fix: improve client-side submodules (#12249)

* fix: improve TS and allow `redirect: false` for client `signIn` + OAuth

* drop auto-generated file

* fix solid-start signIn

* fix sveltekit

* more tweak sveltekit

Author: balazsorban44

.gitignore

@@ -87,7 +87,7 @@ docs/.next
 docs/manifest.mjs
 
 # Core
-packages/core/src/providers/oauth-types.ts
+packages/core/src/providers/provider-types.ts
 packages/core/lib
 packages/core/providers
 packages/core/src/lib/pages/styles.ts

.prettierignore

@@ -32,7 +32,7 @@ packages/**/*.js
 !packages/*/scripts/*.js
 
 # @auth/core
-packages/core/src/providers/oauth-types.ts
+packages/core/src/providers/provider-types.ts
 packages/core/src/lib/pages/styles.ts
 
 # @auth/sveltekit
@@ -43,7 +43,7 @@ packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*
 packages/frameworks-express/providers
 
 # next-auth
-packages/next-auth/src/providers/oauth-types.ts
+packages/next-auth/src/providers/provider-types.ts
 packages/next-auth/css/index.css
 
 # Adapters

apps/dev/nextjs/app/client.tsx

@@ -34,7 +34,11 @@ export default function Client() {
           ) : (
             <>
               <button onClick={() => signIn("github")}>Sign in GitHub</button>
-              <button onClick={() => signIn("credentials", {})}>
+              <button
+                onClick={async () => {
+                  await signIn("webauthn", {})
+                }}
+              >
                 Sign in Credentials
               </button>
             </>

apps/dev/nextjs/auth.ts

@@ -1,7 +1,7 @@
 import NextAuth from "next-auth"
-import type { NextAuthConfig } from "next-auth"
 import Credentials from "next-auth/providers/credentials"
 import Keycloak from "next-auth/providers/keycloak"
+import GitHub from "next-auth/providers/github"
 
 // import { PrismaClient } from "@prisma/client"
 // import { PrismaAdapter } from "@auth/prisma-adapter"
@@ -66,8 +66,10 @@ export const { handlers, auth, signIn, signOut, unstable_update } = NextAuth({
         }
       },
     }),
+    GitHub,
     Keycloak,
   ],
+
   callbacks: {
     jwt({ token, trigger, session }) {
       if (trigger === "update") token.name = session.user.name

eslint.config.mjs

@@ -164,7 +164,7 @@ export default tsEslint.config(
       "static",
       "coverage",
       "dist",
-      "packages/core/src/providers/oauth-types.ts",
+      "packages/core/src/providers/provider-types.ts",
       "packages/core/src/lib/pages/styles.ts",
       "packages/frameworks-sveltekit/package",
       "packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*",

packages/core/scripts/generate-providers.js

@@ -5,17 +5,50 @@ const providersPath = join(process.cwd(), "src/providers")
 
 const files = readdirSync(providersPath, "utf8")
 
-const nonOAuthFile = ["oauth-types", "oauth", "index", "email", "credentials"]
-const providers = files
-  .map((file) => {
-    const strippedProviderName = file.substring(0, file.indexOf("."))
-    return `"${strippedProviderName}"`
-  })
-  .filter((provider) => !nonOAuthFile.includes(provider.replace(/"/g, "")))
-
-const result = `
+// TODO: Autogenerate
+const emailProvidersFile = [
+  "email",
+  "forwardemail",
+  "mailgun",
+  "nodemailer",
+  "passkey",
+  "postmark",
+  "resend",
+  "sendgrid",
+]
+
+// TODO: Autogenerate
+const nonOAuthFile = [
+  "provider-types",
+  "oauth",
+  "index",
+  // Credentials
+  "credentials",
+  // Webauthn
+  "webauthn",
+  // Email providers
+  ...emailProvidersFile,
+]
+
+const providers = files.map((file) => {
+  const strippedProviderName = file.substring(0, file.indexOf("."))
+  return `"${strippedProviderName}"`
+})
+
+const oauthProviders = providers.filter(
+  (provider) => !nonOAuthFile.includes(provider.replace(/"/g, ""))
+)
+
+const emailProviders = providers.filter((provider) =>
+  emailProvidersFile.includes(provider.replace(/"/g, ""))
+)
+
+const content = `
 // THIS FILE IS AUTOGENERATED. DO NOT EDIT.
-export type OAuthProviderType = 
-  | ${providers.join("\n  | ")}`
+export type OAuthProviderId = 
+  | ${oauthProviders.join("\n  | ")}
+
+export type EmailProviderId = 
+  | ${emailProviders.join("\n  | ")}`
 
