feat: next-auth/expo

.gitignore

@@ -41,6 +41,7 @@ packages/next-auth/index.js
 packages/next-auth/next
 packages/next-auth/middleware.d.ts
 packages/next-auth/middleware.js
+packages/next-auth/expo
 
 # Development app
 apps/dev/src/css

packages/next-auth/package.json

@@ -32,14 +32,15 @@
     "./react": "./react/index.js",
     "./core": "./core/index.js",
     "./next": "./next/index.js",
+    "./expo": "./expo/index.js",
     "./middleware": "./middleware.js",
     "./client/_utils": "./client/_utils.js",
     "./providers/*": "./providers/*.js"
   },
   "scripts": {
     "build": "pnpm clean && pnpm build:js && pnpm build:css",
     "build:js": "pnpm clean && pnpm generate-providers && pnpm tsc --project tsconfig.json && babel --config-file ./config/babel.config.js src --out-dir . --extensions \".tsx,.ts,.js,.jsx\"",
-    "clean": "rm -rf coverage client css utils providers core jwt react next index.d.ts index.js adapters.d.ts middleware.d.ts middleware.js",
+    "clean": "rm -rf coverage client css utils providers core jwt react next expo index.d.ts index.js adapters.d.ts middleware.d.ts middleware.js",
     "build:css": "postcss --config config/postcss.config.js src/**/*.css --base src --dir . && node config/wrap-css.js",
     "dev": "pnpm clean && pnpm generate-providers && concurrently \"pnpm watch:css\" \"pnpm watch:ts\"",
     "watch:ts": "pnpm tsc --project tsconfig.dev.json",
@@ -55,6 +56,7 @@
     "jwt",
     "react",
     "next",
+    "expo",
     "client",
     "providers",
     "core",
@@ -75,13 +77,16 @@
     "openid-client": "^5.1.0",
     "preact": "^10.6.3",
     "preact-render-to-string": "^5.1.19",
-    "uuid": "^8.3.2"
+    "uuid": "^8.3.2",
+    "react-native-url-polyfill": "^1.3.0"
   },
   "peerDependencies": {
+    "expo": "^46",
     "next": "12.2.5",
     "nodemailer": "^6.6.5",
     "react": "^17.0.2 || ^18",
-    "react-dom": "^17.0.2 || ^18"
+    "react-dom": "^17.0.2 || ^18",
+    "react-native": ">= 0.63.0"
   },
   "peerDependenciesMeta": {
     "nodemailer": {
@@ -115,6 +120,10 @@
     "babel-preset-preact": "^2.0.0",
     "concurrently": "^7",
     "cssnano": "^5.1.11",
+    "expo": "^46",
+    "expo-auth-session": "^3.7.1",
+    "expo-constants": "^13.2.4",
+    "expo-secure-store": "^11.3.0",
     "jest": "^28.1.1",
     "jest-environment-jsdom": "^28.1.1",
     "jest-watch-typeahead": "^1.1.0",
@@ -125,6 +134,7 @@
     "postcss-nested": "^5.0.6",
     "react": "^18",
     "react-dom": "^18",
+    "react-native": "0.69.4",
     "whatwg-fetch": "^3.6.2"
   },
   "engines": {

