Skip to main content

providers/oauth

OAuth2Config​

TODO: Document

Type parameters​

  • Profile

Properties​

id​

id: string

Identifies the provider when you want to sign in to a specific provider.

Example​
signIn("github"); // "github" is the provider ID
Overrides​

CommonProviderOptions.id

name​

name: string

The name of the provider. shown on the default sign in page.

Overrides​

CommonProviderOptions.name

account?​

account: AccountCallback

Receives the full TokenSet returned by the OAuth provider, and returns a subset. It is used to create the account associated with a user in the database.

Defaults to: access_token and id_token

See​

allowDangerousEmailAccountLinking?​

allowDangerousEmailAccountLinking: boolean

Normally, when you sign in with an OAuth provider and another account with the same email address already exists, the accounts are not linked automatically.

Automatic account linking on sign in is not secure between arbitrary providers and is disabled by default. Learn more in our Security FAQ.

However, it may be desirable to allow automatic account linking if you trust that the provider involved has securely verified the email address associated with the account. Set allowDangerousEmailAccountLinking: true to enable automatic account linking.

authorization?​

authorization: string | AuthorizationEndpointHandler

The login process will be initiated by sending the user to this URL.

Authorization endpoint

checks?​

checks: ("none" | "state" | "pkce")[]

The CSRF protection performed on the callback endpoint.

Default​
["pkce"];
Note​

When redirectProxyUrl or AuthConfig.redirectProxyUrl is set, "state" will be added to checks automatically.

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |

client?​

client: Partial<Client>

Pass overrides to the underlying OAuth library. See oauth4webapi client for details.

profile?​

profile: ProfileCallback<Profile>

Receives the full Profile returned by the OAuth provider, and returns a subset. It is used to create the user in the database.

Defaults to: id, email, name, image

See​

Database Adapter: User model

wellKnown?​

wellKnown: string

OpenID Connect (OIDC) compliant providers can configure this instead of authorize/token/userinfo options without further configuration needed in most cases. You can still use the authorize/token/userinfo options for advanced control.

Authorization Server Metadata


OIDCConfig​

Extension of the OAuth2Config.

See​

https://openid.net/specs/openid-connect-core-1_0.html

Type parameters​

  • Profile

Properties​

id​

id: string

Identifies the provider when you want to sign in to a specific provider.

Example​
signIn("github"); // "github" is the provider ID
Inherited from​

Omit.id

name​

name: string

The name of the provider. shown on the default sign in page.

Inherited from​

Omit.name

account?​

account: AccountCallback

Receives the full TokenSet returned by the OAuth provider, and returns a subset. It is used to create the account associated with a user in the database.

Defaults to: access_token and id_token

See​
Inherited from​

Omit.account

allowDangerousEmailAccountLinking?​

allowDangerousEmailAccountLinking: boolean

Normally, when you sign in with an OAuth provider and another account with the same email address already exists, the accounts are not linked automatically.

Automatic account linking on sign in is not secure between arbitrary providers and is disabled by default. Learn more in our Security FAQ.

However, it may be desirable to allow automatic account linking if you trust that the provider involved has securely verified the email address associated with the account. Set allowDangerousEmailAccountLinking: true to enable automatic account linking.

Inherited from​

Omit.allowDangerousEmailAccountLinking

authorization?​

authorization: string | AuthorizationEndpointHandler

The login process will be initiated by sending the user to this URL.

Authorization endpoint

Inherited from​

Omit.authorization

client?​

client: Partial<Client>

Pass overrides to the underlying OAuth library. See oauth4webapi client for details.

Inherited from​

Omit.client

profile?​

profile: ProfileCallback<Profile>

Receives the full Profile returned by the OAuth provider, and returns a subset. It is used to create the user in the database.

Defaults to: id, email, name, image

See​

Database Adapter: User model

Inherited from​

Omit.profile

wellKnown?​

wellKnown: string

OpenID Connect (OIDC) compliant providers can configure this instead of authorize/token/userinfo options without further configuration needed in most cases. You can still use the authorize/token/userinfo options for advanced control.

Authorization Server Metadata

Inherited from​

Omit.wellKnown