Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: replace node-oauth with openid-client #1698

Merged
merged 39 commits into from
Jul 20, 2021
Merged

refactor: replace node-oauth with openid-client #1698

merged 39 commits into from
Jul 20, 2021

Conversation

balazsorban44
Copy link
Member

@balazsorban44 balazsorban44 commented Apr 12, 2021
edited
Loading

Continuation of #1105

We rely on a package that hasn't been updated in a very long time. We kind of depend on it even after this, as our new dependency doesn't support OAuth 1.0 anymore, but we will treat it as a legacy solution and will only provide minimal maintenance to it. There are a few bigger providers still using the old spec like Twitter, but new providers will hopefully rather rely on newer specs.

Our new choice openid-client is maintained properly by awesome people, and will help us with PKCE, state and other things that until now we had to do manually.

Checklist:

Related issues:
Closes #1048, closes #1305

@vercel
Copy link

vercel bot commented Apr 12, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nextauthjs/next-auth/GisAQuwZvX71DZj5zDfs8ui3U9HJ
✅ Preview: https://next-auth-git-feat-openid-client-nextauthjs.vercel.app

@github-actions github-actions bot added adapters Changes related to the core code concerning database adapters core Refers to `@auth/core` databases docs Relates to documentation pages providers labels Apr 12, 2021
This was referenced Apr 12, 2021
Closed
Closed
This was referenced Apr 19, 2021
Merged
Closed
@balazsorban44 balazsorban44 marked this pull request as ready for review April 24, 2021 21:39
@balazsorban44
Merge branch 'next'
7cd89ba 
Conflicts:
	app/pages/api/auth/[...nextauth].js
	package-lock.json
	package.json
	pages/api/auth/[...nextauth].js
	src/providers/bungie.js
	src/providers/google.js
	src/providers/mailru.js
	src/providers/vk.js
	src/providers/yandex.js
	src/server/index.d.ts
	src/server/lib/oauth/callback.js
	src/server/lib/oauth/client.js
	src/server/lib/signin/oauth.js
	www/docs/configuration/pages.md
@vercel vercel bot temporarily deployed to Preview April 24, 2021 21:59 Inactive
@github-actions github-actions bot removed databases pages providers adapters Changes related to the core code concerning database adapters labels Apr 24, 2021
@vercel vercel bot temporarily deployed to Preview July 17, 2021 18:40 Inactive
@vercel vercel bot temporarily deployed to Preview July 17, 2021 18:43 Inactive
@vercel vercel bot temporarily deployed to Preview July 17, 2021 20:38 Inactive
@vercel vercel bot temporarily deployed to Preview July 19, 2021 17:51 Inactive
@vercel vercel bot temporarily deployed to Preview July 19, 2021 18:16 Inactive
@vercel vercel bot temporarily deployed to Preview July 19, 2021 18:16 Inactive
@vercel vercel bot temporarily deployed to Preview July 19, 2021 18:25 Inactive
ndom91
ndom91 approved these changes Jul 20, 2021
View reviewed changes
Copy link
Member

@ndom91 ndom91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@balazsorban44 balazsorban44 merged commit f06e4d2 into next Jul 20, 2021
@balazsorban44 balazsorban44 deleted the feat/openid-client branch July 20, 2021 12:52
@ndom91 ndom91 mentioned this pull request May 2, 2022
Closed
@sato11 sato11 mentioned this pull request Jul 26, 2022
Closed
3 tasks
mnphpexpert added a commit to mnphpexpert/next-auth that referenced this pull request Sep 2, 2024
@mnphpexpert
refactor: replace node-oauth with openid-client (nextauthjs#1698)
fc8d81c 
* chore(deps): add openid-client

* chore: merge in next

* refactor(provider): remove redundant requestUrl param

* feat(provider): make profile callback optional

* refactor: use openid-client for OAuth2/OIDC

* refactor: use openidClient in oauth signin handler

* refactor: use openidClient in oauth callback handler

* docs(warn): add async issuer/old config warnings

* chore(deps): remove jsonwebtoken

* chore: add issuer property for testing locally

* chore(dev): import providers one-by-one

* fix(oauth): handle when no user in body/query

* chore(deps): remove pkce-challenge

* chore(dev): change Auth0 protection

* refactor(oauth): simplify pkce/state

* refactor: split OAuth1 client, reduce openid client

will improve API in another PR

* chore: change comment, dev app

* chore: mention OIDC client config discovery

* fix: add new operator when creating OIDC client

* refactor: delete req.query.nextauth after use

* docs(ts): use `TokenSet` from `openid-client`

* chore: simplify/type signin route

* refactor: rename to client-legacy to indicate intnet of maintenance

* chore(deps): try setting `oauth` as optional peer dep

* chore(deps): add `oauth` back as regular dependency

* chore(deps): add @types/oauth as dev dependency

* chore: remove params kept for backwards compatibility

* chore: don't make breaking changes in this PR

* chore(core): use correct TS declarations

* refactor: move files/add more accurate types internally

* chore: remove TODO comment

* chore: catch all errors in authorization URL generation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndom91 ndom91 ndom91 approved these changes

@ubbe-xyz ubbe-xyz Awaiting requested review from ubbe-xyz

Assignees
No one assigned
Labels
core Refers to `@auth/core` TypeScript Issues relating to TypeScript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@balazsorban44 @codecov-commenter @ndom91