-
-
Notifications
You must be signed in to change notification settings - Fork 88
Conversation
@@unique([providerId, providerAccountId]) | ||
type String | ||
provider String | ||
refresh_token String? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: is there a reason why some fields are in snake_case now? Prisma's docs use camelCase for their examples, and this seems to be true of most Prisma codebases I've seen.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly because the OAuth spec defines these as snake_case, and I thought it would make things easier if we just forward them "as-is". Using openid-client
under the hood: https://www.npmjs.com/package/openid-client
TODO: Update test suite |
Hey I mentioned I was doing some work with prisma myself lately, right. Well I finally ran into the usecase of the I think that's only for defining fields to lookup by, that doesn't do anything in the actual db schema to make a union primary key or anything like that. I think in prisma we might be good in terms of that security issue, as the table / model doesn't have any other keys to lookup by. So it has to be queried by this combination of fields. But definitely something to keep in mind for other adapters, this will probably need an additional custom union primary key of the two fields and probably some logic in the adapter if I understood you and the security issue correctly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Based on nextauthjs/next-auth#2361
This PR also removes the
prisma-legacy
adapter entirely, so we can focus on a single one moving forward. Having two versions caused a fair amount of confusion anyway.