove, this is only kept for backward compativility
-          // These are not in the OAuth 1.x spec
-          accessToken: oauth_token,
-          refreshToken: oauth_token_secret,
-          results: params,
-
-          oauth_token,
-          oauth_token_secret,
-          params
-        })
+        resolve({ accessToken, refreshToken, results })
      })
    })
  }

  const originalGetOAuthRequestToken = oauth1Client.getOAuthRequestToken.bind(oauth1Client)
-  oauth1Client.getOAuthRequestToken = (params = {}) => {
+  oauth1Client.getOAuthRequestToken = (...args) => {
    return new Promise((resolve, reject) => {
-      // eslint-disable-next-line camelcase
-      originalGetOAuthRequestToken(params, (error, oauth_token, oauth_token_secret, params) => {
+      originalGetOAuthRequestToken(...args, (error, oauthToken) => {
        if (error) {
          return reject(error)
        }
-        resolve({ oauth_token, oauth_token_secret, params })
+        resolve(oauthToken)
      })
    })
  }
@@ -149,7 +136,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
    headers.Authorization = `Bearer ${code}`
  }

-  if (provider.protection.includes('pkce')) {
+  if (provider.protection === 'pkce') {
    params.code_verifier = codeVerifier
  }

--- a/src/server/lib/oauth/pkce-handler.js
+++ b/src/server/lib/oauth/pkce-handler.js
@@ -16,8 +16,7 @@ const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
 export async function handleCallback (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    // Provider does not support PKCE, nothing to do.
-    if (!provider.protection?.includes('pkce')) {
+    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
      return
    }

@@ -51,7 +50,7 @@ export async function handleCallback (req, res) {
 export async function handleSignin (req, res) {
  const { cookies, provider, baseUrl, basePath } = req.options
  try {
-    if (!provider.protection?.includes('pkce')) { // Provider does not support PKCE, nothing to do.
+    if (provider.protection !== 'pkce') { // Provider does not support PKCE, nothing to do.
      return
    }
    // Started login flow, add generated pkce to req.options and (encrypted) code_verifier to a cookie
--- a/src/server/lib/oauth/state-handler.js
+++ b/src/server/lib/oauth/state-handler.js
@@ -12,12 +12,11 @@ import { OAuthCallbackError } from '../../../lib/errors'
 export async function handleCallback (req, res) {
  const { csrfToken, provider, baseUrl, basePath } = req.options
  try {
-    // Provider does not support state, nothing to do.
-    if (!provider.protection?.includes('state')) {
+    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
      return
    }

-    const state = req.query.state || req.body.state
+    const { state } = req.query
    const expectedState = createHash('sha256').update(csrfToken).digest('hex')

    logger.debug(
@@ -42,7 +41,7 @@ export async function handleCallback (req, res) {
 export async function handleSignin (req, res) {
  const { provider, baseUrl, basePath, csrfToken } = req.options
  try {
-    if (!provider.protection?.includes('state')) { // Provider does not support state, nothing to do.
+    if (provider.protection !== 'state') { // Provider does not support state, nothing to do.
      return
    }

--- a/src/server/lib/signin/oauth.js
+++ b/src/server/lib/signin/oauth.js
@@ -5,17 +5,13 @@ import logger from '../../../lib/logger'
 export default async function getAuthorizationUrl (req) {
  const { provider } = req.options

-  delete req.query?.nextauth
-  const params = {
-    ...provider.authorizationParams,
-    ...req.query
-  }
-
  const client = oAuthClient(provider)
  if (provider.version?.startsWith('2.')) {
+    delete req.query?.nextauth
    // Handle OAuth v2.x
    let url = client.getAuthorizeUrl({
-      ...params,
+      ...provider.authorizationParams,
+      ...req.query,
      redirect_uri: provider.callbackUrl,
      scope: provider.scope
    })
@@ -38,12 +34,8 @@ export default async function getAuthorizationUrl (req) {
  }

  try {
-    const tokens = await client.getOAuthRequestToken(params)
-    const url = `${provider.authorizationUrl}?${new URLSearchParams({
-      oauth_token: tokens.oauth_token,
-      oauth_token_secret: tokens.oauth_token_secret,
-      ...tokens.params
-    })}`
+    const oAuthToken = await client.getOAuthRequestToken()
+    const url = `${provider.authorizationUrl}?oauth_token=${oAuthToken}`
    logger.debug('GET_AUTHORIZATION_URL', url)
    return url
  } catch (error) {
--- a/src/server/pages/error.js
+++ b/src/server/pages/error.js
@@ -52,7 +52,7 @@ export default function error ({ baseUrl, basePath, error = 'default', res }) {
    }
  }

