Allow to block authorization depending on whether it is a new user or not

[GermanJablo]

Description 📓

Problem

Currently, there is no easy and direct way to intervene in the authorization flow based on whether the user is new (signup) or not (login).

A user has proposed to verify some property that is not in both situations, but I don't know how reliable it is. Does it work in all circumstances? For all providers? Also, it's not self-evident or something that follows from the documentation. A user a few comments above in the same thread proposed a similar alternative, which ended up not working. As you can see, it is a workaround that is prone to errors.

Possible solutions:

1. Bring the isNewUser property also to the signIn callback (as requested here).
2. Allow events to block the authorization flow in some way (return boolean, throw error, etc.).
3. Extend next-auth to have signup and login as different processes. This would likely involve, but not necessarily be limited to: 3.1. Add a new Signup callback (as requested here). 3.2. Add a new Signup function (as requested here).

The third point is probably the hardest to implement and the one that would add the most complexity. I don't know to what extent it would be wrong since users and programmers actually think of creation and login as different concepts. Still, I think I lean more toward options 1 and 2.

In option 2, the events would end up being essentially the same as the callbacks. Option 1, on the other hand, would be to add for an event, its corresponding callback that does not exist yet. Which would make the event technically unnecessary. I wonder if actually "events" was a good abstraction and not just a few more callbacks should have been defined.

Background - Related References

The large number of posts, comments, and upvotes in the login vs signup topic indicate that this is something that users are frequently stumbling upon. Some examples:

• https://github.com/nextauthjs/next-auth/discussions/1578
• https://github.com/nextauthjs/next-auth/issues/736
• https://stackoverflow.com/questions/73369742/how-to-differentiate-nextauth-user-signin-and-signup
• https://github.com/nextauthjs/next-auth/discussions/4124
• https://github.com/nextauthjs/next-auth/discussions/945
• https://github.com/nextauthjs/next-auth/discussions/7164
• https://github.com/nextauthjs/next-auth/issues/1356
• https://stackoverflow.com/questions/70739015/next-auth-check-if-user-signs-in-for-the-first-time
• https://stackoverflow.com/questions/71397331/signup-from-next-auth-react-doesnt-exist

How to reproduce ☕️

N/A

Contributing 🙌🏽

No, I am afraid I cannot help regarding this

[kahveciderin]

I saw this issue yesterday and thought maybe I could contribute, so I've created a PR that hopefully fixes this.

[stale[bot]]

It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks!

[GermanJablo]

.

Edit by maintainer bot: Comment was automatically minimized because it was considered unhelpful. (If you think this was by mistake, let us know). Please only comment if it adds context to the issue. If you want to express that you have the same problem, use the upvote 👍 on the issue description or subscribe to the issue for updates. Thanks!

[thclark]

Massive upvote on this. I'm new to next-auth and am finding it to be really very well polished, so I'm very grateful!

However, this area of signup vs signin seems so massively, massively complicated when it should be simple!