fix(ts): tweak Adapter related types (#1914)

Contains the following squashed commits:

* fix(ts): make first adapter parameter non-optional
* fix(ts): make defaulted values non-optional internally
* test(ts): fix linting

src/client/index.js

@@ -355,6 +355,22 @@ function BroadcastChannel (name = 'nextauth.message') {
   }
 }
 
+
+
+// Some methods are exported with more than one name. This provides some
+// flexibility over how they can be invoked and backwards compatibility
+// with earlier releases. These should be removed in a newer release, as it only
+// creates problems for bundlers and adds confusion to users. TypeScript declarations
+// will provide sufficient help when importing
+export {
+  setOptions as options,
+  getSession as session,
+  getProviders as providers,
+  getCsrfToken as csrfToken,
+  signIn as signin,
+  signOut as signout
+}
+
 export default {
   getSession,
   getCsrfToken,

src/providers/42.js

@@ -0,0 +1,20 @@
+export default function FortyTwo(options) {
+  return {
+    id: '42-school',
+    name: '42 School',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://api.intra.42.fr/oauth/token',
+    authorizationUrl:
+      'https://api.intra.42.fr/oauth/authorize?response_type=code',
+    profileUrl: 'https://api.intra.42.fr/v2/me',
+    profile: (profile) => ({
+      id: profile.id,
+      email: profile.email,
+      image: profile.image_url,
+      name: profile.usual_full_name,
+    }),
+    ...options,
+  }
+}

types/adapters.d.ts

@@ -1,245 +1,131 @@
 import { AppOptions } from "./internals"
-import { ConnectionOptions, EntitySchema } from "typeorm"
-import { User } from "."
-import { AppProvider } from "./providers"
+import { User, Profile, Session } from "."
+import { EmailConfig, SendVerificationRequest } from "./providers"
+import { ConnectionOptions } from "typeorm"
 
-export interface Profile {
-  id: string
-  name: string
-  email: string | null
-  image?: string | null
-}
-
-export interface Session {
-  userId: string | number | object
-  expires: Date
-  sessionToken: string
-  accessToken: string
-}
-
-export interface VerificationRequest {
-  identifier: string
-  token: string
-  expires: Date
-}
-
-export interface SendVerificationRequestParams {
-  identifier: string
-  url: string
-  token: string
-  baseUrl: string
-  provider: AppProvider
-}
-
-export type EmailAppProvider = AppProvider & {
-  sendVerificationRequest: (
-    params: SendVerificationRequestParams
-  ) => Promise<void>
-  maxAge: number | undefined
-}
-
-export interface AdapterInstance<
-  TUser,
-  TProfile,
-  TSession,
-  TVerificationRequest
-> {
-  createUser: (profile: TProfile) => Promise<TUser>
-  getUser: (id: string) => Promise<TUser | null>
-  getUserByEmail: (email: string) => Promise<TUser | null>
-  getUserByProviderAccountId: (
-    providerId: string,
-    providerAccountId: string
-  ) => Promise<TUser | null>
-  updateUser: (user: TUser) => Promise<TUser>
-  linkAccount: (
-    userId: string,
-    providerId: string,
-    providerType: string,
-    providerAccountId: string,
-    refreshToken: string,
-    accessToken: string,
-    accessTokenExpires: number
-  ) => Promise<void>
-  createSession: (user: TUser) => Promise<TSession>
-  getSession: (sessionToken: string) => Promise<TSession | null>
-  updateSession: (session: TSession, force?: boolean) => Promise<TSession>
-  deleteSession: (sessionToken: string) => Promise<void>
-  createVerificationRequest?: (
-    email: string,
-    url: string,
-    token: string,
-    secret: string,
-    provider: EmailAppProvider,
-    options: AppOptions
-  ) => Promise<TVerificationRequest>
-  getVerificationRequest?: (
-    email: string,
-    verificationToken: string,
-    secret: string,
-    provider: AppProvider
-  ) => Promise<TVerificationRequest | null>
-  deleteVerificationRequest?: (
-    email: string,
-    verificationToken: string,
-    secret: string,
-    provider: AppProvider
-  ) => Promise<void>
-}
-
-interface Adapter<
-  TUser extends User = any,
-  TProfile extends Profile = any,
-  TSession extends Session = any,
-  TVerificationRequest extends VerificationRequest = any
-> {
-  getAdapter: (
-    appOptions: AppOptions
-  ) => Promise<AdapterInstance<TUser, TProfile, TSession, TVerificationRequest>>
-}
-
-type Schema<T = any> = EntitySchema<T>["options"]
-
-interface BuiltInAdapters {
-  Default: TypeORMAdapter["Adapter"]
-  TypeORM: TypeORMAdapter
-  Prisma: PrismaAdapter
+/** Legacy */
+declare const Adapters: {
+  Default: Adapter<ConnectionOptions>
+  TypeORM: { Adapter: Adapter<ConnectionOptions> }
+  Prisma: { Adapter: Adapter }
 }
+export default Adapters
 
