docs: fix OpenCollective link in README.md (#3494 )

fix(providers): use idToken by default in Cognito provider (#3448 )
fix(pages): remove default placeholder for credentials provider (#3451 )
2026-05-01 10:55:20 +00:00 · 2021-12-22 00:42:21 +01:00 · 2021-12-18 02:21:20 +01:00 · 2021-12-18 02:10:05 +01:00 · 2021-12-16 13:37:03 +01:00 · 2021-12-11 21:19:12 +01:00
16 changed files with 3687 additions and 4462 deletions
--- a/README.md
+++ b/README.md
@@ -149,7 +149,7 @@ export default function Component() {

 ### Share/configure session state

-Use the `<SessionProvider>` to allows instances of `useSession()` to share the session object across components. It also takes care of keeping the session updated and synced between tabs/windows.
+Use the `<SessionProvider>` to allow instances of `useSession()` to share the session object across components. It also takes care of keeping the session updated and synced between tabs/windows.

 ```jsx title="pages/_app.js"
 import { SessionProvider } from "next-auth/react"
@@ -179,7 +179,7 @@ export default function App({

 ### Support

-We're happy to announce we've recently created an [OpenCollective](https://opencollective.org/nextauth) for individuals and companies looking to contribute financially to the project!
+We're happy to announce we've recently created an [OpenCollective](https://opencollective.com/nextauth) for individuals and companies looking to contribute financially to the project!

 <!--sponsors start-->
 <table>
--- a/app/next-env.d.ts
+++ b/app/next-env.d.ts
@@ -1,5 +1,4 @@
 /// <reference types="next" />
-/// <reference types="next/types/global" />
 /// <reference types="next/image-types/global" />

 // NOTE: This file should not be edited
--- a/app/next.config.js
+++ b/app/next.config.js
@@ -3,6 +3,7 @@ const path = require("path")
 module.exports = {
  webpack(config) {
    config.experiments = {
+      ...config.experiments,
      topLevelAwait: true,
    }
    config.resolve = {
--- a/app/package.json
+++ b/app/package.json
@@ -21,7 +21,7 @@
    "@prisma/client": "^2.29.1",
    "fake-smtp-server": "^0.8.0",
    "faunadb": "^4.3.0",
-    "next": "^11.1.0",
+    "next": "^12.0.7",
    "nodemailer": "^6.6.3",
    "react": "^17.0.2",
    "react-dom": "^17.0.2"
--- a/app/tsconfig.json
+++ b/app/tsconfig.json
@@ -16,6 +16,7 @@
    "moduleResolution": "node",
    "resolveJsonModule": true,
    "isolatedModules": true,
+    "incremental": true,
    "jsx": "preserve",
    "baseUrl": ".",
    "paths": {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -65,13 +65,13 @@
  ],
  "license": "ISC",
  "dependencies": {
-    "@babel/runtime": "^7.15.4",
-    "@panva/hkdf": "^1.0.0",
+    "@babel/runtime": "^7.16.3",
+    "@panva/hkdf": "^1.0.1",
    "cookie": "^0.4.1",
-    "jose": "^4.1.2",
+    "jose": "^4.3.7",
    "oauth": "^0.9.15",
-    "openid-client": "^5.0.2",
-    "preact": "^10.5.14",
+    "openid-client": "^5.1.0",
+    "preact": "^10.6.3",
    "preact-render-to-string": "^5.1.19",
    "uuid": "^8.3.2"
  },
@@ -87,50 +87,47 @@
  },
  "devDependencies": {
    "@actions/core": "^1.6.0",
-    "@babel/cli": "^7.15.7",
-    "@babel/core": "^7.15.5",
-    "@babel/plugin-proposal-optional-catch-binding": "^7.14.5",
-    "@babel/plugin-transform-runtime": "^7.15.0",
-    "@babel/preset-env": "^7.15.6",
-    "@babel/preset-react": "^7.14.5",
-    "@babel/preset-typescript": "^7.15.0",
-    "@testing-library/jest-dom": "^5.14.1",
+    "@babel/cli": "^7.16.0",
+    "@babel/core": "^7.16.0",
+    "@babel/plugin-proposal-optional-catch-binding": "^7.16.0",
+    "@babel/plugin-transform-runtime": "^7.16.4",
+    "@babel/preset-env": "^7.16.4",
+    "@babel/preset-react": "^7.16.0",
+    "@babel/preset-typescript": "^7.16.0",
+    "@testing-library/jest-dom": "^5.16.1",
    "@testing-library/react": "^12.1.2",
    "@testing-library/react-hooks": "^7.0.2",
-    "@testing-library/user-event": "^13.2.1",
-    "@types/node": "^16.11.6",
+    "@testing-library/user-event": "^13.5.0",
+    "@types/node": "^16.11.12",
    "@types/nodemailer": "^6.4.4",
    "@types/oauth": "^0.9.1",
-    "@types/react": "^17.0.27",
-    "@types/react-dom": "^17.0.9",
-    "@typescript-eslint/eslint-plugin": "^4.33.0",
+    "@types/react": "^17.0.37",
+    "@types/react-dom": "^17.0.11",
