feat(provider): add Mailchimp provider (#1781 )

fix(ts): expose errors type delcarations (#1817 )
fix(errors): expose custom errors (#1816 )
2026-05-01 10:55:20 +00:00 · 2021-04-23 12:15:25 +02:00 · 2021-04-22 23:45:23 +02:00 · 2021-04-22 23:28:38 +02:00 · 2021-04-22 23:04:27 +02:00 · 2021-04-22 19:28:17 +02:00
161 changed files with 11528 additions and 6583 deletions
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -9,7 +9,7 @@ assignees: ''
 A clear and concise description of the feature being proposed.

 **Purpose of proposed feature**
-A clear and concise description description of why this feature is necessary and what problems it solves.
+A clear and concise description of why this feature is necessary and what problems it solves.

 **Detail about proposed feature**
 A detailed description of how the proposal might work (if you have one).
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,5 +1,6 @@
 test:
  - test/**/*
+  - types/tests/**/*

 documentation:
  - www/**/*
@@ -32,4 +33,7 @@ client:

 pages:
  - src/server/pages/**/*
-  - www/docs/configuration/pages.md
+  - www/docs/configuration/pages.md
+
+TypeScript:
+  - types/**/*
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -7,6 +7,7 @@ exemptLabels:
  - pinned
  - security
  - priority
+  - bug
 # Label to use when marking an issue as stale
 staleLabel: stale
 # Comment to post when marking an issue as stale. Set to `false` to disable
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,10 +6,12 @@ on:
  push:
    branches: 
     - main
+     - beta
     - next
  pull_request:
    branches:
     - main
+     - beta
     - next

 jobs:
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,7 @@ name: "CodeQL"

 on:
  push:
-    branches: [ main, next ]
+    branches: [ main, beta, next ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ main ]
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -2,9 +2,10 @@ name: Integration Test

 on:
  push:
-    branches: 
-     - main
-     - next
+    branches:
+      - main
+      - beta
+      - next
  pull_request:

 jobs:
@@ -17,7 +18,7 @@ jobs:
    if: github.event.pull_request.head.repo.full_name == github.repository

    # We use self-hosted runners as cloud based runnners (e.g. AWS, GPC)
-    # fail due to IP Address checks done by providers, which enforce 
+    # fail due to IP Address checks done by providers, which enforce
    # CAPTCHA checks on login request from cloud compute IP addresses to
    # prevent abuse.
    runs-on: self-hosted
@@ -45,7 +46,7 @@ jobs:
      - run: npm test
        # TODO Tests should exit out if env vars not set (currently hangs)
        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} 
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
          NEXTAUTH_TWITTER_ID: ${{secrets.NEXTAUTH_TWITTER_ID}}
          NEXTAUTH_TWITTER_SECRET: ${{secrets.NEXTAUTH_TWITTER_SECRET}}
          NEXTAUTH_TWITTER_USERNAME: ${{secrets.NEXTAUTH_TWITTER_USERNAME}}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,13 +2,14 @@ name: Release
 on:
  push:
    branches:
-      - 'main'
-      - 'next'
-      - '3.x'
+      - "main"
+      - "beta"
+      - "next"
+      - "3.x"
  pull_request:
 jobs:
  release:
-    name: 'Release'
+    name: "Release"
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@@ -19,7 +20,6 @@ jobs:
          node-version: 14
      - name: Install dependencies
        uses: bahmutov/npm-install@v1
-      - run: npm run build
      - run: npx semantic-release@17
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/types.yml
+++ b/.github/workflows/types.yml
@@ -0,0 +1,25 @@
+name: Types
+
+on:
+  push:
+    branches:
+      - main
+      - beta
+      - next
+  pull_request:
+    branches:
+      - main
+      - beta
+      - next
+
+jobs:
+  lint-and-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+      - name: Install dependencies
+        uses: bahmutov/npm-install@v1
+      - name: Check types
+        run: npm run test:types
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,8 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*

+yarn.lock
+
 # Dependencies
 node_modules

@@ -23,8 +25,27 @@ node_modules
 # Generated files
 .docusaurus
 .cache-loader
-.next
 www/providers.json
+src/providers/index.js
+/internals
+/adapters.d.ts
+/adapters.js
+/client.d.ts
+/client.js
+/index.d.ts
+/index.js
+/jwt.d.ts
+/jwt.js
+/providers.d.ts
+/providers.js
+/errors.js
+/errors.d.ts
+
+# Development app
+app/next-auth
+app/dist/css
+app/package-lock.json
+app/yarn.lock

 # VS
 /.vs/slnx.sqlite-journal
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,7 +16,7 @@ Anyone can be a contributor. Either you found a typo, or you have an awesome fea
 * The latest changes are always in `main`, so please make your Pull Request against that branch.
 * Pull Requests should be raised for any change
 * Pull Requests need approval of a [core contributor](https://next-auth.js.org/contributors#core-team) before merging
-* Run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this extension](https://marketplace.visualstudio.com/items?itemName=chenxsan.vscode-standardjs) to fix lint issues in development)
+* We use ESLint/Prettier for linting/formatting, so please run `npm run lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
 * We encourage you to test your changes, and if you have the opportunity, please make those tests part of the Pull Request
 * If you add new functionality, please provide the corresponding documentation as well and make it part of the Pull Request

@@ -32,17 +32,17 @@ cd next-auth

 2. Install packages:
 ```sh
-npm i
+npm i && npm dev:setup
 ```

 3. Populate `.env.local`:
   
-    Copy `.env.local.example` to `.env.local`, and add your env variables for each provider you want to test.
+    Copy `app/.env.local.example` to `app/.env.local`, and add your env variables for each provider you want to test.

 > NOTE: You can add any environment variables to .env.local that you would like to use in your dev app.
-> You can find the next-auth config under`pages/api/auth/[...nextauth].js`.
+> You can find the next-auth config under`app/pages/api/auth/[...nextauth].js`.

-1. Start the dev application/server and CSS watching:
+1. Start the dev application/server:
 ```sh
 npm run dev
 ```
@@ -57,11 +57,23 @@ If you need an example project to link to, you can use [next-auth-example](https

 When running `npm run dev`, you start a Next.js dev server on `http://localhost:3000`, which includes hot reloading out of the box. Make changes on any of the files in `src` and see the changes immediately.

->NOTE: When working on CSS, you will need to manually refresh the page after changes. (Improving this through a PR is very welcome!)
+> NOTE: When working on CSS, you will have to manually refresh the page after changes. The reason for this is our pages using CSS are server-side rendered. (Improving this through a PR is very welcome!)
+
+> NOTE: The setup is as follows: The development application lives inside the `app` folder, and whenever you make a change to the `src` folder in the root (where next-auth is), it gets copied into `app` every time (gitignored), so Next.js can pick them up and apply hot reloading. This is to avoid some annoying issues with how symlinks are working with different React builds, and also to provide a super-fast feedback loop while developing core features.
+
+#### Providers
+
+If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily! You only need to add two changes:
+1. Add your config: [`src/providers/{provider}.js`](https://github.com/nextauthjs/next-auth/tree/main/src/providers) (Make sure you use a named default export, like `export default function YourProvider`!)
+2. Add provider documentation: [`www/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/www/docs/providers)
+
+That's it! 🎉 Others will be able to discover this provider much more easily now!
+
+You can look at the existing built-in providers for inspiration.

 #### Databases

-Included is a Docker Compose file that starts up MySQL, Postgres, and MongoDB databases on localhost.
+Included is a Docker Compose file that starts up MySQL, PostgreSQL, and MongoDB databases on localhost.

 It will use port `3306`, `5432`, and `27017` on localhost respectively; please make sure those ports are not used by other services on localhost.

--- a/README.md
+++ b/README.md
@@ -23,9 +23,9 @@
        <img src="https://img.shields.io/github/stars/nextauthjs/next-auth" alt="Github Stars" />
      </a>
      <a href="https://www.npmjs.com/package/next-auth">
-        <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth" alt="Github Stable Release" />
+        <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?label=latest" alt="Github Stable Release" />
      </a>
-      <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?include_prereleases" alt="Github Prelease" />
+      <img src="https://img.shields.io/github/v/release/nextauthjs/next-auth?include_prereleases&label=prerelease&sort=semver" alt="Github Prelease" />
   </p>
 </p>

@@ -84,13 +84,9 @@ Advanced options allow you to define your own routines to handle controlling wha

 ### TypeScript

-You can install the appropriate types via the following command:
+NextAuth.js comes with built-in types. For more information and usage, check out the [TypeScript section](https://next-auth.js.org/getting-started/typescript) in the documentaion.

-```
-npm install --save-dev @types/next-auth
-```
-
-As of now, TypeScript is a community effort. If you encounter any problems with the types package, please create an issue at [DefinitelyTyped](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/next-auth). Alternatively, you can open a pull request directly with your fixes there. We welcome anyone to start a discussion on migrating this package to TypeScript, or how to improve the TypeScript experience in general.
+The package at `@types/next-auth` is now deprecated.

 ## Example

--- a/adapters.js
+++ b/adapters.js
@@ -1 +0,0 @@
-module.exports = require('./dist/adapters').default
--- a/app/.env.local.example
+++ b/app/.env.local.example
--- a/app/README.md
+++ b/app/README.md
@@ -0,0 +1,6 @@
+# NextAuth.js Development App
+
+This folder contains a Next.js app using NextAuth.js for local development. See the following section on how to start:
+
+[Setting up local environment
+](https://github.com/nextauthjs/next-auth/blob/main/CONTRIBUTING.md#setting-up-local-environment)
--- a/app/components/access-denied.js
+++ b/app/components/access-denied.js
--- a/app/components/footer.js
+++ b/app/components/footer.js
--- a/app/components/footer.module.css
+++ b/app/components/footer.module.css
--- a/app/components/header.js
+++ b/app/components/header.js
@@ -100,6 +100,11 @@ export default function Header () {
              <a>Credentials</a>
            </Link>
          </li>
+          <li className={styles.navItem}>
+            <Link href='/email'>
+              <a>Email</a>
+            </Link>
+          </li>
        </ul>
      </nav>
    </header>
--- a/app/components/header.module.css
+++ b/app/components/header.module.css
--- a/app/components/layout.js
+++ b/app/components/layout.js
--- a/app/jsconfig.json
+++ b/app/jsconfig.json
@@ -0,0 +1,5 @@
+{
+  "compilerOptions": {
+    "baseUrl": "."
+  }
+}
--- a/app/next-env.d.ts
+++ b/app/next-env.d.ts
--- a/app/next.config.js
+++ b/app/next.config.js
@@ -0,0 +1,19 @@
+const path = require("path")
+
+module.exports = {
+  webpack(config) {
+    config.resolve = {
+      ...config.resolve,
+      alias: {
+        ...config.resolve.alias,
+        "next-auth$": path.join(process.cwd(), "next-auth/server"),
+        "next-auth/client$": path.join(process.cwd(), "next-auth/client"),
+        "next-auth/jwt$": path.join(process.cwd(), "next-auth/lib/jwt"),
+        "next-auth/adapters": path.join(process.cwd(), "next-auth/adapters"),
+        "next-auth/providers": path.join(process.cwd(), "next-auth/providers"),
+      },
+    }
+
+    return config
+  },
+}
--- a/app/package.json
+++ b/app/package.json
@@ -0,0 +1,25 @@
+{
+  "name": "next-auth-app",
+  "version": "1.0.0",
+  "description": "NextAuth.js Developer app",
+  "private": true,
+  "scripts": {
+    "dev": "npm-run-all --parallel copy:app dev:css dev:next",
+    "dev:next": "next dev",
+    "copy:app": "cpx \"../src/**/*\" next-auth --watch",
+    "copy:css": "cpx \"../dist/css/**/*\" dist/css --watch",
+    "watch:css": "cd .. && npm run watch:css",
+    "dev:css": "npm-run-all --parallel watch:css copy:css",
+    "start": "next start"
+  },
+  "license": "ISC",
+  "dependencies": {
+    "next": "^10.1.3",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2"
+  },
+  "devDependencies": {
+    "cpx": "^1.5.0",
+    "npm-run-all": "^4.1.5"
+  }
+}
--- a/app/pages/_app.js
+++ b/app/pages/_app.js
@@ -1,9 +1,9 @@
-import { Provider } from 'next-auth/client'
-import './styles.css'
+import { Provider } from "next-auth/client"
+import "./styles.css"

 // Use the <Provider> to improve performance and allow components that call
 // `useSession()` anywhere in your application to access the `session` object.
-export default function App ({ Component, pageProps }) {
+export default function App({ Component, pageProps }) {
  return (
    <Provider
      // Provider options are not required but can be useful in situations where
@@ -21,7 +21,7 @@ export default function App ({ Component, pageProps }) {
        //
        // Note: If a session has expired when keep alive is triggered, all open
        // windows / tabs will be updated to reflect the user is signed out.
-        keepAlive: 0
+        keepAlive: 0,
      }}
      session={pageProps.session}
    >
--- a/app/pages/api-example.js
+++ b/app/pages/api-example.js
--- a/app/pages/api/auth/[...nextauth].js
+++ b/app/pages/api/auth/[...nextauth].js
@@ -6,6 +6,27 @@ import Providers from 'next-auth/providers'
 // const prisma = new PrismaClient()