 /**
- * TODO: fix auto-type schema
+ * Using a custom adapter you can connect to any database backend or even several different databases.
+ * Custom adapters created and maintained by our community can be found in the adapters repository.
+ * Feel free to add a custom adapter from your project to the repository,
+ * or even become a maintainer of a certain adapter.
+ * Custom adapters can still be created and used in a project without being added to the repository.
+ *
+ * [Community adapters](https://github.com/nextauthjs/adapters) |
+ * [Create a custom adapter](https://next-auth.js.org/tutorials/creating-a-database-adapter)
  */
-
-interface TypeORMAdapter<
-  A extends TypeORMAccountModel = any,
-  U extends TypeORMUserModel = any,
-  S extends TypeORMSessionModel = any,
-  VR extends TypeORMVerificationRequestModel = any
-> {
-  Adapter: (
-    typeOrmConfig: ConnectionOptions,
-    options?: {
-      models?: {
-        Account?: {
-          model: A
-          schema: Schema<A>
-        }
-        User?: {
-          model: U
-          schema: Schema<U>
-        }
-        Session?: {
-          model: S
-          schema: Schema<S>
-        }
-        VerificationRequest?: {
-          model: VR
-          schema: Schema<VR>
-        }
-      }
-    }
-  ) => Adapter<U, Profile, S, VR>
-  Models: {
-    Account: {
-      model: TypeORMAccountModel
-      schema: Schema<TypeORMAccountModel>
-    }
-    User: {
-      model: TypeORMUserModel
-      schema: Schema<TypeORMUserModel>
-    }
-    Session: {
-      model: TypeORMSessionModel
-      schema: Schema<TypeORMSessionModel>
-    }
-    VerificationRequest: {
-      model: TypeORMVerificationRequestModel
-      schema: Schema<TypeORMVerificationRequestModel>
-    }
-  }
-}
-
-interface PrismaAdapter {
-  Adapter: (config: {
-    prisma: any
-    modelMapping?: {
-      User: string
-      Account: string
-      Session: string
-      VerificationRequest: string
-    }
-  }) => Adapter
-}
-
-declare class TypeORMAccountModel {
-  compoundId: string
-  userId: number
-  providerType: string
-  providerId: string
-  providerAccountId: string
-  refreshToken?: string
-  accessToken?: string
-  accessTokenExpires?: Date
-
-  constructor(
-    userId: number,
+export interface AdapterInstance<U = User, P = Profile, S = Session> {
+  createUser(profile: P): Promise<U>
+  getUser(id: string): Promise<U | null>
+  getUserByEmail(email: string): Promise<U | null>
+  getUserByProviderAccountId(
+    providerId: string,
+    providerAccountId: string
+  ): Promise<U | null>
+  updateUser(user: U): Promise<U>
+  /** @todo Implement */
+  deleteUser?(userId: string): Promise<void>
+  linkAccount(
+    userId: string,
     providerId: string,
     providerType: string,
     providerAccountId: string,
     refreshToken?: string,
     accessToken?: string,
-    accessTokenExpires?: Date
-  )
+    accessTokenExpires?: null
+  ): Promise<void>
+  /** @todo Implement */
+  unlinkAccount?(
+    userId: string,
+    providerId: string,
+    providerAccountId: string
+  ): Promise<void>
+  createSession(user: U): Promise<S>
+  getSession(sessionToken: string): Promise<S | null>
+  updateSession(session: S, force?: boolean): Promise<S | null>
+  deleteSession(sessionToken: string): Promise<void>
+  createVerificationRequest?(
+    identifier: string,
+    url: string,
+    token: string,
+    secret: string,
+    provider: EmailConfig & { maxAge: number; from: string }
+  ): Promise<void>
+  getVerificationRequest?(
+    identifier: string,
+    verificationToken: string,
+    secret: string,
+    provider: Required<EmailConfig>
+  ): Promise<{
+    id: string
+    identifier: string
+    token: string
+    expires: Date
+  } | null>
+  deleteVerificationRequest?(
+    identifier: string,
+    verificationToken: string,
+    secret: string,
+    provider: Required<EmailConfig>
+  ): Promise<void>
 }
 
-declare class TypeORMUserModel implements User {
-  name?: string
-  email?: string
-  image?: string
-  emailVerified?: Date
-
-  constructor(
-    name?: string,
-    email?: string,
-    image?: string,
-    emailVerified?: Date
-  )
-  [x: string]: unknown
-}
-
-declare class TypeORMSessionModel implements Session {
-  userId: number
-  expires: Date
-  sessionToken: string
-  accessToken: string
-
-  constructor(
-    userId: number,
-    expires: Date,
-    sessionToken?: string,
-    accessToken?: string
-  )
-}
-
-declare class TypeORMVerificationRequestModel implements VerificationRequest {
-  identifier: string
-  token: string
-  expires: Date
-
-  constructor(identifier: string, token: string, expires: Date)
-}
-
-declare const Adapters: BuiltInAdapters
-
-export default Adapters
-
-export {
-  Adapter,
-  BuiltInAdapters as Adapters,
-  TypeORMAdapter,
-  TypeORMAccountModel,
-  TypeORMUserModel,
-  TypeORMSessionModel,
-  TypeORMVerificationRequestModel,
-  PrismaAdapter,
+/**
+ * From an implementation perspective, an adapter in NextAuth.js is a function
+ * which returns an async `getAdapter()` method, which in turn returns a list of functions
+ * used to handle operations such as creating user, linking a user
+ * and an OAuth account or handling reading and writing sessions.
+ *
+ * It uses this approach to allow database connection logic to live in the `getAdapter()` method.
+ * By calling the function just before an action needs to happen,
+ * it is possible to check database connection status and handle connecting / reconnecting
+ * to a database as required.
+ *
+ * **Required methods**
+ *
+ * _(These methods are required for all sign in flows)_
+ * - `createUser`
+ * - `getUser`
+ * - `getUserByEmail`
+ * - `getUserByProviderAccountId`
+ * - `linkAccount`
+ * - `createSession`
+ * - `getSession`
+ * - `updateSession`
+ * - `deleteSession`
+ * - `updateUser`
+ *
+ * _(Required to support email / passwordless sign in)_
+ *
+ * - `createVerificationRequest`
+ * - `getVerificationRequest`
+ * - `deleteVerificationRequest`
+ *
+ * **Unimplemented methods**
+ *
+ * _(These methods will be required in a future release, but are not yet invoked)_
+ * - `deleteUser`
+ * - `unlinkAccount`
+ *
+ * [Community adapters](https://github.com/nextauthjs/adapters) |
+ * [Create a custom adapter](https://next-auth.js.org/tutorials/creating-a-database-adapter)
+ */
+export type Adapter<
+  C = unknown,
+  O = Record<string, unknown>,
+  U = unknown,
+  P = unknown,
+  S = unknown
+> = (
+  client: C,
+  options?: O
+) => {
+  getAdapter(appOptions: AppOptions): Promise<AdapterInstance<U, P, S>>
 }

