providers
Type Aliasesβ
EndpointHandlerβ
<
P,C,R>AdvancedEndpointHandler<P,C,R>
Either an URL (containing all the parameters) or an object with more granular control.
Type parametersβ
PextendsUrlParamsC=anyR=any
Providerβ
<
P>OIDCConfig<P> |OAuth2Config<P> |EmailConfig|CredentialsConfig& {
}
Must be a supported authentication provider config:
- OAuthConfig
- EmailConfigInternal
- CredentialsConfigInternal
For more information, see the guides:
Seeβ
Type parametersβ
ProviderTypeβ
"oidc"|"oauth"|"email"|"credentials"
Providers passed to Auth.js must define one of these types.
Seeβ
- RFC 6749 - The OAuth 2.0 Authorization Framework
- OpenID Connect Core 1.0
- Email or Passwordless Authentication
- Credentials-based Authentication
Interfacesβ
CommonProviderOptionsβ
Shared across all ProviderType
Propertiesβ
idβ
string
Uniquely identifies the provider in AuthConfig.providers It's also part of the URL
nameβ
string
The provider name used on the default sign-in page's sign-in button. For example if it's "Google", the corresponding button will say: "Sign in with Google"
typeβ
See ProviderType
OAuth2Configβ
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn('github') // "github" is the provider ID
Overrides: CommonProviderOptions.id
nameβ
string
The name of the provider. shown on the default sign in page.
Overrides: CommonProviderOptions.name
allowDangerousEmailAccountLinking?β
boolean
authorization?β
string|AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
checks?β
(
"none"|"state"|"nonce"|"pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |
client?β
Partial<Client>
Pass overrides to the underlying OAuth library.
See oauth4webapi client for details.
profile?β
ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
wellKnown?β
string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
OIDCConfigβ
TODO:
Type parametersβ
Profile
Propertiesβ
idβ
string
Identifies the provider when you want to sign in to a specific provider.
Exampleβ
signIn('github') // "github" is the provider ID
Inherited from: Omit.id
nameβ
string
The name of the provider. shown on the default sign in page.
Inherited from: Omit.name
allowDangerousEmailAccountLinking?β
boolean
Inherited from: Omit.allowDangerousEmailAccountLinking
authorization?β
string|AuthorizationEndpointHandler
The login process will be initiated by sending the user to this URL.
Inherited from: Omit.authorization
checks?β
(
"none"|"state"|"nonce"|"pkce")[]
The CSRF protection performed on the callback endpoint.
Defaultβ
["pkce"]
RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |
Inherited from: Omit.checks
client?β
Partial<Client>
Pass overrides to the underlying OAuth library.
See oauth4webapi client for details.
Inherited from: Omit.client
profile?β
ProfileCallback<Profile>
Receives the profile object returned by the OAuth provider, and returns the user object.
This will be used to create the user in the database.
Defaults to: id, email, name, image
Inherited from: Omit.profile
wellKnown?β
string
OpenID Connect (OIDC) compliant providers can configure
this instead of authorize/token/userinfo options
without further configuration needed in most cases.
You can still use the authorize/token/userinfo
options for advanced control.
Inherited from: Omit.wellKnown