RFC: AuthRequest
and AuthResponse
#6246
Replies: 3 comments 7 replies
-
@sergiodxa could you expand? 🙏 |
Beta Was this translation helpful? Give feedback.
-
@balazsorban44 I believe that whether we switch to |
Beta Was this translation helpful? Give feedback.
-
@sergiodxa Circulating back at this, I decided to implement something similar to what you have been asking for, as this has come up elsewhere out of necessity. You can see: 7ff4d9d This will return a response-like object instead. Now you can add // Some framework code
import { Auth, raw } from "@auth/core"
const rawResponse = await Auth(new Request("https://example.com"), { raw }) This is similar to #6379 It uses a Will have to fix types later. This is available in @auth/[email protected] |
Beta Was this translation helpful? Give feedback.
-
UPDATE: The implementation of this RFC can be found here: #6254, it will be updated accordingly, if feedback is received.
Background
Auth.js builds on
Request
1 andResponse
2 as its input and output respectively. This is crucial to achieving its goal to be runtime and framework agnostic.Each incoming request is associated with one of the following actions:
next-auth/packages/core/src/types.ts
Lines 420 to 428 in e6a320b
Based on the incoming request action (encoded in Request#input as part of a
URL
3) and aRequestInit#method
(currently eitherGET
orPOST
4), Auth.js always returns a particular response.For example, a request to
https://example.com/api/auth/session
will always return a JSON response, with the decoded session data, orhttps://example.com/api/auth/providers
returns an array of the configured providers with minimal client-safe information.Frameworks will usually catch all relevant actions and hand over the requests to Auth.js. However, in some situations, you might already know about the specific action you want to perform.
Such an example is the
unstable_getServerSession
method5, which can be used to extract the session info from the passed request.Goals
This proposal builds on the same idea as
unstable_getServerSession
but brings a bit more flexibility and a more streamlined API to better support any of the actions where it makes sense.Initially, we would support the following actions:
SessionRequest
->SessionResponse
ProvidersRequest
->ProviderResponse
Other candidates:
Eventually, we could support any action+method combination, as long as it makes sense and there is interest, please leave a comment and upvote the ones you would like to see, and if you have a proposed API for it.
Proposal
We are drawing inspiration from
NextRequest
6 andNextResponse
7. The idea is to extend the standardRequest
but make it easier to configure Auth.js and indicate, we are expecting a certain type of response.Here is an example of session retrieval:
Framework packages like
@auth/sveltekit
,@auth/solid-start
etc. could abstract these into eg.getSession
for convenience (similar tounstable_getServerSession
), if there is interest, but the initial proposal is only for@auth/core
.Footnotes
Request - Web API ↩
Response - Web API ↩
URL - Web API ↩
https://github.com/nextauthjs/next-auth/blob/e6a320bb0f883dd513904d66d5c4e1ecf09f5b18/packages/core/src/lib/web.ts#L43-L45 ↩
unstable_getServerSession
in NextAuth.js ↩NextRequest
↩NextResponse
↩Beta Was this translation helpful? Give feedback.
All reactions