feat: support advanced initialization in v5 (#9638)

Co-authored-by: Balázs Orbán <[email protected]>

Author: ThangHuuVu

apps/dev/nextjs/auth.ts

@@ -1,8 +1,8 @@
 import NextAuth from "next-auth"
-import Email from "next-auth/providers/email"
+// import Email from "next-auth/providers/email"
 import authConfig from "auth.config"
-import { PrismaClient } from "@prisma/client"
-import { PrismaAdapter } from "@auth/prisma-adapter"
+// import { PrismaClient } from "@prisma/client"
+// import { PrismaAdapter } from "@auth/prisma-adapter"
 
 // globalThis.prisma ??= new PrismaClient()
 
@@ -12,8 +12,26 @@ import { PrismaAdapter } from "@auth/prisma-adapter"
 //   Email({ server: "smtp://127.0.0.1:1025?tls.rejectUnauthorized=false" })
 // )
 
-export const { handlers, auth, signIn, signOut, unstable_update } = NextAuth({
-  // adapter: PrismaAdapter(globalThis.prisma),
-  session: { strategy: "jwt" },
-  ...authConfig,
-})
+export const { handlers, auth, signIn, signOut, unstable_update } = NextAuth(
+  (request) => {
+    if (request?.nextUrl.searchParams.get("test")) {
+      return {
+        // adapter: PrismaAdapter(globalThis.prisma),
+        session: { strategy: "jwt" },
+        ...authConfig,
+        providers: [],
+      }
+    }
+    return {
+      // adapter: PrismaAdapter(globalThis.prisma),
+      session: { strategy: "jwt" },
+      ...authConfig,
+    }
+  }
+)
+
+// export const { handlers, auth, signIn, signOut, unstable_update } = NextAuth({
+//   // adapter: PrismaAdapter(globalThis.prisma),
+//   session: { strategy: "jwt" },
+//   ...authConfig,
+// })

apps/dev/nextjs/middleware.ts

@@ -1,7 +1,12 @@
 import NextAuth from "next-auth"
 import authConfig from "auth.config"
 
-export const middleware = NextAuth(authConfig).auth
+// export const middleware = NextAuth(authConfig).auth
+
+export const middleware = NextAuth((req) => {
+  console.log("middleware", req)
+  return authConfig
+}).auth
 
 export const config = {
   matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],

packages/next-auth/src/index.tsx

@@ -7,11 +7,11 @@
  * npm install next-auth@beta
  * ```
  *
- * ## Environment variable inferrence
+ * ## Environment variable inference
  *
  * `NEXTAUTH_URL` and `NEXTAUTH_SECRET` have been inferred since v4.
  *
- * Since NextAuth.js v5 can also automatically infer environment variables that are prefiexed with `AUTH_`.
+ * Since NextAuth.js v5 can also automatically infer environment variables that are prefixed with `AUTH_`.
  *
  * For example `AUTH_GITHUB_ID` and `AUTH_GITHUB_SECRET` will be used as the `clientId` and `clientSecret` options for the GitHub provider.
  *
@@ -45,6 +45,25 @@
  *
  * If you need to override the default values for a provider, you can still call it as a function `GitHub({...})` as before.
  *
+ * ## Lazy initialization
+ * You can also initialize NextAuth.js lazily (previously known as advanced intialization), which allows you to access the request context in the configuration in some cases, like Route Handlers, Middleware, API Routes or `getServerSideProps`.
+ * The above example becomes:
+ *
+ * ```ts title="auth.ts"
+ * import NextAuth from "next-auth"
+ * import GitHub from "next-auth/providers/github"
+ * export const { handlers, auth } = NextAuth(req => {
+ *  if (req) {
+ *   console.log(req) // do something with the request
+ *  }
+ *  return { providers: [ GitHub ] }
+ * })
+ * ```
+ *
+ * :::tip
+ * This is useful if you want to customize the configuration based on the request, for example, to add a different provider in staging/dev environments.
+ * :::
+ *
  * @module next-auth
  */
 
@@ -323,8 +342,53 @@ export interface NextAuthResult {
  *
  * export const { handlers, auth } = NextAuth({ providers: [GitHub] })
  * ```
+ *
+ * Lazy initialization:
+ * @example
+ * ```ts title="auth.ts"
+ * import NextAuth from "next-auth"
+ * import GitHub from "@auth/core/providers/github"
+ *
+ * export const { handlers, auth } = NextAuth((req) => {
+ *   console.log(req) // do something with the request
+ *   return {
+ *     providers: [GitHub],
+ *   },
+ * })
+ * ```
  */
-export default function NextAuth(config: NextAuthConfig): NextAuthResult {
+export default function NextAuth(
+  config: NextAuthConfig | ((request: Request | undefined) => NextAuthConfig)
+): NextAuthResult {
+  if (typeof config === "function") {
+    const httpHandler = (req: NextRequest) => {
+      const _config = config(req)
+      setEnvDefaults(_config)
+      return Auth(reqWithEnvUrl(req), _config)
+    }
+
+    return {
+      handlers: { GET: httpHandler, POST: httpHandler } as const,
+      // @ts-expect-error
+      auth: initAuth(config, (c) => setEnvDefaults(c)),
+
+      signIn: (provider, options, authorizationParams) => {
+        const _config = config(undefined)
+        setEnvDefaults(_config)
+        return signIn(provider, options, authorizationParams, _config)
+      },
+      signOut: (options) => {
+        const _config = config(undefined)
+        setEnvDefaults(_config)
+        return signOut(options, _config)
+      },
+      unstable_update: (data) => {
+        const _config = config(undefined)
+        setEnvDefaults(_config)
+        return update(data, _config)
+      },
+    }
+  }
   setEnvDefaults(config)
   const httpHandler = (req: NextRequest) => Auth(reqWithEnvUrl(req), config)
   return {

