Merge branch 'main' into email-docs-fix

README.md

@@ -166,15 +166,22 @@ We have an [OpenCollective](https://opencollective.com/nextauth) for companies a
         <div>Encore</div>
         <sub>💵</sub>
       </td>
+      <td align="center" valign="top">
+        <a href="https://sent.dm/?ref=auth.js" target="_blank">
+          <img width="108" src="https://avatars.githubusercontent.com/u/153308555?v=4" alt="Sent.dm Logo" />
+        </a><br />
+        <div>Sent.dm</div>
+        <sub>💵</sub>
+      </td>
+    </tr>
+    <tr>
       <td align="center" valign="top">
         <a href="https://arcjet.com/?ref=auth.js" target="_blank">
           <img width="108" src="https://avatars.githubusercontent.com/u/24397786?s=200&v=4" alt="Arcjet Logo" />
         </a><br />
         <div>Arcjet</div>
         <sub>💵</sub>
       </td>
-    </tr>
-    <tr>
       <td align="center" valign="top">
         <a href="https://route4me.com/?ref=auth.js" target="_blank">
           <img width="108" src="https://avatars.githubusercontent.com/u/7936820?v=4" alt="Route4Me Logo" />

docs/pages/getting-started/authentication/credentials.mdx

@@ -7,7 +7,29 @@ import { Code } from "@/components/Code"
 
 # Credentials
 
-To setup Auth.js with external authentication mechanisms or simply use username and password, we need to use the `Credentials` provider. This provider is designed to forward any credentials inserted into the login form (i.e. username/password) to your authentication service via the `authorize` callback on the provider configuration.
+To setup Auth.js with any external authentication mechanisms or use a traditional username/email and password flow, we can use the `Credentials` provider. This provider is designed to forward any credentials inserted into the login form (i.e. username/password, but not limited to) to your authentication service.
+
+<Callout type="warning">
+  The industry has come a long way since usernames and passwords
+  as the go-to mechanism for authenticating and authorizing users to
+  web applications. Therefore, if possible, we recommend a more modern and
+  secure authentication mechanism such as any of the [OAuth
+  providers](/getting-started/authentication/oauth), [Email Magic
+  Links](/getting-started/authentication/email), or [WebAuthn
+  (Passkeys)](/getting-started/authentication/webauthn) options instead.
+
+However, we also want to be flexible and support anything
+you deem appropriate for your application and use case,
+so there are no plans to remove this provider.
+
+</Callout>
+
+<Callout>
+  By default, the Credentials provider does not persist data in the database.
+  However, you can still create and save any data in your database, you just
+  have to provide the necessary logic, eg. to encrypt passwords, add
+  rate-limiting, add password reset functionality, etc.
+</Callout>
 
 <Steps>
 
@@ -44,8 +66,8 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
 
         if (!user) {
           // No user found, so this is their first attempt to login
-          // meaning this is also the place you could do registration
-          throw new Error("User not found.")
+          // Optionally, this is also the place you could do a user registration
+          throw new Error("Invalid credentials.")
         }
 
         // return user object with their profile data
@@ -110,7 +132,9 @@ export const { signIn, signOut, handle } = SvelteKitAuth({
         user = await getUserFromDb(credentials.email, pwHash)
 
         if (!user) {
-          throw new Error("User not found.")
+          // No user found, so this is their first attempt to login
+          // Optionally, this is also the place you could do a user registration
+          throw new Error("Invalid credentials.")
         }
 
         // return JSON object with the user data
@@ -161,8 +185,8 @@ app.use(
 
           if (!user) {
             // No user found, so this is their first attempt to login
-            // meaning this is also the place you could do registration
-            throw new Error("User not found.")
+            // Optionally, this is also the place you could do a user registration
+            throw new Error("Invalid credentials.")
           }
 
           // return user object with the their profile data
@@ -305,15 +329,15 @@ export default component$(() => {
 
 </Steps>
 
-## Verifying Data with Zod
+## Validating credentials
 
-To improve the security of your `Credentials` provider use, we can leverage a run-time schema validation library like [Zod](https://zod.dev) to validate that the inputs match what we expect.
+Always validate the credentials server-side, i.e. by leveraging a schema validation library like [Zod](https://zod.dev).
 
 ```bash npm2yarn
 npm install zod
 ```
 
-Next, we'll setup the schema and parsing in our `auth.ts` configuration file, using the `authorize` callback on the `Credentials` provider.
+Next, we'll set up the schema and parsing in our `auth.ts` configuration file, using the `authorize` callback on the `Credentials` provider.
 