 export default NextAuth({
+  // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+  // cookies: {
+  //   csrfToken: {
+  //     name: 'next-auth.csrf-token',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   },
+  //   pkceCodeVerifier: {
+  //     name: 'next-auth.pkce.code_verifier',
+  //     options: {
+  //       httpOnly: true,
+  //       sameSite: 'none',
+  //       path: '/',
+  //       secure: true
+  //     }
+  //   }
+  // },
  providers: [
    Providers.Email({
      server: process.env.EMAIL_SERVER,
@@ -19,6 +40,11 @@ export default NextAuth({
      clientId: process.env.AUTH0_ID,
      clientSecret: process.env.AUTH0_SECRET,
      domain: process.env.AUTH0_DOMAIN,
+      // Used to debug https://github.com/nextauthjs/next-auth/issues/1664
+      // protection: ["pkce", "state"],
+      // authorizationParams: {
+      //   response_mode: 'form_post'
+      // }
      protection: 'pkce'
    }),
    Providers.Twitter({
@@ -56,6 +82,6 @@ export default NextAuth({
  // Prisma Database Adapter
  // To configure this app to use the schema in `prisma/schema.prisma` run:
  // npx prisma generate
-  // npx prisma migrate dev --preview-feature
+  // npx prisma migrate dev
  // adapter: Adapters.Prisma.Adapter({ prisma })
 })
--- a/app/pages/api/examples/jwt.js
+++ b/app/pages/api/examples/jwt.js
--- a/app/pages/api/examples/protected.js
+++ b/app/pages/api/examples/protected.js
--- a/app/pages/api/examples/session.js
+++ b/app/pages/api/examples/session.js
--- a/app/pages/client.js
+++ b/app/pages/client.js
--- a/app/pages/credentials.js
+++ b/app/pages/credentials.js
@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-use-before-define
 import * as React from 'react'
 import { signIn, signOut, useSession } from 'next-auth/client'
 import Layout from 'components/layout'
--- a/app/pages/email.js
+++ b/app/pages/email.js
@@ -0,0 +1,67 @@
+// eslint-disable-next-line no-use-before-define
+import * as React from 'react'
+import { signIn, signOut, useSession } from 'next-auth/client'
+import Layout from 'components/layout'
+
+export default function Page () {
+  const [response, setResponse] = React.useState(null)
+  const [email, setEmail] = React.useState('')
+
+  const handleChange = (event) => {
+    setEmail(event.target.value)
+  }
+
+  const handleLogin = (options) => async (event) => {
+    event.preventDefault()
+
+    if (options.redirect) {
+      return signIn('email', options)
+    }
+    const response = await signIn('email', options)
+    setResponse(response)
+  }
+
+  const handleLogout = (options) => async (event) => {
+    if (options.redirect) {
+      return signOut(options)
+    }
+    const response = await signOut(options)
+    setResponse(response)
+  }
+
+  const [session] = useSession()
+
+  if (session) {
+    return (
+      <Layout>
+        <h1>Test different flows for Email logout</h1>
+        <span className='spacing'>Default:</span>
+        <button onClick={handleLogout({ redirect: true })}>Logout</button><br />
+        <span className='spacing'>No redirect:</span>
+        <button onClick={handleLogout({ redirect: false })}>Logout</button><br />
+        <p>Response:</p>
+        <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+      </Layout>
+    )
+  }
+
+  return (
+    <Layout>
+      <h1>Test different flows for Email login</h1>
+      <label className='spacing'>
+        Email address:{' '}
+        <input type='text' id='email' name='email' value={email} onChange={handleChange} />
+      </label><br />
+      <form onSubmit={handleLogin({ redirect: true, email })}>
+        <span className='spacing'>Default:</span>
+        <button type='submit'>Sign in with Email</button>
+      </form>
+      <form onSubmit={handleLogin({ redirect: false, email })}>
+        <span className='spacing'>No redirect:</span>
+        <button type='submit'>Sign in with Email</button>
+      </form>
+      <p>Response:</p>
+      <pre style={{ background: '#eee', padding: 16 }}>{JSON.stringify(response, null, 2)}</pre>
+    </Layout>
+  )
+}
--- a/app/pages/index.js
+++ b/app/pages/index.js
--- a/app/pages/policy.js
+++ b/app/pages/policy.js
--- a/app/pages/protected-ssr.js
+++ b/app/pages/protected-ssr.js
--- a/app/pages/protected.js
+++ b/app/pages/protected.js
--- a/app/pages/server.js
+++ b/app/pages/server.js
--- a/app/pages/styles.css
+++ b/app/pages/styles.css
--- a/app/prisma/schema.prisma
+++ b/app/prisma/schema.prisma
--- a/client.js
+++ b/client.js
@@ -1 +0,0 @@
-module.exports = require('./dist/client').default
--- a/config/babel.config.json
+++ b/config/babel.config.json
@@ -2,6 +2,9 @@
  "presets": [
    ["@babel/preset-env", { "targets": { "esmodules": true } }]
  ],
+  "plugins": [
+    "@babel/plugin-proposal-class-properties"
+  ],
  "comments": false,
  "overrides": [
    {
--- a/config/build.js
+++ b/config/build.js
@@ -0,0 +1,91 @@
+const fs = require("fs-extra")
+const path = require("path")
+
+const MODULE_ENTRIES = {
+  SERVER: "index",
+  CLIENT: "client",
+  PROVIDERS: "providers",
+  ADAPTERS: "adapters",
+  JWT: "jwt",
+  ERRORS: "errors",
+}
+
+// Building submodule entries
+
+const BUILD_TARGETS = {
+  [`${MODULE_ENTRIES.SERVER}.js`]: "module.exports = require('./dist/server').default\n",
+  [`${MODULE_ENTRIES.CLIENT}.js`]: "module.exports = require('./dist/client').default\n",
+  [`${MODULE_ENTRIES.ADAPTERS}.js`]: "module.exports = require('./dist/adapters').default\n",
+  [`${MODULE_ENTRIES.PROVIDERS}.js`]: "module.exports = require('./dist/providers').default\n",
+  [`${MODULE_ENTRIES.JWT}.js`]: "module.exports = require('./dist/lib/jwt').default\n",
+  [`${MODULE_ENTRIES.ERRORS}.js`]: "module.exports = require('./dist/lib/errors').default\n",
+}
+
+Object.entries(BUILD_TARGETS).forEach(([target, content]) => {
+  fs.writeFile(path.join(process.cwd(), target), content, (err) => {
+    if (err) throw err
+    console.log(`[build] created "${target}" in root folder`)
+  })
+})
+
+// Building types
+
+const TYPES_TARGETS = [
+  `${MODULE_ENTRIES.SERVER}.d.ts`,
+  `${MODULE_ENTRIES.CLIENT}.d.ts`,
+  `${MODULE_ENTRIES.ADAPTERS}.d.ts`,
+  `${MODULE_ENTRIES.PROVIDERS}.d.ts`,
+  `${MODULE_ENTRIES.JWT}.d.ts`,
+  `${MODULE_ENTRIES.ERRORS}.d.ts`,
+  "internals",
+]
+
+TYPES_TARGETS.forEach((target) => {
+  fs.copy(
+    path.resolve("types", target),
+    path.join(process.cwd(), target),
+    (err) => {
+      if (err) throw err
+      console.log(`[build-types] copying "${target}" to root folder`)
+    }
+  )
+})
+
+// Building providers
+
+const providersDir = path.join(process.cwd(), "/src/providers")
+
+const files = fs
+  .readdirSync(providersDir, "utf8")
+  .filter((file) => file !== "index.js")
+
+let importLines = ""
+let exportLines = `export default {\n`
+files.forEach((file) => {
+  const provider = fs.readFileSync(path.join(providersDir, file), "utf8")
+  try {
+    // NOTE: If this fails, the default export probably wasn't a named function.
+    // Always use a named function as default export.
+    // Eg.: export default function YourProvider ...
+    const { functionName } = provider.match(
+      /export default function (?<functionName>.+)\s?\(/
+    ).groups
+
+    importLines += `import ${functionName} from "./${file}"\n`
+    exportLines += `  ${functionName},\n`
+  } catch (error) {
+    console.error(
+      [
+        `\nThe provider file '${file}' should have a single named default export`,
+        "Example: 'export default function YourProvider'\n\n",
+      ].join("\n")
+    )
+    process.exit(1)
+  }
+})
+exportLines += `}\n`
+
+fs.writeFile(
+  path.join(process.cwd(), "src/providers/index.js"),
+  [importLines, exportLines].join("\n")
+)
--- a/index.js
+++ b/index.js
@@ -1 +0,0 @@
-module.exports = require('./dist/server')
--- a/jwt.js
+++ b/jwt.js
@@ -1 +0,0 @@
-module.exports = require('./dist/lib/jwt').default
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -6,39 +6,71 @@
  "repository": "https://github.com/nextauthjs/next-auth.git",
  "author": "Iain Collins <me@iaincollins.com>",
  "main": "index.js",
+  "types": "./index.d.ts",
+  "keywords": [
+    "react",
+    "nodejs",
+    "oauth",
+    "jwt",
+    "oauth2",
+    "authentication",
+    "nextjs",
+    "csrf",
+    "oidc",
+    "nextauth"
+  ],
+  "exports": {
+    ".": "./dist/server/index.js",
+    "./jwt": "./dist/lib/jwt.js",
+    "./adapters": "./dist/adapters/index.js",
+    "./client": "./dist/client/index.js",
+    "./providers": "./dist/providers/index.js",
+    "./providers/*": "./dist/providers/*.js",
+    "./errors": "./dist/lib/errors.js"
+  },
  "scripts": {
    "build": "npm run build:js && npm run build:css",
-    "build:js": "babel --config-file ./config/babel.config.json src --out-dir dist",
+    "build:js": "node ./config/build.js && babel --config-file ./config/babel.config.json src --out-dir dist",
    "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir dist && node config/wrap-css.js",
-    "dev": "next | npm run watch:css",
+    "dev:setup": "npm run build:css && cd app && npm i",
+    "dev": "cd app && npm run dev",
    "watch": "npm run watch:js | npm run watch:css",
    "watch:js": "babel --config-file ./config/babel.config.json --watch src --out-dir dist",
    "watch:css": "postcss --config config/postcss.config.js --watch src/**/*.css --base src --dir dist",
    "test:app:start": "docker-compose -f test/docker/app.yml up -d",
    "test:app:rebuild": "npm run build && docker-compose -f test/docker/app.yml up -d --build",
    "test:app:stop": "docker-compose -f test/docker/app.yml down",
-    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop",
+    "test": "npm run test:app:rebuild && npm run test:integration && npm run test:app:stop && npm run test:types",
    "test:db": "npm run test:db:mysql && npm run test:db:postgres && npm run test:db:mongodb && npm run test:db:mssql",
    "test:db:mysql": "node test/mysql.js",
    "test:db:postgres": "node test/postgres.js",
    "test:db:mongodb": "node test/mongodb.js",
    "test:db:mssql": "node test/mssql.js",
    "test:integration": "mocha test/integration",
+    "test:types": "dtslint types",
    "db:start": "docker-compose -f test/docker/databases.yml up -d",
    "db:stop": "docker-compose -f test/docker/databases.yml down",
    "prepublishOnly": "npm run build",
    "publish:beta": "npm publish --tag beta",
    "publish:canary": "npm publish --tag canary",
-    "lint": "ts-standard",
-    "lint:fix": "ts-standard --fix"
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix"
  },
  "files": [
    "dist",
    "index.js",
+    "index.d.ts",
    "providers.js",
+    "providers.d.ts",
    "adapters.js",
+    "adapters.d.ts",
    "client.js",
-    "jwt.js"
+    "client.d.ts",
+    "errors.js",
+    "errors.d.ts",
+    "jwt.js",
+    "jwt.d.ts",
+    "internals"
  ],
  "license": "ISC",
  "dependencies": {
@@ -50,14 +82,14 @@
    "oauth": "^0.9.15",
    "pkce-challenge": "^2.1.0",
    "preact": "^10.4.1",
-    "preact-render-to-string": "^5.1.7",
+    "preact-render-to-string": "^5.1.14",
    "querystring": "^0.2.0",
    "require_optional": "^1.0.1",
    "typeorm": "^0.2.30"
  },
  "peerDependencies": {
    "react": "^16.13.1 || ^17",
-    "react-dom": "^16.13.1 || ^17"
+    "react-dom": "16.13.1 || ^17"
  },
  "peerOptionalDependencies": {
    "mongodb": "^3.5.9",
@@ -69,6 +101,7 @@
  "devDependencies": {
    "@babel/cli": "^7.8.4",
    "@babel/core": "^7.9.6",
+    "@babel/plugin-proposal-class-properties": "^7.13.0",
    "@babel/preset-env": "^7.9.6",
    "@prisma/client": "^2.16.1",
    "@semantic-release/commit-analyzer": "^8.0.1",
@@ -76,12 +109,21 @@
    "@semantic-release/npm": "7.0.8",
    "@semantic-release/release-notes-generator": "^9.0.1",
    "@types/react": "^17.0.0",
+    "@typescript-eslint/eslint-plugin": "^4.22.0",
+    "@typescript-eslint/parser": "^4.22.0",
    "autoprefixer": "^9.7.6",
    "babel-preset-preact": "^2.0.0",
    "conventional-changelog-conventionalcommits": "4.4.0",
    "cssnano": "^4.1.10",
    "dotenv": "^8.2.0",
+    "dtslint": "^4.0.8",
    "eslint": "^7.19.0",
+    "eslint-config-prettier": "^8.2.0",
+    "eslint-config-standard-with-typescript": "^19.0.1",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-promise": "^4.3.1",
+    "eslint-plugin-standard": "^5.0.0",
    "mocha": "^8.1.3",
    "mongodb": "^3.5.9",
    "mssql": "^6.2.1",
@@ -90,29 +132,60 @@
    "pg": "^8.2.1",
    "postcss-cli": "^7.1.1",
    "postcss-nested": "^4.2.1",
+    "prettier": "^2.2.1",
    "prisma": "^2.16.1",
    "puppeteer": "^5.2.1",
    "puppeteer-extra": "^3.1.15",
    "puppeteer-extra-plugin-stealth": "^2.6.1",
    "react": "^17.0.1",
    "react-dom": "^17.0.1",
-    "ts-standard": "^10.0.0",
    "typescript": "^4.1.3"
  },
-  "ts-standard": {
-    "project": "./tsconfig.json",
-    "ignore": [
-      "test/",
-      "next-env.d.ts"
+  "prettier": {
+    "semi": false
+  },
+  "eslintConfig": {
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+      "project": "./tsconfig.json"
+    },
+    "extends": [
+      "standard-with-typescript",
+      "prettier"
    ],
-    "globals": [
-      "fetch"
+    "ignorePatterns": [
+      "node_modules",
+      "test",
+      "next-env.d.ts",
+      "types",
+      "www",
+      ".next",
+      "dist"
+    ],
+    "globals": {
+      "localStorage": "readonly",
+      "location": "readonly",
+      "fetch": "readonly"
+    }
+  },
+  "release": {
+    "branches": [
+      "+([0-9])?(.{+([0-9]),x}).x",
+      "main",
+      {
+        "name": "beta",
+        "prerelease": true
+      },
+      {
+        "name": "next",
+        "prerelease": true
+      }
    ]
  },
  "funding": [
    {
-      "type" : "github",
-      "url" : "https://github.com/sponsors/balazsorban44"
+      "type": "github",
+      "url": "https://github.com/sponsors/balazsorban44"
    }
  ]
 }
--- a/providers.js
+++ b/providers.js
@@ -1 +0,0 @@
-module.exports = require('./dist/providers').default
--- a/release.config.js
+++ b/release.config.js
@@ -1,7 +0,0 @@
-module.exports = {
-  branches: [
-    '+([0-9])?(.{+([0-9]),x}).x',
-    'main',
-    { name: 'next', prerelease: true }
-  ]
-}
--- a/src/client/index.js
+++ b/src/client/index.js
@@ -1,5 +1,3 @@
-/// Note: fetch() is built in to Next.js 9.4
-//
 // Note about signIn() and signOut() methods:
 //
 // On signIn() and signOut() we pass 'json: true' to request a response in JSON
@@ -20,167 +18,75 @@ import parseUrl from '../lib/parse-url'
 //    relative URLs are valid in that context and so defaults to empty.
 // 2. When invoked server side the value is picked up from an environment
 //    variable and defaults to 'http://localhost:3000'.
+/** @type {import("types/internals/client").NextAuthConfig} */
 const __NEXTAUTH = {
  baseUrl: parseUrl(process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
  basePath: parseUrl(process.env.NEXTAUTH_URL).basePath,
-  keepAlive: 0, // 0 == disabled (don't send); 60 == send every 60 seconds
-  clientMaxAge: 0, // 0 == disabled (only use cache); 60 == sync if last checked > 60 seconds ago
+  baseUrlServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
+  basePathServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL).basePath,
+  keepAlive: 0,
+  clientMaxAge: 0,
  // Properties starting with _ are used for tracking internal app state
-  _clientLastSync: 0, // used for timestamp since last sycned (in seconds)
-  _clientSyncTimer: null, // stores timer for poll interval
-  _eventListenersAdded: false, // tracks if event listeners have been added,
-  _clientSession: undefined, // stores last session response from hook,
-  // Generate a unique ID to make it possible to identify when a message
-  // was sent from this tab/window so it can be ignored to avoid event loops.
-  _clientId: Math.random().toString(36).substring(2) + Date.now().toString(36),
-  // Used to store to function export by getSession() hook
+  _clientLastSync: 0,
+  _clientSyncTimer: null,
+  _eventListenersAdded: false,
+  _clientSession: undefined,
  _getSession: () => {}
 }

 const logger = proxyLogger(_logger, __NEXTAUTH.basePath)

+const broadcast = BroadcastChannel()
+
 // Add event listners on load
-if (typeof window !== 'undefined') {
-  if (__NEXTAUTH._eventListenersAdded === false) {
-    __NEXTAUTH._eventListenersAdded = true
+if (typeof window !== 'undefined' && !__NEXTAUTH._eventListenersAdded) {
+  __NEXTAUTH._eventListenersAdded = true
+  // Listen for storage events and update session if event fired from
+  // another window (but suppress firing another event to avoid a loop)
+  // Fetch new session data but tell it to not to fire another event to
+  // avoid an infinite loop.
+  // Note: We could pass session data through and do something like
+  // `setData(message.data)` but that can cause problems depending
+  // on how the session object is being used in the client; it is
+  // more robust to have each window/tab fetch it's own copy of the
+  // session object rather than share it across instances.
+  broadcast.receive(() => __NEXTAUTH._getSession({ event: 'storage' }))

