diff --git a/docs/configuration/options.md b/docs/configuration/options.md index 7b746373..87a924fc 100644 --- a/docs/configuration/options.md +++ b/docs/configuration/options.md @@ -140,9 +140,9 @@ jwt: { // Defaults to `session.maxAge`. maxAge: 60 * 60 * 24 * 30, // You can define your own encode/decode functions for signing and encryption - // if you want to override the default behaviour. + // if you want to override the default behavior. async encode({ secret, token, maxAge }) {}, - async decode({ secret, token, maxAge }) {}, + async decode({ secret, token }) {}, } ``` diff --git a/docs/errors.md b/docs/errors.md index 3a5e687e..27f75110 100644 --- a/docs/errors.md +++ b/docs/errors.md @@ -129,17 +129,6 @@ The algorithm used for generating your key isn't listed as supported. You can ge jose newkey -s 512 -t oct -a HS512 ``` -If you are unable to use an HS512 key (for example to interoperate with other services) you can define what is supported using - -``` - jwt: { - signingKey: {"kty":"oct","kid":"--","alg":"HS256","k":"--"}, - verificationOptions: { - algorithms: ["HS256"] - } - } -``` - #### SESSION_ERROR --- diff --git a/docs/faq.md b/docs/faq.md index 2e6bfea6..05f6320f 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -266,7 +266,7 @@ Ultimately if your request is not accepted or is not actively in development, yo
-

Does NextAuth.js use JSON Web Tokens?

+

Does NextAuth.js use JSON Web Tokens?

@@ -282,7 +282,7 @@ You can also choose to use JSON Web Tokens as session tokens with using a databa

-

What are the advantages of JSON Web Tokens?

+

What are the advantages of JSON Web Tokens?

@@ -301,7 +301,7 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot

-

What are the disadvantages of JSON Web Tokens?

+

What are the disadvantages of JSON Web Tokens?

@@ -330,7 +330,7 @@ JSON Web Tokens can be used for session tokens, but are also used for lots of ot

-

Are JSON Web Tokens secure?

+

Are JSON Web Tokens secure?

@@ -347,7 +347,7 @@ Using explicit public/private keys for signing is strongly recommended.

-

What signing and encryption standards does NextAuth.js support?

+

What signing and encryption standards does NextAuth.js support?

diff --git a/docs/getting-started/upgrade-to-v4.md b/docs/getting-started/upgrade-to-v4.md index 53403f66..e7a7372c 100644 --- a/docs/getting-started/upgrade-to-v4.md +++ b/docs/getting-started/upgrade-to-v4.md @@ -178,6 +178,46 @@ events: { Introduced in https://github.com/nextauthjs/next-auth/releases/tag/v4.0.0-next.20 +## JWT configuration + +We have removed some of the [configuration options](/configuration/options) when using JSON Web Tokens, [here's the PR](https://github.com/nextauthjs/next-auth/pull/3039) for more context. + +```diff +export default NextAuth({ + // ... + jwt: { + secret, + maxAge, +- encryptionKey +- signingKey +- encryptionKey +- verificationOptions + encode({ + token + secret + maxAge +- signingKey +- signingOptions +- encryptionKey +- encryptionOptions +- encryption + }) {}, + decode({ + token + secret +- maxAge +- signingKey +- verificationKey +- verificationOptions +- encryptionKey +- decryptionKey +- decryptionOptions +- encryption + }) {} + } +}) +``` + ## Logger API The logger API has been simplified to use at most two parameters, where the second is usually an object (`metadata`) containing an `error` object. If you are not using the logger settings you can ignore this change. diff --git a/docs/tutorials/ldap-auth.md b/docs/tutorials/ldap-auth.md index e1b25666..73e6d746 100644 --- a/docs/tutorials/ldap-auth.md +++ b/docs/tutorials/ldap-auth.md @@ -65,8 +65,7 @@ export default NextAuth({ }, secret: process.env.NEXTAUTH_SECRET, jwt: { - secret: process.env.NEXTAUTH_SECRET, - encryption: true, // Very important to encrypt the JWT, otherwise you're leaking username+password into the browser + secret: process.env.JWT_SECRET, }, }) ``` diff --git a/src/css/index.css b/src/css/index.css index 7adc67d1..3105372d 100644 --- a/src/css/index.css +++ b/src/css/index.css @@ -181,3 +181,7 @@ html[data-theme="dark"] hr { flex-direction: column; } } + +.inline { + display: inline-block; +}