feat(next-auth): add legacy flag for v4 compatibility

[ThangHuuVu]

☕️ Reasoning

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

📌 Resources

• Security guidelines
• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	❌ Failed (Inspect)			Apr 5, 2025 8:32am

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
next-auth-docs	⬜️ Ignored (Inspect)	Visit Preview		Apr 5, 2025 8:32am
proxy	⬜️ Ignored (Inspect)	Visit Preview		Apr 5, 2025 8:32am

[Copilot]

Pull Request Overview

This PR introduces a legacy flag to maintain compatibility with v4 behavior alongside the upcoming v5 release. The changes adjust cookie naming, update OAuth callback behavior, and extend configuration types to support the legacy mode.

• Remove duplicate import statements and restructure type declarations.
• Update cookie naming conventions based on legacy mode.
• Amend OAuth handler to conditionally bypass state and PKCE checks when legacy mode is enabled.

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/core/src/types.ts	Reorders type imports and adds an optional legacy flag to internal options
packages/core/src/lib/utils/cookie.ts	Introduces a legacy flag to modify cookie name prefixes accordingly
packages/core/src/lib/init.ts	Passes the legacy configuration to defaultCookies and opts in legacy behavior
packages/core/src/lib/actions/callback/oauth/callback.ts	Updates OAuth callback to adjust state validation and PKCE handling for legacy mode
packages/core/src/index.ts	Adds a legacy flag to AuthConfig to enable legacy mode

Files not reviewed (1)

• docs/pages/getting-started/migrating-to-v5.mdx: Language not supported

Comments suppressed due to low confidence (1)

packages/core/src/lib/actions/callback/oauth/callback.ts:134

• [nitpick] Consider refactoring the nested ternary logic for 'stateCheck' into a clearer if/else structure or extracting it into a helper function to improve readability and maintainability.

const stateCheck = legacy && !provider.checks.includes("state") ? o.skipStateCheck : provider.checks.includes("state") ? state : o.skipStateCheck

[ndom91]

Nice!

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@inkeep/widgets@0.2.289	Transitive: environment, filesystem, network, shell, unsafe	+30	23 MB	sarah-inkeep
npm/@mikro-orm/core@5.9.7	environment, eval, filesystem, unsafe	0	888 kB	b4nan
npm/@mikro-orm/sqlite@5.9.7	filesystem	+1	354 kB	b4nan
npm/@miniflare/d1@2.14.2	filesystem, unsafe Transitive: environment, eval, network, shell	+6	470 kB	wrangler-publisher
npm/@neondatabase/serverless@0.10.4	network	+1	366 kB	pffigueiredo
npm/@next/third-parties@14.2.15	None	0	14.2 kB	vercel-release-bot
npm/@playwright/test@1.40.0	None	0	25.3 kB	dgozman-ms
npm/@preact/preset-vite@2.8.1	Transitive: environment, filesystem, unsafe	+36	8.07 MB	rschristian
npm/@prettier/plugin-pug@3.0.0	environment	0	349 kB	shinigami92
npm/@prisma/client@6.0.0	environment, filesystem, shell	0	8.43 MB	prismabot
npm/@prisma/extension-accelerate@1.1.0	None	0	62.8 kB	prismabot
npm/@radix-ui/react-accordion@1.2.1	None	+14	349 kB	chancestrickland
npm/@radix-ui/react-tabs@1.1.1	None	+14	332 kB	chancestrickland
npm/@simplewebauthn/browser@9.0.1	None	0	42 kB	iamkale
npm/@solidjs/meta@0.28.7	None	0	20.4 kB	ryansolid
npm/@supabase/supabase-js@2.43.1	network	+6	2.23 MB	kiwicopple
npm/@sveltejs/adapter-auto@1.0.0-next.91	environment, filesystem, shell	0	7.03 kB	svelte-admin
npm/@sveltejs/adapter-auto@3.2.5	environment	0	7.41 kB	svelte-admin
npm/@sveltejs/kit@2.6.4	environment, eval	0	737 kB	svelte-admin
npm/@sveltejs/package@2.3.5	None	0	29.1 kB	svelte-admin
npm/@sveltejs/vite-plugin-svelte@3.1.2	None	+2	171 kB	svelte-admin
npm/@types/eslint@8.56.10	None	+2	250 kB	types
npm/@types/jsonwebtoken@8.5.9	None	0	13.8 kB	types
npm/@types/node@20.17.28 ➜ 18.11.10	None	0	3.56 MB	types
npm/@types/node@20.17.28 ➜ 20.12.7	None	0	2.03 MB	types
npm/@types/nodemailer@6.4.6	None	0	88.9 kB	types
npm/@types/pg@8.11.0	None	0	14.2 kB	types
npm/vite@5.3.1	environment, eval, filesystem, network, shell, unsafe	0	3.26 MB	vitebot

🚮 Removed packages: npm/@auth/express@0.9.0, npm/@auth/unstorage-adapter@2.8.0, npm/@radix-ui/react-avatar@1.1.3, npm/@radix-ui/react-dropdown-menu@2.1.6, npm/@radix-ui/react-navigation-menu@1.2.5, npm/@types/pug@2.0.10, npm/@types/react-dom@18.3.5, npm/@types/react@18.3.20, npm/@vercel/kv@1.0.1, npm/autoprefixer@10.4.21, npm/class-variance-authority@0.7.1, npm/clsx@2.1.1, npm/express@4.21.2, npm/lucide-react@0.274.0, npm/morgan@1.10.0, npm/next-auth@5.0.0-beta.25, npm/next@15.2.4, npm/pug@3.0.3, npm/react-dom@18.3.1, npm/react@18.3.1, npm/tailwind-merge@1.14.0, npm/tailwindcss-animate@1.0.7, npm/tailwindcss@3.4.17, npm/tsx@4.19.3, npm/unstorage@1.15.0

View full report↗︎