-    // Listen for storage events and update session if event fired from
-    // another window (but suppress firing another event to avoid a loop)
-    window.addEventListener('storage', async (event) => {
-      if (event.key === 'nextauth.message') {
-        const message = JSON.parse(event.newValue)
-        if (message?.event === 'session' && message.data) {
-          // Ignore storage events fired from the same window that created them
-          if (__NEXTAUTH._clientId === message.clientId) {
-            return
-          }
-
-          // Fetch new session data but pass 'true' to it not to fire an event to
-          // avoid an infinite loop.
-          //
-          // Note: We could pass session data through and do something like
-          // `setData(message.data)` but that can cause problems depending
-          // on how the session object is being used in the client; it is
-          // more robust to have each window/tab fetch it's own copy of the
-          // session object rather than share it across instances.
-          await __NEXTAUTH._getSession({ event: 'storage' })
-        }
-      }
-    })
-
-    // Listen for document visibilitychange events
-    let hidden, visibilityChange
-    if (typeof document.hidden !== 'undefined') { // Opera 12.10 and Firefox 18 and later support
-      hidden = 'hidden'
-      visibilityChange = 'visibilitychange'
-    } else if (typeof document.msHidden !== 'undefined') {
-      hidden = 'msHidden'
-      visibilityChange = 'msvisibilitychange'
-    } else if (typeof document.webkitHidden !== 'undefined') {
-      hidden = 'webkitHidden'
-      visibilityChange = 'webkitvisibilitychange'
-    }
-    const handleVisibilityChange = () => !document[hidden] && __NEXTAUTH._getSession({ event: visibilityChange })
-    document.addEventListener('visibilitychange', handleVisibilityChange, false)
-  }
-}
-
-// Method to set options. The documented way is to use the provider, but this
-// method is being left in as an alternative, that will be helpful if/when we
-// expose a vanilla JavaScript version that doesn't depend on React.
-const setOptions = ({
-  baseUrl,
-  basePath,
-  clientMaxAge,
-  keepAlive
-} = {}) => {
-  if (baseUrl) { __NEXTAUTH.baseUrl = baseUrl }
-  if (basePath) { __NEXTAUTH.basePath = basePath }
-  if (clientMaxAge) { __NEXTAUTH.clientMaxAge = clientMaxAge }
-  if (keepAlive) {
-    __NEXTAUTH.keepAlive = keepAlive
-
-    if (typeof window !== 'undefined' && keepAlive > 0) {
-      // Clear existing timer (if there is one)
-      if (__NEXTAUTH._clientSyncTimer !== null) { clearTimeout(__NEXTAUTH._clientSyncTimer) }
-
-      // Set next timer to trigger in number of seconds
-      __NEXTAUTH._clientSyncTimer = setTimeout(async () => {
-        // Only invoke keepalive when a session exists
-        if (__NEXTAUTH._clientSession) {
-          await __NEXTAUTH._getSession({ event: 'timer' })
-        }
-      }, keepAlive * 1000)
-    }
-  }
-}
-
-// Universal method (client + server)
-// If passed 'appContext' via getInitialProps() in _app.js then get the req
-// object from ctx and use that for the req value to allow getSession() to
-// work seemlessly in getInitialProps() on server side pages *and* in _app.js.
-export async function getSession ({ ctx, req = ctx?.req, triggerEvent = true } = {}) {
-  const baseUrl = _apiBaseUrl()
-  const fetchOptions = req ? { headers: { cookie: req.headers.cookie } } : {}
-  const session = await _fetchData(`${baseUrl}/session`, fetchOptions)
-  if (triggerEvent) {
-    _sendMessage({ event: 'session', data: { trigger: 'getSession' } })
-  }
-  return session
-}
-
-// Universal method (client + server)
-// If passed 'appContext' via getInitialProps() in _app.js then get the req
-// object from ctx and use that for the req value to allow getCsrfToken() to
-// work seemlessly in getInitialProps() on server side pages *and* in _app.js.
-async function getCsrfToken ({ ctx, req = ctx?.req } = {}) {
-  const baseUrl = _apiBaseUrl()
-  const fetchOptions = req ? { headers: { cookie: req.headers.cookie } } : {}
-  const data = await _fetchData(`${baseUrl}/csrf`, fetchOptions)
-  return data && data.csrfToken ? data.csrfToken : null
-}
-
-// Universal method (client + server); does not require request headers
-const getProviders = async () => {
-  const baseUrl = _apiBaseUrl()
-  return _fetchData(`${baseUrl}/providers`)
+  // Listen for document visibility change events and
+  // if visibility of the document changes, re-fetch the session.
+  document.addEventListener('visibilitychange', () => {
+    !document.hidden && __NEXTAUTH._getSession({ event: 'visibilitychange' })
+  }, false)
 }

 // Context to store session data globally
+/** @type {import("types/internals/client").SessionContext} */
 const SessionContext = createContext()

-// Client side method
-export const useSession = (session) => {
-  // Try to use context if we can
-  const value = useContext(SessionContext)
-
-  // If we have no Provider in the tree, call the actual hook
-  if (value === undefined) {
-    return _useSessionHook(session)
-  }
-
-  return value
+export function useSession (session) {
+  const context = useContext(SessionContext)
+  if (context) return context
+  return _useSessionHook(session)
 }

-// Internal hook for getting session from the api.
-const _useSessionHook = (session) => {
+function _useSessionHook (session) {
  const [data, setData] = useState(session)
-  const [loading, setLoading] = useState(true)
+  const [loading, setLoading] = useState(!data)

  useEffect(() => {
-    const _getSession = async ({ event = null } = {}) => {
+    __NEXTAUTH._getSession = async ({ event = null } = {}) => {
      try {
-        const triggredByEvent = (event !== null)
-        const triggeredByStorageEvent = !!((event && event === 'storage'))
+        const triggredByEvent = event !== null
+        const triggeredByStorageEvent = event === 'storage'

        const clientMaxAge = __NEXTAUTH.clientMaxAge
        const clientLastSync = parseInt(__NEXTAUTH._clientLastSync)
-        const currentTime = Math.floor(new Date().getTime() / 1000)
+        const currentTime = _now()
        const clientSession = __NEXTAUTH._clientSession

        // Updates triggered by a storage event *always* trigger an update and we
        // always update if we don't have any value for the current session state.
-        if (triggeredByStorageEvent === false && clientSession !== undefined) {
+        if (!triggeredByStorageEvent && clientSession !== undefined) {
          if (clientMaxAge === 0 && triggredByEvent !== true) {
            // If there is no time defined for when a session should be considered
            // stale, then it's okay to use the value we have until an event is
@@ -204,13 +110,14 @@ const _useSessionHook = (session) => {
        // Update clientLastSync before making response to avoid repeated
        // invokations that would otherwise be triggered while we are still
        // waiting for a response.
-        __NEXTAUTH._clientLastSync = Math.floor(new Date().getTime() / 1000)
+        __NEXTAUTH._clientLastSync = _now()

        // If this call was invoked via a storage event (i.e. another window) then
        // tell getSession not to trigger an event when it calls to avoid an
        // infinate loop.
-        const triggerEvent = (triggeredByStorageEvent === false)
-        const newClientSessionData = await getSession({ triggerEvent })
+        const newClientSessionData = await getSession({
+          triggerEvent: !triggeredByStorageEvent
+        })

        // Save session state internally, just so we can track that we've checked
        // if a session exists at least once.
@@ -220,28 +127,32 @@ const _useSessionHook = (session) => {
        setLoading(false)
      } catch (error) {
        logger.error('CLIENT_USE_SESSION_ERROR', error)
+        setLoading(false)
      }
    }

-    __NEXTAUTH._getSession = _getSession
-
-    _getSession()
+    __NEXTAUTH._getSession()
  })
+
  return [data, loading]
 }

-/**
- * Client-side method to initiate a signin flow
- * or send the user to the signin page listing all possible providers.
- * (Automatically adds the CSRF token to the request)
- * @see https://next-auth.js.org/getting-started/client#signin
- * @param {string} [provider]
- * @param {SignInOptions} [options]
- * @param {object} [authorizationParams]
- * @return {Promise<SignInResponse | undefined>}
- * @typedef {{callbackUrl?: string; redirect?: boolean}} SignInOptions
- * @typedef {{error: string | null; status: number; ok: boolean}} SignInResponse
- */
+export async function getSession (ctx) {
+  const session = await _fetchData('session', ctx)
+  if (ctx?.triggerEvent ?? true) {
+    broadcast.post({ event: 'session', data: { trigger: 'getSession' } })
+  }
+  return session
+}
+
+export async function getCsrfToken (ctx) {
+  return (await _fetchData('csrf', ctx))?.csrfToken
+}
+
+export async function getProviders () {
+  return _fetchData('providers')
+}
+
 export async function signIn (provider, options = {}, authorizationParams = {}) {
  const {
    callbackUrl = window.location,
@@ -258,6 +169,9 @@ export async function signIn (provider, options = {}, authorizationParams = {})
    return
  }
  const isCredentials = providers[provider].type === 'credentials'
+  const isEmail = providers[provider].type === 'email'
+  const canRedirectBeDisabled = isCredentials || isEmail
+
  const signInUrl = isCredentials
    ? `${baseUrl}/callback/${provider}`
    : `${baseUrl}/signin/${provider}`
@@ -279,7 +193,7 @@ export async function signIn (provider, options = {}, authorizationParams = {})
  const _signInUrl = `${signInUrl}?${new URLSearchParams(authorizationParams)}`
  const res = await fetch(_signInUrl, fetchOptions)
  const data = await res.json()
-  if (redirect || !isCredentials) {
+  if (redirect || !canRedirectBeDisabled) {
    const url = data.url ?? callbackUrl
    window.location = url
    // If url contains a hash, the browser does not reload the page. We reload manually
@@ -302,13 +216,6 @@ export async function signIn (provider, options = {}, authorizationParams = {})
  }
 }

-/**
- * Signs the user out, by removing the session cookie.
- * (Automatically adds the CSRF token to the request)
- * @param {SignOutOptions} [options]
- * @returns {Promise<{url?: string} | undefined>}
- * @typedef {{callbackUrl?: string; redirect?: boolean;}} SignOutOptions
- */
 export async function signOut (options = {}) {
  const {
    callbackUrl = window.location,
@@ -328,7 +235,7 @@ export async function signOut (options = {}) {
  }
  const res = await fetch(`${baseUrl}/signout`, fetchOptions)
  const data = await res.json()
-  _sendMessage({ event: 'session', data: { trigger: 'signout' } })
+  broadcast.post({ event: 'session', data: { trigger: 'signout' } })
  if (redirect) {
    const url = data.url ?? callbackUrl
    window.location = url
@@ -342,40 +249,109 @@ export async function signOut (options = {}) {
  return data
 }

-// Provider to wrap the app in to make session data available globally
-export const Provider = ({ children, session, options }) => {
-  setOptions(options)
-  return createElement(SessionContext.Provider, { value: useSession(session) }, children)
-}
+// Method to set options. The documented way is to use the provider, but this
+// method is being left in as an alternative, that will be helpful if/when we
+// expose a vanilla JavaScript version that doesn't depend on React.
+export function setOptions ({ baseUrl, basePath, clientMaxAge, keepAlive } = {}) {
+  if (baseUrl) __NEXTAUTH.baseUrl = baseUrl
+  if (basePath) __NEXTAUTH.basePath = basePath
+  if (clientMaxAge) __NEXTAUTH.clientMaxAge = clientMaxAge
+  if (keepAlive) {
+    __NEXTAUTH.keepAlive = keepAlive
+    if (typeof window === 'undefined') return

-const _fetchData = async (url, options = {}) => {
-  try {
-    const res = await fetch(url, options)
-    const data = await res.json()
-    return Promise.resolve(Object.keys(data).length > 0 ? data : null) // Return null if data empty
-  } catch (error) {
-    logger.error('CLIENT_FETCH_ERROR', url, error)
-    return Promise.resolve(null)
+    // Clear existing timer (if there is one)
+    if (__NEXTAUTH._clientSyncTimer !== null) {
+      clearTimeout(__NEXTAUTH._clientSyncTimer)
+    }
+
+    // Set next timer to trigger in number of seconds
+    __NEXTAUTH._clientSyncTimer = setTimeout(async () => {
+      // Only invoke keepalive when a session exists
+      if (!__NEXTAUTH._clientSession) return
+      await __NEXTAUTH._getSession({ event: 'timer' })
+    }, keepAlive * 1000)
  }
 }

-const _apiBaseUrl = () => {
+export function Provider ({ children, session, options }) {
+  setOptions(options)
+  return createElement(
+    SessionContext.Provider,
+    { value: useSession(session) },
+    children
+  )
+}
+
+/**
+ * If passed 'appContext' via getInitialProps() in _app.js
+ * then get the req object from ctx and use that for the
+ * req value to allow _fetchData to
+ * work seemlessly in getInitialProps() on server side
+ * pages *and* in _app.js.
+ */
+async function _fetchData (path, { ctx, req = ctx?.req } = {}) {
+  try {
+    const baseUrl = await _apiBaseUrl()
+    const options = req ? { headers: { cookie: req.headers.cookie } } : {}
+    const res = await fetch(`${baseUrl}/${path}`, options)
+    const data = await res.json()
+    return Object.keys(data).length > 0 ? data : null // Return null if data empty
+  } catch (error) {
+    logger.error('CLIENT_FETCH_ERROR', path, error)
+    return null
+  }
+}
+
+function _apiBaseUrl () {
  if (typeof window === 'undefined') {
    // NEXTAUTH_URL should always be set explicitly to support server side calls - log warning if not set
-    if (!process.env.NEXTAUTH_URL) { logger.warn('NEXTAUTH_URL', 'NEXTAUTH_URL environment variable not set') }
+    if (!process.env.NEXTAUTH_URL) {
+      logger.warn('NEXTAUTH_URL', 'NEXTAUTH_URL environment variable not set')
+    }

    // Return absolute path when called server side
-    return `${__NEXTAUTH.baseUrl}${__NEXTAUTH.basePath}`
-  } else {
-    // Return relative path when called client side
-    return __NEXTAUTH.basePath
+    return `${__NEXTAUTH.baseUrlServer}${__NEXTAUTH.basePathServer}`
  }
+  // Return relative path when called client side
+  return __NEXTAUTH.basePath
 }

-const _sendMessage = (message) => {
-  if (typeof localStorage !== 'undefined') {
-    const timestamp = Math.floor(new Date().getTime() / 1000)
-    localStorage.setItem('nextauth.message', JSON.stringify({ ...message, clientId: __NEXTAUTH._clientId, timestamp })) // eslint-disable-line
+/** Returns the number of seconds elapsed since January 1, 1970 00:00:00 UTC. */
+function _now () {
+  return Math.floor(Date.now() / 1000)
+}
+
+/**
+ * Inspired by [Broadcast Channel API](https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API)
+ * Only not using it directly, because Safari does not support it.
+ *
+ * https://caniuse.com/?search=broadcastchannel
+ */
+function BroadcastChannel (name = 'nextauth.message') {
+  return {
+    /**
+     * Get notified by other tabs/windows.
+     * @param {(message: import("types/internals/client").BroadcastMessage) => void} onReceive
+     */
+    receive (onReceive) {
+      if (typeof window === 'undefined') return
+      window.addEventListener('storage', async (event) => {
+        if (event.key !== name) return
+        /** @type {import("types/internals/client").BroadcastMessage} */
+        const message = JSON.parse(event.newValue)
+        if (message?.event !== 'session' || !message?.data) return
+
+        onReceive(message)
+      })
+    },
+    /** Notify other tabs/windows. */
+    post (message) {
+      if (typeof localStorage === 'undefined') return
+      localStorage.setItem(name,
+        JSON.stringify({ ...message, timestamp: _now() })
+      )
+    }
  }
 }

--- a/src/lib/errors.js
+++ b/src/lib/errors.js
@@ -1,39 +1,98 @@
+/**
+ * Same as the default `Error`, but it is JSON serializable.
+ * @source https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+ */
 export class UnknownError extends Error {
-  constructor (message) {
-    super(message)
-    this.name = 'UnknownError'
+  constructor(error) {
+    // Support passing error or string
+    super(error?.message ?? error)
+    this.name = "UnknownError"
+    if (error instanceof Error) {
+      this.stack = error.stack
+    }
  }

-  toJSON () {
+  toJSON() {
    return {
-      error: {
-        name: this.name,
-        message: this.message
-        // stack: this.stack
-      }
+      name: this.name,
+      message: this.message,
+      stack: this.stack,
    }
  }
 }

