providers
Type Aliasesβ
EndpointHandler<P, C, R>β
EndpointHandler<P, C, R>: AdvancedEndpointHandler<P, C, R>
Either an URL (containing all the parameters) or an object with more granular control.
Type parametersβ
PextendsUrlParamsC=anyR=any
Provider<P>β
Provider<P>: OIDCConfig<P> | OAuth2Config<P> | EmailConfig | CredentialsConfig & { }
Must be a supported authentication provider config:
- OAuthConfig
- EmailConfigInternal
- CredentialsConfigInternal
For more information, see the guides:
Seeβ
Type parametersβ
ProviderTypeβ
ProviderType: "oidc" | "oauth" | "email" | "credentials"
Providers passed to Auth.js must define one of these types.
Seeβ
- RFC 6749 - The OAuth 2.0 Authorization Framework
- OpenID Connect Core 1.0
- Email or Passwordless Authentication
- Credentials-based Authentication
Interfacesβ
CommonProviderOptionsβ
Shared across all ProviderType
Propertiesβ
idβ
id: string
Uniquely identifies the provider in AuthConfig.providers It's also part of the URL
nameβ
name: string
The provider name used on the default sign-in page's sign-in button. For example if it's "Google", the corresponding button will say: "Sign in with Google"
typeβ
type: ProviderType
See ProviderType
OAuth2Config<Profile>β
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
id: string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn('github') // "github" is the provider ID
Overrides: CommonProviderOptions.id
nameβ
name: string
The name of the provider. shown on the default sign in page.
Overrides: CommonProviderOptions.name
allowDangerousEmailAccountLinkingβ
allowDangerousEmailAccountLinking?: boolean
authorizationβ
authorization?: string | AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
checksβ
checks?: ("none" | "state" | "nonce" | "pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |
profileβ
profile?: ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
wellKnownβ
wellKnown?: string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
OIDCConfig<Profile>β
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
id: string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn('github') // "github" is the provider ID
Inherited from: Omit.id
nameβ
name: string
The name of the provider. shown on the default sign in page.
Inherited from: Omit.name
allowDangerousEmailAccountLinkingβ
allowDangerousEmailAccountLinking?: boolean
Inherited from: Omit.allowDangerousEmailAccountLinking
authorizationβ
authorization?: string | AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
Inherited from: Omit.authorization
checksβ
checks?: ("none" | "state" | "nonce" | "pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |
Inherited from: Omit.checks
profileβ
profile?: ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
Inherited from: Omit.profile
wellKnownβ
wellKnown?: string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
Inherited from: Omit.wellKnown