types/index.d.ts

@@ -127,7 +127,7 @@ export interface NextAuthOptions {
    * [Default adapter](https://next-auth.js.org/schemas/adapters#typeorm-adapter) |
    * [Community adapters](https://github.com/nextauthjs/adapters)
    */
-  adapter?: Adapter
+  adapter?: ReturnType<Adapter>
   /**
    * Set debug to true to enable debug messages for authentication and database operations.
    * * **Default value**: `false`
@@ -180,7 +180,7 @@ export interface NextAuthOptions {
    *
    * [Documentation](https://next-auth.js.org/configuration/options#theme) | [Pages documentation]("https://next-auth.js.org/configuration/pages")
    */
-  theme?: "auto" | "dark" | "light"
+  theme?: Theme
   /**
    * When set to `true` then all cookies set by NextAuth.js will only be accessible from HTTPS URLs.
    * This option defaults to `false` on URLs that start with `http://` (e.g. http://localhost:3000) for developer convenience.
@@ -215,6 +215,14 @@ export interface NextAuthOptions {
   cookies?: CookiesOptions
 }
 
+/**
+ * Change the theme of the built-in pages.
+ *
+ * [Documentation](https://next-auth.js.org/configuration/options#theme) |
+ * [Pages](https://next-auth.js.org/configuration/pages)
+ */
+export type Theme = "auto" | "dark" | "light"
+
 /**
  * Override any of the methods, and the rest will use the default logger.
  *
@@ -233,6 +241,8 @@ export interface LoggerInstance {
  */
 export interface TokenSet {
   accessToken: string
+  /** Kept for historical reasons, check out `expires_in` */
+  accessTokenExpires: null
   idToken?: string
   refreshToken?: string
   access_token: string

types/internals/index.d.ts

@@ -1,5 +1,5 @@
 import { NextApiRequest, NextApiResponse } from "./utils"
-import { NextAuthOptions } from ".."
+import { LoggerInstance, NextAuthOptions, SessionOptions, Theme } from ".."
 import { AppProvider } from "../providers"
 
 /** Options that are the same both in internal and user provided options. */
@@ -9,12 +9,7 @@ export type NextAuthSharedOptions =
   | "events"
   | "callbacks"
   | "cookies"
-  | "secret"
   | "adapter"
-  | "theme"
-  | "debug"
-  | "logger"
-  | "session"
 
 export interface AppOptions
   extends Required<Pick<NextAuthOptions, NextAuthSharedOptions>> {
@@ -42,6 +37,11 @@ export interface AppOptions
   provider?: AppProvider
   csrfToken?: string
   csrfTokenVerified?: boolean
+  secret: string
+  theme: Theme
+  debug: boolean
+  logger: LoggerInstance
+  session: Required<SessionOptions>
 }
 
 export interface NextAuthRequest extends NextApiRequest {

types/providers.d.ts

@@ -29,7 +29,7 @@ export interface OAuthConfig<P extends Record<string, unknown> = Profile>
   scope: string
   params: { grant_type: string }
   accessTokenUrl: string
-  requestTokenUrl: string
+  requestTokenUrl?: string
   authorizationUrl: string
   profileUrl: string
   profile(profile: P, tokens: TokenSet): Awaitable<User & { id: string }>
@@ -67,6 +67,7 @@ export type OAuthProviderType =
   | "EVEOnline"
   | "Facebook"
   | "FACEIT"
+  | "FortyTwo"
   | "Foursquare"
   | "FusionAuth"
   | "GitHub"
@@ -132,19 +133,27 @@ export interface EmailConfigServerOptions {
   }
 }
 