-export class CreateUserError extends UnknownError {
-  constructor (message) {
-    super(message)
-    this.name = 'CreateUserError'
-  }
-}
-
-// Thrown when an Email address is already associated with an account
-// but the user is trying an OAuth account that is not linked to it.
-export class AccountNotLinkedError extends UnknownError {
-  constructor (message) {
-    super(message)
-    this.name = 'AccountNotLinkedError'
-  }
-}
-
 export class OAuthCallbackError extends UnknownError {
-  constructor (message) {
-    super(message)
-    this.name = 'OAuthCallbackError'
-  }
+  name = "OAuthCallbackError"
+}
+
+/**
+ * Thrown when an Email address is already associated with an account
+ * but the user is trying an OAuth account that is not linked to it.
+ */
+export class AccountNotLinkedError extends UnknownError {
+  name = "AccountNotLinkedError"
+}
+
+export class CreateUserError extends UnknownError {
+  name = "CreateUserError"
+}
+
+export class GetUserError extends UnknownError {
+  name = "GetUserError"
+}
+
+export class GetUserByEmailError extends UnknownError {
+  name = "GetUserByEmailError"
+}
+
+export class GetUserByIdError extends UnknownError {
+  name = "GetUserByIdError"
+}
+
+export class GetUserByProviderAccountIdError extends UnknownError {
+  name = "GetUserByProviderAccountIdError"
+}
+
+export class UpdateUserError extends UnknownError {
+  name = "UpdateUserError"
+}
+
+export class DeleteUserError extends UnknownError {
+  name = "DeleteUserError"
+}
+
+export class LinkAccountError extends UnknownError {
+  name = "LinkAccountError"
+}
+
+export class UnlinkAccountError extends UnknownError {
+  name = "UnlinkAccountError"
+}
+
+export class CreateSessionError extends UnknownError {
+  name = "CreateSessionError"
+}
+
+export class GetSessionError extends UnknownError {
+  name = "GetSessionError"
+}
+
+export class UpdateSessionError extends UnknownError {
+  name = "UpdateSessionError"
+}
+
+export class DeleteSessionError extends UnknownError {
+  name = "DeleteSessionError"
+}
+
+export class CreateVerificationRequestError extends UnknownError {
+  name = "CreateVerificationRequestError"
+}
+
+export class GetVerificationRequestError extends UnknownError {
+  name = "GetVerificationRequestError"
+}
+
+export class DeleteVerificationRequestError extends UnknownError {
+  name = "DeleteVerificationRequestError"
 }
--- a/src/lib/jwt.js
+++ b/src/lib/jwt.js
@@ -1,33 +1,33 @@
-import crypto from 'crypto'
-import jose from 'jose'
-import logger from './logger'
+import crypto from "crypto"
+import jose from "jose"
+import logger from "./logger"

 // Set default algorithm to use for auto-generated signing key
-const DEFAULT_SIGNATURE_ALGORITHM = 'HS512'
+const DEFAULT_SIGNATURE_ALGORITHM = "HS512"

 // Set default algorithm for auto-generated symmetric encryption key
-const DEFAULT_ENCRYPTION_ALGORITHM = 'A256GCM'
+const DEFAULT_ENCRYPTION_ALGORITHM = "A256GCM"

 // Use encryption or not by default
 const DEFAULT_ENCRYPTION_ENABLED = false

 const DEFAULT_MAX_AGE = 30 * 24 * 60 * 60 // 30 days

-async function encode ({
+export async function encode({
  token = {},
  maxAge = DEFAULT_MAX_AGE,
  secret,
  signingKey,
  signingOptions = {
-    expiresIn: `${maxAge}s`
+    expiresIn: `${maxAge}s`,
  },
  encryptionKey,
  encryptionOptions = {
-    alg: 'dir',
+    alg: "dir",
    enc: DEFAULT_ENCRYPTION_ALGORITHM,
-    zip: 'DEF'
+    zip: "DEF",
  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED
+  encryption = DEFAULT_ENCRYPTION_ENABLED,
 } = {}) {
  // Signing Key
  const _signingKey = signingKey
@@ -49,7 +49,7 @@ async function encode ({
  return signedToken
 }

-async function decode ({
+export async function decode({
  secret,
  token,
  maxAge = DEFAULT_MAX_AGE,
@@ -57,14 +57,14 @@ async function decode ({
  verificationKey = signingKey, // Optional (defaults to encryptionKey)
  verificationOptions = {
    maxTokenAge: `${maxAge}s`,
-    algorithms: [DEFAULT_SIGNATURE_ALGORITHM]
+    algorithms: [DEFAULT_SIGNATURE_ALGORITHM],
  },
  encryptionKey,
  decryptionKey = encryptionKey, // Optional (defaults to encryptionKey)
  decryptionOptions = {
-    algorithms: [DEFAULT_ENCRYPTION_ALGORITHM]
+    algorithms: [DEFAULT_ENCRYPTION_ALGORITHM],
  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED
+  encryption = DEFAULT_ENCRYPTION_ENABLED,
 } = {}) {
  if (!token) return null

@@ -77,8 +77,12 @@ async function decode ({
      : getDerivedEncryptionKey(secret)

    // Decrypt token
-    const decryptedToken = jose.JWE.decrypt(token, _encryptionKey, decryptionOptions)
-    tokenToVerify = decryptedToken.toString('utf8')
+    const decryptedToken = jose.JWE.decrypt(
+      token,
+      _encryptionKey,
+      decryptionOptions
+    )
+    tokenToVerify = decryptedToken.toString("utf8")
  }

  // Signing Key
@@ -99,16 +103,22 @@ async function decode ({
 * raw?: boolean
 * }} params
 */
-async function getToken (params) {
+export async function getToken(params) {
  const {
    req,
    // Use secure prefix for cookie name, unless URL is NEXTAUTH_URL is http://
    // or not set (e.g. development or test instance) case use unprefixed name
-    secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')),
-    cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token',
-    raw = false
+    secureCookie = !(
+      !process.env.NEXTAUTH_URL ||
+      process.env.NEXTAUTH_URL.startsWith("http://")
+    ),
+    cookieName = secureCookie
+      ? "__Secure-next-auth.session-token"
+      : "next-auth.session-token",
+    raw = false,
+    decode: _decode = decode,
  } = params
-  if (!req) throw new Error('Must pass `req` to JWT getToken()')
+  if (!req) throw new Error("Must pass `req` to JWT getToken()")

  // Try to get token from cookie
  let token = req.cookies[cookieName]
@@ -116,8 +126,8 @@ async function getToken (params) {
  // If cookie not found in cookie look for bearer token in authorization header.
  // This allows clients that pass through tokens in headers rather than as
  // cookies to use this helper function.
-  if (!token && req.headers.authorization?.split(' ')[0] === 'Bearer') {
-    const urlEncodedToken = req.headers.authorization.split(' ')[1]
+  if (!token && req.headers.authorization?.split(" ")[0] === "Bearer") {
+    const urlEncodedToken = req.headers.authorization.split(" ")[1]
    token = decodeURIComponent(urlEncodedToken)
  }

@@ -126,7 +136,7 @@ async function getToken (params) {
  }

  try {
-    return decode({ token, ...params })
+    return _decode({ token, ...params })
  } catch {
    return null
  }
@@ -137,7 +147,7 @@ let DERIVED_SIGNING_KEY_WARNING = false
 let DERIVED_ENCRYPTION_KEY_WARNING = false

 // Do the better hkdf of Node.js one added in `v15.0.0` and Third Party one
-function hkdf (secret, { byteLength, encryptionInfo, digest = 'sha256' }) {
+function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
  if (crypto.hkdfSync) {
    return Buffer.from(
      crypto.hkdfSync(
@@ -149,39 +159,50 @@ function hkdf (secret, { byteLength, encryptionInfo, digest = 'sha256' }) {
      )
    )
  }
-  return require('futoin-hkdf')(secret, byteLength, { info: encryptionInfo, hash: digest })
+  return require("futoin-hkdf")(secret, byteLength, {
+    info: encryptionInfo,
+    hash: digest,
+  })
 }

-function getDerivedSigningKey (secret) {
+function getDerivedSigningKey(secret) {
  if (!DERIVED_SIGNING_KEY_WARNING) {
-    logger.warn('JWT_AUTO_GENERATED_SIGNING_KEY')
+    logger.warn("JWT_AUTO_GENERATED_SIGNING_KEY")
    DERIVED_SIGNING_KEY_WARNING = true
  }

  const buffer = hkdf(secret, {
    byteLength: 64,
-    encryptionInfo: 'NextAuth.js Generated Signing Key'
+    encryptionInfo: "NextAuth.js Generated Signing Key",
+  })
+  const key = jose.JWK.asKey(buffer, {
+    alg: DEFAULT_SIGNATURE_ALGORITHM,
+    use: "sig",
+    kid: "nextauth-auto-generated-signing-key",
  })
-  const key = jose.JWK.asKey(buffer, { alg: DEFAULT_SIGNATURE_ALGORITHM, use: 'sig', kid: 'nextauth-auto-generated-signing-key' })
  return key
 }

-function getDerivedEncryptionKey (secret) {
+function getDerivedEncryptionKey(secret) {
  if (!DERIVED_ENCRYPTION_KEY_WARNING) {
-    logger.warn('JWT_AUTO_GENERATED_ENCRYPTION_KEY')
+    logger.warn("JWT_AUTO_GENERATED_ENCRYPTION_KEY")
    DERIVED_ENCRYPTION_KEY_WARNING = true
  }

  const buffer = hkdf(secret, {
    byteLength: 32,
-    encryptionInfo: 'NextAuth.js Generated Encryption Key'
+    encryptionInfo: "NextAuth.js Generated Encryption Key",
+  })
+  const key = jose.JWK.asKey(buffer, {
+    alg: DEFAULT_ENCRYPTION_ALGORITHM,
+    use: "enc",
+    kid: "nextauth-auto-generated-encryption-key",
  })
-  const key = jose.JWK.asKey(buffer, { alg: DEFAULT_ENCRYPTION_ALGORITHM, use: 'enc', kid: 'nextauth-auto-generated-encryption-key' })
  return key
 }

 export default {
  encode,
  decode,
-  getToken
+  getToken,
 }
--- a/src/lib/logger.d.ts
+++ b/src/lib/logger.d.ts
@@ -1,5 +0,0 @@
-export interface LoggerInstance {
-  warn: (code?: string, ...message: unknown[]) => void
-  error: (code?: string, ...message: unknown[]) => void
-  debug: (code?: string, ...message: unknown[]) => void
-}
--- a/src/lib/logger.js
+++ b/src/lib/logger.js
@@ -1,34 +1,31 @@
-/** @type {import("./logger").LoggerInstance} */
+/** @type {import("types").LoggerInstance} */
 const _logger = {
-  error (code, ...message) {
+  error(code, ...message) {
    console.error(
      `[next-auth][error][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/errors#${code.toLowerCase()}`,
      ...message
    )
  },
-  warn (code, ...message) {
+  warn(code, ...message) {
    console.warn(
      `[next-auth][warn][${code.toLowerCase()}]`,
      `\nhttps://next-auth.js.org/warnings#${code.toLowerCase()}`,
      ...message
    )
  },
-  debug (code, ...message) {
+  debug(code, ...message) {
    if (!process?.env?._NEXTAUTH_DEBUG) return
-    console.log(
-      `[next-auth][debug][${code.toLowerCase()}]`,
-      ...message
-    )
-  }
+    console.log(`[next-auth][debug][${code.toLowerCase()}]`, ...message)
+  },
 }

 /**
 * Override the built-in logger.
 * Any `undefined` level will use the default logger.
- * @param {Partial<import("./logger").LoggerInstance>} newLogger
+ * @param {Partial<import("types").LoggerInstance>} newLogger
 */
-export function setLogger (newLogger = {}) {
+export function setLogger(newLogger = {}) {
  if (newLogger.error) _logger.error = newLogger.error
  if (newLogger.warn) _logger.warn = newLogger.warn
  if (newLogger.debug) _logger.debug = newLogger.debug
@@ -38,13 +35,13 @@ export default _logger

 /**
 * Serializes client-side log messages and sends them to the server
- * @param {import("./logger").LoggerInstance} logger
+ * @param {import("types").LoggerInstance} logger
 * @param {string} basePath
- * @return {import("./logger").LoggerInstance}
+ * @return {import("types").LoggerInstance}
 */
-export function proxyLogger (logger = _logger, basePath) {
+export function proxyLogger(logger = _logger, basePath) {
  try {
-    if (typeof window === 'undefined') {
+    if (typeof window === "undefined") {
      return logger
    }

@@ -57,21 +54,23 @@ export function proxyLogger (logger = _logger, basePath) {
        const body = new URLSearchParams({
          level,
          code,
-          message: JSON.stringify(message.map(m => {
-            if (m instanceof Error) {
-              // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
-              return { name: m.name, message: m.message, stack: m.stack }
-            }
-            return m
-          }))
+          message: JSON.stringify(
+            message.map((m) => {
+              if (m instanceof Error) {
+                // Serializing errors: https://iaincollins.medium.com/error-handling-in-javascript-a6172ccdf9af
+                return { name: m.name, message: m.message, stack: m.stack }
+              }
+              return m
+            })
+          ),
        })
        if (navigator.sendBeacon) {
          return navigator.sendBeacon(url, body)
        }
        return fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body,
        })
      }
    }
--- a/src/providers/apple.js
+++ b/src/providers/apple.js
@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Apple(options) {
  return {
-    id: 'apple',
-    name: 'Apple',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'name email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://appleid.apple.com/auth/token',
-    authorizationUrl: 'https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post',
+    id: "apple",
+    name: "Apple",
+    type: "oauth",
+    version: "2.0",
+    scope: "name email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://appleid.apple.com/auth/token",
+    authorizationUrl:
+      "https://appleid.apple.com/auth/authorize?response_type=code&id_token&response_mode=form_post",
    profileUrl: null,
    idToken: true,
-    profile: (profile) => {
+    profile(profile) {
      // The name of the user will only return on first login
      return {
        id: profile.sub,
-        name: profile.user != null ? profile.user.name.firstName + ' ' + profile.user.name.lastName : null,
-        email: profile.email
+        name:
+          profile.user != null
+            ? profile.user.name.firstName + " " + profile.user.name.lastName
+            : null,
+        email: profile.email,
      }
    },
    clientId: null,
    clientSecret: {
      teamId: null,
      privateKey: null,
-      keyId: null
+      keyId: null,
    },
-    protection: 'none', // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
-    ...options
+    protection: "none", // REVIEW: Apple does not support state, as far as I know. Can we use "pkce" then?
+    ...options,
  }
 }
--- a/src/providers/atlassian.js
+++ b/src/providers/atlassian.js
@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Atlassian(options) {
  return {
-    id: 'atlassian',
-    name: 'Atlassian',
-    type: 'oauth',
-    version: '2.0',
+    id: "atlassian",
+    name: "Atlassian",
+    type: "oauth",
+    version: "2.0",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
-    accessTokenUrl: 'https://auth.atlassian.com/oauth/token',
+    accessTokenUrl: "https://auth.atlassian.com/oauth/token",
    authorizationUrl:
-      'https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent',
-    profileUrl: 'https://api.atlassian.com/me',
-    profile: (profile) => {
+      "https://auth.atlassian.com/authorize?audience=api.atlassian.com&response_type=code&prompt=consent",
+    profileUrl: "https://api.atlassian.com/me",
+    profile(profile) {
      return {
        id: profile.account_id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/auth0.js
+++ b/src/providers/auth0.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Auth0(options) {
  return {
-    id: 'auth0',
-    name: 'Auth0',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    scope: 'openid email profile',
+    id: "auth0",
+    name: "Auth0",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    scope: "openid email profile",
    accessTokenUrl: `https://${options.domain}/oauth/token`,
    authorizationUrl: `https://${options.domain}/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.nickname,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/azure-ad-b2c.js
+++ b/src/providers/azure-ad-b2c.js
@@ -1,24 +1,24 @@
-export default (options) => {
-  const tenant = options.tenantId ? options.tenantId : 'common'
+export default function AzureADB2C(options) {
+  const tenant = options.tenantId ? options.tenantId : "common"

