Interface: CallbacksOptions<P, A>
types.CallbacksOptions
Type parametersβ
Name | Type |
---|---|
P | Profile |
A | Account |
Propertiesβ
jwtβ
β’ jwt: (params
: { token
: JWT
; account?
: null
| A
; isNewUser?
: boolean
; profile?
: P
; user?
: User
| AdapterUser
}) => Awaitable
<null
| JWT
>
Type declarationβ
βΈ (params
): Awaitable
<null
| JWT
>
This callback is called whenever a JSON Web Token is created (i.e. at sign in)
or updated (i.e whenever a session is accessed in the client).
Its content is forwarded to the session
callback,
where you can control what should be returned to the client.
Anything else will be kept inaccessible from the client.
Returning null
will invalidate the JWT session by clearing
the user's cookies. You'll still have to monitor and invalidate
unexpired tokens from future requests yourself to prevent
unauthoried access.
By default the JWT is encrypted.
Documentation |
session
callback
Parametersβ
Name | Type |
---|---|
params | Object |
params.token | JWT |
params.account? | null | A |
params.isNewUser? | boolean |
params.profile? | P |
params.user? | User | AdapterUser |
Returnsβ
Awaitable
<null
| JWT
>
redirectβ
β’ redirect: (params
: { baseUrl
: string
; url
: string
}) => Awaitable
<string
>
Type declarationβ
βΈ (params
): Awaitable
<string
>
This callback is called anytime the user is redirected to a callback URL (e.g. on signin or signout). By default only URLs on the same URL as the site are allowed, you can use this callback to customise that behaviour.
Parametersβ
Name | Type | Description |
---|---|---|
params | Object | - |
params.baseUrl | string | Default base URL of site (can be used as fallback) |
params.url | string | URL provided as callback URL by the client |
Returnsβ
Awaitable
<string
>
sessionβ
β’ session: (params
: { session
: Session
; token
: JWT
; user
: User
| AdapterUser
}) => Awaitable
<Session
>
Type declarationβ
βΈ (params
): Awaitable
<Session
>
This callback is called whenever a session is checked.
(Eg.: invoking the /api/session
endpoint, using useSession
or getSession
)
β By default, only a subset (email, name, image) of the token is returned for increased security.
If you want to make something available you added to the token through the jwt
callback,
you have to explicitly forward it here to make it available to the client.
Documentation |
jwt
callback |
useSession
|
getSession
|
Parametersβ
Name | Type |
---|---|
params | Object |
params.session | Session |
params.token | JWT |
params.user | User | AdapterUser |
Returnsβ
Awaitable
<Session
>
signInβ
β’ signIn: (params
: { account
: null
| A
; user
: User
| AdapterUser
; credentials?
: Record
<string
, CredentialInput
> ; email?
: { verificationRequest?
: boolean
} ; profile?
: P
}) => Awaitable
<boolean
>
Type declarationβ
βΈ (params
): Awaitable
<boolean
>
Control whether a user is allowed to sign in or not.
Returning true
continues the sign-in flow, while
returning false
redirects to the PagesOptions.error error page.
The error
parameter is set to AccessDenied
.
Unhandled errors are redirected to the error page
The error
parameter is set to Configuration
.
an AuthorizedCallbackError
is logged on the server.
See
https://authjs.dev/reference/errors#authorizedcallbackerror
Todo
rename to authorized
Parametersβ
Name | Type | Description |
---|---|---|
params | Object | - |
params.account | null | A | - |
params.user | User | AdapterUser | - |
params.credentials? | Record <string , CredentialInput > | If Credentials provider is used, it contains the user credentials |
params.email? | Object | If Email provider is used, on the first call, it contains a verificationRequest: true property to indicate it is being triggered in the verification request flow. When the callback is invoked after a user has clicked on a sign in link, this property will not be present. You can check for the verificationRequest property to avoid sending emails to addresses or domains on a blocklist or to only explicitly generate them for email address in an allow list. |
params.email.verificationRequest? | boolean | - |
params.profile? | P | If OAuth provider is used, it contains the full OAuth profile returned by your provider. |
Returnsβ
Awaitable
<boolean
>