Includes hot fix for SQLite transform.
It was not updated to support column name changes.
The fix applies the transform without relying on hard coded values so bug won't happen again.
Not a breaking change, just a refactor!
* Removes dependency on external library
* Resolves problem of messy logic in models and transform by putting it all in a naming strategy
* No change to table / collection schemas!
## Database
- [x] Databases are now optional - useful with OAuth + JWT if you only need access control
- [x] Updated documentation and added example code for custom database adapters
## JWT
- [x] JWT option is now an object that groups JWT related options together (was a boolean)
- [X] Refactored JWT lib and add AES encryption / decryption as well as signing / verification
- [x] Allows JWT encode/decode methods to be overridden as options
- [x] Contents of JWT can easily customised - without needing to use custom encode/decode
- [x] Exported JWT methods so they can be called from custom API routes
- [x] Updated documentation for new JWT options
## Sessions
- [x] All session options (eg. `maxAge`, `updateAge`) now grouped under single `session` option
- [x] Using JWT for sessions is now enabled from session object (`session.jwt: true`)
- [x] All options involving time now use seconds (instead of milliseconds) for consistency
- [x] Added option to customise the Session object that is returned from `/api/auth/session`
- [x] Update documentation for new Session options
## Other improvements
- [x] Added `allowSignin()` option to control what users / accounts are allowed to sign in
- [x] Refactored `callbackUrlHandler()` - this option is now called `allowCallbackUrl()`
- [x] Minor improvements to NextAuth.js client API methods
- [x] Minor to NextAuth.js API routes
- [x] Minor improvements to built-in error pages
- [x] Refactored database models
All tables now include a `created` column for each row which contains the `datetime` of when the row (e.g. User / Account / Session) was created.
Additionally, sessions now use the name 'expiry' for the expiry `datetime` value for consistency with other models.
* Now has jwt and jwtSecret options
* Set jwt: true to use JWT instead of DB for session
* Enable 'debug: true' to log JWT_SESSION_TOKEN to console if you want to see what it contains
* Magical!
* Database configuration now only needs a single line!
* You can still specify options using query string parameters.
* You can still specify an object, so this is not a breaking change.
These changes fix compatibility issues with common SQL databases including MySQL, MariaDB and Postgres.
* Fixes#147 - datetime now ANSI SQL timestamp
* Fixes#160 - AccessToken and RefreshToken type change from varchar to text
* Adds Docker Compose files to make it easier to test database integration.
TODO:
* Update documentation with configuration examples and latest compatibility info
* Create DB URI parser (currently only object config works)
* Database table/collection name prefix (will default to `next-auth_`)
* MongoDB support
MongoDB has some issues which mean it will require additional work and refactoring to support (while preserving SQL DB support, which is important).
It's going to take some thinking about to get right; MongoDB support might have to be dropped from 2.0 (and follow in a subsequent release) but I'm going to review options and consider the impact before making a call.
* Now accepts 'database' as an option as an alterantive to 'adapter'.
* If specified, 'database' can be a string or object and will load the default adapter.
* The 'adapter' option is still valid, and overrides the 'database' option.
If neither option is specified, displays console error and web error page.