  return {
-    id: 'azure-ad-b2c',
-    name: 'Azure Active Directory B2C',
-    type: 'oauth',
-    version: '2.0',
+    id: "azure-ad-b2c",
+    name: "Azure Active Directory B2C",
+    type: "oauth",
+    version: "2.0",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
    accessTokenUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
    authorizationUrl: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize?response_type=code&response_mode=query`,
-    profileUrl: 'https://graph.microsoft.com/v1.0/me/',
-    profile: (profile) => {
+    profileUrl: "https://graph.microsoft.com/v1.0/me/",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.displayName,
-        email: profile.userPrincipalName
+        email: profile.userPrincipalName,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/basecamp.js
+++ b/src/providers/basecamp.js
@@ -1,20 +1,22 @@
-export default (options) => {
+export default function Basecamp(options) {
  return {
-    id: 'basecamp',
-    name: 'Basecamp',
-    type: 'oauth',
-    version: '2.0',
-    accessTokenUrl: 'https://launchpad.37signals.com/authorization/token?type=web_server',
-    authorizationUrl: 'https://launchpad.37signals.com/authorization/new?type=web_server',
-    profileUrl: 'https://launchpad.37signals.com/authorization.json',
-    profile: (profile) => {
+    id: "basecamp",
+    name: "Basecamp",
+    type: "oauth",
+    version: "2.0",
+    accessTokenUrl:
+      "https://launchpad.37signals.com/authorization/token?type=web_server",
+    authorizationUrl:
+      "https://launchpad.37signals.com/authorization/new?type=web_server",
+    profileUrl: "https://launchpad.37signals.com/authorization.json",
+    profile(profile) {
      return {
        id: profile.identity.id,
        name: `${profile.identity.first_name} ${profile.identity.last_name}`,
        email: profile.identity.email_address,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/battlenet.js
+++ b/src/providers/battlenet.js
@@ -1,29 +1,29 @@
-export default (options) => {
+export default function BattleNet(options) {
  const { region } = options
  return {
-    id: 'battlenet',
-    name: 'Battle.net',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "battlenet",
+    name: "Battle.net",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/token'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/token"
        : `https://${region}.battle.net/oauth/token`,
    authorizationUrl:
-      region === 'CN'
-        ? 'https://www.battlenet.com.cn/oauth/authorize?response_type=code'
+      region === "CN"
+        ? "https://www.battlenet.com.cn/oauth/authorize?response_type=code"
        : `https://${region}.battle.net/oauth/authorize?response_type=code`,
-    profileUrl: 'https://us.battle.net/oauth/userinfo',
-    profile: (profile) => {
+    profileUrl: "https://us.battle.net/oauth/userinfo",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.battletag,
        email: null,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/box.js
+++ b/src/providers/box.js
@@ -1,22 +1,23 @@
-export default (options) => {
+export default function Box(options) {
  return {
-    id: 'box',
-    name: 'Box',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.box.com/oauth2/token',
-    authorizationUrl: 'https://account.box.com/api/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.box.com/2.0/users/me',
-    profile: (profile) => {
+    id: "box",
+    name: "Box",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.box.com/oauth2/token",
+    authorizationUrl:
+      "https://account.box.com/api/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.box.com/2.0/users/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.login,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/bungie.js
+++ b/src/providers/bungie.js
@@ -1,30 +1,34 @@
-export default (options) => {
+export default function Bungie(options) {
  return {
-    id: 'bungie',
-    name: 'Bungie',
-    type: 'oauth',
-    version: '2.0',
-    scope: '',
-    params: { reauth: 'true', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    requestTokenUrl: 'https://www.bungie.net/platform/app/oauth/token/',
-    authorizationUrl: 'https://www.bungie.net/en/OAuth/Authorize?response_type=code',
-    profileUrl: 'https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/',
-    profile: (profile) => {
+    id: "bungie",
+    name: "Bungie",
+    type: "oauth",
+    version: "2.0",
+    scope: "",
+    params: { reauth: "true", grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    requestTokenUrl: "https://www.bungie.net/platform/app/oauth/token/",
+    authorizationUrl:
+      "https://www.bungie.net/en/OAuth/Authorize?response_type=code",
+    profileUrl:
+      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
+    profile(profile) {
      const { bungieNetUser: user } = profile.Response

      return {
        id: user.membershipId,
        name: user.displayName,
-        image: `https://www.bungie.net${user.profilePicturePath.startsWith('/') ? '' : '/'}${user.profilePicturePath}`,
-        email: null
+        image: `https://www.bungie.net${
+          user.profilePicturePath.startsWith("/") ? "" : "/"
+        }${user.profilePicturePath}`,
+        email: null,
      }
    },
    headers: {
-      'X-API-Key': null
+      "X-API-Key": null,
    },
    clientId: null,
    clientSecret: null,
-    ...options
+    ...options,
  }
 }
--- a/src/providers/cognito.js
+++ b/src/providers/cognito.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Cognito(options) {
  const { domain } = options
  return {
-    id: 'cognito',
-    name: 'Cognito',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "cognito",
+    name: "Cognito",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${domain}/oauth2/token`,
    authorizationUrl: `https://${domain}/oauth2/authorize?response_type=code`,
    profileUrl: `https://${domain}/oauth2/userInfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.username,
        email: profile.email,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/credentials.js
+++ b/src/providers/credentials.js
@@ -1,10 +1,10 @@
-export default (options) => {
+export default function Credentials(options) {
  return {
-    id: 'credentials',
-    name: 'Credentials',
-    type: 'credentials',
+    id: "credentials",
+    name: "Credentials",
+    type: "credentials",
    authorize: null,
    credentials: null,
-    ...options
+    ...options,
  }
 }
--- a/src/providers/discord.js
+++ b/src/providers/discord.js
@@ -1,29 +1,30 @@
-export default (options) => {
+export default function Discord(options) {
  return {
-    id: 'discord',
-    name: 'Discord',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identify email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://discord.com/api/oauth2/token',
-    authorizationUrl: 'https://discord.com/api/oauth2/authorize?response_type=code&prompt=none',
-    profileUrl: 'https://discord.com/api/users/@me',
-    profile: (profile) => {
+    id: "discord",
+    name: "Discord",
+    type: "oauth",
+    version: "2.0",
+    scope: "identify email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://discord.com/api/oauth2/token",
+    authorizationUrl:
+      "https://discord.com/api/oauth2/authorize?response_type=code&prompt=none",
+    profileUrl: "https://discord.com/api/users/@me",
+    profile(profile) {
      if (profile.avatar === null) {
        const defaultAvatarNumber = parseInt(profile.discriminator) % 5
        profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`
      } else {
-        const format = profile.premium_type === 1 || profile.premium_type === 2 ? 'gif' : 'png'
+        const format = profile.avatar.startsWith("a_") ? "gif" : "png"
        profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
      }
      return {
        id: profile.id,
        name: profile.username,
        image: profile.image_url,
-        email: profile.email
+        email: profile.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/email.js
+++ b/src/providers/email.js
@@ -1,48 +1,54 @@
-import nodemailer from 'nodemailer'
-import logger from '../lib/logger'
+import nodemailer from "nodemailer"
+import logger from "../lib/logger"

-export default (options) => {
+export default function Email(options) {
  return {
-    id: 'email',
-    type: 'email',
-    name: 'Email',
+    id: "email",
+    type: "email",
+    name: "Email",
    // Server can be an SMTP connection string or a nodemailer config object
    server: {
-      host: 'localhost',
+      host: "localhost",
      port: 25,
      auth: {
-        user: '',
-        pass: ''
-      }
+        user: "",
+        pass: "",
+      },
    },
-    from: 'NextAuth <no-reply@example.com>',
-    maxAge: 24 * 60 * 60, // How long email links are valid for (default 24h)
+    from: "NextAuth <no-reply@example.com>",
+    maxAge: 24 * 60 * 60,
    sendVerificationRequest,
-    ...options
+    ...options,
  }
 }

-const sendVerificationRequest = ({ identifier: email, url, baseUrl, provider }) => {
+const sendVerificationRequest = ({
+  identifier: email,
+  url,
+  baseUrl,
+  provider,
+}) => {
  return new Promise((resolve, reject) => {
    const { server, from } = provider
    // Strip protocol from URL and use domain as site name
-    const site = baseUrl.replace(/^https?:\/\//, '')
+    const site = baseUrl.replace(/^https?:\/\//, "")

-    nodemailer
-      .createTransport(server)
-      .sendMail({
+    nodemailer.createTransport(server).sendMail(
+      {
        to: email,
        from,
        subject: `Sign in to ${site}`,
        text: text({ url, site, email }),
-        html: html({ url, site, email })
-      }, (error) => {
+        html: html({ url, site, email }),
+      },
+      (error) => {
        if (error) {
-          logger.error('SEND_VERIFICATION_EMAIL_ERROR', email, error)
-          return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
+          logger.error("SEND_VERIFICATION_EMAIL_ERROR", email, error)
+          return reject(new Error("SEND_VERIFICATION_EMAIL_ERROR", error))
        }
        return resolve()
-      })
+      }
+    )
  })
 }

@@ -52,16 +58,16 @@ const html = ({ url, site, email }) => {
  // email address and the domain from being turned into a hyperlink by email
  // clients like Outlook and Apple mail, as this is confusing because it seems
  // like they are supposed to click on their email address to sign in.
-  const escapedEmail = `${email.replace(/\./g, '&#8203;.')}`
-  const escapedSite = `${site.replace(/\./g, '&#8203;.')}`
+  const escapedEmail = `${email.replace(/\./g, "&#8203;.")}`
+  const escapedSite = `${site.replace(/\./g, "&#8203;.")}`

  // Some simple styling options
-  const backgroundColor = '#f9f9f9'
-  const textColor = '#444444'
-  const mainBackgroundColor = '#ffffff'
-  const buttonBackgroundColor = '#346df1'
-  const buttonBorderColor = '#346df1'
-  const buttonTextColor = '#ffffff'
+  const backgroundColor = "#f9f9f9"
+  const textColor = "#444444"
+  const mainBackgroundColor = "#ffffff"
+  const buttonBackgroundColor = "#346df1"
+  const buttonBorderColor = "#346df1"
+  const buttonTextColor = "#ffffff"

  return `
 <body style="background: ${backgroundColor};">
--- a/src/providers/eveonline.js
+++ b/src/providers/eveonline.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function EVEOnline(options) {
  return {
-    id: 'eveonline',
-    name: 'EVE Online',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.eveonline.com/oauth/token',
-    authorizationUrl: 'https://login.eveonline.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://login.eveonline.com/oauth/verify',
-    profile: (profile) => {
+    id: "eveonline",
+    name: "EVE Online",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.eveonline.com/oauth/token",
+    authorizationUrl:
+      "https://login.eveonline.com/oauth/authorize?response_type=code",
+    profileUrl: "https://login.eveonline.com/oauth/verify",
+    profile(profile) {
      return {
        id: profile.CharacterID,
        name: profile.CharacterName,
        image: `https://image.eveonline.com/Character/${profile.CharacterID}_128.jpg`,
-        email: null
+        email: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/facebook.js
+++ b/src/providers/facebook.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Facebook(options) {
  return {
-    id: 'facebook',
-    name: 'Facebook',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
-    accessTokenUrl: 'https://graph.facebook.com/oauth/access_token',
-    authorizationUrl: 'https://www.facebook.com/v7.0/dialog/oauth?response_type=code',
-    profileUrl: 'https://graph.facebook.com/me?fields=email,name,picture',
-    profile: (profile) => {
+    id: "facebook",
+    name: "Facebook",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
+    accessTokenUrl: "https://graph.facebook.com/oauth/access_token",
+    authorizationUrl:
+      "https://www.facebook.com/v7.0/dialog/oauth?response_type=code",
+    profileUrl: "https://graph.facebook.com/me?fields=email,name,picture",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture.data.url
+        image: profile.picture.data.url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/faceit.js
+++ b/src/providers/faceit.js
@@ -0,0 +1,28 @@
+export default function FACEIT(options) {
+  return {
+    id: "faceit",
+    name: "FACEIT",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    headers: {
+      Authorization: `Basic ${Buffer.from(
+        `${options.clientId}:${options.clientSecret}`
+      ).toString("base64")}`,
+    },
+    accessTokenUrl: "https://api.faceit.com/auth/v1/oauth/token",
+    authorizationUrl:
+      "https://accounts.faceit.com/accounts?redirect_popup=true&response_type=code",
+    profileUrl: "https://api.faceit.com/auth/v1/resources/userinfo",
+    profile(profile) {
+      const { guid: id, nickname: name, email, picture: image } = profile
+      return {
+        id,
+        name,
+        email,
+        image,
+      }
+    },
+    ...options,
+  }
+}
--- a/src/providers/foursquare.js
+++ b/src/providers/foursquare.js
@@ -1,22 +1,23 @@
-export default ({ apiVersion, ...options }) => {
+export default function Foursquare(options) {
+  const { apiVersion } = options
  return {
-    id: 'foursquare',
-    name: 'Foursquare',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://foursquare.com/oauth2/access_token',
+    id: "foursquare",
+    name: "Foursquare",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://foursquare.com/oauth2/access_token",
    authorizationUrl:
-      'https://foursquare.com/oauth2/authenticate?response_type=code',
+      "https://foursquare.com/oauth2/authenticate?response_type=code",
    profileUrl: `https://api.foursquare.com/v2/users/self?v=${apiVersion}`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.id,
        name: `${profile.firstName} ${profile.lastName}`,
        image: `${profile.prefix}original${profile.suffix}`,
-        email: profile.contact.email
+        email: profile.contact.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/fusionauth.js
+++ b/src/providers/fusionauth.js
@@ -1,27 +1,27 @@
-export default (options) => {
+export default function FusionAuth(options) {
  let authorizationUrl = `https://${options.domain}/oauth2/authorize?response_type=code`
  if (options.tenantId) {
    authorizationUrl += `&tenantId=${options.tenantId}`
  }

