Skip to content

Custom request handler for token missing (and authorization unimplemented) in @auth/core #8304

New issue
New issue
Open
Open
Custom request handler for token missing (and authorization unimplemented) in @auth/core#8304
Labels
triageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
@ThomasMcFarlane

Description

@ThomasMcFarlane
ThomasMcFarlane
opened on Aug 12, 2023

Environment

System:
OS: Linux 6.4 Arch Linux
CPU: (128) x64 AMD Ryzen Threadripper 3990X 64-Core Processor
Memory: 234.29 GB / 251.55 GB
Container: Yes
Shell: 5.9 - /usr/bin/zsh
Binaries:
Node: 18.14.0 - ~/.nvm/versions/node/v18.14.0/bin/node
Yarn: 1.22.19 - ~/.nvm/versions/node/v18.14.0/bin/yarn
npm: 9.6.7 - ~/.nvm/versions/node/v18.14.0/bin/npm
pnpm: 8.6.12 - ~/.nvm/versions/node/v18.14.0/bin/pnpm

Reproduction URL

https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts

Describe the issue

Not entirely sure where to classify this as it is a question, feature request, and bug with the migration from next-auth to @auth/core

While attempting to implement a new provider that requires a customised process (for Plex, see: https://github.com/ThomasMcFarlane/next-auth/pull/1) I noticed that the provider.token.request config option was still typed but not actually used within @auth/core.
The function in question is present in next-auth here: https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/core/lib/oauth/callback.ts#L90
And documented here: https://next-auth.js.org/configuration/providers/oauth#token-option

But is not present in the new package: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts

The config option for provider.userinfo.request has, however, been implemented: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/oauth/callback.ts#L155

Additionally, there are loose types allowing the override of the provider.authorization.request config option, but there is no implemented code to support this, nor is it documented.

To summarise:

  1. Has the provider.token.request config option been intentionally omitted?
  2. Is there a concern against implementing the functionality to manually override the provider.authorization.request config option? (I am unaware of any other configuration options that would meet the need I had of a preliminary HTTP request that then appends a parameter on to the authorization request)

I am happy to contribute towards both of these items and have a dirty effort branch PR that I built to support the use case I had: https://github.com/ThomasMcFarlane/next-auth/pull/1

Please also let me know if this needs to further be split into separate issues for the authorization and token items.

How to reproduce

  1. Create a new OAuth Provider
  2. Implement a custom token.request handler
  3. Handler is completely ignored

Expected behavior

  1. Create a new OAuth Provider
  2. Implement a custom token.request handler
  3. Handler is used to perform the neccessary token request

Metadata

Metadata

Assignees

No one assigned

    Labels

    triageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions