next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard
verified publisher icon nextauthjs

Custom `request` handler for `token` missing (and `authorization` unimplemented) in `@auth/core`

Open ThomasMcFarlane opened this issue 2 years ago • 3 comments

Environment

System: OS: Linux 6.4 Arch Linux CPU: (128) x64 AMD Ryzen Threadripper 3990X 64-Core Processor Memory: 234.29 GB / 251.55 GB Container: Yes Shell: 5.9 - /usr/bin/zsh Binaries: Node: 18.14.0 - ~/.nvm/versions/node/v18.14.0/bin/node Yarn: 1.22.19 - ~/.nvm/versions/node/v18.14.0/bin/yarn npm: 9.6.7 - ~/.nvm/versions/node/v18.14.0/bin/npm pnpm: 8.6.12 - ~/.nvm/versions/node/v18.14.0/bin/pnpm

Reproduction URL

https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts

Describe the issue

Not entirely sure where to classify this as it is a question, feature request, and bug with the migration from next-auth to @auth/core

While attempting to implement a new provider that requires a customised process (for Plex, see: https://github.com/ThomasMcFarlane/next-auth/pull/1) I noticed that the provider.token.request config option was still typed but not actually used within @auth/core. The function in question is present in next-auth here: https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/callback.ts#L90 And documented here: https://next-auth.js.org/configuration/providers/oauth#token-option

But is not present in the new package: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts

The config option for provider.userinfo.request has, however, been implemented: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts#L155

Additionally, there are loose types allowing the override of the provider.authorization.request config option, but there is no implemented code to support this, nor is it documented.

To summarise:

  1. Has the provider.token.request config option been intentionally omitted?
  2. Is there a concern against implementing the functionality to manually override the provider.authorization.request config option? (I am unaware of any other configuration options that would meet the need I had of a preliminary HTTP request that then appends a parameter on to the authorization request)

I am happy to contribute towards both of these items and have a dirty effort branch PR that I built to support the use case I had: https://github.com/ThomasMcFarlane/next-auth/pull/1

Please also let me know if this needs to further be split into separate issues for the authorization and token items.

How to reproduce

  1. Create a new OAuth Provider
  2. Implement a custom token.request handler
  3. Handler is completely ignored

Expected behavior

  1. Create a new OAuth Provider
  2. Implement a custom token.request handler
  3. Handler is used to perform the neccessary token request

ThomasMcFarlane avatar Aug 12 '23 09:08 ThomasMcFarlane

I am experiencing the same. Any news on this Thomas? :)

indigo-travel avatar Sep 08 '23 16:09 indigo-travel

No response yet. My linked PR should handle the general usage if needed - I'm just using it with a patch file.

ThomasMcFarlane avatar Sep 10 '23 00:09 ThomasMcFarlane

Any update on this one? Would be great to know whether the current typing of token was just an oversight and it should not support custom requests, or if it was planned and just not implemented yet cc @balazsorban44

ramarivera avatar Feb 12 '24 15:02 ramarivera