fix(client): export getCsrfToken directly to support Webpack 5

Fixes `Attempted import error: 'getCsrfToken' is not exported from 'next-auth/client' (imported as 'getCsrfToken’).`-error.

.env.local.example

@@ -1,15 +0,0 @@
-# Rename file to .env.local and populate values
-# to be able to run the dev app
-
-NEXTAUTH_URL=http://localhost:3000
-SECRET= Linux: `openssl rand -hex 32` or https://generate-secret.now.sh/32
-
-AUTH0_ID=
-AUTH0_DOMAIN=
-AUTH0_SECRET=
-
-GITHUB_ID=
-GITHUB_SECRET=
-
-TWITTER_ID=
-TWITTER_SECRET=

.github/ISSUE_TEMPLATE/feature_request.md

@@ -9,7 +9,7 @@ assignees: ''
 A clear and concise description of the feature being proposed.
 
 **Purpose of proposed feature**
-A clear and concise description description of why this feature is necessary and what problems it solves.
+A clear and concise description of why this feature is necessary and what problems it solves.
 
 **Detail about proposed feature**
 A detailed description of how the proposal might work (if you have one).

.github/labeler.yml

@@ -1,5 +1,6 @@
 test:
   - test/**/*
+  - types/tests/**/*
 
 documentation:
   - www/**/*
@@ -19,3 +20,20 @@ databases:
   - test/docker/databases/**/*
   - www/docs/configuration/databases.md
   - test/fixtures/**/*
+
+core:
+  - src/**/*
+
+style:
+  - src/css/**/*
+
+client:
+  - src/client/**/*
+  - www/docs/getting-started/client.md
+
+pages:
+  - src/server/pages/**/*
+  - www/docs/configuration/pages.md
+
+TypeScript:
+  - types/**/*

.github/stale.yml

@@ -7,6 +7,7 @@ exemptLabels:
   - pinned
   - security
   - priority
+  - bug
 # Label to use when marking an issue as stale
 staleLabel: stale
 # Comment to post when marking an issue as stale. Set to `false` to disable

.github/workflows/build.yml

@@ -1,31 +1,32 @@
 # Simple check that the build is valid and no linting errors.
 # Currently is run as a seperate workflow as it's fast to fail.
-name: Build Test
+name: Lint/Build
 
 on:
   push:
     branches: 
      - main
-     - canary
+     - beta
+     - next
   pull_request:
-    branches: 
+    branches:
      - main
-     - canary
+     - beta
+     - next
 
 jobs:
-  build:
+  lint-and-build:
     runs-on: ubuntu-latest
-
     strategy:
       matrix:
-        node-version: [10.x, 12.x, 14.x]
-
+        node-version: [10, 12, 14]
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v1
         with:
           node-version: ${{ matrix.node-version }}
-      - run: npm ci
-      - run: npm run build
+      - name: Install dependencies
+        uses: bahmutov/npm-install@v1
       - run: npm run lint
+      - run: npm run build

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,67 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main, beta, next ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '43 17 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/integration.yml

@@ -2,9 +2,11 @@ name: Integration Test
 
 on:
   push:
-    branches: [ main, canary ]
+    branches:
+      - main
+      - beta
+      - next
   pull_request:
-    branches: [ main, canary ]
 
 jobs:
   test:
@@ -16,7 +18,7 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 
     # We use self-hosted runners as cloud based runnners (e.g. AWS, GPC)
-    # fail due to IP Address checks done by providers, which enforce 
+    # fail due to IP Address checks done by providers, which enforce
     # CAPTCHA checks on login request from cloud compute IP addresses to
     # prevent abuse.
     runs-on: self-hosted
@@ -28,7 +30,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.x]
+        node-version: [10, 12, 14]
 
     steps:
       - uses: actions/checkout@v2
@@ -37,14 +39,14 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
-      # Install dependencies
-      - run: npm ci
+      - name: Install dependencies
+        uses: bahmutov/npm-install@v1
 
       # Run tests (build library, build + start test app in Docker, run tests)
       - run: npm test
         # TODO Tests should exit out if env vars not set (currently hangs)
         env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} 
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
           NEXTAUTH_TWITTER_ID: ${{secrets.NEXTAUTH_TWITTER_ID}}
           NEXTAUTH_TWITTER_SECRET: ${{secrets.NEXTAUTH_TWITTER_SECRET}}
           NEXTAUTH_TWITTER_USERNAME: ${{secrets.NEXTAUTH_TWITTER_USERNAME}}

.github/workflows/labeler.yml

@@ -9,4 +9,3 @@ jobs:
     - uses: actions/labeler@main
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        sync-labels: true

.github/workflows/release.yml

@@ -2,29 +2,25 @@ name: Release
 on:
   push:
     branches:
-      - main
-      - canary
+      - "main"
+      - "beta"
+      - "next"
+      - "3.x"
+  pull_request:
 jobs:
   release:
-    name: Release
-    runs-on: ubuntu-20.04
+    name: "Release"
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
       - name: Setup Node.js
         uses: actions/setup-node@v1
         with:
-          node-version: 12
+          node-version: 14
       - name: Install dependencies
-        run: npm ci
-      - name: Lint  
-        run: npm run lint
-      - name: Build
-        run: npm run build
-      - name: Release
+        uses: bahmutov/npm-install@v1
+      - run: npx semantic-release@17
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npx semantic-release
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          NPM_TOKEN: ${{secrets.NPM_TOKEN}}

.github/workflows/types.yml

@@ -0,0 +1,25 @@
+name: Types
+
+on:
+  push:
+    branches:
+      - main
+      - beta
+      - next
+  pull_request:
+    branches:
+      - main
+      - beta
+      - next
+
+jobs:
+  lint-and-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+      - name: Install dependencies
+        uses: bahmutov/npm-install@v1
+      - name: Check types
+        run: npm run test:types

.gitignore

@@ -11,6 +11,8 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 
+yarn.lock
+
 # Dependencies
 node_modules
 
@@ -24,6 +26,25 @@ node_modules
 .docusaurus
 .cache-loader
 .next
+www/providers.json
+src/providers/index.js
+internals
+adapters.d.ts
+adapters.js
+client.d.ts
+client.js
+index.d.ts
+index.js
+jwt.d.ts
+jwt.js
+providers.d.ts
+providers.js
+
+# Development app
+app/next-auth
+app/dist/css
+app/package-lock.json
+app/yarn.lock
 
 # VS
 /.vs/slnx.sqlite-journal
@@ -33,4 +54,7 @@ node_modules
 
 # GitHub Actions runner
 /actions-runner
-/_work
+/_work
+
+# Prisma migrations
+/prisma/migrations

.releaserc.json

@@ -1,39 +0,0 @@
-{
-  "branches": [
-    "main",
-    { "name": "canary", "prerelease": true }
-  ],
-  "plugins": [
-    ["@semantic-release/commit-analyzer", {
-      "preset": "conventionalcommits",
-      "releaseRules": [
-        { "breaking": true, "release": "major" },
-        { "revert": true, "release": "patch" },
-        { "type": "feat", "release": "minor" },
-        { "type": "fix", "release": "patch" },
-        { "type": "perf", "release": "patch" },
-        { "type": "docs", "release": "patch" }
-      ]
-    }],
-    ["@semantic-release/release-notes-generator", {
-      "preset": "conventionalcommits",
-      "presetConfig": {
-        "types": [
-          { "type": "feat", "section": "Features", "hidden": false },
-          { "type": "fix", "section": "Bug Fixes", "hidden": false },
-          { "type": "perf", "section": "Performance Improvements", "hidden": false },
-          { "type": "revert", "section": "Reverts", "hidden": false },
-          { "type": "docs", "section": "Documentation", "hidden": false },
-          { "type": "style", "section": "Styles", "hidden": false },
-          { "type": "chore", "section": "Miscellaneous Chores", "hidden": false },
-          { "type": "refactor", "section": "Code Refactoring", "hidden": false },
-          { "type": "test", "section": "Tests", "hidden": false },
-          { "type": "build", "section": "Build System", "hidden": false },
-          { "type": "ci", "section": "Continuous Integration", "hidden": false }
-        ]
-      }
-    }],
-    "@semantic-release/github",
-    "@semantic-release/npm"
-  ]
-}

CONTRIBUTING.md

@@ -13,11 +13,10 @@ Please raise any significant new functionality or breaking change an issue for d
 Anyone can be a contributor. Either you found a typo, or you have an awesome feature request you could implement, we encourage you to create a Pull Request.
 ### Pull Requests
 
-* The latest changes are always in `canary`, so please make your Pull Request against that branch.
+* The latest changes are always in `main`, so please make your Pull Request against that branch.
 * Pull Requests should be raised for any change
 * Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-* Rebasing in Pull Requests is preferred to keep a clean commit history (see below)
-* Run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this extension](https://marketplace.visualstudio.com/items?itemName=chenxsan.vscode-standardjs) to fix lint issues in development)
+* We use ESLint/Prettier for linting/formatting, so please run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
 * We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
 * If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request
 
@@ -33,17 +32,17 @@ cd next-auth
 
 2. Install packages:
 ```sh
-npm i
+npm i && npm dev:setup
 ```
 
 3. Populate `.env.local`:
    
-    Copy `.env.local.example` to `.env.local`, and add your env variables for each provider you want to test.
+    Copy `app/.env.local.example` to `app/.env.local`, and add your env variables for each provider you want to test.
 
 > NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
-> You can find the next-auth config under`pages/api/auth/[...nextauth].js`.
+> You can find the next-auth config under`app/pages/api/auth/[...nextauth].js`.
 
-1. Start the dev application/server and CSS watching:
+1. Start the dev application/server:
 ```sh
 npm run dev
 ```
@@ -58,11 +57,23 @@ If you need an example project to link to, you can use [next-auth-example](https
 
 When running `npm run dev`, you start a Next.js dev server on `http://localhost:3000`, which includes hot reloading out of the box. Make changes on any of the files in `src` and see the changes immediately.
 
->NOTE: When working on CSS, you will need to manually refresh the page after changes. (Improving this through a PR is very welcome!)
+> NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered. (Improving this through a PR is very welcome!)
+
+> NOTE: The setup is as follows: The development application lives inside the `app` folder, and whenever you make a change to the `src` folder in the root (where next-auth is), it gets copied into `app` every time (gitignored), so Next.js can pick them up and apply hot reloading. This is to avoid some annoying issues with how symlinks are working with different React builds, and also to provide a super-fast feedback loop while developing core features.
+
+#### Providers
+
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
+2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
+
+That's it! 🎉 Others will be able to discover this provider much more easily now!
+
+You can look at the existing built-in providers for inspiration.
 
 #### Databases
 
-Included is a Docker Compose file that starts up MySQL, Postgres, and MongoDB databases on localhost.
+Included is a Docker Compose file that starts up MySQL, PostgreSQL, and MongoDB databases on localhost.
 
 It will use port `3306`, `5432`, and `27017` on localhost respectively; please make sure those ports are not used by other services on localhost.
 
@@ -89,7 +100,7 @@ We use [semantic-release](https://github.com/semantic-release/semantic-release)
 When accepting Pull Requests, make sure the following:
 
 * Use "Squash and merge"
-* Make sure you merge contributor PRs into `canary`
+* Make sure you merge contributor PRs into `main`
 * Rewrite the commit message to conform to the `Conventional Commits` style. Check the "Recommended Scopes" section for further advice.
 * Optionally link issues the PR will resolve (You can add "close" in front of the issue numbers to close the issues automatically, when the PR is merged. `semantic-release` will also comment back to connected issues and PRs, notifying the users that a feature is added/bug fixed, etc.)
 

FUNDING.yml

@@ -0,0 +1,3 @@
+# https://docs.github.com/en/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository
+
+github: [balazsorban44]

README.md

@@ -7,12 +7,25 @@
    Open Source. Full Stack. Own Your Data.
    </p>
    <p align="center" style="align: center;">
-      <img src="https://github.com/nextauthjs/next-auth/workflows/Build%20Test/badge.svg" alt="Build Test" />
-      <img src="https://github.com/nextauthjs/next-auth/workflows/Integration%20Test/badge.svg" alt="Integration Test" />
-      <img src="https://img.shields.io/bundlephobia/minzip/next-auth" alt="Bundle Size"/>
-      <img src="https://img.shields.io/npm/dm/next-auth" alt="Downloads" />
-      <img src="https://img.shields.io/github/stars/nextauthjs/next-auth" alt="Github Stars" />
-      <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?include_prereleases" alt="Github Release" />
+      <a href="https://github.com/nextauthjs/next-auth/actions?query=workflow%3ARelease">
+        <img src="https://github.com/nextauthjs/next-auth/workflows/Release/badge.svg" alt="Release" />
+      </a>
+      <a href="https://github.com/nextauthjs/next-auth/actions?query=workflow%3A%22Integration+Test%22">
+        <img src="https://github.com/nextauthjs/next-auth/workflows/Integration%20Test/badge.svg" alt="Integration Test" />
+      </a>
+      <a href="https://bundlephobia.com/result?p=next-auth">
+        <img src="https://img.shields.io/bundlephobia/minzip/next-auth" alt="Bundle Size"/>
+      </a>
+      <a href="https://www.npmtrends.com/next-auth">
+        <img src="https://img.shields.io/npm/dm/next-auth" alt="Downloads" />
+      </a>
+      <a href="https://github.com/nextauthjs/next-auth/stargazers">
+        <img src="https://img.shields.io/github/stars/nextauthjs/next-auth" alt="Github Stars" />
+      </a>
+      <a href="https://www.npmjs.com/package/next-auth">
+        <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?label=latest" alt="Github Stable Release" />
+      </a>
+      <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?include_prereleases&label=prerelease&sort=semver" alt="Github Prelease" />
    </p>
 </p>
 
@@ -71,13 +84,9 @@ Advanced options allow you to define your own routines to handle controlling wha
 
 ### TypeScript
 
-You can install the appropriate types via the following command:
+NextAuth.js comes with built-in types. For more information and usage, check out the [TypeScript section](https://next-auth.js.org/getting-started/typescript) in the documentaion.
 
-```
-npm install --save-dev @types/next-auth
-```
-
-As of now, TypeScript is a community effort. If you encounter any problems with the types package, please create an issue at [DefinitelyTyped](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/next-auth). Alternatively, you can open a pull request directly with your fixes there. We welcome anyone to start a discussion on migrating this package to TypeScript, or how to improve the TypeScript experience in general.
+The package at `@types/next-auth` is now deprecated.
 
