Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
API reference@auth/coreprovidersfeishu

providers/feishu

Built-in Feishu integration.

FeishuOptions

Extends

Properties

[conformInternal]?

optional [conformInternal]: true;
See
Inherited from

OAuthUserConfig.[conformInternal]

[customFetch]()?

optional [customFetch]: (input, init?) => Promise<Response>;

MDN Reference

Parameters
ParameterType
inputURL | RequestInfo
init?RequestInit
Returns

Promise<Response>

See
Inherited from

OAuthUserConfig.[customFetch]

account?

optional account: AccountCallback;

Receives the full TokenSet returned by the OAuth provider, and returns a subset. It is used to create the account associated with a user in the database.

You need to adjust your database’s Account model to match the returned properties. Check out the documentation of your database adapter for more information.

Defaults to: access_token, id_token, refresh_token, expires_at, scope, token_type, session_state

Example
import GitHub from "@auth/core/providers/github"
// ...
GitHub({
  account(account) {
    // https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens#refreshing-a-user-access-token-with-a-refresh-token
    const refresh_token_expires_at =
      Math.floor(Date.now() / 1000) + Number(account.refresh_token_expires_in)
    return {
      access_token: account.access_token,
      expires_at: account.expires_at,
      refresh_token: account.refresh_token,
      refresh_token_expires_at
    }
  }
})
See
Inherited from

OAuthUserConfig.account

allowDangerousEmailAccountLinking?

optional allowDangerousEmailAccountLinking: boolean;

Normally, when you sign in with an OAuth provider and another account with the same email address already exists, the accounts are not linked automatically.

Automatic account linking on sign in is not secure between arbitrary providers and is disabled by default. Learn more in our Security FAQ.

However, it may be desirable to allow automatic account linking if you trust that the provider involved has securely verified the email address associated with the account. Set allowDangerousEmailAccountLinking: true to enable automatic account linking.

Inherited from

OAuthUserConfig.allowDangerousEmailAccountLinking

authorization?

optional authorization: 
  | string
  | AuthorizationEndpointHandler;

The login process will be initiated by sending the user to this URL.

Authorization endpoint

Inherited from

OAuthUserConfig.authorization

callbackUrl

callbackUrl: string;

checks?

optional checks: 
  | ("none" | "state" | "pkce")[]
  | ("none" | "state" | "nonce" | "pkce")[];

The CSRF protection performed on the callback endpoint.

Default
["pkce"]
Note

When redirectProxyUrl or AuthConfig.redirectProxyUrl is set, "state" will be added to checks automatically.

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 6749 - The OAuth 2.0 Authorization Framework | OpenID Connect Core 1.0 |

Inherited from

OAuthUserConfig.checks

client?

optional client: Partial<Client & {
  token_endpoint_auth_method: string;
}>;

Pass overrides to the underlying OAuth library. See oauth4webapi client for details.

Inherited from

OAuthUserConfig.client

clientId?

optional clientId: string;
Inherited from

OAuthUserConfig.clientId

clientSecret?

optional clientSecret: string;
Inherited from

OAuthUserConfig.clientSecret

id?

optional id: string;

Identifies the provider when you want to sign in to a specific provider.

Example
signIn('github') // "github" is the provider ID
Inherited from

OAuthUserConfig.id

issuer?

optional issuer: string;
Inherited from

OAuthUserConfig.issuer

jwks_endpoint?

optional jwks_endpoint: any;
Inherited from

OAuthUserConfig.jwks_endpoint

name?

optional name: string;

The name of the provider. shown on the default sign in page.

Inherited from

OAuthUserConfig.name

profile?

optional profile: ProfileCallback<FeishuProfile>;

Receives the full Profile returned by the OAuth provider, and returns a subset. It is used to create the user in the database.

Defaults to: id, email, name, image

See

Database Adapter: User model

Inherited from

OAuthUserConfig.profile

redirectProxyUrl?

optional redirectProxyUrl: string;
Inherited from

OAuthUserConfig.redirectProxyUrl

style?

optional style: OAuthProviderButtonStyles;
Inherited from

OAuthUserConfig.style

token?

optional token: 
  | string
  | TokenEndpointHandler;
Inherited from

OAuthUserConfig.token

userinfo?

optional userinfo: 
  | string
  | UserinfoEndpointHandler;
Inherited from

OAuthUserConfig.userinfo

wellKnown?

optional wellKnown: string;

OpenID Connect (OIDC) compliant providers can configure this instead of authorize/token/userinfo options without further configuration needed in most cases. You can still use the authorize/token/userinfo options for advanced control.

Authorization Server Metadata

Inherited from

OAuthUserConfig.wellKnown

FeishuProfile

The Feishu profile returned from the API

See

https://open.feishu.cn/document/server-docs/authentication-management/login-state-management/get

Properties

avatar_big

avatar_big: string;

avatar_middle

avatar_middle: string;

avatar_thumb

avatar_thumb: string;

avatar_url

avatar_url: string;

The user’s avatar URLs

email

email: string;

The user’s email address

employee_no

employee_no: string;

The user’s employee number

en_name

en_name: string;

The user’s English name

enterprise_email

enterprise_email: string;

The user’s enterprise email address

mobile

mobile: string;

The user’s mobile phone number

name

name: string;

The user’s display name

open_id

open_id: string;

The user’s Feishu IDs

tenant_key

tenant_key: string;

The tenant key

union_id

union_id: string;

user_id

user_id: string;

The user’s unique ID

default()

function default(options): OAuthConfig<FeishuProfile>

Add Feishu login to your page and make requests to Feishu APIs.

Setup

Callback URL

https://example.com/api/auth/callback/feishu

Configuration

import NextAuth from "next-auth";
import Feishu from "@auth/core/providers/feishu";
 
declare module "next-auth" {
  interface Session {
    accessToken?: string;
  }
}
 
export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [
    Feishu({
      clientId: process.env.FEISHU_CLIENT_ID!,
      clientSecret: process.env.FEISHU_CLIENT_SECRET!,
      callbackUrl: `${process.env.NEXTAUTH_URL}/api/auth/callback/feishu`,
    }),
  ],
});

Resources

Notes

By default, Auth.js assumes that the Feishu provider is based on the OAuth 2 specification.

💡

The Feishu provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.

Disclaimer If you think you found a bug in the default configuration, you can open an issue.

Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.

Parameters

ParameterType
optionsFeishuOptions

Returns

OAuthConfig<FeishuProfile>

faceitfigma

About Auth.js

Download

Acknowledgements

Auth.js © Balázs Orbán and Team - 2025