feat(provider): call generateVerificationToken async (#1378 )

docs: added refresh token tutorial link in faq page (#1385 )
docs: add missing comma
2026-05-01 10:55:20 +00:00 · 2021-02-27 23:33:26 +01:00 · 2021-02-27 20:24:09 +01:00 · 2021-02-25 23:29:33 +01:00
4 changed files with 17 additions and 3 deletions
--- a/src/server/lib/signin/email.js
+++ b/src/server/lib/signin/email.js
@@ -10,7 +10,7 @@ export default async function email (email, provider, options) {
    const secret = provider.secret || options.secret

    // Generate token
-    const token = provider.generateVerificationToken?.() ?? randomBytes(32).toString('hex')
+    const token = await provider.generateVerificationToken?.() ?? randomBytes(32).toString('hex')

    // Send email with link containing token (the unhashed version)
    const url = `${baseUrl}${basePath}/callback/${encodeURIComponent(provider.id)}?email=${encodeURIComponent(email)}&token=${encodeURIComponent(token)}`
--- a/www/docs/configuration/options.md
+++ b/www/docs/configuration/options.md
@@ -328,7 +328,7 @@ export default NextAuth({
    },
    warn(code, ...message) {
      log.warn(code, message)
-    }
+    },
    debug(code, ...message) {
      log.debug(code, message)
    }
--- a/www/docs/faq.md
+++ b/www/docs/faq.md
@@ -116,7 +116,7 @@ NextAuth.js records Refresh Tokens and Access Tokens on sign in (if supplied by

 You can then look them up from the database or persist them to the JSON Web Token.

-Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, if this is something you need, currently you will need to write the logic to handle that yourself. 
+Note: NextAuth.js does not currently handle Access Token rotation for OAuth providers for you, however you can check out [this tutorial](/tutorials/refresh-token-rotation) if you want to implement it.

 ### When I sign in with another account with the same email address, why are accounts not linked automatically?

--- a/www/docs/providers/email.md
+++ b/www/docs/providers/email.md
@@ -184,3 +184,17 @@ const text = ({ url, site }) => `Sign in to ${site}\n${url}\n\n`
 :::tip
 If you want to generate great looking email client compatible HTML with React, check out https://mjml.io
 :::
+
+
+## Customising the Verification Token
+
+By default, we are generating a random verification token. You can define a `generateVerificationToken` method in your provider options if you want to override it:
+
+```js title="pages/api/auth/[...nextauth].js"
+providers: [
+  Providers.Email({
+    async generateVerificationToken() {
+      return "ABC123"
+    }
+  })
+],
Author	SHA1	Message	Date
Balázs Orbán	d8d497cc91	feat(provider): call generateVerificationToken async (#1378 )	2021-02-27 23:33:26 +01:00
Pop Stefan	6152c8afbb	docs: added refresh token tutorial link in faq page (#1385 )	2021-02-27 20:24:09 +01:00
Balázs Orbán	5ae6f6118c	docs: add missing comma Thx @followbl 😺	2021-02-25 23:29:33 +01:00