feat(react): custom fetch options

[timosaikkonen]

Introducing the ability to customize options passed to fetchData by passing fetchOptions as a prop to SessionProvider

Reasoning 💡

Primarily to facilitate setting "credentials": "include" in a case where a single next-auth server is serving multiple Next sites.

Checklist 🧢

• Documentation
• Tests
• Ready to be merged

Affected issues 🎟

#2414

[balazsorban44]

I'm not sure of the immediate security implications here, as I haven't used that setting before, but on first thought, it doesn't sound right. 🤔

[timosaikkonen]

I'm not sure of the immediate security implications here, as I haven't used that setting before, but on first thought, it doesn't sound right. 🤔

For this to work you'd also have to have the next-auth API running under the same domain, have its cookie domain set as the apex domain and have CORS set up correctly. This merely makes it possible to tell fetch to pass the cookie that was already explicitly exposed to the site to the session API.

Could you elaborate on your concerns?

[timosaikkonen]

@balazsorban44 Anything I can do to get this to land? I'm dealing with some schedule pressure here :(

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nextauthjs/next-auth/2WniLfxgJB4xVjS97aqioSnfvMRk
✅ Preview: https://next-auth-git-fork-timosaikkonen-feat-custom-271e5d-nextauthjs.vercel.app

[Deployment for 4aeaf5e canceled]

[timosaikkonen]

@balazsorban44 Gentle nudge :) Anything I can do to help this land?

[timosaikkonen]

@balazsorban44 Apologies for pestering you about this but I'm still looking to get this to land. As always, let me know if there's anything more I can do to move this forward. Happy to jump on a call to run through the changes if that's easier for you.

[stale]

It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks!

[stale]

To keep things tidy, we are closing this issue for now. If you think your issue is still relevant, leave a comment and we might reopen it. Thanks!

[ranmocy]

This is still a relevant requests. I think Next Auth JS should consider support this.
By default people won't use it. And for people knows what they are doing, this is almost the only way to do it without forking the package.
The primary use case we have is to support a single page application calling the API server on different domains (e.x. api.example.com vs app.example.com, or localhost:3000 vs localhost:4000). Access to the CORS settings for those auth requests are needed.
It would be great Next Auth JS could support it, since it's designed as a self-hosting solution, providing the ability for customization seems reasonable here.

[dimamarkus]

Bump. This still seams to be one of the cleanest solution to a real problem. #2414