  return {
-    id: 'fusionauth',
-    name: 'FusionAuth',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid',
-    params: { grant_type: 'authorization_code' },
+    id: "fusionauth",
+    name: "FusionAuth",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${options.domain}/oauth2/token`,
    authorizationUrl,
    profileUrl: `https://${options.domain}/oauth2/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return {
        id: profile.sub,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/github.js
+++ b/src/providers/github.js
@@ -1,21 +1,21 @@
-export default (options) => {
+export default function GitHub(options) {
  return {
-    id: 'github',
-    name: 'GitHub',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user',
-    accessTokenUrl: 'https://github.com/login/oauth/access_token',
-    authorizationUrl: 'https://github.com/login/oauth/authorize',
-    profileUrl: 'https://api.github.com/user',
-    profile: (profile) => {
+    id: "github",
+    name: "GitHub",
+    type: "oauth",
+    version: "2.0",
+    scope: "user",
+    accessTokenUrl: "https://github.com/login/oauth/access_token",
+    authorizationUrl: "https://github.com/login/oauth/authorize",
+    profileUrl: "https://api.github.com/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name || profile.login,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/gitlab.js
+++ b/src/providers/gitlab.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function GitLab(options) {
  return {
-    id: 'gitlab',
-    name: 'GitLab',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read_user',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://gitlab.com/oauth/token',
-    authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
-    profileUrl: 'https://gitlab.com/api/v4/user',
-    profile: (profile) => {
+    id: "gitlab",
+    name: "GitLab",
+    type: "oauth",
+    version: "2.0",
+    scope: "read_user",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://gitlab.com/oauth/token",
+    authorizationUrl: "https://gitlab.com/oauth/authorize?response_type=code",
+    profileUrl: "https://gitlab.com/api/v4/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.username,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/google.js
+++ b/src/providers/google.js
@@ -1,23 +1,25 @@
-export default (options) => {
+export default function Google(options) {
  return {
-    id: 'google',
-    name: 'Google',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.google.com/o/oauth2/token',
-    requestTokenUrl: 'https://accounts.google.com/o/oauth2/auth',
-    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth?response_type=code',
-    profileUrl: 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json',
-    profile: (profile) => {
+    id: "google",
+    name: "Google",
+    type: "oauth",
+    version: "2.0",
+    scope:
+      "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.google.com/o/oauth2/token",
+    requestTokenUrl: "https://accounts.google.com/o/oauth2/auth",
+    authorizationUrl:
+      "https://accounts.google.com/o/oauth2/auth?response_type=code",
+    profileUrl: "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/identity-server4.js
+++ b/src/providers/identity-server4.js
@@ -1,17 +1,17 @@
-export default (options) => {
+export default function IdentityServer4(options) {
  return {
-    id: 'identity-server4',
-    name: 'IdentityServer4',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
-    params: { grant_type: 'authorization_code' },
+    id: "identity-server4",
+    name: "IdentityServer4",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
+    params: { grant_type: "authorization_code" },
    accessTokenUrl: `https://${options.domain}/connect/token`,
    authorizationUrl: `https://${options.domain}/connect/authorize?response_type=code`,
    profileUrl: `https://${options.domain}/connect/userinfo`,
-    profile: (profile) => {
+    profile(profile) {
      return { ...profile, id: profile.sub }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/index.js
+++ b/src/providers/index.js
@@ -1,73 +0,0 @@
-import Apple from './apple'
-import Atlassian from './atlassian'
-import Auth0 from './auth0'
-import AzureADB2C from './azure-ad-b2c'
-import Basecamp from './basecamp'
-import BattleNet from './battlenet'
-import Box from './box'
-import Bungie from './bungie'
-import Cognito from './cognito'
-import Credentials from './credentials'
-import Discord from './discord'
-import Email from './email'
-import EVEOnline from './eveonline'
-import Facebook from './facebook'
-import Foursquare from './foursquare'
-import FusionAuth from './fusionauth'
-import GitHub from './github'
-import GitLab from './gitlab'
-import Google from './google'
-import IdentityServer4 from './identity-server4'
-import LINE from './line'
-import LinkedIn from './linkedin'
-import MailRu from './mailru'
-import Medium from './medium'
-import Netlify from './netlify'
-import Okta from './okta'
-import Reddit from './reddit'
-import Salesforce from './salesforce'
-import Slack from './slack'
-import Spotify from './spotify'
-import Strava from './strava'
-import Twitch from './twitch'
-import Twitter from './twitter'
-import VK from './vk'
-import Yandex from './yandex'
-
-export default {
-  Apple,
-  Atlassian,
-  Auth0,
-  AzureADB2C,
-  Basecamp,
-  BattleNet,
-  Box,
-  Bungie,
-  Cognito,
-  Credentials,
-  Discord,
-  Email,
-  EVEOnline,
-  Facebook,
-  Foursquare,
-  FusionAuth,
-  GitHub,
-  GitLab,
-  Google,
-  IdentityServer4,
-  LINE,
-  LinkedIn,
-  MailRu,
-  Medium,
-  Netlify,
-  Okta,
-  Reddit,
-  Salesforce,
-  Slack,
-  Spotify,
-  Strava,
-  Twitch,
-  Twitter,
-  VK,
-  Yandex
-}
--- a/src/providers/instagram.js
+++ b/src/providers/instagram.js
@@ -0,0 +1,50 @@
+/**
+ * @type {import("types/providers").OAuthProvider} options
+ * @example
+ *
+ * ```js
+ * // pages/api/auth/[...nextauth].js
+ * import Providers from `next-auth/providers`
+ * ...
+ * providers: [
+ *   Providers.Instagram({
+ *     clientId: process.env.INSTAGRAM_CLIENT_ID,
+ *     clientSecret: process.env.INSTAGRAM_CLIENT_SECRET
+ *   })
+ * ]
+ * ...
+ *
+ * // pages/index
+ * import { signIn } from "next-auth/client"
+ * ...
+ * <button onClick={() => signIn("instagram")}>
+ *   Sign in
+ * </button>
+ * ...
+ * ```
+ * [NextAuth.js Documentation](https://next-auth.js.org/providers/instagram) | [Instagram Documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started) | [Configuration](https://developers.facebook.com/apps)
+ */
+export default function Instagram(options) {
+  return {
+    id: "instagram",
+    name: "Instagram",
+    type: "oauth",
+    version: "2.0",
+    scope: "user_profile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.instagram.com/oauth/access_token",
+    authorizationUrl:
+      "https://api.instagram.com/oauth/authorize?response_type=code",
+    profileUrl:
+      "https://graph.instagram.com/me?fields=id,username,account_type,name",
+    async profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.username,
+        email: null,
+        image: null,
+      }
+    },
+    ...options,
+  }
+}
--- a/src/providers/kakao.js
+++ b/src/providers/kakao.js
@@ -0,0 +1,22 @@
+export default function Kakao(options) {
+  return {
+    id: "kakao",
+    name: "Kakao",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://kauth.kakao.com/oauth/token",
+    authorizationUrl:
+      "https://kauth.kakao.com/oauth/authorize?response_type=code",
+    profileUrl: "https://kapi.kakao.com/v2/user/me",
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.kakao_account?.profile.nickname,
+        email: profile.kakao_account?.email,
+        image: profile.kakao_account?.profile.profile_image_url,
+      }
+    },
+    ...options,
+  }
+}
--- a/src/providers/line.js
+++ b/src/providers/line.js
@@ -1,22 +1,23 @@
-export default (options) => {
+export default function LINE(options) {
  return {
-    id: 'line',
-    name: 'LINE',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'profile openid',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.line.me/oauth2/v2.1/token',
-    authorizationUrl: 'https://access.line.me/oauth2/v2.1/authorize?response_type=code',
-    profileUrl: 'https://api.line.me/v2/profile',
-    profile: (profile) => {
+    id: "line",
+    name: "LINE",
+    type: "oauth",
+    version: "2.0",
+    scope: "profile openid",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.line.me/oauth2/v2.1/token",
+    authorizationUrl:
+      "https://access.line.me/oauth2/v2.1/authorize?response_type=code",
+    profileUrl: "https://api.line.me/v2/profile",
+    profile(profile) {
      return {
        id: profile.userId,
        name: profile.displayName,
        email: null,
-        image: profile.pictureUrl
+        image: profile.pictureUrl,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/linkedin.js
+++ b/src/providers/linkedin.js
@@ -1,26 +1,28 @@
-export default (options) => {
+export default function LinkedIn(options) {
  return {
-    id: 'linkedin',
-    name: 'LinkedIn',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'r_liteprofile',
+    id: "linkedin",
+    name: "LinkedIn",
+    type: "oauth",
+    version: "2.0",
+    scope: "r_liteprofile",
    params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
      client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
    },
-    accessTokenUrl: 'https://www.linkedin.com/oauth/v2/accessToken',
-    authorizationUrl: 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
-    profileUrl: 'https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)',
-    profile: (profile) => {
+    accessTokenUrl: "https://www.linkedin.com/oauth/v2/accessToken",
+    authorizationUrl:
+      "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
+    profileUrl:
+      "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName)",
+    profile(profile) {
      return {
        id: profile.id,
-        name: profile.localizedFirstName + ' ' + profile.localizedLastName,
+        name: profile.localizedFirstName + " " + profile.localizedLastName,
        email: null,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/mailchimp.js
+++ b/src/providers/mailchimp.js
@@ -0,0 +1,22 @@
+export default function Mailchimp(options) {
+  return {
+    id: 'mailchimp',
+    name: 'Mailchimp',
+    type: 'oauth',
+    version: '2.0',
+    scope: '',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: 'https://login.mailchimp.com/oauth2/token',
+    authorizationUrl: 'https://login.mailchimp.com/oauth2/authorize?response_type=code',
+    profileUrl: 'https://login.mailchimp.com/oauth2/metadata',
+    profile: (profile) => {
+      return {
+        id: profile.login.login_id,
+        name: profile.accountname,
+        email: profile.login.email,
+        image: null
+      }
+    },
+    ...options
+  }
+}
--- a/src/providers/mailru.js
+++ b/src/providers/mailru.js
@@ -1,25 +1,25 @@
-export default (options) => {
+export default function MailRu(options) {
  return {
-    id: 'mailru',
-    name: 'Mail.ru',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'userinfo',
+    id: "mailru",
+    name: "Mail.ru",
+    type: "oauth",
+    version: "2.0",
+    scope: "userinfo",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
-    accessTokenUrl: 'https://oauth.mail.ru/token',
-    requestTokenUrl: 'https://oauth.mail.ru/token',
-    authorizationUrl: 'https://oauth.mail.ru/login?response_type=code',
-    profileUrl: 'https://oauth.mail.ru/userinfo',
-    profile: (profile) => {
+    accessTokenUrl: "https://oauth.mail.ru/token",
+    requestTokenUrl: "https://oauth.mail.ru/token",
+    authorizationUrl: "https://oauth.mail.ru/login?response_type=code",
+    profileUrl: "https://oauth.mail.ru/userinfo",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        email: profile.email,
-        image: profile.image
+        image: profile.image,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/medium.js
+++ b/src/providers/medium.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Medium(options) {
  return {
-    id: 'medium',
-    name: 'Medium',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'basicProfile',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.medium.com/v1/tokens',
-    authorizationUrl: 'https://medium.com/m/oauth/authorize?response_type=code',
-    profileUrl: 'https://api.medium.com/v1/me',
-    profile: (profile) => {
+    id: "medium",
+    name: "Medium",
+    type: "oauth",
+    version: "2.0",
+    scope: "basicProfile",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.medium.com/v1/tokens",
+    authorizationUrl: "https://medium.com/m/oauth/authorize?response_type=code",
+    profileUrl: "https://api.medium.com/v1/me",
+    profile(profile) {
      return {
        id: profile.data.id,
        name: profile.data.name,
        email: null,
-        image: profile.data.imageUrl
+        image: profile.data.imageUrl,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/netlify.js
+++ b/src/providers/netlify.js
@@ -1,21 +1,21 @@
-export default (options) => {
+export default function Netlify(options) {
  return {
-    id: 'netlify',
-    name: 'Netlify',
-    type: 'oauth',
-    version: '2.0',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://api.netlify.com/oauth/token',
-    authorizationUrl: 'https://app.netlify.com/authorize?response_type=code',
-    profileUrl: 'https://api.netlify.com/api/v1/user',
-    profile: (profile) => {
+    id: "netlify",
+    name: "Netlify",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://api.netlify.com/oauth/token",
+    authorizationUrl: "https://app.netlify.com/authorize?response_type=code",
+    profileUrl: "https://api.netlify.com/api/v1/user",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.full_name,
        email: profile.email,
-        image: profile.avatar_url
+        image: profile.avatar_url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/okta.js
+++ b/src/providers/okta.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Okta(options) {
  return {
-    id: 'okta',
-    name: 'Okta',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'openid profile email',
+    id: "okta",
+    name: "Okta",
+    type: "oauth",
+    version: "2.0",
+    scope: "openid profile email",
    params: {
-      grant_type: 'authorization_code',
+      grant_type: "authorization_code",
      client_id: options.clientId,
-      client_secret: options.clientSecret
+      client_secret: options.clientSecret,
    },
    // These will be different depending on the Org.
    accessTokenUrl: `https://${options.domain}/v1/token`,
    authorizationUrl: `https://${options.domain}/v1/authorize/?response_type=code`,
    profileUrl: `https://${options.domain}/v1/userinfo/`,
-    profile: (profile) => {
+    profile(profile) {
      return { ...profile, id: profile.sub }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/osso.js
+++ b/src/providers/osso.js
@@ -0,0 +1,20 @@
+export default function Osso(options) {
+  return {
+    id: "osso",
+    name: "SAML SSO",
+    type: "oauth",
+    version: "2.0",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: `https://${options.domain}/oauth/token`,
+    authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
+    profileUrl: `https://${options.domain}/oauth/me`,
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.name || profile.email,
+        email: profile.email,
+      }
+    },
+    ...options,
+  }
+}
--- a/src/providers/reddit.js
+++ b/src/providers/reddit.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Reddit(options) {
  return {
-    id: 'reddit',
-    name: 'Reddit',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'identity',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: ' https://www.reddit.com/api/v1/access_token',
+    id: "reddit",
+    name: "Reddit",
+    type: "oauth",
+    version: "2.0",
+    scope: "identity",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: " https://www.reddit.com/api/v1/access_token",
    authorizationUrl:
-      'https://www.reddit.com/api/v1/authorize?response_type=code',
-    profileUrl: 'https://oauth.reddit.com/api/v1/me',
-    profile: (profile) => {
+      "https://www.reddit.com/api/v1/authorize?response_type=code",
+    profileUrl: "https://oauth.reddit.com/api/v1/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.name,
        image: null,
-        email: null
+        email: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/salesforce.js
+++ b/src/providers/salesforce.js
@@ -1,21 +1,22 @@
-export default (options) => {
+export default function Salesforce(options) {
  return {
-    id: 'salesforce',
-    name: 'Salesforce',
-    type: 'oauth',
-    version: '2.0',
-    params: { display: 'page', grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://login.salesforce.com/services/oauth2/token',
-    authorizationUrl: 'https://login.salesforce.com/services/oauth2/authorize?response_type=code',
-    profileUrl: 'https://login.salesforce.com/services/oauth2/userinfo',
-    protection: 'none', // REVIEW: Can we use "pkce" ?
-    profile: (profile) => {
+    id: "salesforce",
+    name: "Salesforce",
+    type: "oauth",
+    version: "2.0",
+    params: { display: "page", grant_type: "authorization_code" },
+    accessTokenUrl: "https://login.salesforce.com/services/oauth2/token",
+    authorizationUrl:
+      "https://login.salesforce.com/services/oauth2/authorize?response_type=code",
+    profileUrl: "https://login.salesforce.com/services/oauth2/userinfo",
+    protection: "none",
+    profile(profile) {
      return {
        ...profile,
        id: profile.user_id,
-        image: profile.picture
+        image: profile.picture,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/slack.js
+++ b/src/providers/slack.js
@@ -1,24 +1,26 @@
-export default (options) => {
+export default function Slack(options) {
  return {
-    id: 'slack',
-    name: 'Slack',
-    type: 'oauth',
-    version: '2.0',
+    id: "slack",
+    name: "Slack",
+    type: "oauth",
+    version: "2.0",
    scope: [],
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
-    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
-    authorizationParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
-    profileUrl: 'https://slack.com/api/users.identity',
-    profile: (profile) => {
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://slack.com/api/oauth.v2.access",
+    authorizationUrl: "https://slack.com/oauth/v2/authorize",
+    authorizationParams: {
+      user_scope: "identity.basic,identity.email,identity.avatar",
+    },
+    profileUrl: "https://slack.com/api/users.identity",
+    profile(profile) {
      const { user } = profile
      return {
        id: user.id,
        name: user.name,
        image: user.image_512,
-        email: user.email
+        email: user.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/spotify.js
+++ b/src/providers/spotify.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Spotify(options) {
  return {
-    id: 'spotify',
-    name: 'Spotify',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user-read-email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://accounts.spotify.com/api/token',
+    id: "spotify",
+    name: "Spotify",
+    type: "oauth",
+    version: "2.0",
+    scope: "user-read-email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.spotify.com/api/token",
    authorizationUrl:
-      'https://accounts.spotify.com/authorize?response_type=code',
-    profileUrl: 'https://api.spotify.com/v1/me',
-    profile: (profile) => {
+      "https://accounts.spotify.com/authorize?response_type=code",
+    profileUrl: "https://api.spotify.com/v1/me",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.display_name,
        email: profile.email,
-        image: profile.images?.[0]?.url
+        image: profile.images?.[0]?.url,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/strava.js
+++ b/src/providers/strava.js
@@ -1,22 +1,22 @@
-export default (options) => {
+export default function Strava(options) {
  return {
-    id: 'strava',
-    name: 'Strava',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'read',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://www.strava.com/api/v3/oauth/token',
+    id: "strava",
+    name: "Strava",
+    type: "oauth",
+    version: "2.0",
+    scope: "read",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://www.strava.com/api/v3/oauth/token",
    authorizationUrl:
-      'https://www.strava.com/api/v3/oauth/authorize?response_type=code',
-    profileUrl: 'https://www.strava.com/api/v3/athlete',
-    profile: (profile) => {
+      "https://www.strava.com/api/v3/oauth/authorize?response_type=code",
+    profileUrl: "https://www.strava.com/api/v3/athlete",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.firstname,
-        image: profile.profile
+        image: profile.profile,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/twitch.js
+++ b/src/providers/twitch.js
@@ -1,24 +1,24 @@
-export default (options) => {
+export default function Twitch(options) {
  return {
-    id: 'twitch',
-    name: 'Twitch',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'user:read:email',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://id.twitch.tv/oauth2/token',
+    id: "twitch",
+    name: "Twitch",
+    type: "oauth",
+    version: "2.0",
+    scope: "user:read:email",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://id.twitch.tv/oauth2/token",
    authorizationUrl:
-      'https://id.twitch.tv/oauth2/authorize?response_type=code',
-    profileUrl: 'https://api.twitch.tv/helix/users',
-    profile: (profile) => {
+      "https://id.twitch.tv/oauth2/authorize?response_type=code",
+    profileUrl: "https://api.twitch.tv/helix/users",
+    profile(profile) {
      const data = profile.data[0]
      return {
        id: data.id,
        name: data.display_name,
        image: data.profile_image_url,
-        email: data.email
+        email: data.email,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/twitter.js
+++ b/src/providers/twitter.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Twitter(options) {
  return {
-    id: 'twitter',
-    name: 'Twitter',
-    type: 'oauth',
-    version: '1.0A',
-    scope: '',
-    accessTokenUrl: 'https://api.twitter.com/oauth/access_token',
-    requestTokenUrl: 'https://api.twitter.com/oauth/request_token',
-    authorizationUrl: 'https://api.twitter.com/oauth/authenticate',
+    id: "twitter",
+    name: "Twitter",
+    type: "oauth",
+    version: "1.0A",
+    scope: "",
+    accessTokenUrl: "https://api.twitter.com/oauth/access_token",
+    requestTokenUrl: "https://api.twitter.com/oauth/request_token",
+    authorizationUrl: "https://api.twitter.com/oauth/authenticate",
    profileUrl:
-      'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
-    profile: (profile) => {
+      "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
+    profile(profile) {
      return {
        id: profile.id_str,
        name: profile.name,
        email: profile.email,
-        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, '.jpg')
+        image: profile.profile_image_url_https.replace(/_normal\.jpg$/, ".jpg"),
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/vk.js
+++ b/src/providers/vk.js
@@ -1,30 +1,29 @@
-export default (options) => {
-  const apiVersion = '5.126' // https://vk.com/dev/versions
+export default function VK(options) {
+  const apiVersion = "5.126" // https://vk.com/dev/versions