 ## Example
 

adapters.js

@@ -1 +0,0 @@
-module.exports = require('./dist/adapters').default

app/.env.local.example

@@ -0,0 +1,33 @@
+# Rename file to .env.local (or .env) and populate values
+# to be able to run the dev app
+
+NEXTAUTH_URL=http://localhost:3000
+
+# You can use `openssl rand -hex 32` or 
+# https://generate-secret.now.sh/32 to generate a secret.
+# Note: Changing a secret may invalidate existing sessions
+# and/or verificaion tokens.
+SECRET= 
+
+AUTH0_ID=
+AUTH0_DOMAIN=
+AUTH0_SECRET=
+
+GITHUB_ID=
+GITHUB_SECRET=
+
+TWITTER_ID=
+TWITTER_SECRET=
+
+# Example configuration for a Gmail account (will need SMTP enabled)
+EMAIL_SERVER=smtps://user@gmail.com:password@smtp.gmail.com:465
+EMAIL_FROM=user@gmail.com
+
+# You can use any of these as the "DATABASE_URL" for
+# databases started with Docker using `npm run db:start`.
+# Note: If using with Prisma adapter, you need to use a `.env`
+# file rather than a `.env.local` file to configure env vars.
+# Postgres: DATABASE_URL=postgres://nextauth:password@127.0.0.1:5432/nextauth?synchronize=true
+# MySQL:    DATABASE_URL=mysql://nextauth:password@127.0.0.1:3306/nextauth?synchronize=true
+# MongoDB:  DATABASE_URL=mongodb://nextauth:password@127.0.0.1:27017/nextauth?synchronize=true
+DATABASE_URL=

app/README.md

@@ -0,0 +1,6 @@
+# NextAuth.js Development App
+
+This folder contains a Next.js app using NextAuth.js for local development. See the following section on how to start:
+
+[Setting up local environment
+](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md#setting-up-local-environment)

app/components/access-denied.js

@@ -0,0 +1,19 @@
+import { signIn } from 'next-auth/client'
+
+export default function AccessDenied () {
+  return (
+    <>
+      <h1>Access Denied</h1>
+      <p>
+        <a
+          href='/api/auth/signin'
+          onClick={(e) => {
+            e.preventDefault()
+            signIn()
+          }}
+        >You must be signed in to view this page
+        </a>
+      </p>
+    </>
+  )
+}

app/components/header.js

@@ -1,6 +1,5 @@
 import Link from 'next/link'
 import { signIn, signOut, useSession } from 'next-auth/client'
-import * as client from 'next-auth/client'
 import styles from './header.module.css'
 
 // The approach used in this component shows how to built a sign in and sign out
@@ -26,7 +25,7 @@ export default function Header () {
                 You are not signed in
               </span>
               <a
-                href="/api/auth/signin"
+                href='/api/auth/signin'
                 className={styles.buttonPrimary}
                 onClick={(e) => {
                   e.preventDefault()
@@ -51,7 +50,7 @@ export default function Header () {
                 <strong>{session.user.email || session.user.name}</strong>
               </span>
               <a
-                href="/api/auth/signout"
+                href='/api/auth/signout'
                 className={styles.button}
                 onClick={(e) => {
                   e.preventDefault()
@@ -96,6 +95,16 @@ export default function Header () {
               <a>API</a>
             </Link>
           </li>
+          <li className={styles.navItem}>
+            <Link href='/credentials'>
+              <a>Credentials</a>
+            </Link>
+          </li>
+          <li className={styles.navItem}>
+            <Link href='/email'>
+              <a>Email</a>
+            </Link>
+          </li>
         </ul>
       </nav>
     </header>

app/jsconfig.json

@@ -0,0 +1,5 @@
+{
+  "compilerOptions": {
+    "baseUrl": "."
+  }
+}

app/next-env.d.ts

@@ -0,0 +1,2 @@
+/// <reference types="next" />
+/// <reference types="next/types/global" />

app/next.config.js

@@ -0,0 +1,19 @@
+const path = require("path")
+
+module.exports = {
+  webpack(config) {
+    config.resolve = {
+      ...config.resolve,
+      alias: {
+        ...config.resolve.alias,
+        "next-auth$": path.join(process.cwd(), "next-auth/server"),
+        "next-auth/client$": path.join(process.cwd(), "next-auth/client"),
+        "next-auth/jwt$": path.join(process.cwd(), "next-auth/lib/jwt"),
+        "next-auth/adapters": path.join(process.cwd(), "next-auth/adapters"),
+        "next-auth/providers": path.join(process.cwd(), "next-auth/providers"),
+      },
+    }
+
+    return config
+  },
+}

app/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "next-auth-app",
+  "version": "1.0.0",
+  "description": "NextAuth.js Developer app",
+  "private": true,
+  "scripts": {
+    "dev": "npm-run-all --parallel copy:app dev:css dev:next",
+    "dev:next": "next dev",
+    "copy:app": "cpx \"../src/**/*\" next-auth --watch",
+    "copy:css": "cpx \"../dist/css/**/*\" dist/css --watch",
+    "watch:css": "cd .. && npm run watch:css",
+    "dev:css": "npm-run-all --parallel watch:css copy:css",
+    "start": "next start"
+  },
+  "license": "ISC",
+  "dependencies": {
+    "next": "^10.1.3",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2"
+  },
+  "devDependencies": {
+    "cpx": "^1.5.0",
+    "npm-run-all": "^4.1.5"
+  }
+}

app/pages/_app.js

@@ -1,9 +1,9 @@
-import { Provider } from 'next-auth/client'
-import './styles.css'
+import { Provider } from "next-auth/client"
+import "./styles.css"
 
 // Use the <Provider> to improve performance and allow components that call
 // `useSession()` anywhere in your application to access the `session` object.
-export default function App ({ Component, pageProps }) {
+export default function App({ Component, pageProps }) {
   return (
     <Provider
       // Provider options are not required but can be useful in situations where
@@ -21,7 +21,7 @@ export default function App ({ Component, pageProps }) {
         //
         // Note: If a session has expired when keep alive is triggered, all open
         // windows / tabs will be updated to reflect the user is signed out.
-        keepAlive: 0
+        keepAlive: 0,
       }}
       session={pageProps.session}
     >

app/pages/api-example.js

@@ -8,10 +8,10 @@ export default function Page () {
       <p><em>You must be signed in to see responses.</em></p>
       <h2>Session</h2>
       <p>/api/examples/session</p>
-      <iframe src="/api/examples/session"/>
+      <iframe src='/api/examples/session' />
       <h2>JSON Web Token</h2>
       <p>/api/examples/jwt</p>
-      <iframe src="/api/examples/jwt"/>
+      <iframe src='/api/examples/jwt' />
     </Layout>
   )
-}
+}

app/pages/api/auth/[...nextauth].js

@@ -0,0 +1,87 @@
+import NextAuth from 'next-auth'
+import Providers from 'next-auth/providers'
+
+// import Adapters from 'next-auth/adapters'
+// import { PrismaClient } from '@prisma/client'
+// const prisma = new PrismaClient()
+
+export default NextAuth({
+  // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+  // cookies: {
+  //   csrfToken: {
+  //     name: 'next-auth.csrf-token',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   },
+  //   pkceCodeVerifier: {
+  //     name: 'next-auth.pkce.code_verifier',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   }
+  // },
+  providers: [
+    Providers.Email({
+      server: process.env.EMAIL_SERVER,
+      from: process.env.EMAIL_FROM
+    }),
+    Providers.GitHub({
+      clientId: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET
+    }),
+    Providers.Auth0({
+      clientId: process.env.AUTH0_ID,
+      clientSecret: process.env.AUTH0_SECRET,
+      domain: process.env.AUTH0_DOMAIN,
+      // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+      // protection: ["pkce", "state"],
+      // authorizationParams: {
+      //   response_mode: 'form_post'
+      // }
+      protection: 'pkce'
+    }),
+    Providers.Twitter({
+      clientId: process.env.TWITTER_ID,
+      clientSecret: process.env.TWITTER_SECRET
+    }),
+    Providers.Credentials({
+      name: 'Credentials',
+      credentials: {
+        password: { label: 'Password', type: 'password' }
+      },
+      async authorize (credentials) {
+        if (credentials.password === 'password') {
+          return {
+            id: 1,
+            name: 'Fill Murray',
+            email: 'bill@fillmurray.com',
+            image: 'https://www.fillmurray.com/64/64'
+          }
+        }
+        return null
+      }
+    })
+  ],
+  jwt: {
+    encryption: true,
+    secret: process.env.SECRET
+  },
+  debug: false,
+  theme: 'auto'
+
+  // Default Database Adapter (TypeORM)
+  // database: process.env.DATABASE_URL
+
+  // Prisma Database Adapter
+  // To configure this app to use the schema in `prisma/schema.prisma` run:
+  // npx prisma generate
+  // npx prisma migrate dev --preview-feature
+  // adapter: Adapters.Prisma.Adapter({ prisma })
+})

app/pages/api/examples/jwt.js

@@ -1,9 +1,9 @@
 // This is an example of how to read a JSON Web Token from an API route
-import jwt from "next-auth/jwt"
+import jwt from 'next-auth/jwt'
 
 const secret = process.env.SECRET
 
 export default async (req, res) => {
-  const token = await jwt.getToken({ req, secret, encryption: true })
+  const token = await jwt.getToken({ req, secret })
   res.send(JSON.stringify(token, null, 2))
 }

app/pages/api/examples/protected.js

@@ -9,4 +9,4 @@ export default async (req, res) => {
   } else {
     res.send({ error: 'You must be sign in to view the protected content on this page.' })
   }
-}
+}

app/pages/api/examples/session.js

@@ -4,4 +4,4 @@ import { getSession } from 'next-auth/client'
 export default async (req, res) => {
   const session = await getSession({ req })
   res.send(JSON.stringify(session, null, 2))
-}
+}

app/pages/client.js

@@ -19,4 +19,4 @@ export default function Page () {
       </p>
     </Layout>
   )
-}
+}

app/pages/credentials.js

@@ -0,0 +1,53 @@
+// eslint-disable-next-line no-use-before-define
+import * as React from 'react'
+import { signIn, signOut, useSession } from 'next-auth/client'
+import Layout from 'components/layout'
+
+export default function Page () {
+  const [response, setResponse] = React.useState(null)
+  const handleLogin = (options) => async () => {
+    if (options.redirect) {
+      return signIn('credentials', options)
+    }
+    const response = await signIn('credentials', options)
+    setResponse(response)
+  }
+
+  const handleLogout = (options) => async () => {
+    if (options.redirect) {
+      return signOut(options)
+    }
+    const response = await signOut(options)
+    setResponse(response)
+  }
+
+  const [session] = useSession()
+
+  if (session) {
+    return (
+      <Layout>
+        <h1>Test different flows for Credentials logout</h1>
+        <span className='spacing'>Default:</span>
+        <button onClick={handleLogout({ redirect: true })}>Logout</button><br />
+        <span className='spacing'>No redirect:</span>
+        <button onClick={handleLogout({ redirect: false })}>Logout</button><br />
+        <p>Response:</p>
+        <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+      </Layout>
+    )
+  }
+
+  return (
+    <Layout>
+      <h1>Test different flows for Credentials login</h1>
+      <span className='spacing'>Default:</span>
+      <button onClick={handleLogin({ redirect: true, password: 'password' })}>Login</button><br />
+      <span className='spacing'>No redirect:</span>
+      <button onClick={handleLogin({ redirect: false, password: 'password' })}>Login</button><br />
+      <span className='spacing'>No redirect, wrong password:</span>
+      <button onClick={handleLogin({ redirect: false, password: '' })}>Login</button>
+      <p>Response:</p>
+      <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+    </Layout>
+  )
+}

app/pages/email.js

@@ -0,0 +1,67 @@
+// eslint-disable-next-line no-use-before-define
+import * as React from 'react'
+import { signIn, signOut, useSession } from 'next-auth/client'
+import Layout from 'components/layout'
+
+export default function Page () {
+  const [response, setResponse] = React.useState(null)
+  const [email, setEmail] = React.useState('')
+
+  const handleChange = (event) => {
+    setEmail(event.target.value)
+  }
+
+  const handleLogin = (options) => async (event) => {
+    event.preventDefault()
+
+    if (options.redirect) {
+      return signIn('email', options)
+    }
+    const response = await signIn('email', options)
+    setResponse(response)
+  }
+
+  const handleLogout = (options) => async (event) => {
+    if (options.redirect) {
+      return signOut(options)
+    }
+    const response = await signOut(options)
+    setResponse(response)
+  }
+
+  const [session] = useSession()
+
+  if (session) {
+    return (
+      <Layout>
+        <h1>Test different flows for Email logout</h1>
+        <span className='spacing'>Default:</span>
+        <button onClick={handleLogout({ redirect: true })}>Logout</button><br />
+        <span className='spacing'>No redirect:</span>
+        <button onClick={handleLogout({ redirect: false })}>Logout</button><br />
+        <p>Response:</p>
+        <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+      </Layout>
+    )
+  }
+
+  return (
+    <Layout>
+      <h1>Test different flows for Email login</h1>
+      <label className='spacing'>
+        Email address:{' '}
+        <input type='text' id='email' name='email' value={email} onChange={handleChange} />
+      </label><br />
+      <form onSubmit={handleLogin({ redirect: true, email })}>
+        <span className='spacing'>Default:</span>
+        <button type='submit'>Sign in with Email</button>
+      </form>
+      <form onSubmit={handleLogin({ redirect: false, email })}>
+        <span className='spacing'>No redirect:</span>
+        <button type='submit'>Sign in with Email</button>
+      </form>
+      <p>Response:</p>
+      <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+    </Layout>
+  )
+}

app/pages/policy.js

@@ -4,7 +4,7 @@ export default function Page () {
   return (
     <Layout>
       <p>
-        This is an example site to demonstrate how to use <a href={`https://next-auth.js.org`}>NextAuth.js</a> for authentication.
+        This is an example site to demonstrate how to use <a href='https://next-auth.js.org'>NextAuth.js</a> for authentication.
       </p>
       <h2>Terms of Service</h2>
       <p>
@@ -27,4 +27,4 @@ export default function Page () {
       </p>
     </Layout>
   )
-}
+}

app/pages/protected-ssr.js

@@ -5,7 +5,7 @@ import AccessDenied from '../components/access-denied'
 
 export default function Page ({ content, session }) {
   // If no session exists, display access denied message
-  if (!session) { return  <Layout><AccessDenied/></Layout> }
+  if (!session) { return <Layout><AccessDenied /></Layout> }
 