    "@typescript-eslint/parser": "^4.33.0",
-    "autoprefixer": "^10.3.7",
-    "babel-jest": "^27.3.0",
+    "autoprefixer": "^10.4.0",
+    "babel-jest": "^27.4.2",
    "babel-plugin-jsx-pragmatic": "^1.0.2",
    "babel-preset-preact": "^2.0.0",
    "conventional-changelog-conventionalcommits": "4.6.1",
-    "cssnano": "^5.0.8",
+    "cssnano": "^5.0.12",
    "eslint": "^7.32.0",
    "eslint-config-prettier": "^8.3.0",
    "eslint-config-standard-with-typescript": "^21.0.1",
-    "eslint-plugin-import": "^2.24.2",
-    "eslint-plugin-jest": "^25.2.2",
+    "eslint-plugin-jest": "^25.3.0",
    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^5.1.0",
    "fs-extra": "^10.0.0",
-    "husky": "^7.0.2",
-    "jest": "^27.3.0",
+    "husky": "^7.0.4",
+    "jest": "^27.4.3",
    "jest-watch-typeahead": "^1.0.0",
-    "msw": "^0.35.0",
-    "next": "v11.1.3-canary.0",
-    "postcss-cli": "^9.0.1",
+    "msw": "^0.36.3",
+    "next": "12.0.7",
+    "postcss-cli": "^9.0.2",
    "postcss-nested": "^5.0.6",
-    "prettier": "^2.4.1",
-    "pretty-quick": "^3.1.1",
+    "prettier": "2.4.1",
+    "pretty-quick": "^3.1.2",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
-    "typescript": "^4.4.3",
+    "typescript": "^4.5.2",
    "whatwg-fetch": "^3.6.2"
  },
  "engines": {
--- a/src/core/index.ts
+++ b/src/core/index.ts
@@ -12,7 +12,7 @@ import type { ErrorType } from "./pages/error"

 export interface IncomingRequest {
  /** @default "http://localhost:3000" */
-  host: string
+  host?: string
  method?: string
  cookies?: Record<string, string>
  headers?: Record<string, any>
--- a/src/core/init.ts
+++ b/src/core/init.ts
@@ -100,7 +100,7 @@ export async function init({
    // Callback functions
    callbacks: { ...defaultCallbacks, ...userOptions.callbacks },
    logger,
-    callbackUrl: process.env.NEXTAUTH_URL ?? "http://localhost:3000",
+    callbackUrl: url.origin,
  }

  // Init cookies
--- a/src/core/pages/signin.tsx
+++ b/src/core/pages/signin.tsx
@@ -130,8 +130,7 @@ export default function SigninPage(props: SignInServerPageParams) {
                        id={`input-${credential}-for-${provider.id}-provider`}
                        type={provider.credentials[credential].type ?? "text"}
                        placeholder={
-                          provider.credentials[credential].placeholder ??
-                          "Password"
+                          provider.credentials[credential].placeholder ?? ""
                        }
                        {...provider.credentials[credential]}
                      />
--- a/src/jwt/index.ts
+++ b/src/jwt/index.ts
@@ -88,7 +88,13 @@ export async function getToken<R extends boolean = false>(
    logger
  )

-  const token = sessionStore.value
+  let token = sessionStore.value
+
+  if (!token && req.headers.authorization?.split(" ")[0] === "Bearer") {
+    const urlEncodedToken = req.headers.authorization.split(" ")[1]
+    token = decodeURIComponent(urlEncodedToken)
+  }
+
  // @ts-expect-error
  if (!token) return null

--- a/src/next/index.ts
+++ b/src/next/index.ts
@@ -21,7 +21,7 @@ async function NextAuthNextHandler(
  const { nextauth, ...query } = req.query
  const handler = await NextAuthHandler({
    req: {
-      host: (process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL) as string,
+      host: process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL,
      body: req.body,
      query,
      cookies: req.cookies,
@@ -87,7 +87,7 @@ export async function getServerSession(
  const session = await NextAuthHandler<Session | {}>({
    options,
    req: {
-      host: (process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL) as string,
+      host: process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL,
      action: "session",
      method: "GET",
      cookies: context.req.cookies,
--- a/src/providers/cognito.ts
+++ b/src/providers/cognito.ts
@@ -15,6 +15,7 @@ export default function Cognito<P extends Record<string, any> = CognitoProfile>(
    name: "Cognito",
    type: "oauth",
    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
+    idToken: true,
    profile(profile) {
      return {
        id: profile.sub,
--- a/src/providers/fusionauth.js
+++ b/src/providers/fusionauth.js
@@ -1,20 +0,0 @@
-/** @type {import(".").OAuthProvider} */
