search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
24.78k stars 3.49k forks source link

The checks parameter in OIDCConfig causes a type error #9092

Closed nbifrye closed 11 months ago

nbifrye commented 12 months ago

Environment

  System:
    OS: macOS 12.6
    CPU: (8) arm64 Apple M1
    Memory: 103.48 MB / 8.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 20.9.0 - ~/.asdf/installs/nodejs/20.9.0/bin/node
    npm: 10.1.0 - ~/.asdf/plugins/nodejs/shims/npm
  Browsers:
    Chrome: 119.0.6045.105
    Safari: 15.6.1

  npmPackages:
    next-auth: ^5.0.0-beta.3 => 5.0.0-beta.3

Reproduction URL

https://github.com/nbifrye/76956150-50fe-4232-b78f-dba38e1d6801

Describe the issue

Specifying the checks option for custom OAuth provider causes a type error.

% npx tsc index.ts --noEmit                                           
index.ts:11:12 - error TS2322: Type 'string' is not assignable to type 'never'.

11   checks: ["none"],

The type of checks is as follows, which means ("pkce" | "state" | "none")[] & "nonce"[]. The only value that satisfies this is [].

https://github.com/nextauthjs/next-auth/blob/1349ed33da3280162bd8156a80e0a4659cb873dd/packages/core/src/providers/oauth.ts#L242

The expected type of checks looks like ("pkce" | "state" | "none" | nonce")[]. How about the following code:

checks?: Array<(Exclude<OAuth2Config<Profile>["checks"], undefined>)[number] | "nonce">

How to reproduce

git clone https://github.com/nbifrye/76956150-50fe-4232-b78f-dba38e1d6801.git
cd 76956150-50fe-4232-b78f-dba38e1d6801
npm install
npx tsc --noEmit

Expected behavior

checks such as ["none"], ["state", "nonce"], etc. do not cause a type error.

lukasz-karolewski commented 10 months ago

Unfortunately, this is now causing this

Type 'OAuthConfig' is not assignable to type 'Provider'. Type 'OIDCConfig' is not assignable to type 'Provider'. Type 'OIDCConfig' is not assignable to type 'OIDCConfig & InternalProviderOptions'. Type 'import("/workspaces/.../node_modules/@auth/core/providers/oauth").OIDCConfig' is not assignable to type 'import("/workspaces/.../node_modules/next-auth/node_modules/@auth/core/providers/oauth").OIDCConfig'. Types of property 'checks' are incompatible. Type '("pkce" | "state" | "none" | "nonce")[] | undefined' is not assignable to type '(("pkce" | "state" | "none")[] & "nonce"[]) | undefined'. Type '("pkce" | "state" | "none" | "nonce")[]' is not assignable to type '("pkce" | "state" | "none")[] & "nonce"[]'. Type '("pkce" | "state" | "none" | "nonce")[]' is not assignable to type '("pkce" | "state" | "none")[]'. Type '"pkce" | "state" | "none" | "nonce"' is not assignable to type '"pkce" | "state" | "none"'. Type '"nonce"' is not assignable to type '"pkce" | "state" | "none"'. Did you mean '"none"'?ts(2322)

benjamindell commented 10 months ago

I'm also seeing this error

lukasz-karolewski commented 10 months ago

@konstantinblaesi Hi Konstantin, would you mind taking a look at this?

I'm getting this error with the Google Provider, the most standard setup as per the tutorial, using beta.4

konstantinblaesi commented 10 months ago

Hi @lukasz-karolewski, I am kind of in over my head regarding building/testing next-auth or figuring out this type issue. I did make some testing though using the nextjs nextauth sample project and found a type that made the error go away. We'll have to see if this gets merged, I hope some maintainer has better oversight regarding all that type magic than me :D https://github.com/nextauthjs/next-auth/pull/9477

nbifrye commented 10 months ago

Hi @konstantinblaesi , Thanks for looking at my fixes. When installing next-auth@5.0.0-beta.4, version 0.18.4 of @auth/core is also installed. This version does not include fix #9348. This problem seems to be solved by explicitly installing the latest version, @auth/core@0.19.0.

lukasz-karolewski commented 10 months ago

issues is @auth/prisma-adapter@1.0.12 has "@auth/core": "0.19.0" as a dep, so I have to pin it to get 0.18.4 - the last working version.

This specific change broke it, and was released in 0.18.5. The issue is still not addressed in 0.19.0

konstantinblaesi commented 10 months ago

as @nbifrye mentioned it seems there are multiple versions of @auth/core in the dependency graph. With pnpm I was able to force 0.19.0 everywhere (couldn't make it work with package.json pnpm overrides)

function readPackage(pkg, context) {
  if (pkg.name === "next-auth") {
    pkg.dependencies["@auth/core"] = "0.19.0";
  }
  return pkg;
}

module.exports = {
  hooks: {
    readPackage,
  },
};

pnpm why @auth/core without the override:

@auth/prisma-adapter 1.0.12
└── @auth/core 0.19.0
next-auth 5.0.0-beta.4
└── @auth/core 0.18.4

pnpm why @auth/core with the override:

@auth/prisma-adapter 1.0.12
└── @auth/core 0.19.0
next-auth 5.0.0-beta.4
└── @auth/core 0.19.0

With that override I get no type errors using checks = ["nonce"] with the google provider. I am wondering why next-auth was not upgraded like @auth/prisma-adapter was?

nbifrye commented 10 months ago

@auth/core was already version 0.19.0 when @auth/prisma-adapter@1.0.12 was released. Why the latest version is not referenced I have no idea, but perhaps this has something to do with it.