   // If session exists, display content
   return (
@@ -16,7 +16,7 @@ export default function Page ({ content, session }) {
   )
 }
 
-export async function getServerSideProps(context) {
+export async function getServerSideProps (context) {
   const session = await getSession(context)
   let content = null
 

app/pages/protected.js

@@ -4,24 +4,24 @@ import Layout from '../components/layout'
 import AccessDenied from '../components/access-denied'
 
 export default function Page () {
-  const [ session, loading ] = useSession()
-  const [ content , setContent ] = useState()
+  const [session, loading] = useSession()
+  const [content, setContent] = useState()
 
   // Fetch content from protected route
-  useEffect(()=>{
+  useEffect(() => {
     const fetchData = async () => {
       const res = await fetch('/api/examples/protected')
       const json = await res.json()
       if (json.content) { setContent(json.content) }
     }
     fetchData()
-  },[session])
+  }, [session])
 
   // When rendering client side don't display anything until loading is complete
   if (typeof window !== 'undefined' && loading) return null
 
   // If no session exists, display access denied message
-  if (!session) { return  <Layout><AccessDenied/></Layout> }
+  if (!session) { return <Layout><AccessDenied /></Layout> }
 
   // If session exists, display content
   return (
@@ -30,4 +30,4 @@ export default function Page () {
       <p><strong>{content}</strong></p>
     </Layout>
   )
-}
+}

app/pages/server.js

@@ -1,4 +1,4 @@
-import { useSession, getSession } from 'next-auth/client'
+import { getSession } from 'next-auth/client'
 import Layout from '../components/layout'
 
 export default function Page () {
@@ -6,7 +6,6 @@ export default function Page () {
   // populated on render without needing to go through a loading stage.
   // This is possible because of the shared context configured in `_app.js` that
   // is used by `useSession()`.
-  const [ session, loading ] = useSession()
 
   return (
     <Layout>
@@ -29,7 +28,7 @@ export default function Page () {
 }
 
 // Export the `session` prop to use sessions with Server Side Rendering
-export async function getServerSideProps(context) {
+export async function getServerSideProps (context) {
   return {
     props: {
       session: await getSession(context)

app/prisma/schema.prisma

@@ -0,0 +1,63 @@
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+model Account {
+  id                 Int       @default(autoincrement()) @id
+  compoundId         String    @unique @map(name: "compound_id")
+  userId             Int       @map(name: "user_id")
+  providerType       String    @map(name: "provider_type")
+  providerId         String    @map(name: "provider_id")
+  providerAccountId  String    @map(name: "provider_account_id")
+  refreshToken       String?   @map(name: "refresh_token")
+  accessToken        String?   @map(name: "access_token")
+  accessTokenExpires DateTime? @map(name: "access_token_expires")
+  createdAt          DateTime  @default(now()) @map(name: "created_at")
+  updatedAt          DateTime  @default(now()) @map(name: "updated_at")
+
+  @@index([providerAccountId], name: "providerAccountId")
+  @@index([providerId], name: "providerId")
+  @@index([userId], name: "userId")
+
+  @@map(name: "accounts")
+}
+
+model Session {
+  id           Int      @default(autoincrement()) @id
+  userId       Int      @map(name: "user_id")
+  expires      DateTime
+  sessionToken String   @unique @map(name: "session_token")
+  accessToken  String   @unique @map(name: "access_token")
+  createdAt    DateTime @default(now()) @map(name: "created_at")
+  updatedAt    DateTime @default(now()) @map(name: "updated_at")
+
+  @@map(name: "sessions")
+}
+
+model User {
+  id            Int       @default(autoincrement()) @id
+  name          String?
+  email         String?   @unique
+  emailVerified DateTime? @map(name: "email_verified")
+  image         String?
+  createdAt     DateTime  @default(now()) @map(name: "created_at")
+  updatedAt     DateTime  @default(now()) @map(name: "updated_at")
+
+  @@map(name: "users")
+}
+
+model VerificationRequest {
+  id         Int      @default(autoincrement()) @id
+  identifier String
+  token      String   @unique
+  expires    DateTime
+  createdAt  DateTime  @default(now()) @map(name: "created_at")
+  updatedAt  DateTime  @default(now()) @map(name: "updated_at")
+
+  @@map(name: "verification_requests")
+}

client.js

@@ -1 +0,0 @@
-module.exports = require('./dist/client').default

components/access-denied.js

@@ -1,16 +0,0 @@
-import { signIn } from 'next-auth/client'
-
-export default function AccessDenied () {
-  return (
-    <>
-      <h1>Access Denied</h1>
-      <p>
-        <a href="/api/auth/signin"
-           onClick={(e) => {
-           e.preventDefault()
-           signIn()
-        }}>You must be signed in to view this page</a>
-      </p>
-    </>
-  )
-}

config/build.js

@@ -0,0 +1,88 @@
+const fs = require("fs-extra")
+const path = require("path")
+
+const MODULE_ENTRIES = {
+  SERVER: "index",
+  CLIENT: "client",
+  PROVIDERS: "providers",
+  ADAPTERS: "adapters",
+  JWT: "jwt",
+}
+
+// Building submodule entries
+
+const BUILD_TARGETS = {
+  [`${MODULE_ENTRIES.SERVER}.js`]: "module.exports = require('./dist/server').default\n",
+  [`${MODULE_ENTRIES.CLIENT}.js`]: "module.exports = require('./dist/client').default\n",
+  [`${MODULE_ENTRIES.ADAPTERS}.js`]: "module.exports = require('./dist/adapters').default\n",
+  [`${MODULE_ENTRIES.PROVIDERS}.js`]: "module.exports = require('./dist/providers').default\n",
+  [`${MODULE_ENTRIES.JWT}.js`]: "module.exports = require('./dist/lib/jwt').default\n",
+}
+
+Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
+  fs.writeFile(path.join(process.cwd(), target), content, (err) => {
+    if (err) throw err
+    console.log(`[build] created "${target}" in root folder`)
+  })
+})
+
+// Building types
+
+const TYPES_TARGETS = [
+  `${MODULE_ENTRIES.SERVER}.d.ts`,
+  `${MODULE_ENTRIES.CLIENT}.d.ts`,
+  `${MODULE_ENTRIES.ADAPTERS}.d.ts`,
+  `${MODULE_ENTRIES.PROVIDERS}.d.ts`,
+  `${MODULE_ENTRIES.JWT}.d.ts`,
+  "internals",
+]
+
+TYPES_TARGETS.forEach((target) => {
+  fs.copy(
+    path.resolve("types", target),
+    path.join(process.cwd(), target),
+    (err) => {
+      if (err) throw err
+      console.log(`[build-types] copying "${target}" to root folder`)
+    }
+  )
+})
+
+// Building providers
+
+const providersDir = path.join(process.cwd(), "/src/providers")
+
+const files = fs
+  .readdirSync(providersDir, "utf8")
+  .filter((file) => file !== "index.js")
+
+let importLines = ""
+let exportLines = `export default {\n`
+files.forEach((file) => {
+  const provider = fs.readFileSync(path.join(providersDir, file), "utf8")
+  try {
+    // NOTE: If this fails, the default export probably wasn't a named function.
+    // Always use a named function as default export.
+    // Eg.: export default function YourProvider ...
+    const { functionName } = provider.match(
+      /export default function (?<functionName>.+)\s?\(/
+    ).groups
+
+    importLines += `import ${functionName} from "./${file}"\n`
+    exportLines += `  ${functionName},\n`
+  } catch (error) {
+    console.error(
+      [
+        `\nThe provider file '${file}' should have a single named default export`,
+        "Example: 'export default function YourProvider'\n\n",
+      ].join("\n")
+    )
+    process.exit(1)
+  }
+})
+exportLines += `}\n`
+
+fs.writeFile(
+  path.join(process.cwd(), "src/providers/index.js"),
+  [importLines, exportLines].join("\n")
+)

index.js

@@ -1 +0,0 @@
-module.exports = require('./dist/server')

jsconfig.json

@@ -1,12 +0,0 @@
-{
-  "compilerOptions": {
-    "baseUrl": ".",
-    "paths": {
-      "next-auth": ["./src/server"],
-      "next-auth/adapters": ["./src/adapters"],
-      "next-auth/client": ["./src/client"],
-      "next-auth/jwt": ["./src/lib/jwt"],
-      "next-auth/providers": ["./src/providers"]
-    }
-  }
-}

jwt.js

@@ -1 +0,0 @@
-module.exports = require('./dist/lib/jwt').default

package.json

@@ -6,39 +6,57 @@
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "author": "Iain Collins <me@iaincollins.com>",
   "main": "index.js",
+  "types": "./index.d.ts",
+  "keywords": ["react", "nodejs", "oauth", "jwt", "oauth2", "authentication", "nextjs", "csrf", "oidc", "nextauth"],
+  "exports": {
+    ".": "./dist/server/index.js",
+    "./jwt": "./dist/lib/jwt.js",
+    "./adapters": "./dist/adapters/index.js",
+    "./client": "./dist/client/index.js",
+    "./providers": "./dist/providers/index.js",
+    "./providers/*": "./dist/providers/*.js"
+  },
   "scripts": {
     "build": "npm run build:js && npm run build:css",
-    "build:js": "babel --config-file ./config/babel.config.json src --out-dir dist",
+    "build:js": "node ./config/build.js && babel --config-file ./config/babel.config.json src --out-dir dist",
     "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir dist && node config/wrap-css.js",
-    "dev": "next | npm run watch:css",
+    "dev:setup": "npm run build:css && cd app && npm i",
+    "dev": "cd app && npm run dev",
     "watch": "npm run watch:js | npm run watch:css",
     "watch:js": "babel --config-file ./config/babel.config.json --watch src --out-dir dist",
     "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir dist",
     "test:app:start": "docker-compose -f test/docker/app.yml up -d",
     "test:app:rebuild": "npm run build && docker-compose -f test/docker/app.yml up -d --build",
     "test:app:stop": "docker-compose -f test/docker/app.yml down",
-    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop",
+    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop && npm run test:types",
     "test:db": "npm run test:db:mysql && npm run test:db:postgres && npm run test:db:mongodb && npm run test:db:mssql",
     "test:db:mysql": "node test/mysql.js",
     "test:db:postgres": "node test/postgres.js",
     "test:db:mongodb": "node test/mongodb.js",
     "test:db:mssql": "node test/mssql.js",
     "test:integration": "mocha test/integration",
+    "test:types": "dtslint types",
     "db:start": "docker-compose -f test/docker/databases.yml up -d",
     "db:stop": "docker-compose -f test/docker/databases.yml down",
     "prepublishOnly": "npm run build",
     "publish:beta": "npm publish --tag beta",
     "publish:canary": "npm publish --tag canary",
-    "lint": "standard",
-    "lint:fix": "standard --fix"
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix"
   },
   "files": [
     "dist",
     "index.js",
+    "index.d.ts",
     "providers.js",
+    "providers.d.ts",
     "adapters.js",
+    "adapters.d.ts",
     "client.js",
-    "jwt.js"
+    "client.d.ts",
+    "jwt.js",
+    "jwt.d.ts",
+    "internals"
   ],
   "license": "ISC",
   "dependencies": {
@@ -50,35 +68,47 @@
     "oauth": "^0.9.15",
     "pkce-challenge": "^2.1.0",
     "preact": "^10.4.1",
-    "preact-render-to-string": "^5.1.7",
+    "preact-render-to-string": "^5.1.14",
     "querystring": "^0.2.0",
     "require_optional": "^1.0.1",
     "typeorm": "^0.2.30"
   },
   "peerDependencies": {
     "react": "^16.13.1 || ^17",
-    "react-dom": "^16.13.1 || ^17"
+    "react-dom": "16.13.1 || ^17"
   },
   "peerOptionalDependencies": {
     "mongodb": "^3.5.9",
     "mysql": "^2.18.1",
     "mssql": "^6.2.1",
     "pg": "^8.2.1",
-    "@prisma/client": "^2.12.0"
+    "@prisma/client": "^2.16.1"
   },
   "devDependencies": {
     "@babel/cli": "^7.8.4",
     "@babel/core": "^7.9.6",
     "@babel/preset-env": "^7.9.6",
+    "@prisma/client": "^2.16.1",
     "@semantic-release/commit-analyzer": "^8.0.1",
     "@semantic-release/github": "^7.2.0",
     "@semantic-release/npm": "7.0.8",
     "@semantic-release/release-notes-generator": "^9.0.1",
+    "@types/react": "^17.0.0",
+    "@typescript-eslint/eslint-plugin": "^4.22.0",
+    "@typescript-eslint/parser": "^4.22.0",
     "autoprefixer": "^9.7.6",
     "babel-preset-preact": "^2.0.0",
     "conventional-changelog-conventionalcommits": "4.4.0",
     "cssnano": "^4.1.10",
     "dotenv": "^8.2.0",
+    "dtslint": "^4.0.8",
+    "eslint": "^7.19.0",
+    "eslint-config-prettier": "^8.2.0",
+    "eslint-config-standard-with-typescript": "^19.0.1",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-promise": "^4.3.1",
+    "eslint-plugin-standard": "^5.0.0",
     "mocha": "^8.1.3",
     "mongodb": "^3.5.9",
     "mssql": "^6.2.1",
@@ -87,18 +117,54 @@
     "pg": "^8.2.1",
     "postcss-cli": "^7.1.1",
     "postcss-nested": "^4.2.1",
+    "prettier": "^2.2.1",
+    "prisma": "^2.16.1",
     "puppeteer": "^5.2.1",
     "puppeteer-extra": "^3.1.15",
     "puppeteer-extra-plugin-stealth": "^2.6.1",
     "react": "^17.0.1",
     "react-dom": "^17.0.1",
-    "standard": "^16.0.3"
+    "typescript": "^4.1.3"
   },
-  "standard": {
-    "ignore": [
-      "test/",
-      "pages/",
-      "components/"
+  "prettier": {
+    "semi": false
+  },
+  "eslintConfig": {
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+      "project": "./tsconfig.json"
+    },
+    "extends": [
+      "standard-with-typescript",
+      "prettier"
+    ],
+    "ignorePatterns": [
+      "node_modules",
+      "test",
+      "next-env.d.ts",
+      "types",
+      "www",
+      ".next",
+      "dist"
+    ],
+    "globals": {
+      "localStorage": "readonly",
+      "location": "readonly",
+      "fetch": "readonly"
+    }
+  },
+  "release": {
+    "branches": [
+      "+([0-9])?(.{+([0-9]),x}).x",
+      "main",
+      { "name": "beta", "prerelease": true },
+      { "name": "next", "prerelease": true }
     ]
-  }
+  },
+  "funding": [
+    {
+      "type": "github",
+      "url": "https://github.com/sponsors/balazsorban44"
+    }
+  ]
 }

