Added signinInfo when signing in

[AlexErrant]

☕️ Reasoning

Since this PR seems abandoned, I took the initiative of moving it to packages/core as suggested by Thang.

I made some changes to the naming and semantics. Instead of being specific to new users, the name signinInfo refers to info passed in during the signin process. After all, without an adapter, isn't every user "new"?

🧢 Checklist

• Documentation
• Tests (Not sure how to test, tbh...)
• Ready to be merged

🎫 Affected issues

Supersedes #4747
Fixes #1069

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 13, 2023 1:23am

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
next-auth-docs	⬜️ Ignored (Inspect)			Apr 13, 2023 1:23am

[vercel]

@AlexErrant is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

[AlexErrant]

I'm not confident about the flow of signinInfo from query param => cookie; open to suggestions!

[AlexErrant]

I add it as an optional param so it may be extended in the future with other data. Also shouldn't break exiting adapters.

[AlexErrant]

Absolutely no idea if this is the right place to put it... but it works!

[AlexErrant]

Is it SigninInfo or SignInInfo 🤔🤔 Choosing the former arbitrarily because less stuttering.

[ThangHuuVu]

Hi @AlexErrant thanks for sending the PR! After discussed with @balazsorban44 we agreed that we don't want to have this built in at the moment - We will revisit this PR once we see enough interests for it 🫶 Thanks again for your understanding

I suppose the workaround would be intercepting the request using Advanced Initialization and handle the extra query params in the application code.

[AlexErrant]

@ThangHuuVu I don't tag you lightly, but may I encourage you to reconsider this? The issue this fixes has +9, which would put it in the top three most "reactions" issues... if it weren't closed by StaleBot. If this doesn't qualify as enough interest, I would inquire as to what would qualify as enough interest. Note too that the people who upvote that issue are probably people who aren't using the NextAuth because it doesn't meet their business requirements; it would naturally have low engagement because people don't often look for a new auth library.

As to your workaround of intercepting the request, that's impossible because in the Authorization Code flow, the code must be only used once.

The client MUST NOT use the authorization code more than once.

Here's the series of interceptable requests as seen by the constructor when I try what's in Advanced Initialization:

GET https://localhost:3014/
GET https://localhost:3014/api/auth/csrf
POST https://localhost:3014/api/auth/signin/github
GET https://localhost:3014/api/auth/callback/github?code=afa303a221a04d6d3a9f
GET https://localhost:3014/

That final GET is the final redirect to the homepage, and the penultimate GET is the code request which application code cannot use without violating the OAuth spec. Devs cannot use the code to get the profile to add the user to the database.

I don't mean to be argumentative. Please let me know if I'm missing something in my attempted workaround. I understand that you're trying to reduce the maintenance burden, but far as I can tell this feature is impossible to implement in application code, at least via what's suggested in Advanced Initialization.

[ThangHuuVu]

hello, @AlexErrant thanks for the detailed comment, I apologize for giving you the incorrect workaround. If I understand correctly, this feature is only helpful for the Email login flow. For the OAuth flow, you can add authorizationParams as the third parameter in the signIn method:

signIn('github', undefined, { foo: 'bar'})

and you will receive it in the 4th request

GET https://localhost:3014/api/auth/callback/github?code=123&foo=bar

Right now we are focusing on shipping v5 and will re-visit the PR once we reach a more stable after the release. I apologize again for the inconvenience. 🫶