Skip to content

fix: Support custom token request methods to enhance OAuth2 process handling #13259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Support custom token request methods to enhance OAuth2 process handling #13259

wants to merge 1 commit into from

Conversation

leonwangcn
Copy link

@leonwangcn leonwangcn commented Sep 29, 2025
edited
Loading

…andling

#13257

☕️ Reasoning

The current OAuth callback handling only supports the standard OAuth2 token exchange flow, but certain OAuth providers (such as enterprise integrations or special authentication flows) require custom token request logic.

Key Changes:

  • 🔧 Add support for provider.token.request custom function
  • 🔄 Maintain full backward compatibility with standard OAuth2 flow
  • ⚠️ Add comprehensive error handling and logging for custom token requests
  • 📝 Refactor code structure to clearly separate token request logic

Use Cases:

  • OAuth providers that need custom token exchange parameters
  • Enterprise integrations with special authentication flows
  • Security-sensitive applications requiring additional validation steps

Implementation Details:

  • The implementation checks for the existence of provider.token.request function
  • If present, it calls the custom function with the necessary parameters
  • If not present, it falls back to the standard OAuth2 authorization code grant flow
  • Proper error handling ensures that failures in custom token requests are logged and handled gracefully

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

Fixes: #13257

📌 Resources

@vercel Vercel
Copy link

vercel bot commented Sep 29, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
auth-docs Ready Ready Preview Comment Sep 29, 2025 3:33am
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
next-auth-docs Ignored Ignored Preview Sep 29, 2025 3:33am

@vercel Vercel
Copy link

vercel bot commented Sep 29, 2025

Someone is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label Sep 29, 2025
@github-actions GitHub Actions
Copy link

Broken Link Checker

1 broken links found. Links organised below by source page, or page where they were found.

1) /getting-started/migrate-to-better-auth

Target Link Link Text
/docs "documentation"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]V5 OAuth Provider token.request configuration not working, defaults to token.url direct request
1 participant
@leonwangcn