pages/api/auth/[...nextauth].js

@@ -1,92 +0,0 @@
-import NextAuth from "next-auth"
-import Providers from "next-auth/providers"
-
-export default NextAuth({
-  // https://next-auth.js.org/configuration/providers
-  providers: [
-    Providers.GitHub({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    Providers.Auth0({
-      clientId: process.env.AUTH0_ID,
-      clientSecret: process.env.AUTH0_SECRET,
-      domain: process.env.AUTH0_DOMAIN,
-      protection: "pkce"
-    }),
-    Providers.Twitter({
-      clientId: process.env.TWITTER_ID,
-      clientSecret: process.env.TWITTER_SECRET,
-    }),
-  ],
-  // Database optional. MySQL, Maria DB, Postgres and MongoDB are supported.
-  // https://next-auth.js.org/configuration/databases
-  //
-  // Notes:
-  // * You must to install an appropriate node_module for your database
-  // * The Email provider requires a database (OAuth providers do not)
-
-  // The secret should be set to a reasonably long random string.
-  // It is used to sign cookies and to sign and encrypt JSON Web Tokens, unless
-  // a separate secret is defined explicitly for encrypting the JWT.
-
-  session: {
-    // Use JSON Web Tokens for session instead of database sessions.
-    // This option can be used with or without a database for users/accounts.
-    // Note: `jwt` is automatically set to `true` if no database is specified.
-    jwt: true,
-
-    // Seconds - How long until an idle session expires and is no longer valid.
-    // maxAge: 30 * 24 * 60 * 60, // 30 days
-
-    // Seconds - Throttle how frequently to write to database to extend a session.
-    // Use it to limit write operations. Set to 0 to always update the database.
-    // Note: This option is ignored if using JSON Web Tokens
-    // updateAge: 24 * 60 * 60, // 24 hours
-  },
-
-  // JSON Web tokens are only used for sessions if the `jwt: true` session
-  // option is set - or by default if no database is specified.
-  // https://next-auth.js.org/configuration/options#jwt
-  jwt: {
-    encryption: true,
-    secret: process.env.SECRET,
-    // A secret to use for key generation (you should set this explicitly)
-    // secret: 'INp8IvdIyeMcoGAgFGoA61DdBglwwSqnXJZkgz8PSnw',
-    // Set to true to use encryption (default: false)
-    // encryption: true,
-    // You can define your own encode/decode functions for signing and encryption
-    // if you want to override the default behaviour.
-    // encode: async ({ secret, token, maxAge }) => {},
-    // decode: async ({ secret, token, maxAge }) => {},
-  },
-
-  // You can define custom pages to override the built-in pages.
-  // The routes shown here are the default URLs that will be used when a custom
-  // pages is not specified for that route.
-  // https://next-auth.js.org/configuration/pages
-  pages: {
-    // signIn: '/api/auth/signin',  // Displays signin buttons
-    // signOut: '/api/auth/signout', // Displays form with sign out button
-    // error: '/api/auth/error', // Error code passed in query string as ?error=
-    // verifyRequest: '/api/auth/verify-request', // Used for check email page
-    // newUser: null // If set, new users will be directed here on first sign in
-  },
-
-  // Callbacks are asynchronous functions you can use to control what happens
-  // when an action is performed.
-  // https://next-auth.js.org/configuration/callbacks
-  callbacks: {
-    // signIn: async (user, account, profile) => { return Promise.resolve(true) },
-    // redirect: async (url, baseUrl) => { return Promise.resolve(baseUrl) },
-    // session: async (session, user) => { return Promise.resolve(session) },
-    // jwt: async (token, user, account, profile, isNewUser) => { return Promise.resolve(token) }
-  },
-
-  // Events are useful for logging
-  // https://next-auth.js.org/configuration/events
-  events: {},
-
-  // Enable debug messages in the console if you are having problems
-  debug: false,
-})

providers.js

@@ -1 +0,0 @@
-module.exports = require('./dist/providers').default

src/adapters/example/index.js

@@ -1,84 +1,83 @@
 const Adapter = (config, options = {}) => {
   async function getAdapter (appOptions) {
+    const { logger } = appOptions
     // Display debug output if debug option enabled
-    function _debug (...args) {
-      if (appOptions.debug) {
-        console.log('[next-auth][debug]', ...args)
-      }
+    function debug (debugCode, ...args) {
+      logger.debug(`ADAPTER_${debugCode}`, ...args)
     }
 
     async function createUser (profile) {
-      _debug('createUser', profile)
+      debug('createUser', profile)
       return null
     }
 
     async function getUser (id) {
-      _debug('getUser', id)
+      debug('getUser', id)
       return null
     }
 
     async function getUserByEmail (email) {
-      _debug('getUserByEmail', email)
+      debug('getUserByEmail', email)
       return null
     }
 
     async function getUserByProviderAccountId (providerId, providerAccountId) {
-      _debug('getUserByProviderAccountId', providerId, providerAccountId)
+      debug('getUserByProviderAccountId', providerId, providerAccountId)
       return null
     }
 
     async function updateUser (user) {
-      _debug('updateUser', user)
+      debug('updateUser', user)
       return null
     }
 
     async function deleteUser (userId) {
-      _debug('deleteUser', userId)
+      debug('deleteUser', userId)
       return null
     }
 
     async function linkAccount (userId, providerId, providerType, providerAccountId, refreshToken, accessToken, accessTokenExpires) {
-      _debug('linkAccount', userId, providerId, providerType, providerAccountId, refreshToken, accessToken, accessTokenExpires)
+      debug('linkAccount', userId, providerId, providerType, providerAccountId, refreshToken, accessToken, accessTokenExpires)
       return null
     }
 
     async function unlinkAccount (userId, providerId, providerAccountId) {
-      _debug('unlinkAccount', userId, providerId, providerAccountId)
+      debug('unlinkAccount', userId, providerId, providerAccountId)
       return null
     }
 
     async function createSession (user) {
-      _debug('createSession', user)
+      debug('createSession', user)
       return null
     }
 
     async function getSession (sessionToken) {
-      _debug('getSession', sessionToken)
+      debug('getSession', sessionToken)
       return null
     }
 
     async function updateSession (session, force) {
-      _debug('updateSession', session)
+      debug('updateSession', session)
       return null
     }
 
     async function deleteSession (sessionToken) {
-      _debug('deleteSession', sessionToken)
+      debug('deleteSession', sessionToken)
       return null
     }
 
     async function createVerificationRequest (identifier, url, token, secret, provider) {
-      _debug('createVerificationRequest', identifier)
+      debug('createVerificationRequest', identifier)
       return null
     }
 
     async function getVerificationRequest (identifier, token, secret, provider) {
-      _debug('getVerificationRequest', identifier, token)
+      debug('getVerificationRequest', identifier, token)
       return null
     }
 
     async function deleteVerificationRequest (identifier, token, secret, provider) {
-      _debug('deleteVerification', identifier, token)
+      debug('deleteVerification', identifier, token)
       return null
     }
 

src/adapters/prisma/index.js

@@ -1,7 +1,6 @@
 import { createHash, randomBytes } from 'crypto'
 
 import { CreateUserError } from '../../lib/errors'
-import logger from '../../lib/logger'
 
 const Adapter = (config) => {
   const {
@@ -21,6 +20,7 @@ const Adapter = (config) => {
   }
 
   async function getAdapter (appOptions) {
+    const { logger } = appOptions
     function debug (debugCode, ...args) {
       logger.debug(`PRISMA_${debugCode}`, ...args)
     }
@@ -280,11 +280,15 @@ const Adapter = (config) => {
         // Hash token provided with secret before trying to match it with database
         // @TODO Use bcrypt instead of salted SHA-256 hash for token
         const hashedToken = createHash('sha256').update(`${token}${secret}`).digest('hex')
-        const verificationRequest = await prisma[VerificationRequest].findUnique({ where: { token: hashedToken } })
-
+        const verificationRequest = await prisma[VerificationRequest].findFirst({
+          where: {
+            identifier,
+            token: hashedToken
+          }
+        })
         if (verificationRequest && verificationRequest.expires && new Date() > verificationRequest.expires) {
           // Delete verification entry so it cannot be used again
-          await prisma[VerificationRequest].delete({ where: { token: hashedToken } })
+          await prisma[VerificationRequest].deleteMany({ where: { identifier, token: hashedToken } })
           return null
         }
 
@@ -300,7 +304,7 @@ const Adapter = (config) => {
       try {
         // Delete verification entry so it cannot be used again
         const hashedToken = createHash('sha256').update(`${token}${secret}`).digest('hex')
-        await prisma[VerificationRequest].delete({ where: { token: hashedToken } })
+        await prisma[VerificationRequest].deleteMany({ where: { identifier, token: hashedToken } })
       } catch (error) {
         logger.error('DELETE_VERIFICATION_REQUEST_ERROR', error)
         return Promise.reject(new Error('DELETE_VERIFICATION_REQUEST_ERROR', error))

src/adapters/typeorm/index.js

@@ -6,7 +6,7 @@ import { CreateUserError } from '../../lib/errors'
 import adapterConfig from './lib/config'
 import adapterTransform from './lib/transform'
 import Models from './models'
-import logger from '../../lib/logger'
+
 import { updateConnectionEntities } from './lib/utils'
 
 const Adapter = (typeOrmConfig, options = {}) => {
@@ -41,6 +41,12 @@ const Adapter = (typeOrmConfig, options = {}) => {
   let connection = null
 
   async function getAdapter (appOptions) {
+    const { logger } = appOptions
+    // Display debug output if debug option enabled
+    function debug (debugCode, ...args) {
+      logger.debug(`TYPEORM_${debugCode}`, ...args)
+    }
+
     // Helper function to reuse / restablish connections
     // (useful if they drop when after being idle)
     async function _connect () {
@@ -77,12 +83,6 @@ const Adapter = (typeOrmConfig, options = {}) => {
     // https://github.com/typeorm/typeorm/blob/master/docs/entity-manager-api.md
     const { manager } = connection
 
-    // Display debug output if debug option enabled
-    // @TODO Refactor logger so is passed in appOptions
-    function debug (debugCode, ...args) {
-      logger.debug(`TYPEORM_${debugCode}`, ...args)
-    }
-
     // The models are primarily designed for ANSI SQL database, but some
     // flexiblity is required in the adapter to support non-SQL databases such
     // as MongoDB which have different pragmas.
@@ -331,7 +331,7 @@ const Adapter = (typeOrmConfig, options = {}) => {
 
         if (verificationRequest && verificationRequest.expires && new Date() > new Date(verificationRequest.expires)) {
           // Delete verification entry so it cannot be used again
-          await manager.delete(VerificationRequest, { token: hashedToken })
+          await manager.delete(VerificationRequest, { identifier, token: hashedToken })
           return null
         }
 
@@ -347,7 +347,7 @@ const Adapter = (typeOrmConfig, options = {}) => {
       try {
         // Delete verification entry so it cannot be used again
         const hashedToken = createHash('sha256').update(`${token}${secret}`).digest('hex')
-        await manager.delete(VerificationRequest, { token: hashedToken })
+        await manager.delete(VerificationRequest, { identifier, token: hashedToken })
       } catch (error) {
         logger.error('DELETE_VERIFICATION_REQUEST_ERROR', error)
         return Promise.reject(new Error('DELETE_VERIFICATION_REQUEST_ERROR', error))

src/client/index.js

@@ -1,5 +1,3 @@
-/// Note: fetch() is built in to Next.js 9.4
-//
 // Note about signIn() and signOut() methods:
 //
 // On signIn() and signOut() we pass 'json: true' to request a response in JSON
@@ -10,9 +8,8 @@
 //
 // We use HTTP POST requests with CSRF Tokens to protect against CSRF attacks.
 