 <Code>
 <Code.Next>
@@ -363,7 +387,7 @@ export const { handlers, auth } = NextAuth({
           user = await getUserFromDb(email, pwHash)
 
           if (!user) {
-            throw new Error("User not found.")
+            throw new Error("Invalid credentials.")
           }
 
           // return JSON object with the user data
@@ -470,7 +494,7 @@ export const { handle } = SvelteKitAuth({
           user = await getUserFromDb(email, pwHash)
 
           if (!user) {
-            throw new Error("User not found.")
+            throw new Error("Invalid credentials.")
           }
 
           // return JSON object with the user data
@@ -489,24 +513,3 @@ export const { handle } = SvelteKitAuth({
 
 </Code.Svelte>
 </Code>
-
-<Callout type="warning">
-  The industry has come a long way since usernames and passwords were first
-  introduced as the go-to mechanism for authenticating and authorizing users to
-  web applications. Therefore, if possible, we recommend a more modern and
-  secure authentication mechanism such as any of the [OAuth
-  providers](/getting-started/authentication/oauth), [Email Magic
-  Links](/getting-started/authentication/email), or [WebAuthn
-  (Passkeys)](/getting-started/authentication/webauthn) options instead of
-  username / password.
-
-However, we also want to be flexible and support anything
-you deem appropriate for your application and use-case.
-
-</Callout>
-
-<Callout>
-  The Credentials provider only supports the JWT session strategy. You can still
-  create and save a database session and reference it from the JWT via an id,
-  but you'll need to provide that logic yourself.
-</Callout>

docs/pages/getting-started/session-management/get-session.mdx

@@ -14,7 +14,7 @@ import { auth } from "../auth"
 export default async function UserAvatar() {
   const session = await auth()
 
-  if (!session.user) return null
+  if (!session?.user) return null
 
   return (
     <div>

docs/pages/guides/edge-compatibility.mdx

@@ -108,7 +108,7 @@ export default async function Page() {
 
   return (
     <div className="container">
-      <pre>{session}</pre>
+      <pre>{JSON.stringify(session, null, 2)}</pre>
     </div>
   )
 }

docs/pages/sponsors.mdx

@@ -145,6 +145,11 @@ It would not be possible without the generous support of our sponsors.
       "https://avatars.githubusercontent.com/u/77690634?v=4",
       "Neon",
     ],
+    [
+      "https://sent.dm",
+      "https://avatars.githubusercontent.com/u/153308555?v=4",
+      "Sent.dm",
+    ],
   ].map(([href, src, name]) => (
     <a
       key={name}

packages/adapter-azure-tables/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/azure-tables-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Azure Tables Storage adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-d1/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/d1-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "A Cloudflare D1 adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-dgraph/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/dgraph-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Dgraph adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-drizzle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/drizzle-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Drizzle adapter for Auth.js.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-dynamodb/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@auth/dynamodb-adapter",
   "repository": "https://github.com/nextauthjs/next-auth",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "AWS DynamoDB adapter for next-auth.",
   "keywords": [
     "next-auth",

packages/adapter-edgedb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/edgedb-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "EdgeDB adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-fauna/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/fauna-adapter",
-  "version": "3.7.2",
+  "version": "3.7.3",
   "description": "Fauna Adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-firebase/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/firebase-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Firebase adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-hasura/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/hasura-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Hasura adapter for Auth.js.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-kysely/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/kysely-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Kysely adapter for Auth.js",
   "homepage": "https://authjs.dev/reference/adapter/kysely",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-mikro-orm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/mikro-orm-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "MikroORM adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-mongodb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/mongodb-adapter",
-  "version": "3.7.2",
+  "version": "3.7.3",
   "description": "MongoDB adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-neo4j/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/neo4j-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "neo4j adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-pg/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/pg-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Postgres adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-pouchdb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/pouchdb-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "PouchDB adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-prisma/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/prisma-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Prisma adapter for Auth.js",
   "homepage": "https://authjs.dev/reference/adapter/prisma",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-sequelize/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/sequelize-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Sequelize adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-supabase/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/supabase-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Supabase adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-surrealdb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/surrealdb-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "SurrealDB adapter for next-auth.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-typeorm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/typeorm-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "TypeORM adapter for Auth.js.",
   "homepage": "https://authjs.dev/reference/adapter/typeorm",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-unstorage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/unstorage-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Unstorage adapter for Auth.js.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-upstash-redis/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/upstash-redis-adapter",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "description": "Upstash adapter for Auth.js.",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/adapter-xata/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/xata-adapter",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Xata adapter for Auth.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth",

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@auth/core",
-  "version": "0.37.2",
+  "version": "0.37.3",
   "description": "Authentication for the Web.",
   "keywords": [
     "authentication",