packages/next-auth/src/core/index.ts

@@ -224,6 +224,179 @@ export async function NextAuthHandler<
     }
   } else if (method === "POST") {
     switch (action) {
+      case "proxy": {
+        const cookies: Record<string, string> = {}
+
+        switch (req.body?.action) {
+          case "signin": {
+            // Get csrf token
+            const csrfTokenRes = await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                action: "csrf",
+              },
+              options: userOptions,
+            })
+            const csrfToken = (csrfTokenRes.body as any).csrfToken
+            const csrfTokenCookie = csrfTokenRes.cookies?.find(
+              (c) => c.name === options.cookies.csrfToken.name
+            )?.value
+            if (csrfTokenCookie) {
+              cookies[options.cookies.csrfToken.name] = csrfTokenCookie
+            }
+
+            // Get authorizationUrl
+            const callbackUrl = req.body?.callbackUrl
+            cookies[options.cookies.callbackUrl.name] = callbackUrl
+            const signInRes = await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                action: "signin",
+                method: "POST",
+                cookies,
+                body: {
+                  csrfToken,
+                  callbackUrl,
+                },
+                providerId: req.body?.providerId,
+              },
+              options: userOptions,
+            })
+            const authorizationUrl = signInRes.redirect as string
+
+            const url = new URL(authorizationUrl)
+            const params = new URLSearchParams(url.search)
+
+            // state
+            const stateEncrypted = signInRes.cookies?.find(
+              (c) => c.name === options.cookies.state.name
+            )?.value
+            const state = params.get("state") as string
+
+            // pkce code verifier
+            const codeChallenge = params.get("code_challenge") as string
+            const codeVerifier = signInRes.cookies?.find(
+              (c) => c.name === options.cookies.pkceCodeVerifier.name
+            )?.value
+
+            // provider client_id
+            const provider = options.providers.find(
+              ({ id }) => id === req.body?.providerId
+            )
+            let clientId: string | undefined
+            if (provider?.type === "oauth") {
+              clientId = provider.clientId
+            }
+
+            return {
+              headers: [{ key: "Content-Type", value: "application/json" }],
+              body: {
+                state,
+                stateEncrypted,
+                codeVerifier,
+                codeChallenge,
+                clientId,
+              } as any,
+            }
+          }
+          case "callback": {
+            if (req.body?.codeVerifier) {
+              cookies[options.cookies.pkceCodeVerifier.name] =
+                req.body.codeVerifier
+            }
+            if (req.body?.stateEncrypted) {
+              cookies[options.cookies.state.name] = req.body.stateEncrypted
+            }
+
+            const callbackRes = await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                action: "callback",
+                cookies,
+                providerId: req.body?.providerId,
+                query: {
+                  state: req.body?.state,
+                  code: req.body?.code,
+                },
+              },
+              options: userOptions,
+            })
+            const location = callbackRes.redirect as string
+            const url = new URL(location)
+            const params = new URLSearchParams(url.search)
+            const error = params.get("error")
+            if (error) {
+              return { body: { error } as any }
+            }
+
+            const sessionToken = callbackRes.cookies?.find(
+              (c) => c.name === options.cookies.sessionToken.name
+            )?.value
+
+            return { body: { sessionToken } as any }
+          }
+          case "signout": {
+            if (req.body?.sessionToken) {
+              cookies[options.cookies.sessionToken.name] = req.body.sessionToken
+            }
+
+            // Get csrf token
+            const csrfTokenRes = await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                action: "csrf",
+              },
+              options: userOptions,
+            })
+            const csrfToken = (csrfTokenRes.body as any).csrfToken
+            const csrfTokenCookie = csrfTokenRes.cookies?.find(
+              (c) => c.name === options.cookies.csrfToken.name
+            )?.value
+            if (csrfTokenCookie) {
+              cookies[options.cookies.csrfToken.name] = csrfTokenCookie
+            }
+
+            await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                action: "signout",
+                method: "POST",
+                cookies,
+                body: {
+                  csrfToken,
+                },
+              },
+              options: userOptions,
+            })
+
+            return { body: { signedOut: true } as any }
+          }
+          case "session": {
+            if (req.body?.sessionToken) {
+              cookies[options.cookies.sessionToken.name] = req.body.sessionToken
+            }
+
+            return await NextAuthHandler({
+              req: {
+                host: req.host, // To detect secure cookies
+                cookies,
+                action: "session",
+              },
+              options: userOptions,
+            })
+          }
+          case "providers": {
+            return await NextAuthHandler({
+              req: {
+                action: "providers",
+              },
+              options: userOptions,
+            })
+          }
+        }
+        // No proxy action handled, so bad request it is.
+        return { status: 400 }
+      }
       case "signin":
         // Verified CSRF Token required for all sign in routes
         if (options.csrfTokenVerified && options.provider) {

packages/next-auth/src/core/types.ts

@@ -520,6 +520,7 @@ export type NextAuthAction =
   | "verify-request"
   | "error"
   | "_log"
+  | "proxy"
 
 /** @internal */
 export interface InternalOptions<T extends ProviderType = any> {