From 6aa4c441b32b46cc121b9525fd60ed95cd4ac0f5 Mon Sep 17 00:00:00 2001 From: Nico Domino Date: Fri, 12 Apr 2024 18:47:58 +0200 Subject: [PATCH] chore(core): update links in typedocs to new docs URLs (#10560) --- packages/core/src/adapters.ts | 62 +++++++++++++++++----------------- packages/core/src/errors.ts | 26 +++++++------- packages/core/src/index.ts | 6 ++-- packages/core/src/jwt.ts | 8 ++--- packages/core/src/lib/index.ts | 4 +-- packages/core/src/types.ts | 27 ++++++--------- 6 files changed, 64 insertions(+), 69 deletions(-) diff --git a/packages/core/src/adapters.ts b/packages/core/src/adapters.ts index 412ea8039c..a295a24f5e 100644 --- a/packages/core/src/adapters.ts +++ b/packages/core/src/adapters.ts @@ -6,7 +6,7 @@ * This module contains utility functions and types to create an Auth.js compatible adapter. * * Auth.js supports 2 session strategies to persist the login state of a user. - * The default is to use a cookie + {@link https://authjs.dev/concepts/session-strategies#jwt JWT} + * The default is to use a cookie + {@link https://authjs.dev/concepts/session-strategies#jwt-session JWT} * based session store (`strategy: "jwt"`), * but you can also use a database adapter to store the session in a database. * @@ -143,21 +143,20 @@ * * ### Token rotation * - * Auth.js _currently_ does not support {@link https://authjs.dev/concepts/oauth#token-rotation `access_token` rotation} out of the box. + * Auth.js _currently_ does not support {@link https://authjs.dev/concepts/oauth `access_token` rotation} out of the box. * The necessary information (`refresh_token`, expiry, etc.) is being stored in the database, but the logic to rotate the token is not implemented * in the core library. - * [This guide](https://authjs.dev/guides/basics/refresh-token-rotation#database-strategy) should provide the necessary steps to do this in user land. + * [This guide](https://authjs.dev/guides/refresh-token-rotation#database-strategy) should provide the necessary steps to do this in user land. * * ### Federated logout * - * Auth.js _currently_ does not support {@link https://authjs.dev/concepts/oauth#federated-logout federated logout} out of the box. + * Auth.js _currently_ does not support federated logout out of the box. * This means that even if an active session is deleted from the database, the user will still be signed in to the identity provider, * they will only be signed out of the application. * Eg. if you use Google as an identity provider, and you delete the session from the database, * the user will still be signed in to Google, but they will be signed out of your application. * * If your users might be using the application from a publicly shared computer (eg: library), you might want to implement federated logout. - * {@link https://authjs.dev/guides/providers/federated-logout This guide} should provide the necessary steps. * * @module adapters */ @@ -180,7 +179,7 @@ export interface AdapterUser extends User { /** The user's email address. */ email: string /** - * Whether the user has verified their email address via an [Email provider](https://authjs.dev/reference/core/providers/email). + * Whether the user has verified their email address via an [Email provider](https://authjs.dev/getting-started/authentication/email). * It is `null` if the user has not signed in with the Email provider yet, or the date of the first successful signin. */ emailVerified: Date | null @@ -191,7 +190,7 @@ export interface AdapterUser extends User { * * There are two types of accounts: * - OAuth/OIDC accounts, which are created when a user signs in with an OAuth provider. - * - Email accounts, which are created when a user signs in with an [Email provider](https://authjs.dev/reference/core/providers/email). + * - Email accounts, which are created when a user signs in with an [Email provider](https://authjs.dev/getting-started/authentication/email). * * One user can have multiple accounts. */ @@ -228,7 +227,7 @@ export interface AdapterSession { /** * A verification token is a temporary token that is used to sign in a user via their email address. - * It is created when a user signs in with an [Email provider](https://authjs.dev/reference/core/providers/email). + * It is created when a user signs in with an [Email