-  const { statusCode, heading, message, signin } = errors[error.toLowerCase()] ?? errors.default
+  const { statusCode, heading, message, signin } = errors[error.toLowerCase()]

  res.status(statusCode)

--- a/src/server/routes/callback.js
+++ b/src/server/routes/callback.js
@@ -262,8 +262,7 @@ export default async function callback (req, res) {
    const defaultJwtPayload = {
      name: user.name,
      email: user.email,
-      picture: user.image,
-      sub: user.id?.toString()
+      picture: user.image
    }
    const jwtPayload = await callbacks.jwt(defaultJwtPayload, user, account, userObjectReturnedFromAuthorizeHandler, false)

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Balázs Orbán	7335759b04	fix(ts): extract EmailConfigServerOptions to interface	2021-04-19 17:02:53 +02:00
Balázs Orbán	97c77ff44b	refactor(ts): de-duplicate types (#1690 ) * refactor(ts): deduplicate internal types * refactor(ts): ease up providers typings * test(ts): fix failing TS tests * test(ts): rename TS property to fix test * docs(ts): mention TS docs in README.md * feat(ts): move/update client types * refactor(TS): rename some types * test(ts): fix client tests * docs(ts): move function descriptions to .d.ts * chore: fix lint error * refactor(ts): separate internal types * chore: simplify build-types script * chore: update type import paths in src * chore(build): create root files at build * chore: remove unnecessary .npmignore * chore: run prettier on types * fix(ts): clean up jwt types * fix(ts): make getToken return type depend on raw param * docs(page): explain page errors, add theming note * docs(ts): add JSDoc to NextAuthOptions props * chore(ts): remove unused import * docs(ts): change JSDOC docs notation * refactor(build): extract module entries into enum * chore(ts): move ClientSafeProvider * chore(ts): simplify GetTokenParams generic * style(lint): fix linting errors * chore: re-add generic extension to GetTokenParams	2021-04-19 16:54:03 +02:00
Nico Domino	b6963abda7	docs(lint): update contributing.md (#1760 ) Regarding ESLint / Prettier use and link to their VSCode extensions	2021-04-18 13:47:02 +02:00
Nico Domino	bdb12adb28	style: replace ts-standard with eslint/prettier (#1724 ) * style: move from ts-standard to eslint/prettier * fix: install remaining eslint-config-standard peer deps * fix: add remaining missing dependencies/config Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-14 20:22:51 +02:00
Balázs Orbán	a1e30507c2	feat(ts): support module augmentation (#1681 ) * chore(ts): remove unused imports * refactor(ts): clean up CallbackOptions * docs(ts): explain Module Augmentation * docs(ts): don't use @ in folder name "types" * test(ts): make jwt params optional * docs(ts): fix typo (TypeScript -> NextAuth.js)	2021-04-10 23:48:26 +02:00
Balázs Orbán	2c4fce3699	fix(build): fix release	2021-04-09 21:26:00 +02:00
Balázs Orbán	8fa71512d1	fix(built): typo in package.json	2021-04-09 21:20:41 +02:00
Balázs Orbán	d420eeff9d	fix(ts): add .d.ts sub-module files to package.json #1677 seemed to miss this	2021-04-09 21:10:43 +02:00
Lluis Agusti	0d863d38bc	fix(ts): correctly export sub-module types (#1677 ) * chore(types): build types script Adds a script that moves the declaration files we have in `./types` to `./dist` relative to the files they intend to type. This is the first step, we still need to change what we declare in `package.json`, add the script to the CI pipeline if we're happy with it and figure out how to type `next-auth/jwt`. * refactor(lint): fix build-types script	2021-04-09 20:28:11 +02:00
Lluis Agusti	6f9f42a85b	chore(ci): fix typo on types workflow	2021-04-07 17:05:48 +02:00
Lluis Agusti	2160be2a8a	feat(ts): expose types from the package (#1665 ) * chore(types): move existing types to the repo * feat(ts): expose types from the main package * chore(deps): bring back `react-dom` version range * chore(ts): cleanup deps and comments * chore(ci): run types tests on a separate workflow	2021-04-07 17:03:17 +02:00
Balázs Orbán	55eb066793	chore: add beta to release flow/GH actions	2021-04-04 22:08:25 +02:00