add /api/auth/tokens endpoint to return oauth tokens #513
Conversation
When using a provider that uses Token ID option (like Apple) a user hitting cancel with no longer cause the app to crash. Users who do this will now be taken back to the sign in page. This was already working for other providers that didn't use this option but wasn't supported for providers that did use it.
…er name on first sign in
* add: marquee provider section * fix: lint * update: adjust node sizes * fix: window undefined SSR * fix: path to imgs Co-authored-by: Iain Collins <[email protected]>
Includes breaking changes for v3 and updates to documentation. If using the client, the only required change should be setting the NEXTAUTH_URL environment variable.
Passing a redirect function like this is a bit horrible, but is less horrible than before.
* clientMaxAge now passive * clientPollInterval added (works like old clientMaxAge) * poll intervals uses timer (more efficent) * updates state on window focus/blur
Improves how well syncing client state is handled and how well caching is leveraged. Reduces network load, cpu load and memory footprint.
This should never be called server side, but just in case someone calls setOptions server side this prevents it from being invoked at all.
* This is a breaking change in v3 * Includes updated documentation
Unproven, but should fix nextauthjs#395 and improve middleware compatibility.
Accidentally squashed a couple of lines in OAuth callback.
Includes some linter fixes
* Adds option to disable encryption * Easy to add custom helper * Removed getJWT helper * Added getToken helper * Helper does not fallback to trying non-prefixed cookie on HTTPS sites * Supports bearer tokens in HTTP header on helper nextauthjs#397
Now that we are going to expose the option to disable encryption on tokens we need to enforce the algorithm is valid (e.g. not 'None' or 'RSA') to prevent vultrabilties being exploited by tampering with the token. Custom encode/decode routines can be specified if someone needs to use another algorithm.
A method to retrieve OAuth tokens from the database was needed in order to use them with third-party APIs as Bearer tokens.
A method to retrieve OAuth tokens from the database was needed in order to use them with third-party APIs as Bearer tokens.
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/nextauthjs/next-auth/g9aprnqba |
|
Thanks @tomvoss! I'm not quite sure what has gone on all with the commit history in the meantime but am happy to sort that out by rebasing / merging to another branch first :-) Will follow on this in the next view days. Much appreciated! |
|
I hope it's okay if I request a status update on token refreshing? Feel free to tell me "where to go" ;) if appropriate. Thanks in advance. |
|
@iaincollins is there anything I can do to help getting this merged? |
|
Hi @tomvoss! I am going through PRs and trying to get them merged. There are some conflicts with this one. Could you please look at them and fix, so we can get this out on our new |
|
I'll try to find some time to look at this, but it might not happen for some time. If someone else could jump in and help out it would be much appreciated. |
8 participants
A method to retrieve OAuth tokens from the database was needed in order to use them with third-party APIs as Bearer tokens.
As @iaincollins requested in the original pull request, I have opened a new pull request against
mainon the official organization account for next-auth.