-/* global fetch:false */
 import { useState, useEffect, useContext, createContext, createElement } from 'react'
-import logger from '../lib/logger'
+import _logger, { proxyLogger } from '../lib/logger'
 import parseUrl from '../lib/parse-url'
 
 // This behaviour mirrors the default behaviour for getting the site name that
@@ -21,169 +18,75 @@ import parseUrl from '../lib/parse-url'
 //    relative URLs are valid in that context and so defaults to empty.
 // 2. When invoked server side the value is picked up from an environment
 //    variable and defaults to 'http://localhost:3000'.
+/** @type {import("types/internals/client").NextAuthConfig} */
 const __NEXTAUTH = {
   baseUrl: parseUrl(process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
   basePath: parseUrl(process.env.NEXTAUTH_URL).basePath,
-  keepAlive: 0, // 0 == disabled (don't send); 60 == send every 60 seconds
-  clientMaxAge: 0, // 0 == disabled (only use cache); 60 == sync if last checked > 60 seconds ago
+  baseUrlServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
+  basePathServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL).basePath,
+  keepAlive: 0,
+  clientMaxAge: 0,
   // Properties starting with _ are used for tracking internal app state
-  _clientLastSync: 0, // used for timestamp since last sycned (in seconds)
-  _clientSyncTimer: null, // stores timer for poll interval
-  _eventListenersAdded: false, // tracks if event listeners have been added,
-  _clientSession: undefined, // stores last session response from hook,
-  // Generate a unique ID to make it possible to identify when a message
-  // was sent from this tab/window so it can be ignored to avoid event loops.
-  _clientId: Math.random().toString(36).substring(2) + Date.now().toString(36),
-  // Used to store to function export by getSession() hook
+  _clientLastSync: 0,
+  _clientSyncTimer: null,
+  _eventListenersAdded: false,
+  _clientSession: undefined,
   _getSession: () => {}
 }
 
+const logger = proxyLogger(_logger, __NEXTAUTH.basePath)
+
+const broadcast = BroadcastChannel()
+
 // Add event listners on load
-if (typeof window !== 'undefined') {
-  if (__NEXTAUTH._eventListenersAdded === false) {
-    __NEXTAUTH._eventListenersAdded = true
+if (typeof window !== 'undefined' && !__NEXTAUTH._eventListenersAdded) {
+  __NEXTAUTH._eventListenersAdded = true
+  // Listen for storage events and update session if event fired from
+  // another window (but suppress firing another event to avoid a loop)
+  // Fetch new session data but tell it to not to fire another event to
+  // avoid an infinite loop.
+  // Note: We could pass session data through and do something like
+  // `setData(message.data)` but that can cause problems depending
+  // on how the session object is being used in the client; it is
+  // more robust to have each window/tab fetch it's own copy of the
+  // session object rather than share it across instances.
+  broadcast.receive(() => __NEXTAUTH._getSession({ event: 'storage' }))
 
-    // Listen for storage events and update session if event fired from
-    // another window (but suppress firing another event to avoid a loop)
-    window.addEventListener('storage', async (event) => {
-      if (event.key === 'nextauth.message') {
-        const message = JSON.parse(event.newValue)
-        if (message?.event === 'session' && message.data) {
-          // Ignore storage events fired from the same window that created them
-          if (__NEXTAUTH._clientId === message.clientId) {
-            return
-          }
-
-          // Fetch new session data but pass 'true' to it not to fire an event to
-          // avoid an infinite loop.
-          //
-          // Note: We could pass session data through and do something like
-          // `setData(message.data)` but that can cause problems depending
-          // on how the session object is being used in the client; it is
-          // more robust to have each window/tab fetch it's own copy of the
-          // session object rather than share it across instances.
-          await __NEXTAUTH._getSession({ event: 'storage' })
-        }
-      }
-    })
-
-    // Listen for document visibilitychange events
-    let hidden, visibilityChange
-    if (typeof document.hidden !== 'undefined') { // Opera 12.10 and Firefox 18 and later support
-      hidden = 'hidden'
-      visibilityChange = 'visibilitychange'
-    } else if (typeof document.msHidden !== 'undefined') {
-      hidden = 'msHidden'
-      visibilityChange = 'msvisibilitychange'
-    } else if (typeof document.webkitHidden !== 'undefined') {
-      hidden = 'webkitHidden'
-      visibilityChange = 'webkitvisibilitychange'
-    }
-    const handleVisibilityChange = () => !document[hidden] && __NEXTAUTH._getSession({ event: visibilityChange })
-    document.addEventListener('visibilitychange', handleVisibilityChange, false)
-  }
-}
-
-// Method to set options. The documented way is to use the provider, but this
-// method is being left in as an alternative, that will be helpful if/when we
-// expose a vanilla JavaScript version that doesn't depend on React.
-const setOptions = ({
-  baseUrl,
-  basePath,
-  clientMaxAge,
-  keepAlive
-} = {}) => {
-  if (baseUrl) { __NEXTAUTH.baseUrl = baseUrl }
-  if (basePath) { __NEXTAUTH.basePath = basePath }
-  if (clientMaxAge) { __NEXTAUTH.clientMaxAge = clientMaxAge }
-  if (keepAlive) {
-    __NEXTAUTH.keepAlive = keepAlive
-
-    if (typeof window !== 'undefined' && keepAlive > 0) {
-      // Clear existing timer (if there is one)
-      if (__NEXTAUTH._clientSyncTimer !== null) { clearTimeout(__NEXTAUTH._clientSyncTimer) }
-
-      // Set next timer to trigger in number of seconds
-      __NEXTAUTH._clientSyncTimer = setTimeout(async () => {
-        // Only invoke keepalive when a session exists
-        if (__NEXTAUTH._clientSession) {
-          await __NEXTAUTH._getSession({ event: 'timer' })
-        }
-      }, keepAlive * 1000)
-    }
-  }
-}
-
-// Universal method (client + server)
-export const getSession = async ({ req, ctx, triggerEvent = true } = {}) => {
-  // If passed 'appContext' via getInitialProps() in _app.js then get the req
-  // object from ctx and use that for the req value to allow getSession() to
-  // work seemlessly in getInitialProps() on server side pages *and* in _app.js.
-  if (!req && ctx && ctx.req) { req = ctx.req }
-
-  const baseUrl = _apiBaseUrl()
-  const fetchOptions = req ? { headers: { cookie: req.headers.cookie } } : {}
-  const session = await _fetchData(`${baseUrl}/session`, fetchOptions)
-  if (triggerEvent) {
-    _sendMessage({ event: 'session', data: { trigger: 'getSession' } })
-  }
-  return session
-}
-
-// Universal method (client + server)
-const getCsrfToken = async ({ req, ctx } = {}) => {
-  // If passed 'appContext' via getInitialProps() in _app.js then get the req
-  // object from ctx and use that for the req value to allow getCsrfToken() to
-  // work seemlessly in getInitialProps() on server side pages *and* in _app.js.
-  if (!req && ctx && ctx.req) { req = ctx.req }
-
-  const baseUrl = _apiBaseUrl()
-  const fetchOptions = req ? { headers: { cookie: req.headers.cookie } } : {}
-  const data = await _fetchData(`${baseUrl}/csrf`, fetchOptions)
-  return data && data.csrfToken ? data.csrfToken : null
-}
-
-// Universal method (client + server); does not require request headers
-const getProviders = async () => {
-  const baseUrl = _apiBaseUrl()
-  return _fetchData(`${baseUrl}/providers`)
+  // Listen for document visibility change events and
+  // if visibility of the document changes, re-fetch the session.
+  document.addEventListener('visibilitychange', () => {
+    !document.hidden && __NEXTAUTH._getSession({ event: 'visibilitychange' })
+  }, false)
 }
 
 // Context to store session data globally
+/** @type {import("types/internals/client").SessionContext} */
 const SessionContext = createContext()
 
-// Client side method
-export const useSession = (session) => {
-  // Try to use context if we can
-  const value = useContext(SessionContext)
-
-  // If we have no Provider in the tree, call the actual hook
-  if (value === undefined) {
-    return _useSessionHook(session)
-  }
-
-  return value
+export function useSession (session) {
+  const context = useContext(SessionContext)
+  if (context) return context
+  return _useSessionHook(session)
 }
 
-// Internal hook for getting session from the api.
-const _useSessionHook = (session) => {
+function _useSessionHook (session) {
   const [data, setData] = useState(session)
-  const [loading, setLoading] = useState(true)
+  const [loading, setLoading] = useState(!data)
 
   useEffect(() => {
-    const _getSession = async ({ event = null } = {}) => {
+    __NEXTAUTH._getSession = async ({ event = null } = {}) => {
       try {
-        const triggredByEvent = (event !== null)
-        const triggeredByStorageEvent = !!((event && event === 'storage'))
+        const triggredByEvent = event !== null
+        const triggeredByStorageEvent = event === 'storage'
 
         const clientMaxAge = __NEXTAUTH.clientMaxAge
         const clientLastSync = parseInt(__NEXTAUTH._clientLastSync)
-        const currentTime = Math.floor(new Date().getTime() / 1000)
+        const currentTime = _now()
         const clientSession = __NEXTAUTH._clientSession
 
         // Updates triggered by a storage event *always* trigger an update and we
         // always update if we don't have any value for the current session state.
-        if (triggeredByStorageEvent === false && clientSession !== undefined) {
+        if (!triggeredByStorageEvent && clientSession !== undefined) {
           if (clientMaxAge === 0 && triggredByEvent !== true) {
             // If there is no time defined for when a session should be considered
             // stale, then it's okay to use the value we have until an event is
@@ -207,13 +110,14 @@ const _useSessionHook = (session) => {
         // Update clientLastSync before making response to avoid repeated
         // invokations that would otherwise be triggered while we are still
         // waiting for a response.
-        __NEXTAUTH._clientLastSync = Math.floor(new Date().getTime() / 1000)
+        __NEXTAUTH._clientLastSync = _now()
 
         // If this call was invoked via a storage event (i.e. another window) then
         // tell getSession not to trigger an event when it calls to avoid an
         // infinate loop.
-        const triggerEvent = (triggeredByStorageEvent === false)
-        const newClientSessionData = await getSession({ triggerEvent })
+        const newClientSessionData = await getSession({
+          triggerEvent: !triggeredByStorageEvent
+        })
 
         // Save session state internally, just so we can track that we've checked
         // if a session exists at least once.
@@ -223,114 +127,231 @@ const _useSessionHook = (session) => {
         setLoading(false)
       } catch (error) {
         logger.error('CLIENT_USE_SESSION_ERROR', error)
+        setLoading(false)
       }
     }
 
-    __NEXTAUTH._getSession = _getSession
-
-    _getSession()
+    __NEXTAUTH._getSession()
   })
+
   return [data, loading]
 }
 
-// Client side method
-export const signIn = async (provider, args = {}, authorizationParams = {}) => {
+export async function getSession (ctx) {
+  const session = await _fetchData('session', ctx)
+  if (ctx?.triggerEvent ?? true) {
+    broadcast.post({ event: 'session', data: { trigger: 'getSession' } })
+  }
+  return session
+}
+
+export async function getCsrfToken (ctx) {
+  return (await _fetchData('csrf', ctx))?.csrfToken
+}
+
+export async function getProviders () {
+  return _fetchData('providers')
+}
+
+export async function signIn (provider, options = {}, authorizationParams = {}) {
+  const {
+    callbackUrl = window.location,
+    redirect = true
+  } = options
+
   const baseUrl = _apiBaseUrl()
-  const callbackUrl = args?.callbackUrl ?? window.location
   const providers = await getProviders()
 
   // Redirect to sign in page if no valid provider specified
   if (!(provider in providers)) {
     // If Provider not recognized, redirect to sign in page
     window.location = `${baseUrl}/signin?callbackUrl=${encodeURIComponent(callbackUrl)}`
-  } else {
-    const signInUrl = (providers[provider].type === 'credentials')
-      ? `${baseUrl}/callback/${provider}`
-      : `${baseUrl}/signin/${provider}`
+    return
+  }
+  const isCredentials = providers[provider].type === 'credentials'
+  const isEmail = providers[provider].type === 'email'
+  const canRedirectBeDisabled = isCredentials || isEmail
 
-    // If is any other provider type, POST to provider URL with CSRF Token,
-    // callback URL and any other parameters supplied.
-    const fetchOptions = {
-      method: 'post',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded'
-      },
-      body: _encodedForm({
-        ...args,
-        csrfToken: await getCsrfToken(),
-        callbackUrl: callbackUrl,
-        json: true
-      })
-    }
-    const _signInUrl = `${signInUrl}?${_encodedForm(authorizationParams)}`
-    const res = await fetch(_signInUrl, fetchOptions)
-    const data = await res.json()
-    window.location = data.url ?? callbackUrl
+  const signInUrl = isCredentials
+    ? `${baseUrl}/callback/${provider}`
+    : `${baseUrl}/signin/${provider}`
+
+  // If is any other provider type, POST to provider URL with CSRF Token,
+  // callback URL and any other parameters supplied.
+  const fetchOptions = {
+    method: 'post',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded'
+    },
+    body: new URLSearchParams({
+      ...options,
+      csrfToken: await getCsrfToken(),
+      callbackUrl,
+      json: true
+    })
+  }
+  const _signInUrl = `${signInUrl}?${new URLSearchParams(authorizationParams)}`
+  const res = await fetch(_signInUrl, fetchOptions)
+  const data = await res.json()
+  if (redirect || !canRedirectBeDisabled) {
+    const url = data.url ?? callbackUrl
+    window.location = url
+    // If url contains a hash, the browser does not reload the page. We reload manually
+    if (url.includes('#')) window.location.reload()
+
+    return
+  }
+
+  const error = new URL(data.url).searchParams.get('error')
+
+  if (res.ok) {
+    await __NEXTAUTH._getSession({ event: 'storage' })
+  }
+
+  return {
+    error,
+    status: res.status,
+    ok: res.ok,
+    url: error ? null : data.url
   }
 }
 
-// Client side method
-export const signOut = async (args = {}) => {
-  const callbackUrl = args.callbackUrl ?? window.location
-
+export async function signOut (options = {}) {
+  const {
+    callbackUrl = window.location,
+    redirect = true
+  } = options
   const baseUrl = _apiBaseUrl()
   const fetchOptions = {
     method: 'post',
     headers: {
       'Content-Type': 'application/x-www-form-urlencoded'
     },
-    body: _encodedForm({
+    body: new URLSearchParams({
       csrfToken: await getCsrfToken(),
-      callbackUrl: callbackUrl,
+      callbackUrl,
       json: true
     })
   }
   const res = await fetch(`${baseUrl}/signout`, fetchOptions)
   const data = await res.json()
-  _sendMessage({ event: 'session', data: { trigger: 'signout' } })
-  window.location = data.url ?? callbackUrl
+  broadcast.post({ event: 'session', data: { trigger: 'signout' } })
+  if (redirect) {
+    const url = data.url ?? callbackUrl
+    window.location = url
+    // If url contains a hash, the browser does not reload the page. We reload manually
+    if (url.includes('#')) window.location.reload()
+    return
+  }
+
+  await __NEXTAUTH._getSession({ event: 'storage' })
+
+  return data
 }
 
-// Provider to wrap the app in to make session data available globally
-export const Provider = ({ children, session, options }) => {
-  setOptions(options)
-  return createElement(SessionContext.Provider, { value: useSession(session) }, children)
-}
+// Method to set options. The documented way is to use the provider, but this
+// method is being left in as an alternative, that will be helpful if/when we
+// expose a vanilla JavaScript version that doesn't depend on React.
+export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {}) {
+  if (baseUrl) __NEXTAUTH.baseUrl = baseUrl
+  if (basePath) __NEXTAUTH.basePath = basePath
+  if (clientMaxAge) __NEXTAUTH.clientMaxAge = clientMaxAge
+  if (keepAlive) {
+    __NEXTAUTH.keepAlive = keepAlive
+    if (typeof window === 'undefined') return
 