+export type SendVerificationRequest = (params: {
+  identifier: string
+  url: string
+  baseUrl: string
+  token: string
+  provider: EmailConfig
+}) => Awaitable<void>
+
 export interface EmailConfig extends CommonProviderOptions {
   type: "email"
   // TODO: Make use of https://www.typescriptlang.org/docs/handbook/2/template-literal-types.html
   server: string | EmailConfigServerOptions
+  /** @default "NextAuth <no-reply@example.com>" */
   from?: string
+  /**
+   * How long until the e-mail can be used to log the user in,
+   * in seconds. Defaults to 1 day
+   * @default 86400
+   */
   maxAge?: number
-  sendVerificationRequest(params: {
-    identifier: string
-    url: string
-    baseUrl: string
-    token: string
-    provider: EmailConfig
-  }): Awaitable<void>
+  sendVerificationRequest: SendVerificationRequest
 }
 
 export type EmailProvider = (options: Partial<EmailConfig>) => EmailConfig

types/tests/server.test.ts

@@ -1,11 +1,9 @@
-import Providers, { AppProvider, OAuthConfig } from "next-auth/providers"
-import {
-  Adapter,
-  EmailAppProvider,
-  Profile,
-  Session,
-  VerificationRequest,
-} from "next-auth/adapters"
+import Providers, {
+  AppProvider,
+  EmailConfig,
+  OAuthConfig,
+} from "next-auth/providers"
+import { Adapter, AdapterInstance } from "next-auth/adapters"
 import NextAuth, * as NextAuthTypes from "next-auth"
 import { IncomingMessage, ServerResponse } from "http"
 import * as JWTType from "next-auth/jwt"
@@ -54,74 +52,88 @@ const exampleUser: NextAuthTypes.User = {
   email: "",
 }
 
-const exampleSession: Session = {
+const exampleSession: NextAuthTypes.Session = {
   userId: "",
   accessToken: "",
   sessionToken: "",
-  expires: new Date(),
 }
 
-const exampleVerificatoinRequest: VerificationRequest = {
+const exampleVerificationRequest = {
+  id: "",
   identifier: "",
   token: "",
   expires: new Date(),
 }
 
-const adapter: Adapter<
-  NextAuthTypes.User,
-  Profile,
-  Session,
-  VerificationRequest
-> = {
-  async getAdapter(appOptions: AppOptions) {
-    return {
-      createUser: async (profile: Profile) => exampleUser,
-      getUser: async (id: string) => exampleUser,
-      getUserByEmail: async (email: string) => exampleUser,
-      getUserByProviderAccountId: async (
-        providerId: string,
-        providerAccountId: string
-      ) => exampleUser,
-      updateUser: async (user: NextAuthTypes.User) => exampleUser,
-      linkAccount: async (
-        userId: string,
-        providerId: string,
-        providerType: string,
-        providerAccountId: string,
-        refreshToken: string,
-        accessToken: string,
-        accessTokenExpires: number
-      ) => undefined,
-      createSession: async (user: NextAuthTypes.User) => exampleSession,
-      getSession: async (sessionToken: string) => exampleSession,
-      updateSession: async (session: Session, force?: boolean) =>
-        exampleSession,
-      deleteSession: async (sessionToken: string) => undefined,
-      createVerificationRequest: async (
-        email: string,
-        url: string,
-        token: string,
-        secret: string,
-        provider: EmailAppProvider,
-        options: AppOptions
-      ) => exampleVerificatoinRequest,
-      getVerificationRequest: async (
-        email: string,
-        verificationToken: string,
-        secret: string,
-        provider: AppProvider
-      ) => exampleVerificatoinRequest,
-      deleteVerificationRequest: async (
-        email: string,
-        verificationToken: string,
-        secret: string,
-        provider: AppProvider
-      ) => undefined,
-    }
-  },
+const MyAdapter: Adapter<Record<string, unknown>> = () => {
+  return {
+    async getAdapter(appOptions: AppOptions) {
+      return {
+        async createUser(profile) {
+          return exampleUser
+        },
+        async getUser(id) {
+          return exampleUser
+        },
+        async getUserByEmail(email) {
+          return exampleUser
+        },
+        async getUserByProviderAccountId(providerId, providerAccountId) {
+          return exampleUser
+        },
+        async updateUser(user) {
+          return exampleUser
+        },
+        async linkAccount(
+          userId,
+          providerId,
+          providerType,
+          providerAccountId,
+          refreshToken,
+          accessToken,
+          accessTokenExpires
+        ) {
+          return undefined
+        },
+        async createSession(user) {
+          return exampleSession
+        },
+        async getSession(sessionToken) {
+          return exampleSession
+        },
+        async updateSession(session, force) {
+          return exampleSession
+        },
+        async deleteSession(sessionToken) {
+          return undefined
+        },
+        async createVerificationRequest(email, url, token, secret, provider) {
+          return undefined
+        },
+        async getVerificationRequest(
+          email,
+          verificationToken,
+          secret,
+          provider
+        ) {
+          return exampleVerificationRequest
+        },
+        async deleteVerificationRequest(
+          email,
+          verificationToken,
+          secret,
+          provider
+        ) {
+          return undefined
+        },
+      }
+    },
+  }
 }
 