provider](https://authjs.dev/getting-started/authentication/email). * When the user clicks the link in the email, the token and email is sent back to the server * where it is hashed and compared to the value in the database. * If the tokens and emails match, and the token hasn't expired yet, the user is signed in. @@ -240,7 +239,7 @@ export interface VerificationToken { /** The absolute date when the token expires. */ expires: Date /** - * A [hashed](https://authjs.dev/concepts/hashing) token, using the `AuthConfig.secret` value. + * A [hashed](https://en.wikipedia.org/wiki/Hash_function) token, using the `AuthConfig.secret` value. */ token: string } @@ -276,25 +275,25 @@ export interface Adapter { /** * Creates a user in the database and returns it. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ createUser?(user: AdapterUser): Awaitable /** * Returns a user from the database via the user id. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ getUser?(id: string): Awaitable /** * Returns a user from the database via the user's email address. * - * See also [Verification tokens](https://authjs.dev/guides/adapters/creating-a-database-adapter#verification-tokens) + * See also [Verification tokens](https://authjs.dev/guides/creating-a-database-adapter#verification-tokens) */ getUserByEmail?(email: string): Awaitable /** * Using the provider id and the id of the user for a specific account, get the user. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ getUserByAccount?( providerAccountId: Pick @@ -302,7 +301,7 @@ export interface Adapter { /** * Updates a user in the database and returns it. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ updateUser?( user: Partial & Pick @@ -310,7 +309,7 @@ export interface Adapter { /** * @todo This method is currently not invoked yet. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ deleteUser?( userId: string @@ -319,7 +318,7 @@ export interface Adapter { * This method is invoked internally (but optionally can be used for manual linking). * It creates an [Account](https://authjs.dev/reference/core/adapters#models) in the database. * - * See also [User management](https://authjs.dev/guides/adapters/creating-a-database-adapter#user-management) + * See also [User management](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ linkAccount?( account: AdapterAccount @@ -331,7 +330,7 @@ export interface Adapter { /** * Creates a session for the user and returns it. * - * See also [Database Session management](https://authjs.dev/guides/adapters/creating-a-database-adapter#database-session-management) + * See also [Database Session management](https://authjs.dev/guides/creating-a-database-adapter#database-session-management) */ createSession?(session: { sessionToken: string @@ -345,7 +344,7 @@ export interface Adapter { * If the database supports joins, it's recommended to reduce the number of database queries. * ::: * - * See also [Database Session management](https://authjs.dev/guides/adapters/creating-a-database-adapter#database-session-management) + * See also [Database Session management](https://authjs.dev/guides/creating-a-database-adapter#database-session-management) */ getSessionAndUser?( sessionToken: string @@ -353,7 +352,7 @@ export interface Adapter { /** * Updates a session in the database and returns it. * - * See also [Database Session management](https://authjs.dev/guides/adapters/creating-a-database-adapter#database-session-management) + * See also [Database Session management](https://authjs.dev/guides/creating-a-database-adapter#database-session-management) */ updateSession?( session: Partial & Pick @@ -362,7 +361,7 @@ export interface Adapter { * Deletes a session from the database. It is preferred that this method also * returns the session that is being deleted for logging purposes. * - * See also [Database Session management](https://authjs.dev/guides/adapters/creating-a-database-adapter#database-session-management) + * See also [Database Session management](https://authjs.dev/guides/creating-a-database-adapter#database-session-management) */ deleteSession?( sessionToken: string @@ -370,7 +369,7 @@ export interface Adapter { /** * Creates a verification token and returns it. * - * See also [Verification tokens](https://authjs.dev/guides/adapters/creating-a-database-adapter#verification-tokens) + * See also [Verification tokens](https://authjs.dev/guides/creating-a-database-adapter#verification-tokens) */ createVerificationToken?