-writeFileSync(join(providersPath, "oauth-types.ts"), result)
+writeFileSync(join(providersPath, "provider-types.ts"), content)

packages/core/src/providers/credentials.ts

@@ -74,7 +74,7 @@ export interface CredentialsConfig<
   ) => Awaitable<User | null>
 }
 
-export type CredentialsProviderType = "Credentials"
+export type CredentialsProviderId = "credentials"
 
 /**
  * The Credentials provider allows you to handle signing in with arbitrary credentials,

packages/core/src/providers/email.ts

@@ -1,5 +1,6 @@
 import type { CommonProviderOptions } from "./index.js"
 import type { Awaitable, Theme } from "../types.js"
+export type { EmailProviderId } from "./provider-types.js"
 
 // TODO: Kepts for backwards compatibility
 // Remove this import and encourage users
@@ -22,13 +23,9 @@ export default function Email(config: NodemailerUserConfig): NodemailerConfig {
   }
 }
 
-// TODO: Rename to Token provider
-// when started working on https://github.com/nextauthjs/next-auth/discussions/1465
-export type EmailProviderType = "email"
-
 export interface EmailConfig extends CommonProviderOptions {
   id: string
-  type: EmailProviderType
+  type: "email"
   name: string
   from?: string
   maxAge?: number

packages/core/src/providers/index.ts

@@ -1,15 +1,12 @@
 import type { Profile } from "../types.js"
 import CredentialsProvider from "./credentials.js"
-import type {
-  CredentialsConfig,
-  CredentialsProviderType,
-} from "./credentials.js"
+import type { CredentialsConfig, CredentialsProviderId } from "./credentials.js"
 import type EmailProvider from "./email.js"
-import type { EmailConfig, EmailProviderType } from "./email.js"
+import type { EmailConfig, EmailProviderId } from "./email.js"
 import type {
   OAuth2Config,
   OAuthConfig,
-  OAuthProviderType,
+  OAuthProviderId,
   OIDCConfig,
 } from "./oauth.js"
 import type { WebAuthnConfig, WebAuthnProviderType } from "./webauthn.js"
@@ -91,11 +88,11 @@ export type Provider<P extends Profile = any> = (
   InternalProviderOptions
 
 export type BuiltInProviders = Record<
-  OAuthProviderType,
+  OAuthProviderId,
   (config: Partial<OAuthConfig<any>>) => OAuthConfig<any>
 > &
-  Record<CredentialsProviderType, typeof CredentialsProvider> &
-  Record<EmailProviderType, typeof EmailProvider> &
+  Record<CredentialsProviderId, typeof CredentialsProvider> &
+  Record<EmailProviderId, typeof EmailProvider> &
   Record<
     WebAuthnProviderType,
     (config: Partial<WebAuthnConfig>) => WebAuthnConfig
@@ -110,9 +107,9 @@ export interface AppProvider extends CommonProviderOptions {
   callbackUrl: string
 }
 
-export type RedirectableProviderType = "email" | "credentials"
-
-export type BuiltInProviderType =
-  | RedirectableProviderType
-  | OAuthProviderType
+export type ProviderId =
+  | CredentialsProviderId
+  | EmailProviderId
+  | OAuthProviderId
   | WebAuthnProviderType
+  | (string & {}) // HACK: To allow user-defined providers in `signIn`

packages/core/src/providers/oauth.ts

@@ -11,7 +11,7 @@ type IssuerMetadata = any
 type OAuthCallbackChecks = any
 type OpenIDCallbackChecks = any
 
-export type { OAuthProviderType } from "./oauth-types.js"
+export type { OAuthProviderId } from "./provider-types.js"
 
 export type OAuthChecks = OpenIDCallbackChecks | OAuthCallbackChecks
 

packages/frameworks-solid-start/src/client.ts

@@ -1,19 +1,30 @@
-import type {
-  BuiltInProviderType,
-  RedirectableProviderType,
-} from "@auth/core/providers"
+import type { ProviderId } from "@auth/core/providers"
 