  return {
-    id: 'vk',
-    name: 'VK',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'email',
+    id: "vk",
+    name: "VK",
+    type: "oauth",
+    version: "2.0",
+    scope: "email",
    params: {
-      grant_type: 'authorization_code'
+      grant_type: "authorization_code",
    },
    accessTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
    requestTokenUrl: `https://oauth.vk.com/access_token?v=${apiVersion}`,
-    authorizationUrl:
-      `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
+    authorizationUrl: `https://oauth.vk.com/authorize?response_type=code&v=${apiVersion}`,
    profileUrl: `https://api.vk.com/method/users.get?fields=photo_100&v=${apiVersion}`,
    profile: (result) => {
      const profile = result.response?.[0] ?? {}

      return {
        id: profile.id,
-        name: [profile.first_name, profile.last_name].filter(Boolean).join(' '),
+        name: [profile.first_name, profile.last_name].filter(Boolean).join(" "),
        email: profile.email,
-        image: profile.photo_100
+        image: profile.photo_100,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/yandex.js
+++ b/src/providers/yandex.js
@@ -1,23 +1,23 @@
-export default (options) => {
+export default function Yandex(options) {
  return {
-    id: 'yandex',
-    name: 'Yandex',
-    type: 'oauth',
-    version: '2.0',
-    scope: 'login:email login:info',
-    params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://oauth.yandex.ru/token',
-    requestTokenUrl: 'https://oauth.yandex.ru/token',
-    authorizationUrl: 'https://oauth.yandex.ru/authorize?response_type=code',
-    profileUrl: 'https://login.yandex.ru/info?format=json',
-    profile: (profile) => {
+    id: "yandex",
+    name: "Yandex",
+    type: "oauth",
+    version: "2.0",
+    scope: "login:email login:info",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://oauth.yandex.ru/token",
+    requestTokenUrl: "https://oauth.yandex.ru/token",
+    authorizationUrl: "https://oauth.yandex.ru/authorize?response_type=code",
+    profileUrl: "https://login.yandex.ru/info?format=json",
+    profile(profile) {
      return {
        id: profile.id,
        name: profile.real_name,
        email: profile.default_email,
-        image: null
+        image: null,
      }
    },
-    ...options
+    ...options,
  }
 }
--- a/src/providers/zoho.js
+++ b/src/providers/zoho.js
@@ -0,0 +1,23 @@
+export default function Zoho(options) {
+  return {
+    id: "zoho",
+    name: "Zoho",
+    type: "oauth",
+    version: "2.0",
+    scope: "AaaServer.profile.Read",
+    params: { grant_type: "authorization_code" },
+    accessTokenUrl: "https://accounts.zoho.com/oauth/v2/token",
+    authorizationUrl:
+      "https://accounts.zoho.com/oauth/v2/auth?response_type=code",
+    profileUrl: "https://accounts.zoho.com/oauth/user/info",
+    profile(profile) {
+      return {
+        id: profile.ZUID,
+        name: `${profile.First_Name} ${profile.Last_Name}`,
+        email: profile.Email,
+        image: null,
+      }
+    },
+    ...options,
+  }
+}
--- a/src/server/index.d.ts
+++ b/src/server/index.d.ts
@@ -1,94 +0,0 @@
-import { NextApiHandler, NextApiRequest, NextApiResponse } from 'next'
-import { LoggerInstance } from 'src/lib/logger'
-import { CallbacksOptions } from './lib/callbacks'
-import { CookiesOptions } from './lib/cookie'
-import { EventsOptions } from './lib/events'
-
-export interface Provider {
-  id: string
-  name: string
-  type: string
-  version: string
-  params: Record<string, unknown>
-  scope: string
-  accessTokenUrl: string
-  authorizationUrl: string
-  profileUrl?: string
-  grant_type?: string
-  profile?: (profile: any) => Promise<any>
-}
-
-/** @docs https://next-auth.js.org/configuration/options */
-export interface NextAuthOptions {
-  /** @docs https://next-auth.js.org/configuration/options#theme */
-  theme?: 'auto' | 'dark' | 'light'
-  /** @docs https://next-auth.js.org/configuration/options#providers */
-  providers: Provider[]
-  /** @docs https://next-auth.js.org/configuration/options#database */
-  database?: any
-  /** @docs https://next-auth.js.org/configuration/options#secret */
-  secret?: any
-  /** @docs https://next-auth.js.org/configuration/options#session */
-  session?: any
-  /** @docs https://next-auth.js.org/configuration/options#jwt */
-  jwt?: any
-  /** @docs https://next-auth.js.org/configuration/options#pages */
-  pages?: {
-    signIn?: string
-    signOut?: string
-    /** Error code passed in query string as ?error= */
-    error?: string
-    verifyRequest?: string
-    /** If set, new users will be directed here on first sign in */
-    newUser?: string
-  }
-  /**
-   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
-   * Callbacks are extremely powerful, especially in scenarios involving JSON Web Tokens as
-   * they allow you to implement access controls without a database and
-   * to integrate with external databases or APIs.
-   * @docs https://next-auth.js.org/configuration/options#callbacks
-   */
-  callbacks?: CallbacksOptions
-  /** @docs https://next-auth.js.org/configuration/options#events */
-  events?: EventsOptions
-  /** @docs https://next-auth.js.org/configuration/options#adapter */
-  adapter?: any
-  /** @docs https://next-auth.js.org/configuration/options#debug */
-  debug?: boolean
-  /** @docs https://next-auth.js.org/configuration/options#usesecurecookies */
-  useSecureCookies?: boolean
-  /** @docs https://next-auth.js.org/configuration/options#cookies */
-  cookies?: CookiesOptions
-  /** @docs https://next-auth.js.org/configuration/options#logger */
-  logger: LoggerInstance
-}
-
-/** Options that are the same both in internal and user provided options. */
-export type NextAuthSharedOptions = 'pages' | 'jwt' | 'events' | 'callbacks' | 'cookies' | 'secret' | 'adapter' | 'theme' | 'debug' | 'logger'
-
-export interface NextAuthInternalOptions extends Pick<NextAuthOptions, NextAuthSharedOptions> {
-  pkce?: {
-    code_verifier?: string
-    /**
-     * Could be `"plain"`, but not recommended.
-     * We ignore it for now.
-     * @spec https://tools.ietf.org/html/rfc7636#section-4.2.
-     */
-    code_challenge_method?: 'S256'
-  }
-  provider?: Provider
-  baseUrl?: string
-  basePath?: string
-  action?: string
-  csrfToken?: string
-}
-
-export interface NextAuthRequest extends NextApiRequest {
-  options: NextAuthInternalOptions
-}
-
-export interface NextAuthResponse extends NextApiResponse {}
-
-export declare function NextAuthHandler (req: NextAuthRequest, res: NextAuthResponse, options: NextAuthOptions): ReturnType<NextApiHandler>
-export declare function NextAuthHandler (options: NextAuthOptions): ReturnType<NextApiHandler>
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -6,12 +6,12 @@ import * as cookie from './lib/cookie'
 import * as defaultEvents from './lib/default-events'
 import * as defaultCallbacks from './lib/default-callbacks'
 import parseProviders from './lib/providers'
-import callbackUrlHandler from './lib/callback-url-handler'
-import extendRes from './lib/extend-req'
 import * as routes from './routes'
 import renderPage from './pages'
-import csrfTokenHandler from './lib/csrf-token-handler'
 import createSecret from './lib/create-secret'
+import callbackUrlHandler from './lib/callback-url-handler'
+import extendRes from './lib/extend-res'
+import csrfTokenHandler from './lib/csrf-token-handler'
 import * as pkce from './lib/oauth/pkce-handler'
 import * as state from './lib/oauth/state-handler'

@@ -24,7 +24,7 @@ if (!process.env.NEXTAUTH_URL) {
 /**
 * @param {import("next").NextApiRequest} req
 * @param {import("next").NextApiResponse} res
- * @param {import(".").NextAuthOptions} userOptions
+ * @param {import("types").NextAuthOptions} userOptions
 */
 async function NextAuthHandler (req, res, userOptions) {
  if (userOptions.logger) {
@@ -67,16 +67,18 @@ async function NextAuthHandler (req, res, userOptions) {

    const secret = createSecret({ userOptions, basePath, baseUrl })

-    const { csrfToken, csrfTokenVerified } = csrfTokenHandler(req, res, cookies, secret)
-
    const providers = parseProviders({ providers: userOptions.providers, baseUrl, basePath })
    const provider = providers.find(({ id }) => id === providerId)

-    if (provider &&
-      provider.type === 'oauth' && provider.version?.startsWith('2') &&
-       (!provider.protection && provider.state !== false)
-    ) {
-      provider.protection = 'state' // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
+    // Protection only works on OAuth 2.x providers
+    if (provider?.type === 'oauth' && provider.version?.startsWith('2')) {
+      // When provider.state is undefined, we still want this to pass
+      if (!provider.protection && provider.state !== false) {
+        // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
+        provider.protection = ['state']
+      } else if (typeof provider.protection === 'string') {
+        provider.protection = [provider.protection]
+      }
    }

    const maxAge = 30 * 24 * 60 * 60 // Sessions expire after 30 days of being idle
@@ -103,7 +105,6 @@ async function NextAuthHandler (req, res, userOptions) {
      provider,
      cookies,
      secret,
-      csrfToken,
      providers,
      // Session options
      session: {
@@ -134,6 +135,7 @@ async function NextAuthHandler (req, res, userOptions) {
      logger
    }

+    csrfTokenHandler(req, res)
    await callbackUrlHandler(req, res)

    const render = renderPage(req, res)
@@ -146,7 +148,7 @@ async function NextAuthHandler (req, res, userOptions) {
        case 'session':
          return routes.session(req, res)
        case 'csrf':
-          return res.json({ csrfToken })
+          return res.json({ csrfToken: req.options.csrfToken })
        case 'signin':
          if (pages.signIn) {
            let signinUrl = `${pages.signIn}${pages.signIn.includes('?') ? '&' : '?'}callbackUrl=${req.options.callbackUrl}`
@@ -199,7 +201,7 @@ async function NextAuthHandler (req, res, userOptions) {
      switch (action) {
        case 'signin':
          // Verified CSRF Token required for all sign in routes
-          if (csrfTokenVerified && provider) {
+          if (req.options.csrfTokenVerified && provider) {
            if (await pkce.handleSignin(req, res)) return
            if (await state.handleSignin(req, res)) return
            return routes.signin(req, res)
@@ -208,14 +210,14 @@ async function NextAuthHandler (req, res, userOptions) {
          return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
        case 'signout':
          // Verified CSRF Token required for signout
-          if (csrfTokenVerified) {
+          if (req.options.csrfTokenVerified) {
            return routes.signout(req, res)
          }
          return res.redirect(`${baseUrl}${basePath}/signout?csrf=true`)
        case 'callback':
          if (provider) {
            // Verified CSRF Token required for credentials providers only
-            if (provider.type === 'credentials' && !csrfTokenVerified) {
+            if (provider.type === 'credentials' && !req.options.csrfTokenVerified) {
              return res.redirect(`${baseUrl}${basePath}/signin?csrf=true`)
            }

@@ -225,18 +227,19 @@ async function NextAuthHandler (req, res, userOptions) {
          }
          break
        case '_log':
-          try {
-            if (!userOptions.logger) return
-            const {
-              code = 'CLIENT_ERROR',
-              level = 'error',
-              message = '[]'
-            } = req.body
+          if (userOptions.logger) {
+            try {
+              const {
+                code = 'CLIENT_ERROR',
+                level = 'error',
+                message = '[]'
+              } = req.body