( verificationToken: VerificationToken @@ -379,7 +378,7 @@ export interface Adapter { * Return verification token from the database and deletes it * so it can only be used once. * - * See also [Verification tokens](https://authjs.dev/guides/adapters/creating-a-database-adapter#verification-tokens) + * See also [Verification tokens](https://authjs.dev/guides/creating-a-database-adapter#verification-tokens) */ useVerificationToken?(params: { identifier: string @@ -387,23 +386,24 @@ export interface Adapter { }): Awaitable /** * Get account by provider account id and provider. - * + * * If an account is not found, the adapter must return `null`. */ getAccount?( - providerAccountId: AdapterAccount["providerAccountId"], provider: AdapterAccount["provider"] + providerAccountId: AdapterAccount["providerAccountId"], + provider: AdapterAccount["provider"] ): Awaitable /** * Returns an authenticator from its credentialID. - * + * * If an authenticator is not found, the adapter must return `null`. */ getAuthenticator?( - credentialID: AdapterAuthenticator['credentialID'] + credentialID: AdapterAuthenticator["credentialID"] ): Awaitable /** * Create a new authenticator. - * + * * If the creation fails, the adapter must throw an error. */ createAuthenticator?( @@ -416,16 +416,16 @@ export interface Adapter { * If the retrieval fails for some other reason, the adapter must throw an error. */ listAuthenticatorsByUserId?( - userId: AdapterAuthenticator['userId'] + userId: AdapterAuthenticator["userId"] ): Awaitable /** * Updates an authenticator's counter. - * + * * If the update fails, the adapter must throw an error. */ updateAuthenticatorCounter?( - credentialID: AdapterAuthenticator['credentialID'], - newCounter: AdapterAuthenticator['counter'] + credentialID: AdapterAuthenticator["credentialID"], + newCounter: AdapterAuthenticator["counter"] ): Awaitable } diff --git a/packages/core/src/errors.ts b/packages/core/src/errors.ts index 8eca4d5acb..faead47c5e 100644 --- a/packages/core/src/errors.ts +++ b/packages/core/src/errors.ts @@ -118,7 +118,7 @@ export class AccessDenied extends AuthError { * ``` * ::: * - * For an [OAuth provider](https://authjs.dev/reference/core/providers/oauth), possible causes are: + * For an [OAuth provider](https://authjs.dev/getting-started/authentication/oauth), possible causes are: * - The user denied access to the application * - There was an error parsing the OAuth Profile: * Check out the provider's `profile` or `userinfo.request` method to make sure @@ -126,7 +126,7 @@ export class AccessDenied extends AuthError { * - The `signIn` or `jwt` callback methods threw an uncaught error: * Check the callback method implementations. * - * For an [Email provider](https://authjs.dev/reference/core/providers/email), possible causes are: + * For an [Email provider](https://authjs.dev/getting-started/authentication/email), possible causes are: * - The provided email/token combination was invalid/missing: * Check if the provider's `sendVerificationRequest` method correctly sends the email. * - The provided email/token combination has expired: @@ -134,7 +134,7 @@ export class AccessDenied extends AuthError { * - There was an error with the database: * Check the database logs. * - * For a [Credentials provider](https://authjs.dev/reference/core/providers/credentials), possible causes are: + * For a [Credentials provider](https://authjs.dev/getting-started/authentication/credentials), possible causes are: * - The `authorize` method threw an uncaught error: * Check the provider's `authorize` method. * - The `signIn` or `jwt` callback methods threw an uncaught error: @@ -155,7 +155,7 @@ export class CallbackRouteError extends AuthError { * * To fix this, make sure that the `error` page does not require authentication. * - * Learn more at [Guide: Error pages](https://authjs.dev/guides/basics/pages) + * Learn more at [Guide: Error pages](https://authjs.dev/guides/pages/error) */ export class ErrorPageLoop extends AuthError { static type = "ErrorPageLoop" @@ -213,7 +213,7 @@ export class CredentialsSignin extends SignInError { * One of the configured OAuth or OIDC