-type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>)
-
-interface SignInOptions extends Record<string, unknown> {
+interface SignInOptions<Redirect extends boolean = true>
+  extends Record<string, unknown> {
+  /** @deprecated Use `redirectTo` instead. */
+  callbackUrl?: string
   /**
-   * Specify to which URL the user will be redirected after signing in. Defaults to the page URL the sign-in is initiated from.
+   * Specify where the user should be redirected to after a successful signin.
    *
-   * [Documentation](https://next-auth.js.org/getting-started/client#specifying-a-callbackurl)
+   * By default, it is the page the sign-in was initiated from.
    */
-  callbackUrl?: string
-  /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option) */
-  redirect?: boolean
+  redirectTo?: string
+  /**
+   * You might want to deal with the signin response on the same page, instead of redirecting to another page.
+   * For example, if an error occurs (like wrong credentials given by the user), you might want to show an inline error message on the input field.
+   *
+   * For this purpose, you can set this to option `redirect: false`.
+   */
+  redirect?: Redirect
+}
+
+export interface SignInResponse {
+  error: string | undefined
+  code: string | undefined
+  status: number
+  ok: boolean
+  url: string | null
 }
 
 interface SignOutParams<R extends boolean = true> {
@@ -41,59 +52,81 @@ export type SignInAuthorizationParams =
  * signIn("provider") // example: signIn("github")
  * ```
  */
-export async function signIn<
-  P extends RedirectableProviderType | undefined = undefined,
->(
-  providerId?: LiteralUnion<
-    P extends RedirectableProviderType
-      ? P | BuiltInProviderType
-      : BuiltInProviderType
-  >,
-  options?: SignInOptions,
+
+/**
+ * Initiates a signin flow or sends the user to the signin page listing all possible providers.
+ * Handles CSRF protection.
+ *
+ * @note This method can only be used from Client Components ("use client" or Pages Router).
+ * For Server Actions, use the `signIn` method imported from the `auth` config.
+ */
+export async function signIn(
+  provider?: ProviderId,
+  options?: SignInOptions<true>,
   authorizationParams?: SignInAuthorizationParams
-) {
-  const { callbackUrl = window.location.href, redirect = true } = options ?? {}
+): Promise<void>
+export async function signIn(
+  provider?: ProviderId,
+  options?: SignInOptions<false>,
+  authorizationParams?: SignInAuthorizationParams
+): Promise<SignInResponse>
+export async function signIn<Redirect extends boolean = true>(
+  provider?: ProviderId,
+  options?: SignInOptions<Redirect>,
+  authorizationParams?: SignInAuthorizationParams
+): Promise<SignInResponse | void> {
+  const { callbackUrl, ...rest } = options ?? {}
+  const {
+    redirect = true,
+    redirectTo = callbackUrl ?? window.location.href,
+    ...signInParams
+  } = rest
 
-  // TODO: Support custom providers
-  const isCredentials = providerId === "credentials"
-  const isEmail = providerId === "email"
-  const isSupportingReturn = isCredentials || isEmail
+  const isCredentials = provider === "credentials"
 
-  // TODO: Handle custom base path
   const signInUrl = `/api/auth/${
     isCredentials ? "callback" : "signin"
-  }/${providerId}`
-
-  const _signInUrl = `${signInUrl}?${new URLSearchParams(authorizationParams)}`
+  }/${provider}`
 
   // TODO: Handle custom base path
   const csrfTokenResponse = await fetch("/api/auth/csrf")
   const { csrfToken } = await csrfTokenResponse.json()
+  const res = await fetch(
+    `${signInUrl}?${new URLSearchParams(authorizationParams)}`,
+    {
+      method: "post",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "X-Auth-Return-Redirect": "1",
+      },
+      body: new URLSearchParams({
+        ...signInParams,
+        csrfToken,
+        callbackUrl: redirectTo,
+      }),
+    }
+  )
 
-  const res = await fetch(_signInUrl, {
-    method: "post",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-      "X-Auth-Return-Redirect": "1",
-    },
-    // @ts-ignore
-    body: new URLSearchParams({
-      ...options,
-      csrfToken,
-      callbackUrl,
-    }),
-  })
+  const data = await res.json()
 
-  const data = await res.clone().json()
-  const error = new URL(data.url).searchParams.get("error")
-  if (redirect || !isSupportingReturn || !error) {
-    // TODO: Do not redirect for Credentials and Email providers by default in next major
-    window.location.href = data.url ?? data.redirect ?? callbackUrl
+  if (redirect) {
+    const url = data.url ?? redirectTo
+    window.location.href = url
     // If url contains a hash, the browser does not reload the page. We reload manually
-    if (data.url.includes("#")) window.location.reload()
+    if (url.includes("#")) window.location.reload()
     return
   }
-  return res
+
+  const error = new URL(data.url).searchParams.get("error") ?? undefined
+  const code = new URL(data.url).searchParams.get("code") ?? undefined
+
+  return {
+    error,
+    code,
+    status: res.status,
+    ok: res.ok,
+    url: error ? null : data.url,
+  }
 }
 
 /**