-const allConfig = {
+const client = {} // Create a fake db client
+
+const allConfig: NextAuthTypes.NextAuthOptions = {
   providers: [
     Providers.Twitter({
       clientId: "123",
@@ -147,53 +159,40 @@ const allConfig = {
   },
   pages: pageOptions,
   callbacks: {
-    async signIn(
-      user: NextAuthTypes.User,
-      account: Record<string, unknown>,
-      profile: Record<string, unknown>
-    ) {
+    async signIn(user, account, profile) {
       return true
     },
-    async redirect(url: string, baseUrl: string) {
+    async redirect(url, baseUrl) {
       return "path/to/foo"
     },
-    async session(
-      session: NextAuthTypes.Session,
-      userOrToken: NextAuthTypes.User
-    ) {
+    async session(session, userOrToken) {
       return { ...session }
     },
-    async jwt(
-      token: JWTType.JWT,
-      user?: NextAuthTypes.User,
-      account?: Record<string, unknown>,
-      profile?: Record<string, unknown>,
-      isNewUser?: boolean
-    ) {
+    async jwt(token, user, account, profile, isNewUser) {
       return token
     },
   },
   events: {
-    async signIn(message: string) {
+    async signIn(message) {
       return undefined
     },
-    async signOut(message: string) {
+    async signOut(message) {
       return undefined
     },
-    async createUser(message: string) {
+    async createUser(message) {
       return undefined
     },
-    async linkAccount(message: string) {
+    async linkAccount(message) {
       return undefined
     },
-    async session(message: string) {
+    async session(message) {
       return undefined
     },
-    async error(message: string) {
+    async error(message) {
       return undefined
     },
   },
-  adapter,
+  adapter: MyAdapter(client),
   useSecureCookies: true,
   cookies: {
     sessionToken: {

www/docs/configuration/options.md

@@ -68,7 +68,7 @@ See the [providers documentation](/configuration/providers) for a list of suppor
 
 A random string used to hash tokens, sign cookies and generate crytographic keys.
 
-If not specified is uses a hash of all configuration options, including Client ID / Secrets for entropy.
+If not specified, it uses a hash for all configuration options, including Client ID / Secrets for entropy.
 
 The default behaviour is volatile, and it is strongly recommended you explicitly specify a value to avoid invalidating end user sessions when configuration changes are deployed.
 

www/docs/configuration/providers.md

@@ -3,59 +3,123 @@ id: providers
 title: Providers
 ---
 
-Authentication Providers in NextAuth.js are services that can be used to sign in (OAuth, Email, etc).
+Authentication Providers in **NextAuth.js** are services that can be used to sign in a user.
 
-## Sign in with OAuth
+There's four ways a user can be signed in:
 
-NextAuth.js is designed to work with any OAuth service, it supports OAuth 1.0, 1.0A and 2.0 and has built-in support for many popular OAuth sign-in services.
+- [Using a built-in OAuth Provider](#oauth-providers) (e.g Github, Twitter, Google, etc...)
+- [Using a custom OAuth Provider](#-using-a-custom-provider)
+- [Using Email](#email-provider)
+- [Using Credentials](#credentials-provider)
 
-### Built-in OAuth providers
+:::note
+NextAuth.js is designed to work with any OAuth service, it supports **OAuth 1.0**, **1.0A** and **2.0** and has built-in support for most popular sign-in services.
+:::
 
-<ul>
+## OAuth Providers
+
+### Available providers
+
+<div className="provider-name-list">
 {Object.entries(require("../../providers.json"))
   .filter(([key]) => !["email", "credentials"].includes(key))
   .sort(([, a], [, b]) => a.localeCompare(b))
-  .map(([key, name]) =>
-    <li key={key}><a href={`/providers/${key}`}>{name}</a></li>
+  .map(([key, name]) => (
+    <span key={key}>
+      <a href={`/providers/${key}`}>{name}</a>
+      <span className="provider-name-list__comma">,</span>
+    </span>
+  )
+    
 )}
-</ul>
+</div>
 
-### Using a built-in OAuth provider
+### How to
 
 1. Register your application at the developer portal of your provider. There are links above to the developer docs for most supported providers with details on how to register your application.
 
 2. The redirect URI should follow this format:
-  ```
-  [origin]/api/auth/callback/[provider]
-  ```
-  For example, Twitter on `localhost` this would be:
-  ```
-  http://localhost:3000/api/auth/callback/twitter
-  ```
+
+```
+[origin]/api/auth/callback/[provider]
+```
+
+For example, Twitter on `localhost` this would be:
+
+```
+http://localhost:3000/api/auth/callback/twitter
+```
+
 3. Create a `.env` file at the root of your project and add the client ID and client secret. For Twitter this would be:
 
-  ```
-  TWITTER_ID=YOUR_TWITTER_CLIENT_ID
-  TWITTER_SECRET=YOUR_TWITTER_CLIENT_SECRET
-  ```
+```
+TWITTER_ID=YOUR_TWITTER_CLIENT_ID
+TWITTER_SECRET=YOUR_TWITTER_CLIENT_SECRET
+```
 
 4. Now you can add the provider settings to the NextAuth options object. You can add as many OAuth providers as you like, as you can see `providers` is an array.
 
-  ```js title="pages/api/auth/[...nextauth].js"
-  import Providers from `next-auth/providers`
-  ...
-  providers: [
-    Providers.Twitter({
-      clientId: process.env.TWITTER_ID,
-      clientSecret: process.env.TWITTER_SECRET
-    })
-  ],
-  ...
-  ```
-5. Once a provider has been setup, you can sign in at the following URL: `[origin]/api/auth/signin`. This is an unbranded auto-generated page with all the configured providers.   
+```js title="pages/api/auth/[...nextauth].js"
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.Twitter({
+    clientId: process.env.TWITTER_ID,
+    clientSecret: process.env.TWITTER_SECRET
+  })
+],
+...
+```
+
+5. Once a provider has been setup, you can sign in at the following URL: `[origin]/api/auth/signin`. This is an unbranded auto-generated page with all the configured providers.
 
