UNPKG

@auth/core

Version:

Authentication for the Web.

authjs.dev

nextauthjs/next-auth

306 lines 11.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
/** * * This module contains public types and interfaces of the core package. * * ## Installation * * ```bash npm2yarn * npm install @auth/core * ``` * * You can then import this submodule from `@auth/core/types`. * * ## Usage * * Even if you don't use TypeScript, IDEs like VS Code will pick up types to provide you with a better developer experience. * While you are typing, you will get suggestions about what certain objects/functions look like, * and sometimes links to documentation, examples, and other valuable resources. * * Generally, you will not need to import types from this module. * Mostly when using the `Auth` function and optionally the `AuthConfig` interface, * everything inside there will already be typed. * * :::tip * Inside the `Auth` function, you won't need to use a single type from this module. * * @example * ```ts title=index.ts * import { Auth } from "@auth/core" * * const request = new Request("https://example.com") * const response = await Auth(request, { * callbacks: { * jwt(): JWT { // <-- This is unnecessary! * return { foo: "bar" } * }, * session( * { session, token }: { session: Session; token: JWT } // <-- This is unnecessary! * ) { * return session * }, * } * }) * ``` * ::: * * ## Resources * * - [TypeScript - The Basics](https://www.typescriptlang.org/docs/handbook/2/basic-types.html) * - [Extending built-in types](https://authjs.dev/getting-started/typescript#module-augmentation) * * @module types */ import type { CookieSerializeOptions } from "cookie"; import type { OAuth2TokenEndpointResponse, OpenIDTokenEndpointResponse } from "oauth4webapi"; import type { Cookie } from "./lib/utils/cookie.js"; import type { LoggerInstance } from "./lib/utils/logger.js"; import type { ProviderType } from "./providers/index.js"; export type { WebAuthnOptionsResponseBody } from "./lib/utils/webauthn-utils.js"; export type { AuthConfig } from "./index.js"; export type { LoggerInstance }; export type Awaitable<T> = T | PromiseLike<T>; export type Awaited<T> = T extends Promise<infer U> ? U : T; export type SemverString = `v${number}` | `v${number}.${number}` | `v${number}.${number}.${number}`; /** * Change the theme of the built-in pages. * * [Documentation](https://authjs.dev/reference/core#theme) | * [Pages](https://authjs.dev/guides/pages/signin) */ export interface Theme { colorScheme?: "auto" | "dark" | "light"; logo?: string; brandColor?: string; buttonText?: string; } /** * Different tokens returned by OAuth Providers. * Some of them are available with different casing, * but they refer to the same value. */ export type TokenSet = Partial<OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse> & { /** * Date of when the `access_token` expires in seconds. * This value is calculated from the `expires_in` value. * * @see https://www.ietf.org/rfc/rfc6749.html#section-4.2.2 */ expires_at?: number; }; /** * Usually contains information about the provider being used * and also extends `TokenSet`, which is different tokens returned by OAuth Providers. */ export interface Account extends Partial<OpenIDTokenEndpointResponse> { /** Provider's id for this account. Eg.: "google" */ provider: string; /** * This value depends on the type of the provider being used to create the account. * - oauth/oidc: The OAuth account's id, returned from the `profile()` callback. * - email: The user's email address. * - credentials: `id` returned from the `authorize()` callback */ providerAccountId: string; /** Provider's type for this account */ type: ProviderType; /** * id of the user this account belongs to * * @see https://authjs.dev/reference/core/adapters#adapteruser */ userId?: string; /** * Calculated value based on {@link OAuth2TokenEndpointResponse.expires_in}. * * It is the absolute timestamp (in seconds) when the {@link OAuth2TokenEndpointResponse.access_token} expires. * * This value can be used for implementing token rotation together with {@link OAuth2TokenEndpointResponse.refresh_token}. * * @see https://authjs.dev/guides/refresh-token-rotation#database-strategy * @see https://www.rfc-editor.org/rfc/rfc6749#section-5.1 */ expires_at?: number; } /** * The user info returned from your OAuth provider. * * @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims */ export interface Profile { id?: string | null; sub?: string | null; name?: string | null; given_name?: string | null; family_name?: string | null; middle_name?: string | null; nickname?: string | null; preferred_username?: string | null; profile?: string | null; picture?: string | null | any; website?: string | null; email?: string | null; email_verified?: boolean | null; gender?: string | null; birthdate?: string | null; zoneinfo?: string | null; locale?: string | null; phone_number?: string | null; updated_at?: Date | string | number | null; address?: { formatted?: string | null; street_address?: string | null; locality?: string | null; region?: string | null; postal_code?: string | null; country?: string | null; } | null; [claim: string]: unknown; } /** [Documentation](https://authjs.dev/reference/core#cookies) */ export interface CookieOption { name: string; options: CookieSerializeOptions; } /** [Documentation](https://authjs.dev/reference/core#cookies) */ export interface CookiesOptions { sessionToken: Partial<CookieOption>; callbackUrl: Partial<CookieOption>; csrfToken: Partial<CookieOption>; pkceCodeVerifier: Partial<CookieOption>; state: Partial<CookieOption>; nonce: Partial<CookieOption>; webauthnChallenge: Partial<CookieOption>; } /** TODO: Check if all these are used/correct */ export type ErrorPageParam = "Configuration" | "AccessDenied" | "Verification"; /** TODO: Check if all these are used/correct */ export type SignInPageErrorParam = "Signin" | "OAuthSignin" | "OAuthCallbackError" | "OAuthCreateAccount" | "EmailCreateAccount" | "Callback" | "OAuthAccountNotLinked" | "EmailSignin" | "CredentialsSignin" | "SessionRequired"; export interface PagesOptions { /** * The path to the sign in page. * * The optional "error" query parameter is set to * one of the {@link SignInPageErrorParam available} values. * * @default "/signin" */ signIn: string; signOut: string; /** * The path to the error page. * * The optional "error" query parameter is set to * one of the {@link ErrorPageParam available} values. * * @default "/error" */ error: string; verifyRequest: string; /** If set, new users will be directed here on first sign in */ newUser: string; } type ISODateString = string; export interface DefaultSession { user?: User; expires: ISODateString; } /** The active session of the logged in user. */ export interface Session extends DefaultSession { } /** * The shape of the returned object in the OAuth providers' `profile` callback, * available in the `jwt` and `session` callbacks, * or the second parameter of the `session` callback, when using a database. */ export interface User { id?: string; name?: string | null; email?: string | null; image?: string | null; } export interface PublicProvider { id: string; name: string; type: string; signinUrl: string; callbackUrl: string; } /** * Supported actions by Auth.js. Each action map to a REST API endpoint. * Some actions have a `GET` and `POST` variant, depending on if the action * changes the state of the server. * * - **`"callback"`**: * - **`GET`**: Handles the callback from an [OAuth provider](https://authjs.dev/reference/core/providers#oauth2configprofile). * - **`POST`**: Handles the callback from a [Credentials provider](https://authjs.dev/getting-started/providers/credentials#credentialsconfigcredentialsinputs). * - **`"csrf"`**: Returns the raw CSRF token, which is saved in a cookie (encrypted). * It is used for CSRF protection, implementing the [double submit cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) technique. * :::note * Some frameworks have built-in CSRF protection and can therefore disable this action. In this case, the corresponding endpoint will return a 404 response. Read more at [`skipCSRFCheck`](https://authjs.dev/reference/core#skipcsrfcheck). * _⚠ We don't recommend manually disabling CSRF protection, unless you know what you're doing._ * ::: * - **`"error"`**: Renders the built-in error page. * - **`"providers"`**: Returns a client-safe list of all configured providers. * - **`"session"`**: * - **`GET`**: Returns the user's session if it exists, otherwise `null`. * - **`POST`**: Updates the user's session and returns the updated session. * - **`"signin"`**: * - **`GET`**: Renders the built-in sign-in page. * - **`POST`**: Initiates the sign-in flow. * - **`"signout"`**: * - **`GET`**: Renders the built-in sign-out page. * - **`POST`**: Initiates the sign-out flow. This will invalidate the user's session (deleting the cookie, and if there is a session in the database, it will be deleted as well). * - **`"verify-request"`**: Renders the built-in verification request page. * - **`"webauthn-options"`**: * - **`GET`**: Returns the options for the WebAuthn authentication and registration flows. */ export type AuthAction = "callback" | "csrf" | "error" | "providers" | "session" | "signin" | "signout" | "verify-request" | "webauthn-options"; export interface ResponseInternal<Body extends string | Record<string, any> | any[] | null = any> { status?: number; headers?: Headers | HeadersInit; body?: Body; redirect?: string; cookies?: Cookie[]; } /** * A webauthn authenticator. * Represents an entity capable of authenticating the account it references, * and contains the auhtenticator's credentials and related information. * * @see https://www.w3.org/TR/webauthn/#authenticator */ export interface Authenticator { /** * ID of the user this authenticator belongs to. */ userId?: string; /** * The provider account ID connected to the authenticator. */ providerAccountId: string; /** * Number of times the authenticator has been used. */ counter: number; /** * Whether the client authenticator backed up the credential. */ credentialBackedUp: boolean; /** * Base64 encoded credential ID. */ credentialID: string; /** * Base64 encoded credential public key. */ credentialPublicKey: string; /** * Concatenated transport flags. */ transports?: string | null; /** * Device type of the authenticator. */ credentialDeviceType: string; } //# sourceMappingURL=types.d.ts.map