-const _fetchData = async (url, options = {}) => {
-  try {
-    const res = await fetch(url, options)
-    const data = await res.json()
-    return Promise.resolve(Object.keys(data).length > 0 ? data : null) // Return null if data empty
-  } catch (error) {
-    logger.error('CLIENT_FETCH_ERROR', url, error)
-    return Promise.resolve(null)
+    // Clear existing timer (if there is one)
+    if (__NEXTAUTH._clientSyncTimer !== null) {
+      clearTimeout(__NEXTAUTH._clientSyncTimer)
+    }
+
+    // Set next timer to trigger in number of seconds
+    __NEXTAUTH._clientSyncTimer = setTimeout(async () => {
+      // Only invoke keepalive when a session exists
+      if (!__NEXTAUTH._clientSession) return
+      await __NEXTAUTH._getSession({ event: 'timer' })
+    }, keepAlive * 1000)
   }
 }
 
-const _apiBaseUrl = () => {
+export function Provider ({ children, session, options }) {
+  setOptions(options)
+  return createElement(
+    SessionContext.Provider,
+    { value: useSession(session) },
+    children
+  )
+}
+
+/**
+ * If passed 'appContext' via getInitialProps() in _app.js
+ * then get the req object from ctx and use that for the
+ * req value to allow _fetchData to
+ * work seemlessly in getInitialProps() on server side
+ * pages *and* in _app.js.
+ */
+async function _fetchData (path, { ctx, req = ctx?.req } = {}) {
+  try {
+    const baseUrl = await _apiBaseUrl()
+    const options = req ? { headers: { cookie: req.headers.cookie } } : {}
+    const res = await fetch(`${baseUrl}/${path}`, options)
+    const data = await res.json()
+    return Object.keys(data).length > 0 ? data : null // Return null if data empty
+  } catch (error) {
+    logger.error('CLIENT_FETCH_ERROR', path, error)
+    return null
+  }
+}
+
+function _apiBaseUrl () {
   if (typeof window === 'undefined') {
     // NEXTAUTH_URL should always be set explicitly to support server side calls - log warning if not set
-    if (!process.env.NEXTAUTH_URL) { logger.warn('NEXTAUTH_URL', 'NEXTAUTH_URL environment variable not set') }
+    if (!process.env.NEXTAUTH_URL) {
+      logger.warn('NEXTAUTH_URL', 'NEXTAUTH_URL environment variable not set')
+    }
 
     // Return absolute path when called server side
-    return `${__NEXTAUTH.baseUrl}${__NEXTAUTH.basePath}`
-  } else {
-    // Return relative path when called client side
-    return __NEXTAUTH.basePath
+    return `${__NEXTAUTH.baseUrlServer}${__NEXTAUTH.basePathServer}`
   }
+  // Return relative path when called client side
+  return __NEXTAUTH.basePath
 }
 
-const _encodedForm = (formData) => {
-  return Object.keys(formData).map((key) => {
-    return encodeURIComponent(key) + '=' + encodeURIComponent(formData[key])
-  }).join('&')
+/** Returns the number of seconds elapsed since January 1, 1970 00:00:00 UTC. */
+function _now () {
+  return Math.floor(Date.now() / 1000)
 }
 
-const _sendMessage = (message) => {
-  if (typeof localStorage !== 'undefined') {
-    const timestamp = Math.floor(new Date().getTime() / 1000)
-    localStorage.setItem('nextauth.message', JSON.stringify({ ...message, clientId: __NEXTAUTH._clientId, timestamp })) // eslint-disable-line
+/**
+ * Inspired by [Broadcast Channel API](https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API)
+ * Only not using it directly, because Safari does not support it.
+ *
+ * https://caniuse.com/?search=broadcastchannel
+ */
+function BroadcastChannel (name = 'nextauth.message') {
+  return {
+    /**
+     * Get notified by other tabs/windows.
+     * @param {(message: import("types/internals/client").BroadcastMessage) => void} onReceive
+     */
+    receive (onReceive) {
+      if (typeof window === 'undefined') return
+      window.addEventListener('storage', async (event) => {
+        if (event.key !== name) return
+        /** @type {import("types/internals/client").BroadcastMessage} */
+        const message = JSON.parse(event.newValue)
+        if (message?.event !== 'session' || !message?.data) return
+
+        onReceive(message)
+      })
+    },
+    /** Notify other tabs/windows. */
+    post (message) {
+      if (typeof localStorage === 'undefined') return
+      localStorage.setItem(name,
+        JSON.stringify({ ...message, timestamp: _now() })
+      )
+    }
   }
 }
 

src/css/index.css

@@ -3,6 +3,7 @@
   --border-radius: .3rem;
   --color-error: #c94b4b;
   --color-info: #157efb;
+  --color-info-text: #fff;
 }
 
 .__next-auth-theme-auto,
@@ -23,7 +24,6 @@
   --color-control-border: #555;
   --color-button-active-background: #060606;
   --color-button-active-border: #666;
-
   --color-seperator: #444;
 }
 
@@ -80,6 +80,7 @@ input[type] {
   font-size: 1rem;
   border-radius: var(--border-radius);
   box-shadow: inset 0 .1rem .2rem rgba(0, 0, 0, .2);
+  color: var(--color-text);
 
   &:focus {
     box-shadow: none;
@@ -202,13 +203,13 @@ a.site {
     font-weight: 500;
     border-radius: 0.3rem;
     background: var(--color-info);
-    color: var(--color-text);
 
     p {
       text-align: left;
       padding: 0.5rem 1rem;
       font-size: 0.9rem;
       line-height: 1.2rem;
+      color: var(--color-info-text);
     }
   }
 

src/lib/jwt.js

@@ -106,7 +106,8 @@ async function getToken (params) {
     // or not set (e.g. development or test instance) case use unprefixed name
     secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')),
     cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token',
-    raw = false
+    raw = false,
+    decode: _decode = decode
   } = params
   if (!req) throw new Error('Must pass `req` to JWT getToken()')
 
@@ -126,7 +127,7 @@ async function getToken (params) {
   }
 
   try {
-    return decode({ token, ...params })
+    return _decode({ token, ...params })
   } catch {
     return null
   }

src/lib/logger.js

@@ -1,25 +1,81 @@
-const logger = {
-  error (code, ...message) {
+/** @type {import("types").LoggerInstance} */
+const _logger = {
+  error(code, ...message) {
     console.error(
       `[next-auth][error][${code.toLowerCase()}]`,
       `\nhttps://next-auth.js.org/errors#${code.toLowerCase()}`,
       ...message
     )
   },
-  warn (code, ...message) {
+  warn(code, ...message) {
     console.warn(
       `[next-auth][warn][${code.toLowerCase()}]`,
       `\nhttps://next-auth.js.org/warnings#${code.toLowerCase()}`,
       ...message
     )
   },
-  debug (code, ...message) {
+  debug(code, ...message) {
     if (!process?.env?._NEXTAUTH_DEBUG) return
-    console.log(
-      `[next-auth][debug][${code.toLowerCase()}]`,
-      ...message
-    )
-  }
+    console.log(`[next-auth][debug][${code.toLowerCase()}]`, ...message)
+  },
 }
 
-export default logger
+/**
+ * Override the built-in logger.
+ * Any `undefined` level will use the default logger.
+ * @param {Partial<import("types").LoggerInstance>} newLogger
+ */
+export function setLogger(newLogger = {}) {
+  if (newLogger.error) _logger.error = newLogger.error
+  if (newLogger.warn) _logger.warn = newLogger.warn
+  if (newLogger.debug) _logger.debug = newLogger.debug
+}
+
+export default _logger
+
+/**
+ * Serializes client-side log messages and sends them to the server
+ * @param {import("types").LoggerInstance} logger
+ * @param {string} basePath
+ * @return {import("types").LoggerInstance}
+ */
+export function proxyLogger(logger = _logger, basePath) {
+  try {
+    if (typeof window === "undefined") {
+      return logger
+    }
+
+    const clientLogger = {}
+    for (const level in logger) {
+      clientLogger[level] = (code, ...message) => {
+        _logger[level](code, ...message) // Log on client as usual
+
+        const url = `${basePath}/_log`
+        const body = new URLSearchParams({
+          level,
+          code,
+          message: JSON.stringify(
+            message.map((m) => {
+              if (m instanceof Error) {
+                // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+                return { name: m.name, message: m.message, stack: m.stack }
+              }
+              return m
+            })
+          ),
+        })
+        if (navigator.sendBeacon) {
+          return navigator.sendBeacon(url, body)
+        }
+        return fetch(url, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body,
+        })
+      }
+    }
+    return clientLogger
+  } catch {
+    return _logger
+  }
+}

src/providers/apple.js

@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Apple(options) {
   return {
-    id: 'apple',
-    name: 'Apple',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'name email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://appleid.apple.com/auth/token',
-    authorizationUrl: 'https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post',
+    id: "apple",
+    name: "Apple",
+    type: "oauth",
+    version: "2.0",
+    scope: "name email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://appleid.apple.com/auth/token",
+    authorizationUrl:
+      "https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post",
     profileUrl: null,
     idToken: true,
-    profile: (profile) => {
+    profile(profile) {
       // The name of the user will only return on first login
       return {
         id: profile.sub,
-        name: profile.user != null ? profile.user.name.firstName + ' ' + profile.user.name.lastName : null,
-        email: profile.email
+        name:
+          profile.user != null
+            ? profile.user.name.firstName + " " + profile.user.name.lastName
+            : null,
+        email: profile.email,
       }
     },
     clientId: null,
     clientSecret: {
       teamId: null,
       privateKey: null,
-      keyId: null
+      keyId: null,
     },
-    protection: 'none', // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
-    ...options
+    protection: "none", // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
+    ...options,
   }
 }

src/providers/atlassian.js

@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Atlassian(options) {
   return {
-    id: 'atlassian',
-    name: 'Atlassian',
-    type: 'oauth',
-    version: '2.0',
+    id: "atlassian",
+    name: "Atlassian",
+    type: "oauth",
+    version: "2.0",
     params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
     },
-    accessTokenUrl: 'https://auth.atlassian.com/oauth/token',
+    accessTokenUrl: "https://auth.atlassian.com/oauth/token",
     authorizationUrl:
-      'https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent',
-    profileUrl: 'https://api.atlassian.com/me',
-    profile: (profile) => {
+      "https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent",
+    profileUrl: "https://api.atlassian.com/me",
+    profile(profile) {
       return {
         id: profile.account_id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture
+        image: profile.picture,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/auth0.js

@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Auth0(options) {
   return {
-    id: 'auth0',
-    name: 'Auth0',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    scope: 'openid email profile',
+    id: "auth0",
+    name: "Auth0",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    scope: "openid email profile",
     accessTokenUrl: `https://${options.domain}/oauth/token`,
     authorizationUrl: `https://${options.domain}/authorize?response_type=code`,
     profileUrl: `https://${options.domain}/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
       return {
         id: profile.sub,
         name: profile.nickname,
         email: profile.email,
-        image: profile.picture
+        image: profile.picture,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/azure-ad-b2c.js

@@ -1,24 +1,24 @@
-export default (options) => {
-  const tenant = options.tenantId ? options.tenantId : 'common'
+export default function AzureADB2C(options) {
+  const tenant = options.tenantId ? options.tenantId : "common"
 
   return {
-    id: 'azure-ad-b2c',
-    name: 'Azure Active Directory B2C',
-    type: 'oauth',
-    version: '2.0',
+    id: "azure-ad-b2c",
+    name: "Azure Active Directory B2C",
+    type: "oauth",
+    version: "2.0",
     params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
     },
     accessTokenUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
     authorizationUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize?response_type=code&response_mode=query`,
-    profileUrl: 'https://graph.microsoft.com/v1.0/me/',
-    profile: (profile) => {
+    profileUrl: "https://graph.microsoft.com/v1.0/me/",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.displayName,
-        email: profile.userPrincipalName
+        email: profile.userPrincipalName,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/basecamp.js

@@ -1,20 +1,22 @@
-export default (options) => {
+export default function Basecamp(options) {
   return {
-    id: 'basecamp',
-    name: 'Basecamp',
-    type: 'oauth',
-    version: '2.0',
-    accessTokenUrl: 'https://launchpad.37signals.com/authorization/token?type=web_server',
-    authorizationUrl: 'https://launchpad.37signals.com/authorization/new?type=web_server',
-    profileUrl: 'https://launchpad.37signals.com/authorization.json',
-    profile: (profile) => {
+    id: "basecamp",
+    name: "Basecamp",
+    type: "oauth",
+    version: "2.0",
+    accessTokenUrl:
+      "https://launchpad.37signals.com/authorization/token?type=web_server",
+    authorizationUrl:
+      "https://launchpad.37signals.com/authorization/new?type=web_server",
+    profileUrl: "https://launchpad.37signals.com/authorization.json",
+    profile(profile) {
       return {
         id: profile.identity.id,
         name: `${profile.identity.first_name} ${profile.identity.last_name}`,
         email: profile.identity.email_address,
-        image: null
+        image: null,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/battlenet.js

@@ -1,29 +1,29 @@
-export default (options) => {
+export default function BattleNet(options) {
   const { region } = options
   return {
-    id: 'battlenet',
-    name: 'Battle.net',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "battlenet",
+    name: "Battle.net",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
     accessTokenUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/token'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/token"
         : `https://${region}.battle.net/oauth/token`,
     authorizationUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/authorize?response_type=code'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/authorize?response_type=code"
         : `https://${region}.battle.net/oauth/authorize?response_type=code`,
-    profileUrl: 'https://us.battle.net/oauth/userinfo',
-    profile: (profile) => {
+    profileUrl: "https://us.battle.net/oauth/userinfo",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.battletag,
         email: null,
-        image: null
+        image: null,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/box.js

@@ -1,22 +1,23 @@
-export default (options) => {
+export default function Box(options) {
   return {
-    id: 'box',
-    name: 'Box',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.box.com/oauth2/token',
-    authorizationUrl: 'https://account.box.com/api/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.box.com/2.0/users/me',
-    profile: (profile) => {
+    id: "box",
+    name: "Box",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.box.com/oauth2/token",
+    authorizationUrl:
+      "https://account.box.com/api/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.box.com/2.0/users/me",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.login,
-        image: profile.avatar_url
+        image: profile.avatar_url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/bungie.js