 <Image src="/img/signin.png" alt="Signin Screenshot" />
 
+### Options
+
+|        Name         |                           Description                            |             Type              | Required |
+| :-----------------: | :--------------------------------------------------------------: | :---------------------------: | :------: |
+|         id          |                    Unique ID for the provider                    |           `string`            |   Yes    |
+|        name         |                Descriptive name for the provider                 |           `string`            |   Yes    |
+|        type         |              Type of provider, in this case `oauth`              |           `"oauth"`           |   Yes    |
+|       version       |            OAuth version (e.g. '1.0', '1.0a', '2.0')             |           `string`            |   Yes    |
+|        scope        |          OAuth access scopes (expects array or string)           |    `string` or `string[]`     |   Yes    |
+|       params        |       Extra URL params sent when calling `accessTokenUrl`        |           `Object`            |   Yes    |
+|   accessTokenUrl    |               Endpoint to retrieve an access token               |           `string`            |   Yes    |
+|  authorizationUrl   |         Endpoint to request authorization from the user          |           `string`            |   Yes    |
+|   requestTokenUrl   |               Endpoint to retrieve a request token               |           `string`            |   Yes    |
+|     profileUrl      |             Endpoint to retrieve the user's profile              |           `string`            |   Yes    |
+|      clientId       |                 Client ID of the OAuth provider                  |           `string`            |   Yes    |
+|    clientSecret     |               Client Secret of the OAuth provider                |           `string`            |   Yes    |
+|       profile       |       A callback returning an object with the user's info        | `(profile, tokens) => Object` |   Yes    |
+|     protection      | Additional security for OAuth login flows (defaults to `state`)  |  `"pkce"`,`"state"`,`"none"`  |    No    |
+|        state        | Same as `protection: "state"`. Being deprecated, use protection. |           `boolean`           |    No    |
+|       headers       |      Any headers that should be sent to the OAuth provider       |           `Object`            |    No    |
+| authorizationParams |    Additional params to be sent to the authorization endpoint    |           `Object`            |    No    |
+|       idToken       |   Set to `true` for services that use ID Tokens (e.g. OpenID)    |           `boolean`           |    No    |
+|       region        |                    Only when using BattleNet                     |           `string`            |    No    |
+|       domain        |                Only when using certain Providers                 |           `string`            |    No    |
+|      tenantId       |     Only when using Azure, Active Directory, B2C, FusionAuth     |           `string`            |    No    |
+
+:::tip
+Even if you are using a built-in provider, you can override any of these options to tweak the default configuration.
+
+```js title=[...nextauth].js
+import Providers from "next-auth/providers"
+
+Providers.Auth0({
+  clientId: process.env.CLIENT_ID,
+  clientSecret: process.env.CLIENT_SECRET,
+  domain: process.env.DOMAIN,
+  scope: "openid your_custom_scope", // We do provide a default, but this will override it if defined
+  profile(profile) {
+    return {} // Return the profile in a shape that is different from the built-in one.
+  },
+})
+```
+
+:::
+
 ### Using a custom provider
 
 You can use an OAuth provider that isn't built-in by using a custom object.
@@ -76,7 +140,7 @@ As an example of what this looks like, this is the provider object returned for
   profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
   async profile(profile, tokens) {
     // You can use the tokens, in case you want to fetch more profile information
-    // For example several OAuth provider does not return e-mail by default.
+    // For example several OAuth providers do not return email by default.
     // Depending on your provider, will have tokens like `access_token`, `id_token` and or `refresh_token`
     return {
       id: profile.id,
@@ -89,7 +153,8 @@ As an example of what this looks like, this is the provider object returned for
   clientSecret: ""
 }
 ```
-You can replace all the options in this JSON object with the ones from your custom provider - be sure to give it a unique ID and specify the correct OAuth version - and add it to the providers option:
+
+Replace all the options in this JSON object with the ones from your custom provider - be sure to give it a unique ID and specify the correct OAuth version - and add it to the providers option when initializing the library:
 