providers is missing the `authorization`, `token` or `userinfo`, or `issuer` configuration. * To perform OAuth or OIDC sign in, at least one of these endpoints is required. * - * Learn more at [`OAuth2Config`](https://authjs.dev/reference/core/providers#oauth2configprofile) or [Guide: OAuth Provider](https://authjs.dev/guides/providers/custom-provider) + * Learn more at [`OAuth2Config`](https://authjs.dev/reference/core/providers#oauth2configprofile) or [Guide: OAuth Provider](https://authjs.dev/guides/configuring-oauth-providers) */ export class InvalidEndpoints extends AuthError { static type = "InvalidEndpoints" @@ -238,7 +238,7 @@ export class InvalidCheck extends AuthError { * When this error is logged, the session cookie is destroyed. * ::: * - * Learn more at [`secret`](https://authjs.dev/reference/core#secret), [`jwt.encode`](https://authjs.dev/reference/core/jwt#encode) or [`jwt.decode`](https://authjs.dev/reference/core/jwt#decode) for more information. + * Learn more at [`secret`](https://authjs.dev/reference/core#secret), [`jwt.encode`](https://authjs.dev/reference/core/jwt#encode-1) or [`jwt.decode`](https://authjs.dev/reference/core/jwt#decode-2) for more information. */ export class JWTSessionError extends AuthError { static type = "JWTSessionError" @@ -249,7 +249,7 @@ export class JWTSessionError extends AuthError { * or tried using a `strategy: "database"` session without a database adapter. * In both cases, make sure you either remove the configuration or add the missing adapter. * - * Learn more at [Database Adapters](https://authjs.dev/getting-started/adapters), [Email provider](https://authjs.dev/reference/core/providers/email) or [Concept: Database session strategy](https://authjs.dev/concepts/session-strategies#database) + * Learn more at [Database Adapters](https://authjs.dev/getting-started/database), [Email provider](https://authjs.dev/getting-started/authentication/email) or [Concept: Database session strategy](https://authjs.dev/concepts/session-strategies#database-session) */ export class MissingAdapter extends AuthError { static type = "MissingAdapter" @@ -260,7 +260,7 @@ export class MissingAdapter extends AuthError { * * Make sure you either remove the configuration or add the missing methods to the adapter. * - * Learn more at [Database Adapters](https://authjs.dev/reference/core/adapters) + * Learn more at [Database Adapters](https://authjs.dev/getting-started/database) */ export class MissingAdapterMethods extends AuthError { static type = "MissingAdapterMethods" @@ -270,7 +270,7 @@ export class MissingAdapterMethods extends AuthError { * Thrown when a Credentials provider is missing the `authorize` configuration. * To perform credentials sign in, the `authorize` method is required. * - * Learn more at [Credentials provider](https://authjs.dev/reference/core/providers/credentials) + * Learn more at [Credentials provider](https://authjs.dev/getting-started/authentication/credentials) */ export class MissingAuthorize extends AuthError { static type = "MissingAuthorize" @@ -322,7 +322,7 @@ export class OAuthCallbackError extends SignInError { /** * This error occurs during an OAuth sign in attempt when the provider's * response could not be parsed. This could for example happen if the provider's API - * changed, or the [`OAuth2Config.profile`](https://authjs.dev/reference/core/providers/oauth#profile) method is not implemented correctly. + * changed, or the [`OAuth2Config.profile`](https://authjs.dev/reference/core/providers#oauth2configprofile) method is not implemented correctly. */ export class OAuthProfileParseError extends AuthError { static type = "OAuthProfileParseError" @@ -340,7 +340,7 @@ export class SessionTokenError extends AuthError { } /** - * Happens when login by [OAuth](https://authjs.dev/getting-started/providers/oauth-tutorial) could not be started. + * Happens when login by [OAuth](https://authjs.dev/getting-started/authentication/oauth) could not be started. * * Possible causes are: * - The Authorization Server is not compliant with the [OAuth 2.0](https://www.ietf.org/rfc/rfc6749.html) or the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification. @@ -359,7 +359,7 @@ export class OAuthSignInError extends SignInError { } /** - * Happens when the login by an [Email provider](https://authjs.dev/getting-started/providers/email-tutorial) could not be started. + * Happens when the login by an [Email provider](https://authjs.dev/getting-started/authentication/email) could not be started. * * Possible causes are: * - The email sent from the client is invalid, could not be normalized by [`EmailConfig.normalizeIdentifier`](https://authjs.dev/reference/core/providers/email#normalizeidentifier) @@ -398,7 +398,7 @@ export class UnknownAction extends AuthError { /** * Thrown when a Credentials provider is present but the JWT strategy (`strategy: "jwt"`) is not enabled. * - * Learn more at [`strategy`](https://authjs.dev/reference/core#strategy) or [Credentials provider](https://authjs.dev/reference/core/providers/credentials) + * Learn more at [`strategy`](https://authjs.dev/reference/core#strategy) or [Credentials provider](https://authjs.dev/getting-started/authentication/credentials) */ export class UnsupportedStrategy extends AuthError { static type = "UnsupportedStrategy" diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index 58f4d313d4..f8ae68963a 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -8,7 +8,7 @@ * * Based on the {@link https://developer.mozilla.org/en-US/docs/Web/API/Request Request} * and {@link https://developer.mozilla.org/en-US/docs/Web/API/Response Response} Web standard APIs. - * Primarily used to implement [framework](https://authjs.dev/concepts/frameworks)-specific packages, + * Primarily used to implement [framework](https://authjs.dev/getting-started/integrations)-specific packages, * but it can also be used directly. * * ## Installation @@ -30,8 +30,8 @@ * * ## Resources * - * - [Getting started](https://authjs.dev/getting-started/introduction) - * - [Most common use case guides](https://authjs.dev/guides) + * - [Getting started](https://authjs.dev/getting-started) + * - [Guides](https://authjs.dev/guides) * * @module @auth/core */ diff --git a/packages/core/src/jwt.ts b/packages/core/src/jwt.ts index 88a9f498a5..10d23c84c2 100644 --- a/packages/core/src/jwt.ts +++ b/packages/core/src/jwt.ts @@ -2,7 +2,7 @@ * * * This module contains functions and types - * to encode and decode {@link https://authjs.dev/concepts/session-strategies#jwt JWT}s + * to encode and decode {@link https://authjs.dev/concepts/session-strategies#jwt-session JWT}s * issued and used by Auth.js. * * The JWT issued by Auth.js is _encrypted by default_, using the _A256CBC-HS512_ algorithm ({@link https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.5 JWE}). @@ -30,7 +30,7 @@ * * ## Resources * - * - [What is a JWT session strategy](https://authjs.dev/concepts/session-strategies#jwt) + * - [What is a JWT session strategy](https://authjs.dev/concepts/session-strategies#jwt-session) * - [RFC7519 - JSON Web Token (JWT)](https://www.rfc-editor.org/rfc/rfc7519) * * @module jwt @@ -220,9 +220,9 @@ export interface DefaultJWT extends Record { } /** - * Returned by the `jwt` callback and `getToken`, when using JWT sessions + * Returned by the `jwt` callback when using JWT sessions * - * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) | [`getToken`](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken) + * [`jwt` callback](https://authjs.dev/reference/core/types#jwt) */ export interface JWT extends Record, DefaultJWT {} diff --git a/packages/core/src/lib/index.ts b/packages/core/src/lib/index.ts index 186dbe8e39..5966bcac26 100644 --- a/packages/core/src/lib/index.ts +++ b/packages/core/src/lib/index.ts @@ -58,7 +58,7 @@ export async function AuthInternal( request, options, sessionStore, - cookies, + cookies ) default: } @@ -97,7 +97,7 @@ export async function AuthInternal( * This option is intended for framework authors. * ::: * - * Auth.js comes with built-in {@link https://authjs.dev/concepts/security#csrf CSRF} protection, but + * Auth.js comes with built-in CSRF protection, but * if you are implementing a framework that is already protected against CSRF attacks, you can skip this check by * passing this value to {@link AuthConfig.skipCSRFCheck}. */ diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index fd18c4e472..b2d95a4f84 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -87,8 +87,8 @@ export type SemverString = /** * Change the theme of the built-in