diff --git a/packages/docs/src/routes/docs/integrations/authjs/index.mdx b/packages/docs/src/routes/docs/integrations/authjs/index.mdx index 15eaed8a3f4..342e65828a4 100644 --- a/packages/docs/src/routes/docs/integrations/authjs/index.mdx +++ b/packages/docs/src/routes/docs/integrations/authjs/index.mdx @@ -12,7 +12,6 @@ contributors: - VinuB-Dev - hugomonte - VarPDev - - cwoolum updated_at: '2023-10-15T10:10:17Z' created_at: '2023-04-24T10:35:21Z' --- @@ -57,36 +56,6 @@ and create a new file named `plugin@auth.ts` with an example configuration. > - HOST_HEADER: This header helps identify the original host requested by the client. It is particularly necessary when your Node environment is behind a proxy or load balancer. Set this variable to: > HOST_HEADER=X-Forwarded-Host -### Migrating from `@builder.io/qwik-auth` - -When migrating from `@builder.io/qwik-auth` to `@auth/qwik`, there are a couple changes that need to be made. - -1. The routes provided by the auth library are no longer prefixed with `/api`. If your are using previous guidance for protected routes or calling the auth routes directly, please be sure to update accordingly. - - ```diff - export const onRequest: RequestHandler = (event) => { - const session: Session | null = event.sharedMap.get('session'); - if (!session || new Date(session.expires) < new Date()) { - - throw event.redirect(302, `/api/auth/signin?redirectTo=${event.url.pathname}`); - + throw event.redirect(302, `/auth/signin?redirectTo=${event.url.pathname}`); - } - }; - ``` - -2. The setup function and and methods exported by it have changed in `plugin@auth.ts`. Be sure to update the imports for the `useAuthSession`, `useAuthSignin`, and `useAuthSignout` methods anywhere you use them in your app. - - ```diff - import Auth0Provider from "@auth/core/providers/auth0"; - -import { serverAuth$ } from "@builder.io/qwik-auth"; - +import { QwikAuth$ } from "@auth/qwik"; - - -export const { onRequest, useAuthSession, useAuthSignin, useAuthSignout } = - - serverAuth$(({ env }) => ({ - +export const { onRequest, useSession, useSignIn, useSignOut } = - + QwikAuth$(({ env }) => ({ - ``` - - ## Qwik API @@ -197,43 +166,43 @@ All the same REST APIs as provided by Auth.js are available. ### signin -**GET /auth/signin** +**GET /api/auth/signin** Displays the built-in/unbranded sign-in page. -**POST /auth/signin/:provider** +**POST /api/auth/signin/:provider** Starts a provider-specific sign-in flow. In the case of an OAuth provider, calling this endpoint will initiate the Authorization Request to your Identity Provider. This endpoint is also used by the [useSignIn](#useSignIn) action internally. ### callback -**GET/POST /auth/callback/:provider** +**GET/POST /api/auth/callback/:provider** ### signout -**GET /auth/signout** +**GET /api/auth/signout** Displays the built-in/unbranded sign out page. -**POST /auth/signout** +**POST /api/auth/signout** Handles signing the user out - this is a POST submission to prevent malicious links from triggering signing a user out without their consent. The user session will be invalidated/removed from the cookie/database, depending on the flow you chose to store sessions. This endpoint is also used by the [useSignOut](#useSignOut) method internally. ### session -**GET /auth/session** +**GET /api/auth/session** Returns client-safe session object - or an empty object if there is no session. The contents of the session object that is returned are configurable with the session callback. Session data can also be retrieved using the [useSession](#useSession) routerLoader. ### csrf -**GET /auth/csrf** +**GET /api/auth/csrf** Returns object containing CSRF token. In NextAuth.js, CSRF protection is present on all authentication routes. It uses the "double submit cookie method", which uses a signed HttpOnly, host-only cookie. The CSRF token returned by this endpoint must be passed as form variable named csrfToken in all POST submissions to any API endpoint. ### providers -**GET /auth/providers** +**GET /api/auth/providers** Returns a list of configured OAuth services and details (e.g. sign in and callback URLs) for each service. It is useful to dynamically generate custom sign up pages and to check what callback URLs are configured for each OAuth provider that is configured. @@ -255,7 +224,7 @@ export const { onRequest, useSession, useSignIn, useSignOut } = QwikAuth$( ); ``` -> *IMPORTANT*: Make sure to keep the `onRequest` export as it is used to handle the OAuth flow redirects. Once the user finished OAuth flow, GitHub (or any other provider) will redirect the user back to the application to `/auth/callback/github` (or `/auth/callback/[otherProvider]`). The `onRequest` middleware function will handle requests to this endpoint and finish the OAuth flow. +> *IMPORTANT*: Make sure to keep the `onRequest` export as it is used to handle the oAuth flow redirects. Once the user finished oAuth flow, GitHub (or any other provider) will redirect the user back to the application to `/api/auth/callback/github` (or `/api/auth/callback/[otherProvider]`). The `onRequest` middleware function will handle requests to this endpoint and finish the oAuth flow. 3. Create or edit the `.env.local` file at the root of your project to store secrets @@ -323,7 +292,7 @@ Session data can be accessed via the route `event.sharedMap`. So a route can be export const onRequest: RequestHandler = (event) => { const session: Session | null = event.sharedMap.get('session'); if (!session || new Date(session.expires) < new Date()) { - throw event.redirect(302, `/auth/signin?redirectTo=${event.url.pathname}`); + throw event.redirect(302, `/api/auth/signin?redirectTo=${event.url.pathname}`); } }; ```