packages/next-auth/src/lib/index.ts

@@ -58,7 +58,6 @@ export interface NextAuthConfig extends Omit<AuthConfig, "raw"> {
   }
 }
 
-/** Server-side method to read the session. */
 async function getSession(headers: Headers, config: NextAuthConfig) {
   const origin = detectOrigin(headers)
   const request = new Request(`${origin}/session`, {
@@ -106,22 +105,81 @@ function isReqWrapper(arg: any): arg is NextAuthMiddleware | AppRouteHandlerFn {
   return typeof arg === "function"
 }
 
-export function initAuth(config: NextAuthConfig) {
+export function initAuth(
+  config:
+    | NextAuthConfig
+    | ((request: NextRequest | undefined) => NextAuthConfig),
+  onLazyLoad?: (config: NextAuthConfig) => void // To set the default env vars
+) {
+  if (typeof config === "function") {
+    return (...args: WithAuthArgs) => {
+      if (!args.length) {
+        // React Server Components
+        const _headers = headers()
+        const _config = config(undefined) // Review: Should we pass headers() here instead?
+        onLazyLoad?.(_config)
+
+        return getSession(_headers, _config).then((r) => r.json())
+      }
+
+      if (args[0] instanceof Request) {
+        // middleware.ts inline
+        // export { auth as default } from "auth"
+        const req = args[0]
+        const ev = args[1]
+        const _config = config(req)
+        onLazyLoad?.(_config)
+
+        // args[0] is supposed to be NextRequest but the instanceof check is failing.
+        return handleAuth([req, ev], _config)
+      }
+
+      if (isReqWrapper(args[0])) {
+        // middleware.ts wrapper/route.ts
+        // import { auth } from "auth"
+        // export default auth((req) => { console.log(req.auth) }})
+        const userMiddlewareOrRoute = args[0]
+        return async (
+          ...args: Parameters<NextAuthMiddleware | AppRouteHandlerFn>
+        ) => {
+          return handleAuth(args, config(args[0]), userMiddlewareOrRoute)
+        }
+      }
+      // API Routes, getServerSideProps
+      const request = "req" in args[0] ? args[0].req : args[0]
+      const response: any = "res" in args[0] ? args[0].res : args[1]
+      // @ts-expect-error -- request is NextRequest
+      const _config = config(request)
+      onLazyLoad?.(_config)
+
+      // @ts-expect-error -- request is NextRequest
+      return getSession(new Headers(request.headers), _config).then(
+        async (authResponse) => {
+          const auth = await authResponse.json()
+
+          for (const cookie of authResponse.headers.getSetCookie())
+            response.headers.append("set-cookie", cookie)
+
+          return auth satisfies Session | null
+        }
+      )
+    }
+  }
   return (...args: WithAuthArgs) => {
     if (!args.length) {
       // React Server Components
       return getSession(headers(), config).then((r) => r.json())
     }
     if (args[0] instanceof Request) {
-      // middleware.ts
+      // middleware.ts inline
       // export { auth as default } from "auth"
       const req = args[0]
       const ev = args[1]
       return handleAuth([req, ev], config)
     }
 
     if (isReqWrapper(args[0])) {
-      // middleware.ts/router.ts
+      // middleware.ts wrapper/route.ts
       // import { auth } from "auth"
       // export default auth((req) => { console.log(req.auth) }})
       const userMiddlewareOrRoute = args[0]