httpOptions missing on OAuth config in experimental version

[patrickpilch]

Description 📓

We have been using the httpOptions parameter in next-auth's 4.x OAuthConfig to set a header we require for our IDP.

I noticed this is missing in @auth/core's OAuth2Config, and unfortunately will be a blocker/headache for us to upgrade.

It seems the 'oauth4webapi' library supports additional headers.

How to reproduce ☕️

N/A

Contributing 🙌🏽

Yes, I am willing to help implement this feature in a PR

[balazsorban44]

Can you add a more concrete example? N/A is not a valid reproduction. 🤷‍♂️ Even if it's a feature request, it would be good to understand the reason.

[patrickpilch]

Usage on 4.x

Keycloak({ 
  // ...
  httpOptions: {
    headers: {
      'some-header-name': 'some-header-value'
    }
  }
}),

Usage on 5.x
Not possible. The config type is missing the httpOptions parameter, or something similar.

As for the reasoning and use-case: there could be all sorts. One concrete example for custom header support would be if the authorization server is behind a security proxy and requires a service token or other authorization header(s). Of course there are other ways of addressing this scenario with varying levels of complexity, but using headers was a very simple & effective way to get going. Let me know if there's anything else I can provide.

[mikekellyio]

This is a blocker for my app and v5 as well. Another use case, setting a custom agent in httpOptions

httpOptions: {
  agent: new https.Agent({
    cert: /* cert */,
    key: /* key */
  })
}

[PaulWild]

This will be a blocker for us as well unfortunately from upgrading - our use case is similar in that we require additional httpHeaders on the requests made to our OAuth provider

[balazsorban44]

oauth4webapi recently added https://github.com/panva/oauth4webapi/blob/main/docs/variables/experimental_customFetch.md which might be useful, we will revisit!

[bujikun]

I am facing this similar issue. I can not extend the timeout during debugging.
I had this in v4, after upgrading to v5, i can no longer do the same.
httpOptions: { timeout:15000 },

Can we please have this back? Or another way of doing this?

[leog]

same as @bujikun, missing the timeoutoption

[finley0066]

same as @bujikun , missing the timeout and agent options
httpOptions: {
timeout: 30000,
agent: proxyAgent
}

[MarcieMarc425]

Update on this? Would love to use next auth v5, but without the config for agent in http options, this is currently blocking

[github-actions]

This issue was marked with the help needed label by a maintainer.

The issue might require some digging, so it is recommended to have some experience with the project.

Have a look at the Contributing Guide first.

This will help you set up your development environment to get started. When you are ready, open a PR, and link back to this issue in the form of adding Fixes #1234 to the PR description, where 1234 is the issue number. This will auto-close the issue when the PR gets merged, making it easier for us to keep track of what has been fixed.

Please make sure that - if applicable - you add tests for the changes you make.

If you have any questions, feel free to ask in the comments below or the PR. Generally, you don't need to @mention anyone directly, as we will get notified anyway and will respond as soon as we can)

Note

There is no need to ask for permission "can I work on this?" Please, go ahead if there is no linked PR 🙂

[PaulWild]

Is this closed by #11975?

[chrisvalentine]

Is this closed by #11975?

Happen to have an example of how you'd use customFetch for this particular issue?