pages. * - * [Documentation](https://authjs.dev/reference/core#authconfig#theme) | - * [Pages](https://authjs.dev/guides/basics/pages) + * [Documentation](https://authjs.dev/reference/core#theme) | + * [Pages](https://authjs.dev/guides/pages/signin) */ export interface Theme { colorScheme?: "auto" | "dark" | "light" @@ -133,7 +133,7 @@ export interface Account extends Partial { /** * id of the user this account belongs to * - * @see https://authjs.dev/reference/core/adapters#user + * @see https://authjs.dev/reference/core/adapters#adapteruser */ userId?: string /** @@ -143,7 +143,7 @@ export interface Account extends Partial { * * This value can be used for implementing token rotation together with {@link OAuth2TokenEndpointResponse.refresh_token}. * - * @see https://authjs.dev/guides/basics/refresh-token-rotation#database-strategy + * @see https://authjs.dev/guides/refresh-token-rotation#database-strategy * @see https://www.rfc-editor.org/rfc/rfc6749#section-5.1 */ expires_at?: number @@ -235,8 +235,6 @@ export interface CallbacksOptions

{ * By default only URLs on the same host as the origin are allowed. * You can use this callback to customise that behaviour. * - * [Documentation](https://authjs.dev/guides/basics/callbacks#redirect-callback) - * * @example * callbacks: { * async redirect({ url, baseUrl }) { @@ -314,8 +312,7 @@ export interface CallbacksOptions

{ * will be kept from your frontend. The JWT is encrypted by default via your * AUTH_SECRET environment variable. * - * [Documentation](https://next-auth.js.org/configuration/callbacks#jwt-callback) | - * [`session` callback](https://next-auth.js.org/configuration/callbacks#session-callback) + * [`session` callback](https://authjs.dev/reference/core/types#session) */ jwt: (params: { /** @@ -330,8 +327,8 @@ export interface CallbacksOptions

{ * @note available when `trigger` is `"signIn"` or `"signUp"`. * * Resources: - * - [Credentials Provider](https://authjs.dev/reference/core/providers/credentials) - * - [User database model](https://authjs.dev/reference/core/adapters#user) + * - [Credentials Provider](https://authjs.dev/getting-started/authentication/credentials) + * - [User database model](https://authjs.dev/guides/creating-a-database-adapter#user-management) */ user: User | AdapterUser /** @@ -350,7 +347,7 @@ export interface CallbacksOptions

{ * Check why was the jwt callback invoked. Possible reasons are: * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present. * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`) - * - update event: Triggered by the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method. + * - update event: Triggered by the `useSession().update` method. * In case of the latter, `trigger` will be `undefined`. */ trigger?: "signIn" | "signUp" | "update" @@ -358,7 +355,7 @@ export interface CallbacksOptions

{ isNewUser?: boolean /** * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data - * sent from the client via the [`useSession().update`](https://next-auth.js.org/getting-started/client#update-session) method. + * sent from the client via the `useSession().update` method. * * ⚠ Note, you should validate this data before using it. */ @@ -385,8 +382,6 @@ export interface CookiesOptions { /** * The various event callbacks you can register for from next-auth - * - * [Documentation](https://authjs.dev/guides/basics/events) */ export interface EventCallbacks { /** @@ -526,8 +521,8 @@ export interface PublicProvider { * changes the state of the server. * * - **`"callback"`**: - * - **`GET`**: Handles the callback from an [OAuth provider](https://authjs.dev/reference/core/providers/oauth). - * - **`POST`**: Handles the callback from a [Credentials provider](https://authjs.dev/reference/core/providers/credentials). + * - **`GET`**: Handles the callback from an [OAuth provider](https://authjs.dev/reference/core/providers#oauth2configprofile). + * - **`POST`**: Handles the callback from a [Credentials provider](https://authjs.dev/getting-started/providers/credentials#credentialsconfigcredentialsinputs). * - **`"csrf"`**: Returns the raw CSRF token, which is saved in a cookie (encrypted). * It is used for CSRF protection, implementing the [double submit cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) technique. * :::note