providers
EndpointHandlerβ
EndpointHandler: <
P,C,R>AdvancedEndpointHandler<P,C,R>
Either an URL (containing all the parameters) or an object with more granular control.
Type parametersβ
PextendsUrlParamsC=anyR=any
OAuthConfigInternalβ
OAuthConfigInternal: <
Profile>Omit<OAuthConfig<Profile>,OAuthEndpointType> & {authorization?: {url:URL;};token?: {url:URL;request?:TokenEndpointHandler["request"];};userinfo?: {url:URL;request?:UserinfoEndpointHandler["request"];};} &Pick<Required<OAuthConfig<Profile>>, "clientId" | "checks" | "profile">
We parsed authorization, token and userinfo
to always contain a valid URL, with the params
Type parametersβ
Profile
Providerβ
Provider: <
P>OIDCConfig<P> |OAuth2Config<P> |EmailConfig|CredentialsConfig&InternalProviderOptions| (...args:any) =>OAuth2Config<P> |OIDCConfig<P> |EmailConfig|CredentialsConfig&InternalProviderOptions&InternalProviderOptions
Must be a supported authentication provider config:
- OAuthConfig
- EmailConfigInternal
- CredentialsConfigInternal
For more information, see the guides:
Seeβ
Type parametersβ
ProviderTypeβ
ProviderType: "oidc" | "oauth" | "email" | "credentials"
Providers passed to Auth.js must define one of these types.
Seeβ
- RFC 6749 - The OAuth 2.0 Authorization Framework
- OpenID Connect Core 1.0
- Email or Passwordless Authentication
- Credentials-based Authentication
CommonProviderOptionsβ
Shared across all ProviderType
Propertiesβ
idβ
id:
string
Uniquely identifies the provider in AuthConfig.providers It's also part of the URL
nameβ
name:
string
The provider name used on the default sign-in page's sign-in button. For example if it's "Google", the corresponding button will say: "Sign in with Google"
typeβ
type:
ProviderType
See ProviderType
OAuth2Configβ
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
id:
string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn("github"); // "github" is the provider ID
Overridesβ
nameβ
name:
string
The name of the provider. shown on the default sign in page.
Overridesβ
allowDangerousEmailAccountLinking?β
allowDangerousEmailAccountLinking:
boolean
authorization?β
authorization:
string|AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
checks?β
checks: ("none" | "state" | "nonce" | "pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
[RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4) |
[RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.1) |
[OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) |
client?β
client:
Partial<Client>
Pass overrides to the underlying OAuth library.
See oauth4webapi client for details.
profile?β
profile:
ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
wellKnown?β
wellKnown:
string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
OIDCConfigβ
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
id:
string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn("github"); // "github" is the provider ID
Inherited fromβ
Omit.id
nameβ
name:
string
The name of the provider. shown on the default sign in page.
Inherited fromβ
Omit.name
allowDangerousEmailAccountLinking?β
allowDangerousEmailAccountLinking:
boolean
Inherited fromβ
Omit.allowDangerousEmailAccountLinking
authorization?β
authorization:
string|AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
Inherited fromβ
Omit.authorization
checks?β
checks: ("none" | "state" | "nonce" | "pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
[RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4) |
[RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.1) |
[OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) |
Inherited fromβ
Omit.checks
client?β
client:
Partial<Client>
Pass overrides to the underlying OAuth library.
See oauth4webapi client for details.
Inherited fromβ
Omit.client
profile?β
profile:
ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
Inherited fromβ
Omit.profile
wellKnown?β
wellKnown:
string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
Inherited fromβ
Omit.wellKnown