providers/thunderid
Built-in sign in with ThunderID integration.
ThunderIDProfile
The returned user profile from ThunderID when using the profile callback.
Extends
Record<string,any>
Indexable
[key: string]: any
Properties
address?
optional address:
| string
| Record<string, string>;The user’s postal address
birthdate?
optional birthdate: string;The user’s birthdate (YYYY-MM-DD)
email?
optional email: string;The user’s email address
email_verified?
optional email_verified: boolean;Whether the email address has been verified
family_name?
optional family_name: string;The user’s family (last) name
gender?
optional gender: string;The user’s gender
given_name?
optional given_name: string;The user’s given (first) name
groups?
optional groups: string[];Groups the user belongs to (requires explicit configuration)
locale?
optional locale: string;The user’s locale (BCP 47 language tag)
middle_name?
optional middle_name: string;The user’s middle name
name?
optional name: string;The user’s full name
nickname?
optional nickname: string;The user’s nickname
ouHandle?
optional ouHandle: string;Organization unit handle
ouId?
optional ouId: string;Organization unit ID the user belongs to
ouName?
optional ouName: string;Organization unit name
phone_number?
optional phone_number: string;The user’s phone number
phone_number_verified?
optional phone_number_verified: boolean;Whether the phone number has been verified
picture?
optional picture: string;URL of the user’s profile picture
preferred_username?
optional preferred_username: string;The user’s preferred username
profile?
optional profile: string;URL of the user’s profile page
roles?
optional roles: string[];Roles assigned to the user (returned with the roles scope)
sub
sub: string;The user ThunderID account ID (subject identifier)
updated_at?
optional updated_at: number;Unix timestamp of the last profile update
userType?
optional userType: string;The user type as configured in the ThunderID system
website?
optional website: string;URL of the user’s website
zoneinfo?
optional zoneinfo: string;The user’s time zone (IANA timezone string)
default()
function default(config): OIDCConfig<ThunderIDProfile>Setup
Callback URL
https://example.com/api/auth/callback/thunderidConfiguration
import { Auth } from "@auth/core"
import ThunderID from "@auth/core/providers/thunderid"
const request = new Request(origin)
const response = await Auth(request, {
providers: [
ThunderID({
clientId: AUTH_THUNDERID_ID,
clientSecret: AUTH_THUNDERID_SECRET,
issuer: AUTH_THUNDERID_ISSUER,
}),
],
})Configuring ThunderID
- Get ThunderID installed on your environment (via
npx thunderidor any other option) - Go to the ThunderID Console at
https://{THUNDERID_HOST}:{THUNDERID_PORT}/console - Create an application with the Next.js template
Important: Copy the Client Secret at the end of the wizard — it will not be shown again
- In the General tab, Access section → Authorized redirect URIs, add:
- Development:
http://localhost:3000/api/auth/callback/thunderid - Production:
https://{YOUR_DOMAIN}/api/auth/callback/thunderid
- Development:
Then, create a .env.local file in the project root and add the following entries:
AUTH_THUNDERID_ID="Your Client ID here"
AUTH_THUNDERID_SECRET="Your Client Secret here"
AUTH_THUNDERID_ISSUER="Your ThunderID issuer URL here"Resources
Notes
The ThunderID provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.
By default, Auth.js assumes that the ThunderID provider is based on the OAuth 2 and OpenID Connect specs
Help
If you think you found a bug in the default configuration, you can open an issue.
Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in GitHub Discussions.
Parameters
| Parameter | Type |
|---|---|
config | OIDCUserConfig<ThunderIDProfile> |