-            logger[level](code, ...JSON.parse(message))
-          } catch (error) {
-            // If logging itself failed...
-            logger.error('LOGGER_ERROR', error)
+              logger[level](code, ...JSON.parse(message))
+            } catch (error) {
+              // If logging itself failed...
+              logger.error('LOGGER_ERROR', error)
+            }
          }
          return res.end()
        default:
--- a/src/server/lib/callbacks.d.ts
+++ b/src/server/lib/callbacks.d.ts
@@ -1,7 +0,0 @@
-
-export interface CallbacksOptions {
-  signIn?: (user: any, account: any, profile: any) => Promise<never | string>
-  jwt?: (token: any, user: any, account: any, profile: any, isNewUser?: boolean) => Promise<any>
-  session?: (session: any, userOrToken: any) => Promise<any>
-  redirect?: (url: string, baseUrl: string) => Promise<string>
-}
--- a/src/server/lib/cookie.d.ts
+++ b/src/server/lib/cookie.d.ts
@@ -1,16 +0,0 @@
-export interface CookieOption {
-  name: string
-  options: {
-    httpOnly: boolean
-    sameSite: string
-    path?: string
-    secure: boolean
-  }
-}
-
-export interface CookiesOptions {
-  sessionToken: CookieOption
-  callbackUrl: CookieOption
-  csrfToken: CookieOption
-  pkceCodeVerifier: CookieOption
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Michał Bundyra	49cb7e5bd7	feat(provider): add Mailchimp provider (#1781 )	2021-04-23 12:15:25 +02:00
Balázs Orbán	b95182ded7	fix(ts): expose errors type delcarations (#1817 )	2021-04-22 23:45:23 +02:00
Balázs Orbán	be28672fd4	fix(errors): expose custom errors (#1816 ) * chore(deps): add class-properties babel plugin * feat(errors): expand list of custom error classes * build(errors): expose errors as a submodule	2021-04-22 23:28:38 +02:00
Balázs Orbán	e26c5fc905	fix(ts): adjust AppOptions (#1815 )	2021-04-22 23:04:27 +02:00
Balázs Orbán	543f812eb3	fix(build): export functions in jwt (#1814 )	2021-04-22 19:28:17 +02:00
Joël Galeran	0c9f9777c5	docs(adapter): Remove --preview-feature flag (#1807 ) * Remove --preview-feature flag * Update [...nextauth].js	2021-04-22 18:11:30 +02:00
Balázs Orbán	34f334a71d	fix(ts): make Profile/User interfaces overridable (#1801 ) * fix(ts): create DefaultUser interface * fix(ts): fix TypeORMUserModel * fix(ts): create DefaultProfile	2021-04-22 01:04:23 +02:00
Balázs Orbán	172ad02f8c	fix(ts): move AppProvider out of internals (#1800 ) * fix(ts): move AppProvider out of internals * fix(ts): fix import paths	2021-04-21 23:09:42 +02:00
Balázs Orbán	eed0001524	fix(ts): adjust properties on default interfaces (#1794 ) * fix(ts): adjust properties on default interfaces * fix(ts): make expires also optional * fix(ts): don't require default session/jwt fields * fix(ts): make all default fields optional	2021-04-21 17:17:38 +02:00
Gabrijel Gavranović	a2705fb5b9	fix(client): export getCsrfToken directly to support Webpack 5 Fixes `Attempted import error: 'getCsrfToken' is not exported from 'next-auth/client' (imported as 'getCsrfToken’).`-error.	2021-04-21 17:14:12 +02:00
Balázs Orbán	cb1e5a7174	docs(dev): add readme to dev app	2021-04-21 00:00:57 +02:00
Balázs Orbán	8cba5d06b5	build(provider): filter index.js to be more forgiving	2021-04-20 23:17:18 +02:00
Balázs Orbán	c52ce57296	fix: add skypack recommended fields (#1791 )	2021-04-20 22:40:12 +02:00
Balázs Orbán	4dae822806	chore: move dev app into its own folder (#1753 ) * chore: move dev app to its own folder * docs: update CONTRIBUTING.md * docs: fix typos in CONTRIBUTING * chore: gitignore dev app lock files * chore: move release config into package.json	2021-04-20 22:25:51 +02:00
Lluis Agusti	901f6fb189	docs: mention TS example repo on the website (#1786 ) * docs(www): mention TS example repo * Update www/docs/getting-started/typescript.md Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-20 21:40:06 +02:00
Balázs Orbán	bb2237d0f9	fix(build): remove unnecessary build before release	2021-04-20 21:35:10 +02:00
Balázs Orbán	fab7ce8f94	fix(build): trigger re-release	2021-04-20 21:33:01 +02:00
Balázs Orbán	2becdad990	fix(logger): attempt at fixing infinite loop (#1789 )	2021-04-20 21:22:20 +02:00
Pop Stefan	e3c2c7756d	docs: add Class components tutorial (#1784 )	2021-04-20 17:34:05 +02:00
Balázs Orbán	718f2537cb	build(provider): auto-generate Providers submodule (#1782 )	2021-04-20 17:33:24 +02:00
dogomedia-github	ae26df091d	fix(provider): add sub to defaultJwtPayload for credentials provider. (#1725 ) Co-authored-by: Joseph Chen <jchen@dogomedia.com>	2021-04-20 12:59:48 +02:00
dependabot[bot]	1cbf73b2f6	chore(deps): bump jose from 1.27.2 to 1.28.1 (#1772 ) Bumps [jose](https://github.com/panva/jose) from 1.27.2 to 1.28.1. - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v1.28.1/CHANGELOG.md) - [Commits](https://github.com/panva/jose/compare/v1.27.2...v1.28.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-04-20 12:56:07 +02:00
Balázs Orbán	46b62d723c	feat(ts): expose types from main package (#1773 ) * chore: add beta to release flow/GH actions * feat(ts): expose types from the package (#1665) * chore(types): move existing types to the repo * feat(ts): expose types from the main package * chore(deps): bring back `react-dom` version range * chore(ts): cleanup deps and comments * chore(ci): run types tests on a separate workflow * chore(ci): fix typo on types workflow * fix(ts): correctly export sub-module types (#1677) * chore(types): build types script Adds a script that moves the declaration files we have in `./types` to `./dist` relative to the files they intend to type. This is the first step, we still need to change what we declare in `package.json`, add the script to the CI pipeline if we're happy with it and figure out how to type `next-auth/jwt`. * refactor(lint): fix build-types script * fix(ts): add .d.ts sub-module files to package.json #1677 seemed to miss this * fix(built): typo in package.json * fix(build): fix release * feat(ts): support module augmentation (#1681) * chore(ts): remove unused imports * refactor(ts): clean up CallbackOptions * docs(ts): explain Module Augmentation * docs(ts): don't use @ in folder name "types" * test(ts): make jwt params optional * docs(ts): fix typo (TypeScript -> NextAuth.js) * style: replace ts-standard with eslint/prettier (#1724) * style: move from ts-standard to eslint/prettier * fix: install remaining eslint-config-standard peer deps * fix: add remaining missing dependencies/config Co-authored-by: Balázs Orbán <info@balazsorban.com> * docs(lint): update contributing.md (#1760) Regarding ESLint / Prettier use and link to their VSCode extensions * refactor(ts): de-duplicate types (#1690) * refactor(ts): deduplicate internal types * refactor(ts): ease up providers typings * test(ts): fix failing TS tests * test(ts): rename TS property to fix test * docs(ts): mention TS docs in README.md * feat(ts): move/update client types * refactor(TS): rename some types * test(ts): fix client tests * docs(ts): move function descriptions to .d.ts * chore: fix lint error * refactor(ts): separate internal types * chore: simplify build-types script * chore: update type import paths in src * chore(build): create root files at build * chore: remove unnecessary .npmignore * chore: run prettier on types * fix(ts): clean up jwt types * fix(ts): make getToken return type depend on raw param * docs(page): explain page errors, add theming note * docs(ts): add JSDoc to NextAuthOptions props * chore(ts): remove unused import * docs(ts): change JSDOC docs notation * refactor(build): extract module entries into enum * chore(ts): move ClientSafeProvider * chore(ts): simplify GetTokenParams generic * style(lint): fix linting errors * chore: re-add generic extension to GetTokenParams * fix(ts): extract EmailConfigServerOptions to interface * fix(ts): use relative imports * Merge branch 'main' into beta * Merge main into beta * fix(ts): fix typos, add more links to documentation * test(ts): update JWT getToken test * fix(build): fix tsconfig.json formatting * test(ts): use absolute imports in test files * fix(ts): add missing callbacks JSDoc * docs: mention TS in FAQ, fix typos * docs: fix some typos in the docs Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: Nico Domino <yo@ndo.dev>	2021-04-20 12:20:43 +02:00
Balázs Orbán	457952bb5a	fix(jwt): make decode overrideable in getToken (#1751 )	2021-04-17 12:40:50 +02:00
Balázs Orbán	17b789822d	fix: make oauth_token_secret and oauth_token available (#1322 ) * fix: add oauth_token_secret to requests * chore: remove console.log * refactor: follow casing from response	2021-04-14 21:26:15 +02:00
Ovidiu Dan	fd12194c0c	docs(provider): Explain how to get access to LinkedIn authentication (#1706 )	2021-04-12 18:46:20 +02:00
Balázs Orbán	1c662e9ddc	fix(page): fall back to default error page (#1700 )	2021-04-12 03:56:47 +02:00
Balázs Orbán	968903d227	fix(oauth): support `response_mode=form_post` (#1669 ) * chore: alias dev script to next * feat(core): fallback to body when reading state * refactor: set csrfToken on req.options implicitly Ensures we do this similarly than in other handlers like pkce, state, extendRes, callbackUrlHandler etc. * chore: add code comment for debugging	2021-04-12 00:24:05 +02:00
Balázs Orbán	3dedf6c26c	fix(provider): proper check of protection property (#1694 ) * fix(provider): proper check of protection property * chore: add comment	2021-04-12 00:15:29 +02:00
Amauri Dias	d1dbfe1023	fix: truly replace .flat() to support Node <11 again (#1691 )	2021-04-11 23:20:37 +02:00
David Colón	63171a0271	fix: validate provider existence before looking for protection property (#1687 ) * Fix validation of provider existence before looking for protection property * Use optional chaining	2021-04-11 15:20:01 +02:00
Amauri Dias	872e180339	fix: replace .flat() to support Node <11 again (#1684 )	2021-04-11 10:57:25 +02:00
ifly7charlie	a7709df796	docs: Document the additional parameters in JWT (#1550 ) Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-08 14:00:19 +02:00
Balázs Orbán	dbe283f0fa	refactor: rename extend-res to extend-req	2021-04-07 22:26:54 +02:00
Balázs Orbán	727426bbec	chore(ts): auto-label TypeScript related changes	2021-04-07 20:16:10 +02:00
Vinicius CR	5a3ee47337	feat(provider): accept array for protection to support multiple mechanisms (#1565 ) * fix: add protection both option * feat: update docs with new protection value * fix: lint files * refactor: change protection from string to array * chore: reverting unespected change * chore: lint files Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-04-06 19:20:56 +02:00
bhaveshmishra-code	8dd8f7c48a	docs: fix typo in callbacks.md (#1657 ) Fixed the spelling mistake. existance -> existence	2021-04-05 19:35:26 +02:00
Jaime Martínez Rincón	072c59d85a	docs: fix typo `primsa` (#1652 )	2021-04-05 00:25:46 +02:00
dependabot[bot]	d0e8147a48	chore(deps): bump y18n from 4.0.0 to 4.0.1 (#1631 ) Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-04-05 00:24:39 +02:00
Jasper Moelker	5bc8f8b986	docs(page): correct getCsrfToken and input types (#1651 ) This fixes the a mismatch between the import (`csrfToken`) and the method (`getCsrfToken`) used in `getInitialProps`/`getServerSideProps`. In addition the form input fields now have their correct type: `email` for email input (for better autocomplete, virtual keyboard support and native validation) and `password` for the password input (to hide password while typing).	2021-04-04 22:01:53 +02:00
hoangbits	136361e1f4	docs: rename command to vercel cli, now cli is deprecated (#1647 )	2021-04-04 11:02:38 +02:00
hoangbits	cc9869592c	docs: fix typo in providers.md (#1641 )	2021-04-02 17:18:40 +02:00
Jay Liew	073da60c3d	docs: Update pages.md (#1592 ) * Update pages.md Updated Credentials Sign-In code example to indicate how to use `getServerSideProps` but still also showing the older `getInitialProps` example * Update www/docs/configuration/pages.md Co-authored-by: Balázs Orbán <info@balazsorban.com> * update documentation to show example using getServerSideProps() Co-authored-by: Balázs Orbán <info@balazsorban.com> Co-authored-by: Jay Liew <jay@haute.tech>	2021-03-31 00:31:31 +02:00
ifly7charlie	aacc34bbfd	docs(error): Add missing error message and technique to resolve (#1549 ) * Add missing error message and technique to resolve * Update errors.md Correct with correct error message and more complete suggestions on resolving it	2021-03-26 23:09:21 +01:00
jgollhardt	074688d10e	docs(provider): fix wrong param name in sendVerificationRequest example (#1595 )	2021-03-26 23:01:25 +01:00
Macarse, Christian Ryan R	b3ffe50c03	docs(provider): removed misleading provider signin link (#1588 )	2021-03-25 22:30:46 +01:00
Shubham Shukla	e6d063825d	fix(provider): added options in instagram provider (#1570 )	2021-03-23 22:28:54 +01:00
Balázs Orbán	985f7b3431	fix(logger): properly end request every time (#1557 ) * fix(logger): properly end request every time * chore: fix linting	2021-03-20 10:08:12 +01:00
Max	237b016378	fix(provider): reject access token if slack login flow was canceled (#1544 ) * fix: reject access token if slack login flow was canceled * style: fix lint errors in oauth client	2021-03-18 14:59:24 +01:00
Joshua Williams	776b9480da	feat(provider): add Zoho provider (#1516 ) * feat(provider): add zoho * fix: use LF instead of CRLF * fix: crlf to lf line endings Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-03-16 19:27:11 +01:00
Honman Yau	07a3f76cb3	docs: fix typos in REST API guide (#1528 )	2021-03-16 19:25:24 +01:00
tclaude94	3726d68c49	feat(provider): add FACEIT provider (#1469 )	2021-03-16 00:00:35 +01:00
dependabot[bot]	e31db1726a	chore(deps): bump xmldom from 0.3.0 to 0.5.0 (#1510 ) Bumps [xmldom](https://github.com/xmldom/xmldom) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](https://github.com/xmldom/xmldom/compare/0.3.0...0.5.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-03-13 14:19:22 +01:00
James Perkins	a241199c11	docs(tutorials): Adding two more tutorials to the list. [skip release]	2021-03-13 03:42:00 +00:00
dependabot[bot]	5385ec20a9	chore(deps): bump elliptic from 6.5.3 to 6.5.4 in /www (#1493 ) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-03-10 22:59:10 +01:00
Balázs Orbán	810d02e671	fix(deps): upgrade to latest preact-render-to-string (#1475 )	2021-03-08 10:39:13 +01:00
Valentin Hervieu	e5535734f8	fix(client): set useSession loading state correctly (#1468 ) This is fixing #1467. The issue was due to doing the `setLoading(false)` in the finally: as we can do an early return [here](`a7e08e2a32/src/client/index.js (L100-L100)`), we would still go to the finally and mark the session as being loaded. I simply removed the `finally` block to only set the `loading` state to false when: - the data is ready - an error occures	2021-03-07 19:11:32 +01:00
Taehwan Noh	ba7aed1057	feat(provider): add Kakao provider (#1459 )	2021-03-06 21:52:39 +01:00
Balázs Orbán	a7e08e2a32	fix: make sure useSession populates session correctly (#1462 )	2021-03-06 20:02:43 +01:00
mcha	0d13040264	docs(client): fix client.md typos (#1453 )	2021-03-06 10:50:29 +01:00
Balázs Orbán	582520f8ef	chore: fix typo in feature request template	2021-03-06 00:35:09 +01:00
Sam Bauch	95942519a5	feat(provider): add Osso SAML provider (#1448 ) Co-authored-by: @sbauch	2021-03-06 00:21:38 +01:00
Balázs Orbán	f3e64f04cc	feat(client): introduce NEXTAUTH_URL_INTERNAL (#1449 ) Co-authored-by: @gergelyke	2021-03-06 00:10:36 +01:00
Balázs Orbán	ed5cc4aa65	feat(provider): add Instagram provider (#1447 ) Co-authored-by: @PolMrt pol@hey.com	2021-03-05 23:39:50 +01:00
Balázs Orbán	0e20b60229	docs(database): mention CockroachDB Co-authored-by: @jukbot <jukbot@yellotalk.co>	2021-03-05 22:52:48 +01:00
Balázs Orbán	3aee24b5dc	refactor: client improvements (#1428 ) * docs(client): add TS definitions to client * docs(client): add documentation links to public methods * refactor(client): simplify window sync, simplify logic * refactor(client): extract repeating logic to _fetchData * refactor(client): remove clientId * refactor(client): use session in Provider if passed	2021-03-05 22:47:32 +01:00
Baterka	960ca85907	fix: send only the error message in callback redirects (#1424 ) Changed `encodeURIComponent(error)` to `encodeURIComponent(error.message)` to remove prefix (such as `Error: ` and possible stack trace). Seems like better way of doing it and also safer if server throws some error with sensitive data.	2021-03-05 18:34:11 +01:00
Balázs Orbán	f960cc0f6f	chore(docs): upgrade docs dependencies	2021-03-03 20:13:46 +01:00
Balázs Orbán	0f64f3eea7	chore: don't mark bugs as stale Had a good laugh today 😄: "This is not stale. Bread goes stale. Bugs don't. They don't just magically go away because time has passed" - Unknown https://twitter.com/ericclemmons/status/1367000259046604803	2021-03-03 19:54:13 +01:00
yannicktian	71c78e8e24	feat(provider): allow disabling redirection on sign in with email (#1416 ) * feat: allow to disable client-side redirect for email provider * docs(client): mention that redirect can also be disabled for email provider * feat: only display one email input in email page	2021-03-02 22:38:02 +01:00
dependabot[bot]	d86609a2dc	chore(deps): bump prismjs from 1.22.0 to 1.23.0 in /www (#1409 ) Bumps [prismjs](https://github.com/PrismJS/prism) from 1.22.0 to 1.23.0. - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md) - [Commits](https://github.com/PrismJS/prism/compare/v1.22.0...v1.23.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-03-01 22:52:46 +01:00
Joost van Wollingen	d0c3400d30	docs(page): Remove unnecessary context param (#1406 ) ...when calling providers in the docs	2021-03-01 21:39:03 +01:00
Praneeth	172e79cb04	fix(page): add character encoding and page titles (#1380 ) * added character encoding fix * changed multi-line to inline and added title param to send fn in src/server/pages/index.js * modified the return object of renderPage in src/server/pages/index.js	2021-03-01 21:17:51 +01:00
Balázs Orbán	46d5c76605	docs: reword callbacks.md Explain the `jwt()` callback before the `session()` callback, as it comes first in the flow.	2021-02-28 18:05:10 +01:00
Zach White	438efd8a9b	docs: reword pages.md (#1386 ) language edits	2021-02-27 23:43:45 +01:00
Balázs Orbán	d8d497cc91	feat(provider): call generateVerificationToken async (#1378 )	2021-02-27 23:33:26 +01:00
Pop Stefan	6152c8afbb	docs: added refresh token tutorial link in faq page (#1385 )	2021-02-27 20:24:09 +01:00
Balázs Orbán	5ae6f6118c	docs: add missing comma Thx @followbl 😺	2021-02-25 23:29:33 +01:00
sid	96ff048b59	fix(provider): use correct file type for Discord profile img (#1365 )	2021-02-23 21:39:27 +01:00
Ariel Weingarten	e80f6e936d	docs(provider): Update twitch.md (#1353 ) State what redirect URL to add to the Twitch console.	2021-02-22 20:04:38 +01:00
Lawrence Chen	6b5a215fb2	docs(tutorials): refresh token rotation (#1310 ) * docs(tutorials): refresh token rotation * use simple initialization * be optimistic Co-authored-by: Balázs Orbán <info@balazsorban.com> * add yarn.lock to .gitignore Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-02-21 22:30:01 +01:00
Balázs Orbán	782482b9f4	feat: make tokens available in profile callback (#1329 ) * feat: make access_token available in profile callback * docs(provider): mention access_token param in profile callback * feat: send all available tokens to provider.profile	2021-02-20 22:58:48 +01:00
Balázs Orbán	2d364f246a	docs: tweak release badges	2021-02-17 19:14:45 +01:00
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/adapters').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/client').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/lib/jwt').default`
				`@@ -1 +0,0 @@`
				`module.exports = require('./dist/providers').default`