@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Bungie(options) {
   return {
-    id: 'bungie',
-    name: 'Bungie',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { reauth: 'true', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    requestTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    authorizationUrl: 'https://www.bungie.net/en/OAuth/Authorize?response_type=code',
-    profileUrl: 'https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/',
-    profile: (profile) => {
+    id: "bungie",
+    name: "Bungie",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { reauth: "true", grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    requestTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    authorizationUrl:
+      "https://www.bungie.net/en/OAuth/Authorize?response_type=code",
+    profileUrl:
+      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
+    profile(profile) {
       const { bungieNetUser: user } = profile.Response
 
       return {
         id: user.membershipId,
         name: user.displayName,
-        image: `https://www.bungie.net${user.profilePicturePath.startsWith('/') ? '' : '/'}${user.profilePicturePath}`,
-        email: null
+        image: `https://www.bungie.net${
+          user.profilePicturePath.startsWith("/") ? "" : "/"
+        }${user.profilePicturePath}`,
+        email: null,
       }
     },
     headers: {
-      'X-API-Key': null
+      "X-API-Key": null,
     },
     clientId: null,
     clientSecret: null,
-    ...options
+    ...options,
   }
 }

src/providers/cognito.js

@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Cognito(options) {
   const { domain } = options
   return {
-    id: 'cognito',
-    name: 'Cognito',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "cognito",
+    name: "Cognito",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
     accessTokenUrl: `https://${domain}/oauth2/token`,
     authorizationUrl: `https://${domain}/oauth2/authorize?response_type=code`,
     profileUrl: `https://${domain}/oauth2/userInfo`,
-    profile: (profile) => {
+    profile(profile) {
       return {
         id: profile.sub,
         name: profile.username,
         email: profile.email,
-        image: null
+        image: null,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/credentials.js

@@ -1,10 +1,10 @@
-export default (options) => {
+export default function Credentials(options) {
   return {
-    id: 'credentials',
-    name: 'Credentials',
-    type: 'credentials',
+    id: "credentials",
+    name: "Credentials",
+    type: "credentials",
     authorize: null,
     credentials: null,
-    ...options
+    ...options,
   }
 }

src/providers/discord.js

@@ -1,29 +1,30 @@
-export default (options) => {
+export default function Discord(options) {
   return {
-    id: 'discord',
-    name: 'Discord',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identify email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://discord.com/api/oauth2/token',
-    authorizationUrl: 'https://discord.com/api/oauth2/authorize?response_type=code&prompt=none',
-    profileUrl: 'https://discord.com/api/users/@me',
-    profile: (profile) => {
+    id: "discord",
+    name: "Discord",
+    type: "oauth",
+    version: "2.0",
+    scope: "identify email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://discord.com/api/oauth2/token",
+    authorizationUrl:
+      "https://discord.com/api/oauth2/authorize?response_type=code&prompt=none",
+    profileUrl: "https://discord.com/api/users/@me",
+    profile(profile) {
       if (profile.avatar === null) {
         const defaultAvatarNumber = parseInt(profile.discriminator) % 5
         profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`
       } else {
-        const format = profile.premium_type === 1 || profile.premium_type === 2 ? 'gif' : 'png'
+        const format = profile.avatar.startsWith("a_") ? "gif" : "png"
         profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
       }
       return {
         id: profile.id,
         name: profile.username,
         image: profile.image_url,
-        email: profile.email
+        email: profile.email,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/email.js

@@ -1,48 +1,54 @@
-import nodemailer from 'nodemailer'
-import logger from '../lib/logger'
+import nodemailer from "nodemailer"
+import logger from "../lib/logger"
 
-export default (options) => {
+export default function Email(options) {
   return {
-    id: 'email',
-    type: 'email',
-    name: 'Email',
+    id: "email",
+    type: "email",
+    name: "Email",
     // Server can be an SMTP connection string or a nodemailer config object
     server: {
-      host: 'localhost',
+      host: "localhost",
       port: 25,
       auth: {
-        user: '',
-        pass: ''
-      }
+        user: "",
+        pass: "",
+      },
     },
-    from: 'NextAuth <no-reply@example.com>',
-    maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
+    from: "NextAuth <no-reply@example.com>",
+    maxAge: 24 * 60 * 60,
     sendVerificationRequest,
-    ...options
+    ...options,
   }
 }
 
-const sendVerificationRequest = ({ identifier: email, url, baseUrl, provider }) => {
+const sendVerificationRequest = ({
+  identifier: email,
+  url,
+  baseUrl,
+  provider,
+}) => {
   return new Promise((resolve, reject) => {
     const { server, from } = provider
     // Strip protocol from URL and use domain as site name
-    const site = baseUrl.replace(/^https?:\/\//, '')
+    const site = baseUrl.replace(/^https?:\/\//, "")
 
-    nodemailer
-      .createTransport(server)
-      .sendMail({
+    nodemailer.createTransport(server).sendMail(
+      {
         to: email,
         from,
         subject: `Sign in to ${site}`,
         text: text({ url, site, email }),
-        html: html({ url, site, email })
-      }, (error) => {
+        html: html({ url, site, email }),
+      },
+      (error) => {
         if (error) {
-          logger.error('SEND_VERIFICATION_EMAIL_ERROR', email, error)
-          return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
+          logger.error("SEND_VERIFICATION_EMAIL_ERROR", email, error)
+          return reject(new Error("SEND_VERIFICATION_EMAIL_ERROR", error))
         }
         return resolve()
-      })
+      }
+    )
   })
 }
 
@@ -52,16 +58,16 @@ const html = ({ url, site, email }) => {
   // email address and the domain from being turned into a hyperlink by email
   // clients like Outlook and Apple mail, as this is confusing because it seems
   // like they are supposed to click on their email address to sign in.
-  const escapedEmail = `${email.replace(/\./g, '&#8203;.')}`
-  const escapedSite = `${site.replace(/\./g, '&#8203;.')}`
+  const escapedEmail = `${email.replace(/\./g, "&#8203;.")}`
+  const escapedSite = `${site.replace(/\./g, "&#8203;.")}`
 
   // Some simple styling options
-  const backgroundColor = '#f9f9f9'
-  const textColor = '#444444'
-  const mainBackgroundColor = '#ffffff'
-  const buttonBackgroundColor = '#346df1'
-  const buttonBorderColor = '#346df1'
-  const buttonTextColor = '#ffffff'
+  const backgroundColor = "#f9f9f9"
+  const textColor = "#444444"
+  const mainBackgroundColor = "#ffffff"
+  const buttonBackgroundColor = "#346df1"
+  const buttonBorderColor = "#346df1"
+  const buttonTextColor = "#ffffff"
 
   return `
 <body style="background: ${backgroundColor};">

src/providers/eveonline.js

@@ -0,0 +1,22 @@
+export default function EVEOnline(options) {
+  return {
+    id: "eveonline",
+    name: "EVE Online",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.eveonline.com/oauth/token",
+    authorizationUrl:
+      "https://login.eveonline.com/oauth/authorize?response_type=code",
+    profileUrl: "https://login.eveonline.com/oauth/verify",
+    profile(profile) {
+      return {
+        id: profile.CharacterID,
+        name: profile.CharacterName,
+        image: `https://image.eveonline.com/Character/${profile.CharacterID}_128.jpg`,
+        email: null,
+      }
+    },
+    ...options,
+  }
+}

src/providers/facebook.js

@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Facebook(options) {
   return {
-    id: 'facebook',
-    name: 'Facebook',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
-    accessTokenUrl: 'https://graph.facebook.com/oauth/access_token',
-    authorizationUrl: 'https://www.facebook.com/v7.0/dialog/oauth?response_type=code',
-    profileUrl: 'https://graph.facebook.com/me?fields=email,name,picture',
-    profile: (profile) => {
+    id: "facebook",
+    name: "Facebook",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
+    accessTokenUrl: "https://graph.facebook.com/oauth/access_token",
+    authorizationUrl:
+      "https://www.facebook.com/v7.0/dialog/oauth?response_type=code",
+    profileUrl: "https://graph.facebook.com/me?fields=email,name,picture",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture.data.url
+        image: profile.picture.data.url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/faceit.js

@@ -0,0 +1,28 @@
+export default function FACEIT(options) {
+  return {
+    id: "faceit",
+    name: "FACEIT",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    headers: {
+      Authorization: `Basic ${Buffer.from(
+        `${options.clientId}:${options.clientSecret}`
+      ).toString("base64")}`,
+    },
+    accessTokenUrl: "https://api.faceit.com/auth/v1/oauth/token",
+    authorizationUrl:
+      "https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code",
+    profileUrl: "https://api.faceit.com/auth/v1/resources/userinfo",
+    profile(profile) {
+      const { guid: id, nickname: name, email, picture: image } = profile
+      return {
+        id,
+        name,
+        email,
+        image,
+      }
+    },
+    ...options,
+  }
+}

src/providers/foursquare.js

@@ -1,22 +1,23 @@
-export default ({ apiVersion, ...options }) => {
+export default function Foursquare(options) {
+  const { apiVersion } = options
   return {
-    id: 'foursquare',
-    name: 'Foursquare',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://foursquare.com/oauth2/access_token',
+    id: "foursquare",
+    name: "Foursquare",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://foursquare.com/oauth2/access_token",
     authorizationUrl:
-      'https://foursquare.com/oauth2/authenticate?response_type=code',
+      "https://foursquare.com/oauth2/authenticate?response_type=code",
     profileUrl: `https://api.foursquare.com/v2/users/self?v=${apiVersion}`,
-    profile: (profile) => {
+    profile(profile) {
       return {
         id: profile.id,
         name: `${profile.firstName} ${profile.lastName}`,
         image: `${profile.prefix}original${profile.suffix}`,
-        email: profile.contact.email
+        email: profile.contact.email,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/fusionauth.js

@@ -1,27 +1,27 @@
-export default (options) => {
+export default function FusionAuth(options) {
   let authorizationUrl = `https://${options.domain}/oauth2/authorize?response_type=code`
   if (options.tenantId) {
     authorizationUrl += `&tenantId=${options.tenantId}`
   }
 
   return {
-    id: 'fusionauth',
-    name: 'FusionAuth',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "fusionauth",
+    name: "FusionAuth",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
     accessTokenUrl: `https://${options.domain}/oauth2/token`,
     authorizationUrl,
     profileUrl: `https://${options.domain}/oauth2/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
       return {
         id: profile.sub,
         name: profile.name,
         email: profile.email,
-        image: profile.picture
+        image: profile.picture,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/github.js

@@ -1,21 +1,21 @@
-export default (options) => {
+export default function GitHub(options) {
   return {
-    id: 'github',
-    name: 'GitHub',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user',
-    accessTokenUrl: 'https://github.com/login/oauth/access_token',
-    authorizationUrl: 'https://github.com/login/oauth/authorize',
-    profileUrl: 'https://api.github.com/user',
-    profile: (profile) => {
+    id: "github",
+    name: "GitHub",
+    type: "oauth",
+    version: "2.0",
+    scope: "user",
+    accessTokenUrl: "https://github.com/login/oauth/access_token",
+    authorizationUrl: "https://github.com/login/oauth/authorize",
+    profileUrl: "https://api.github.com/user",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name || profile.login,
         email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/gitlab.js

@@ -1,22 +1,22 @@
-export default (options) => {
+export default function GitLab(options) {
   return {
-    id: 'gitlab',
-    name: 'GitLab',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read_user',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://gitlab.com/oauth/token',
-    authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://gitlab.com/api/v4/user',
-    profile: (profile) => {
+    id: "gitlab",
+    name: "GitLab",
+    type: "oauth",
+    version: "2.0",
+    scope: "read_user",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://gitlab.com/oauth/token",
+    authorizationUrl: "https://gitlab.com/oauth/authorize?response_type=code",
+    profileUrl: "https://gitlab.com/api/v4/user",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.username,
         email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/google.js

@@ -1,23 +1,25 @@
-export default (options) => {
+export default function Google(options) {
   return {
-    id: 'google',
-    name: 'Google',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.google.com/o/oauth2/token',
-    requestTokenUrl: 'https://accounts.google.com/o/oauth2/auth',
-    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth?response_type=code',
-    profileUrl: 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json',
-    profile: (profile) => {
+    id: "google",
+    name: "Google",
+    type: "oauth",
+    version: "2.0",
+    scope:
+      "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
+    requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
+    authorizationUrl:
+      "https://accounts.google.com/o/oauth2/auth?response_type=code",
+    profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.picture
+        image: profile.picture,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/identity-server4.js