 ```js title="pages/api/auth/[...nextauth].js"
 import Providers from `next-auth/providers`
@@ -111,33 +176,24 @@ providers: [
 ...
 ```
 
+### Adding a new provider
 
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily!
 
+You only need to add two changes:
 
-### OAuth provider options
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers)<br />
+   • make sure you use a named default export, like this: `export default function YourProvider`
+2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
+3. Add it to our [provider types](https://github.com/nextauthjs/next-auth/blob/main/types/providers.d.ts) (for TS projects)<br />
+   • you just need to add your new provider name to [this list](https://github.com/nextauthjs/next-auth/blob/main/types/providers.d.ts#L56-L97)<br />
+   • in case you new provider accepts some custom options, you can [add them here](https://github.com/nextauthjs/next-auth/blob/main/types/providers.d.ts#L48-L53)
 
-|        Name         |                           Description                            |              Type               | Required |
-| :-----------------: | :--------------------------------------------------------------: | :-----------------------------: | :------: |
-|         id          |                    Unique ID for the provider                    |            `string`             |   Yes    |
-|        name         |                Descriptive name for the provider                 |            `string`             |   Yes    |
-|        type         |       Type of provider, in this case it should be `oauth`        | `oauth`, `email`, `credentials` |   Yes    |
-|       version       |            OAuth version (e.g. '1.0', '1.0a', '2.0')             |            `string`             |   Yes    |
-|   accessTokenUrl    |               Endpoint to retrieve an access token               |            `string`             |   Yes    |
-|  authorizationUrl   |         Endpoint to request authorization from the user          |            `string`             |   Yes    |
-|      clientId       |                 Client ID of the OAuth provider                  |            `string`             |   Yes    |
-|    clientSecret     |               Client Secret of the OAuth provider                |            `string`             |    No    |
-|        scope        |          OAuth access scopes (expects array or string)           |     `string` or `string[]`      |    No    |
-|       params        |             Additional authorization URL parameters              |            `object`             |    No    |
-|   requestTokenUrl   |               Endpoint to retrieve a request token               |            `string`             |    No    |
-| authorizationParams |    Additional params to be sent to the authorization endpoint    |            `object`             |    No    |
-|     profileUrl      |             Endpoint to retrieve the user's profile              |            `string`             |    No    |
-|       profile       |       An callback returning an object with the user's info       |            `object`             |    No    |
-|       idToken       |   Set to `true` for services that use ID Tokens (e.g. OpenID)    |            `boolean`            |    No    |
-|       headers       |      Any headers that should be sent to the OAuth provider       |            `object`             |    No    |
-|     protection      | Additional security for OAuth login flows (defaults to `state`)  |`[pkce]`,`[state]`,`[pkce,state]`|    No    |
-|        state        | Same as `protection: "state"`. Being deprecated, use protection. |            `boolean`            |    No    |
+That's it! 🎉 Others will be able to discover this provider much more easily now!
 
-## Sign in with Email
+## Email Provider
+
+### How to
 
 The Email provider uses email to send "magic links" that can be used sign in, you will likely have seen them before if you have used software like Slack.
 
@@ -164,8 +220,21 @@ See the [Email provider documentation](/providers/email) for more information on
 The email provider requires a database, it cannot be used without one.
 :::
 
+### Options
 
-## Sign in with Credentials
+|          Name           |                                     Description                                     |               Type               | Required |
+| :---------------------: | :---------------------------------------------------------------------------------: | :------------------------------: | :------: |
+|           id            |                             Unique ID for the provider                              |             `string`             |   Yes    |
+|          name           |                          Descriptive name for the provider                          |             `string`             |   Yes    |
+|          type           |                       Type of provider, in this case `email`                        |            `"email"`             |   Yes    |
+|         server          |                     Path or object pointing to the email server                     |       `string` or `Object`       |   Yes    |
+| sendVerificationRequest |               Callback to execute when a verification request is sent               | `(params) => Promise<undefined>` |   Yes    |
+|          from           |   The email address from which emails are sent, default: "<no-reply@example.com>"   |             `string`             |    No    |
+|         maxAge          | How long until the e-mail can be used to log the user in seconds. Defaults to 1 day |             `number`             |    No    |
+
+## Credentials Provider
+
+### How to
 
 The Credentials provider allows you to handle signing in with arbitrary credentials, such as a username and password, two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
 
@@ -211,26 +280,12 @@ See the [Credentials provider documentation](/providers/credentials) for more in
 The Credentials provider can only be used if JSON Web Tokens are enabled for sessions. Users authenticated with the Credentials provider are not persisted in the database.
 :::
 
-<!-- React Image Component -->
-export const Image = ({ children, src, alt = '' }) => (
-  <div
-    style={{
-      padding: '0.2rem',
-      width: '100%',
-      display: 'flex',
-      justifyContent: 'center'
-    }}>
-    <img alt={alt} src={src} />
-  </div>
- )
+### Options
 
-
-## Adding a new built-in provider
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
-1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
-2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
-
-That's it! 🎉 Others will be able to discover this provider much more easily now!
-
-You can look at the existing built-in providers for inspiration.
+|    Name     |                    Description                    |               Type               | Required |
+| :---------: | :-----------------------------------------------: | :------------------------------: | :------: |
+|     id      |            Unique ID for the provider             |             `string`             |   Yes    |
+|    name     |         Descriptive name for the provider         |             `string`             |   Yes    |
+|    type     |   Type of provider, in this case `credentials`    |         `"credentials"`          |   Yes    |
+| credentials |          The credentials to sign-in with          |             `Object`             |   Yes    |
+|  authorize  | Callback to execute once user is to be authorized | `(credentials) => Promise<User>` |   Yes    |

www/docs/errors.md

@@ -95,7 +95,7 @@ If you are unable to use an HS512 key (for example to interoperate with other se
 
 ````
   jwt: {
-    signingKey: {"kty":"oct","kid":"--","alg":"HS256","k":"--"}
+    signingKey: {"kty":"oct","kid":"--","alg":"HS256","k":"--"},
     verificationOptions: {
       algorithms: ["HS256"]
     }

www/docs/providers/42.md

@@ -0,0 +1,26 @@
+---
+id: 42-school
+title: 42 School
+---
+
+## Documentation
+
+https://api.intra.42.fr/apidoc/guides/web_application_flow
+
+## Configuration
+
+https://profile.intra.42.fr/oauth/applications/new
+
+## Example
+
+```js
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.FortyTwo({
+    clientId: process.env.FORTY_TWO_CLIENT_ID,
+    clientSecret: process.env.FORTY_TWO_CLIENT_SECRET
+  })
+]
+...
+```

www/docs/tutorials/creating-a-database-adapter.md

@@ -40,141 +40,95 @@ These methods are required to support email / passwordless sign in:
 