-export default function FusionAuth(options) {
-  return {
-    id: "fusionauth",
-    name: "FusionAuth",
-    type: "oauth",
-    authorization: `${options.issuer}oauth2/authorize`,
-    token: `${options.issuer}oauth2/token`,
-    userinfo: `${options.issuer}oauth2/userinfo`,
-    profile(profile) {
-      return {
-        id: profile.sub,
-        name: profile.name,
-        email: profile.email,
-        image: profile.picture,
-      }
-    },
-    options,
-  }
-}
--- a/src/providers/fusionauth.ts
+++ b/src/providers/fusionauth.ts
@@ -0,0 +1,52 @@
+import { OAuthConfig, OAuthUserConfig } from "./oauth"
+
+/** This is the default openid signature returned from FusionAuth
+ * it can be customized using [lambda functions](https://fusionauth.io/docs/v1/tech/lambdas)
+ */
+export interface FusionAuthProfile {
+  aud: string
+  exp: number
+  iat: number
+  iss: string
+  sub: string
+  jti: string
+  authenticationType: string
+  email: string
+  email_verified: boolean
+  preferred_username: string
+  at_hash: string
+  c_hash: string
+  scope: string
+  sid: string
+}
+
+export default function FusionAuth<
+  P extends Record<string, any> = FusionAuthProfile
+>(
+  // tenantId only needed if there is more than one tenant configured on the server
+  options: OAuthUserConfig<P> & { tenantId?: string }
+): OAuthConfig<P> {
+  return {
+    id: "fusionauth",
+    name: "FusionAuth",
+    type: "oauth",
+    wellKnown: options?.tenantId
+      ? `${options.issuer}/.well-known/openid-configuration?tenantId=${options.tenantId}`
+      : `${options.issuer}/.well-known/openid-configuration`,
+    authorization: {
+      params: {
+        scope: "openid offline_access",
+        ...(options?.tenantId && { tenantId: options.tenantId }),
+      },
+    },
+    checks: ["pkce", "state"],
+    profile(profile) {
+      return {
+        id: profile.sub,
+        email: profile.email,
+        name: profile?.preferred_username,
+      }
+    },
+    options,
+  }
+}
--- a/src/providers/okta.ts
+++ b/src/providers/okta.ts
@@ -43,6 +43,7 @@ export default function Okta<P extends Record<string, any> = OktaProfile>(
    type: "oauth",
    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
    authorization: { params: { scope: "openid email profile" } },
+    idToken: true,
    profile(profile) {
      return {
        id: profile.sub,
Author	SHA1	Message	Date
Adam Kaczmarek	0e8be0c7d2	docs: fix OpenCollective link in `README.md` (#3494 )	2021-12-22 00:42:21 +01:00
Ivan Esteban	d1d2d977fe	fix(providers): use `idToken` by default in Cognito provider (#3448 )	2021-12-18 02:21:20 +01:00
Kirankumar Ambati	48749d7320	fix(pages): remove default placeholder for credentials provider (#3451 ) * fix #3449: removed default placeholder for credentials provider * fix: formatting	2021-12-18 02:10:05 +01:00
Drew Miller	87d0beb70c	fix(jwt): use authorization header as fallback (#3453 ) If the `req` sent to `getToken` doesn't have the relevant cookies, use the Bearer token in the Authorization header as a fallback. Fixes #3452	2021-12-16 13:37:03 +01:00
Balázs Orbán	978e2eeb08	chore(dev): minor fixes on dev app	2021-12-11 21:19:12 +01:00
Balázs Orbán	8ab057ea33	chore(deps): ugprade dependencies (#3415 )	2021-12-11 21:17:22 +01:00
Bogdan Soare	2c269a6a81	fix(providers): use `id_token` by default on Okta provider (#3418 )	2021-12-11 12:52:40 +01:00
Alessandro Cuppari	8b9a109255	fix(providers): refactor FusionAuth to v4 (#3376 ) * feat: updated fusionauth provider * Updated fusionauth profile interface docstring Co-authored-by: Balázs Orbán <info@balazsorban.com> * Refactored openid well know logic Co-authored-by: Balázs Orbán <info@balazsorban.com> * Removed jwks endpoint property Co-authored-by: Balázs Orbán <info@balazsorban.com>	2021-12-09 21:48:01 +01:00
Etienne Martin	ac35d9f739	docs: Fix README.md typo (#3412 )	2021-12-09 16:53:17 +01:00
Balázs Orbán	30a0fc6bc0	fix: properly handle callback URL fallback (#3402 ) * fix: don't default to localhost on `host` * fall back to `host` for `callbackUrl` * use parsed host * remove unnecessary type cast	2021-12-08 18:20:33 +01:00
Balázs Orbán	b0f6175cec	chore(deps): upgrade `next` dev dependency	2021-12-08 17:50:25 +01:00
Balázs Orbán	1c7fe57edb	fix: default to `VERCEL_URL` for `callbackUrl`	2021-12-08 17:43:49 +01:00