@@ -1,17 +1,17 @@
-export default (options) => {
+export default function IdentityServer4(options) {
   return {
-    id: 'identity-server4',
-    name: 'IdentityServer4',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "identity-server4",
+    name: "IdentityServer4",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
     accessTokenUrl: `https://${options.domain}/connect/token`,
     authorizationUrl: `https://${options.domain}/connect/authorize?response_type=code`,
     profileUrl: `https://${options.domain}/connect/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
       return { ...profile, id: profile.sub }
     },
-    ...options
+    ...options,
   }
 }

src/providers/index.js

@@ -1,71 +0,0 @@
-import Apple from './apple'
-import Atlassian from './atlassian'
-import Auth0 from './auth0'
-import AzureADB2C from './azure-ad-b2c'
-import Basecamp from './basecamp'
-import BattleNet from './battlenet'
-import Box from './box'
-import Bungie from './bungie'
-import Cognito from './cognito'
-import Credentials from './credentials'
-import Discord from './discord'
-import Email from './email'
-import Facebook from './facebook'
-import Foursquare from './foursquare'
-import FusionAuth from './fusionauth'
-import GitHub from './github'
-import GitLab from './gitlab'
-import Google from './google'
-import IdentityServer4 from './identity-server4'
-import LINE from './line'
-import LinkedIn from './linkedin'
-import MailRu from './mailru'
-import Medium from './medium'
-import Netlify from './netlify'
-import Okta from './okta'
-import Reddit from './reddit'
-import Salesforce from './salesforce'
-import Slack from './slack'
-import Spotify from './spotify'
-import Strava from './strava'
-import Twitch from './twitch'
-import Twitter from './twitter'
-import VK from './vk'
-import Yandex from './yandex'
-
-export default {
-  Apple,
-  Atlassian,
-  Auth0,
-  AzureADB2C,
-  Basecamp,
-  BattleNet,
-  Box,
-  Bungie,
-  Cognito,
-  Credentials,
-  Discord,
-  Email,
-  Facebook,
-  Foursquare,
-  FusionAuth,
-  GitHub,
-  GitLab,
-  Google,
-  IdentityServer4,
-  LINE,
-  LinkedIn,
-  MailRu,
-  Medium,
-  Netlify,
-  Okta,
-  Reddit,
-  Salesforce,
-  Slack,
-  Spotify,
-  Strava,
-  Twitch,
-  Twitter,
-  VK,
-  Yandex
-}

src/providers/instagram.js

@@ -0,0 +1,50 @@
+/**
+ * @type {import("types/providers").OAuthProvider} options
+ * @example
+ *
+ * ```js
+ * // pages/api/auth/[...nextauth].js
+ * import Providers from `next-auth/providers`
+ * ...
+ * providers: [
+ *   Providers.Instagram({
+ *     clientId: process.env.INSTAGRAM_CLIENT_ID,
+ *     clientSecret: process.env.INSTAGRAM_CLIENT_SECRET
+ *   })
+ * ]
+ * ...
+ *
+ * // pages/index
+ * import { signIn } from "next-auth/client"
+ * ...
+ * <button onClick={() => signIn("instagram")}>
+ *   Sign in
+ * </button>
+ * ...
+ * ```
+ * [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram) | [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started) | [Configuration](https://developers.facebook.com/apps)
+ */
+export default function Instagram(options) {
+  return {
+    id: "instagram",
+    name: "Instagram",
+    type: "oauth",
+    version: "2.0",
+    scope: "user_profile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.instagram.com/oauth/access_token",
+    authorizationUrl:
+      "https://api.instagram.com/oauth/authorize?response_type=code",
+    profileUrl:
+      "https://graph.instagram.com/me?fields=id,username,account_type,name",
+    async profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.username,
+        email: null,
+        image: null,
+      }
+    },
+    ...options,
+  }
+}

src/providers/kakao.js

@@ -0,0 +1,22 @@
+export default function Kakao(options) {
+  return {
+    id: "kakao",
+    name: "Kakao",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://kauth.kakao.com/oauth/token",
+    authorizationUrl:
+      "https://kauth.kakao.com/oauth/authorize?response_type=code",
+    profileUrl: "https://kapi.kakao.com/v2/user/me",
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.kakao_account?.profile.nickname,
+        email: profile.kakao_account?.email,
+        image: profile.kakao_account?.profile.profile_image_url,
+      }
+    },
+    ...options,
+  }
+}

src/providers/line.js

@@ -1,22 +1,23 @@
-export default (options) => {
+export default function LINE(options) {
   return {
-    id: 'line',
-    name: 'LINE',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'profile openid',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.line.me/oauth2/v2.1/token',
-    authorizationUrl: 'https://access.line.me/oauth2/v2.1/authorize?response_type=code',
-    profileUrl: 'https://api.line.me/v2/profile',
-    profile: (profile) => {
+    id: "line",
+    name: "LINE",
+    type: "oauth",
+    version: "2.0",
+    scope: "profile openid",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.line.me/oauth2/v2.1/token",
+    authorizationUrl:
+      "https://access.line.me/oauth2/v2.1/authorize?response_type=code",
+    profileUrl: "https://api.line.me/v2/profile",
+    profile(profile) {
       return {
         id: profile.userId,
         name: profile.displayName,
         email: null,
-        image: profile.pictureUrl
+        image: profile.pictureUrl,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/linkedin.js

@@ -1,26 +1,28 @@
-export default (options) => {
+export default function LinkedIn(options) {
   return {
-    id: 'linkedin',
-    name: 'LinkedIn',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'r_liteprofile',
+    id: "linkedin",
+    name: "LinkedIn",
+    type: "oauth",
+    version: "2.0",
+    scope: "r_liteprofile",
     params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
       client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
     },
-    accessTokenUrl: 'https://www.linkedin.com/oauth/v2/accessToken',
-    authorizationUrl: 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
-    profileUrl: 'https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)',
-    profile: (profile) => {
+    accessTokenUrl: "https://www.linkedin.com/oauth/v2/accessToken",
+    authorizationUrl:
+      "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
+    profileUrl:
+      "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)",
+    profile(profile) {
       return {
         id: profile.id,
-        name: profile.localizedFirstName + ' ' + profile.localizedLastName,
+        name: profile.localizedFirstName + " " + profile.localizedLastName,
         email: null,
-        image: null
+        image: null,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/mailru.js

@@ -1,25 +1,25 @@
-export default (options) => {
+export default function MailRu(options) {
   return {
-    id: 'mailru',
-    name: 'Mail.ru',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'userinfo',
+    id: "mailru",
+    name: "Mail.ru",
+    type: "oauth",
+    version: "2.0",
+    scope: "userinfo",
     params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
     },
-    accessTokenUrl: 'https://oauth.mail.ru/token',
-    requestTokenUrl: 'https://oauth.mail.ru/token',
-    authorizationUrl: 'https://oauth.mail.ru/login?response_type=code',
-    profileUrl: 'https://oauth.mail.ru/userinfo',
-    profile: (profile) => {
+    accessTokenUrl: "https://oauth.mail.ru/token",
+    requestTokenUrl: "https://oauth.mail.ru/token",
+    authorizationUrl: "https://oauth.mail.ru/login?response_type=code",
+    profileUrl: "https://oauth.mail.ru/userinfo",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name,
         email: profile.email,
-        image: profile.image
+        image: profile.image,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/medium.js

@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Medium(options) {
   return {
-    id: 'medium',
-    name: 'Medium',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'basicProfile',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.medium.com/v1/tokens',
-    authorizationUrl: 'https://medium.com/m/oauth/authorize?response_type=code',
-    profileUrl: 'https://api.medium.com/v1/me',
-    profile: (profile) => {
+    id: "medium",
+    name: "Medium",
+    type: "oauth",
+    version: "2.0",
+    scope: "basicProfile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.medium.com/v1/tokens",
+    authorizationUrl: "https://medium.com/m/oauth/authorize?response_type=code",
+    profileUrl: "https://api.medium.com/v1/me",
+    profile(profile) {
       return {
         id: profile.data.id,
         name: profile.data.name,
         email: null,
-        image: profile.data.imageUrl
+        image: profile.data.imageUrl,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/netlify.js

@@ -1,21 +1,21 @@
-export default (options) => {
+export default function Netlify(options) {
   return {
-    id: 'netlify',
-    name: 'Netlify',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.netlify.com/oauth/token',
-    authorizationUrl: 'https://app.netlify.com/authorize?response_type=code',
-    profileUrl: 'https://api.netlify.com/api/v1/user',
-    profile: (profile) => {
+    id: "netlify",
+    name: "Netlify",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.netlify.com/oauth/token",
+    authorizationUrl: "https://app.netlify.com/authorize?response_type=code",
+    profileUrl: "https://api.netlify.com/api/v1/user",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.full_name,
         email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/okta.js

@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Okta(options) {
   return {
-    id: 'okta',
-    name: 'Okta',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
+    id: "okta",
+    name: "Okta",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
     params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
       client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
     },
     // These will be different depending on the Org.
     accessTokenUrl: `https://${options.domain}/v1/token`,
     authorizationUrl: `https://${options.domain}/v1/authorize/?response_type=code`,
     profileUrl: `https://${options.domain}/v1/userinfo/`,
-    profile: (profile) => {
+    profile(profile) {
       return { ...profile, id: profile.sub }
     },
-    ...options
+    ...options,
   }
 }

src/providers/osso.js

@@ -0,0 +1,20 @@
+export default function Osso(options) {
+  return {
+    id: "osso",
+    name: "SAML SSO",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: `https://${options.domain}/oauth/token`,
+    authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
+    profileUrl: `https://${options.domain}/oauth/me`,
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.name || profile.email,
+        email: profile.email,
+      }
+    },
+    ...options,
+  }
+}

src/providers/reddit.js

@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Reddit(options) {
   return {
-    id: 'reddit',
-    name: 'Reddit',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identity',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: ' https://www.reddit.com/api/v1/access_token',
+    id: "reddit",
+    name: "Reddit",
+    type: "oauth",
+    version: "2.0",
+    scope: "identity",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: " https://www.reddit.com/api/v1/access_token",
     authorizationUrl:
-      'https://www.reddit.com/api/v1/authorize?response_type=code',
-    profileUrl: 'https://oauth.reddit.com/api/v1/me',
-    profile: (profile) => {
+      "https://www.reddit.com/api/v1/authorize?response_type=code",
+    profileUrl: "https://oauth.reddit.com/api/v1/me",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.name,
         image: null,
-        email: null
+        email: null,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/salesforce.js

@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Salesforce(options) {
   return {
-    id: 'salesforce',
-    name: 'Salesforce',
-    type: 'oauth',
-    version: '2.0',
-    params: { display: 'page', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.salesforce.com/services/oauth2/token',
-    authorizationUrl: 'https://login.salesforce.com/services/oauth2/authorize?response_type=code',
-    profileUrl: 'https://login.salesforce.com/services/oauth2/userinfo',
-    protection: 'none', // REVIEW: Can we use "pkce" ?
-    profile: (profile) => {
+    id: "salesforce",
+    name: "Salesforce",
+    type: "oauth",
+    version: "2.0",
+    params: { display: "page", grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.salesforce.com/services/oauth2/token",
+    authorizationUrl:
+      "https://login.salesforce.com/services/oauth2/authorize?response_type=code",
+    profileUrl: "https://login.salesforce.com/services/oauth2/userinfo",
+    protection: "none",
+    profile(profile) {
       return {
         ...profile,
         id: profile.user_id,
-        image: profile.picture
+        image: profile.picture,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/slack.js

@@ -1,24 +1,26 @@
-export default (options) => {
+export default function Slack(options) {
   return {
-    id: 'slack',
-    name: 'Slack',
-    type: 'oauth',
-    version: '2.0',
+    id: "slack",
+    name: "Slack",
+    type: "oauth",
+    version: "2.0",
     scope: [],
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
-    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
-    authorizationParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
-    profileUrl: 'https://slack.com/api/users.identity',
-    profile: (profile) => {
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://slack.com/api/oauth.v2.access",
+    authorizationUrl: "https://slack.com/oauth/v2/authorize",
+    authorizationParams: {
+      user_scope: "identity.basic,identity.email,identity.avatar",
+    },
+    profileUrl: "https://slack.com/api/users.identity",
+    profile(profile) {
       const { user } = profile
       return {
         id: user.id,
         name: user.name,
         image: user.image_512,
-        email: user.email
+        email: user.email,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/spotify.js

@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Spotify(options) {
   return {
-    id: 'spotify',
-    name: 'Spotify',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user-read-email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.spotify.com/api/token',
+    id: "spotify",
+    name: "Spotify",
+    type: "oauth",
+    version: "2.0",
+    scope: "user-read-email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.spotify.com/api/token",
     authorizationUrl:
-      'https://accounts.spotify.com/authorize?response_type=code',
-    profileUrl: 'https://api.spotify.com/v1/me',
-    profile: (profile) => {
+      "https://accounts.spotify.com/authorize?response_type=code",
+    profileUrl: "https://api.spotify.com/v1/me",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.display_name,
         email: profile.email,
-        image: profile.images?.[0]?.url
+        image: profile.images?.[0]?.url,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/strava.js

@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Strava(options) {
   return {
-    id: 'strava',
-    name: 'Strava',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.strava.com/api/v3/oauth/token',
+    id: "strava",
+    name: "Strava",
+    type: "oauth",
+    version: "2.0",
+    scope: "read",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.strava.com/api/v3/oauth/token",
     authorizationUrl:
-      'https://www.strava.com/api/v3/oauth/authorize?response_type=code',
-    profileUrl: 'https://www.strava.com/api/v3/athlete',
-    profile: (profile) => {
+      "https://www.strava.com/api/v3/oauth/authorize?response_type=code",
+    profileUrl: "https://www.strava.com/api/v3/athlete",
+    profile(profile) {
       return {
         id: profile.id,
         name: profile.firstname,
-        image: profile.profile
+        image: profile.profile,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/twitch.js

@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Twitch(options) {
   return {
-    id: 'twitch',
-    name: 'Twitch',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user:read:email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://id.twitch.tv/oauth2/token',
+    id: "twitch",
+    name: "Twitch",
+    type: "oauth",
+    version: "2.0",
+    scope: "user:read:email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://id.twitch.tv/oauth2/token",
     authorizationUrl:
-      'https://id.twitch.tv/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.twitch.tv/helix/users',
-    profile: (profile) => {
+      "https://id.twitch.tv/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.twitch.tv/helix/users",
+    profile(profile) {
       const data = profile.data[0]
       return {
         id: data.id,
         name: data.display_name,
         image: data.profile_image_url,
-        email: data.email
+        email: data.email,
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/twitter.js

@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Twitter(options) {
   return {
-    id: 'twitter',
-    name: 'Twitter',
-    type: 'oauth',
-    version: '1.0A',
-    scope: '',
-    accessTokenUrl: 'https://api.twitter.com/oauth/access_token',
-    requestTokenUrl: 'https://api.twitter.com/oauth/request_token',
-    authorizationUrl: 'https://api.twitter.com/oauth/authenticate',
+    id: "twitter",
+    name: "Twitter",
+    type: "oauth",
+    version: "1.0A",
+    scope: "",
+    accessTokenUrl: "https://api.twitter.com/oauth/access_token",
+    requestTokenUrl: "https://api.twitter.com/oauth/request_token",
+    authorizationUrl: "https://api.twitter.com/oauth/authenticate",
     profileUrl:
-      'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
-    profile: (profile) => {
+      "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
+    profile(profile) {
       return {
         id: profile.id_str,
         name: profile.name,
         email: profile.email,
-        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, '.jpg')
+        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, ".jpg"),
       }
     },
-    ...options
+    ...options,
   }
 }

src/providers/vk.js

@@ -1,30 +1,29 @@
-export default (options) => {
-  const apiVersion = '5.126' // https://vk.com/dev/versions
+export default function VK(options) {
+  const apiVersion = "5.126" // https://vk.com/dev/versions
 
   return {
-    id: 'vk',
-    name: 'vk.com',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
+    id: "vk",
+    name: "VK",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
     params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
     },
     accessTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
     requestTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    authorizationUrl:
-      `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
+    authorizationUrl: `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
     profileUrl: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
     profile: (result) => {
       const profile = result.response?.[0] ?? {}
 
       return {
         id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(' '),
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
         email: profile.email,
-        image: profile.photo_100
+        image: profile.photo_100,
       }
     },
-    ...options
+    ...options,
   }
 }