import { SessionStrategy } from 'next-auth' import GithubProvider from 'next-auth/providers/github' import GoogleProvider from 'next-auth/providers/google' import CredentialsProvider from 'next-auth/providers/credentials' export const authOptions = { // Configure one or more authentication providers providers: [ GithubProvider({ clientId: process.env.GITHUB_ID as string, clientSecret: process.env.GITHUB_SECRET as string, }), GoogleProvider({ clientId: process.env.GOOGLE_CLIENT_ID as string, clientSecret: process.env.GOOGLE_CLIENT_SECRET as string, // see warning on https://next-auth.js.org/providers/google authorization: { params: { prompt: 'consent', access_type: 'offline', response_type: 'code', }, }, }), CredentialsProvider({ // TODO it's not encouraged to use credentials for production, for nxtstart this is used for cypress testing to avoid needing a legitimate google or github account in the template to test login // For details on how to test Oauth login applications see https://next-auth.js.org/tutorials/testing-with-cypress // The name to display on the sign in form (e.g. "Sign in with...") name: 'Test Credentials', // `credentials` is used to generate a form on the sign in page. // You can specify which fields should be submitted, by adding keys to the `credentials` object. // e.g. domain, username, password, 2FA token, etc. // You can pass any HTML attribute to the tag through the object. credentials: { username: { label: 'Username', type: 'text', placeholder: 'Username' }, password: { label: 'Password', type: 'password', placeholder: 'Password' }, }, async authorize(credentials, req) { // Add logic here to look up the user from the credentials supplied // As this is for testing and should be replaced in your application this is disabled in production by default if (process.env.NODE_ENV !== 'development') { return null } // always returns this user, no matter what you enter const user = { id: '1', name: 'John Doe', email: 'jdoe@example.com' } if (user) { // Any object returned will be saved in `user` property of the JWT return user } else { // If you return null then an error will be displayed advising the user to check their details. return null // You can also Reject this callback with an Error thus the user will be sent to the error page with the error message as a query parameter } }, }), // ...add more providers here ], // Database optional. MySQL, Maria DB, Postgres and MongoDB are supported. // https://next-auth.js.org/configuration/databases // // Notes: // * You must install an appropriate node_module for your database // * The Email provider requires a database (OAuth providers do not) // database: process.env.DATABASE_URL, // The secret should be set to a reasonably long random string. // It is used to sign cookies and to sign and encrypt JSON Web Tokens, unless // a separate secret is defined explicitly for encrypting the JWT. secret: process.env.SECRET, session: { // Use JSON Web Tokens for session instead of database sessions. // This option can be used with or without a database for users/accounts. // Note: `strategy` should be set to 'jwt' if no database is used. strategy: 'jwt' as SessionStrategy, // Seconds - How long until an idle session expires and is no longer valid. // maxAge: 30 * 24 * 60 * 60, // 30 days // Seconds - Throttle how frequently to write to database to extend a session. // Use it to limit write operations. Set to 0 to always update the database. // Note: This option is ignored if using JSON Web Tokens // updateAge: 24 * 60 * 60, // 24 hours }, jwt: { // A secret to use for key generation (you should set this explicitly) secret: process.env.SECRET, // Set to true to use encryption (default: false) // encryption: true, // You can define your own encode/decode functions for signing and encryption // if you want to override the default behaviour. // encode: async ({ secret, token, maxAge }) => {}, // decode: async ({ secret, token, maxAge }) => {}, }, }