 These methods will be required in a future release, but are not yet invoked:
 
-* getUserByCredentials
 * deleteUser
 * unlinkAccount
 
 ### Example code
 
 ```js
-const Adapter = (config, options = {}) => {
-
-  async function getAdapter (appOptions) {
-
-    async function createUser (profile) {
-      return null
-    }
-
-    async function getUser (id) {
-      return null
-    }
-
-    async function getUserByEmail (email) {
-      return null
-    }
-
-    async function getUserByProviderAccountId (
-      providerId,
-      providerAccountId
-    ) {
-      return null
-    }
-
-    async function getUserByCredentials (credentials) {
-      return null
-    }
-
-    async function updateUser (user) {
-      return null
-    }
-
-    async function deleteUser (userId) {
-      return null
-    }
-
-    async function linkAccount (
-      userId,
-      providerId,
-      providerType,
-      providerAccountId,
-      refreshToken,
-      accessToken,
-      accessTokenExpires
-    ) {
-      return null
-    }
-
-    async function unlinkAccount (
-      userId,
-      providerId,
-      providerAccountId
-    ) {
-      return null
-    }
-
-    async function createSession (user) {
-      return null
-    }
-
-    async function getSession (sessionToken) {
-      return null
-    }
-
-    async function updateSession (
-      session,
-      force
-    ) {
-      return null
-    }
-
-    async function deleteSession (sessionToken) {
-      return null
-    }
-
-    async function createVerificationRequest (
-      identifier,
-      url,
-      token,
-      secret,
-      provider
-    ) {
-      return null
-    }
-
-    async function getVerificationRequest (
-      identifier,
-      token,
-      secret,
-      provider
-    ) {
-      return null
-    }
-
-    async function deleteVerificationRequest (
-      identifier,
-      token,
-      secret,
-      provider
-    ) {
-      return null
-    }
-
-    return {
-      createUser,
-      getUser,
-      getUserByEmail,
-      getUserByProviderAccountId,
-      getUserByCredentials,
-      updateUser,
-      deleteUser,
-      linkAccount,
-      unlinkAccount,
-      createSession,
-      getSession,
-      updateSession,
-      deleteSession,
-      createVerificationRequest,
-      getVerificationRequest,
-      deleteVerificationRequest
-    }
-  }
-
+export default function YourAdapter (config, options = {}) {
   return {
-    getAdapter
+    async getAdapter (appOptions) {
+      async createUser (profile) {
+        return null
+      },
+      async getUser (id) {
+        return null
+      },
+      async getUserByEmail (email) {
+        return null
+      },
+      async getUserByProviderAccountId (
+        providerId,
+        providerAccountId
+      ) {
+        return null
+      },
+      async updateUser (user) {
+        return null
+      },
+      async deleteUser (userId) {
+        return null
+      },
+      async linkAccount (
+        userId,
+        providerId,
+        providerType,
+        providerAccountId,
+        refreshToken,
+        accessToken,
+        accessTokenExpires
+      ) {
+        return null
+      },
+      async unlinkAccount (
+        userId,
+        providerId,
+        providerAccountId
+      ) {
+        return null
+      },
+      async createSession (user) {
+        return null
+      },
+      async getSession (sessionToken) {
+        return null
+      },
+      async updateSession (
+        session,
+        force
+      ) {
+        return null
+      },
+      async deleteSession (sessionToken) {
+        return null
+      },
+      async createVerificationRequest (
+        identifier,
+        url,
+        token,
+        secret,
+        provider
+      ) {
+        return null
+      },
+      async getVerificationRequest (
+        identifier,
+        token,
+        secret,
+        provider
+      ) {
+        return null
+      },
+      async deleteVerificationRequest (
+        identifier,
+        token,
+        secret,
+        provider
+      ) {
+        return null
+      }
+    }
   }
 }
-
-export default {
-  Adapter
-}
 ```

www/package-lock.json

@@ -17485,9 +17485,9 @@
           "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="
         },
         "ssri": {
-          "version": "6.0.1",
-          "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz",
-          "integrity": "sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==",
+          "version": "6.0.2",
+          "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.2.tgz",
+          "integrity": "sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==",
           "requires": {
             "figgy-pudding": "^3.5.1"
           }

www/src/css/index.css

@@ -46,6 +46,7 @@ html[data-theme="dark"]:root {
 @import "buttons.css";
 @import "table-of-contents.css";
 @import "sidebar.css";
+@import "providers.css";
 
 @media screen and (max-width: 360px) {
   html {
@@ -89,6 +90,12 @@ a:hover,
   font-weight: 600;
 }
 
+@media screen and (max-width: 996px) {
+  .main-wrapper > div {
+    flex-direction: column;
+  }
+}
+
 .docusaurus-highlight-code-line {
   background-color: rgb(72, 77, 91);
   display: block;

www/src/css/providers.css

@@ -0,0 +1,9 @@
+.provider-name-list {
+  display: flex;
+  flex-wrap: wrap;
+}
+
+.provider-name-list__comma {
+  display: inline-flex;
+  margin-right: 5px;
+}