When calling update() after…
1. Invalidating a one time use emailToken (after use).
2. Unlinking an oAuth account.
…it now passes a third option, indicating the property that was deleted from the object (or that should have been):
e.g.
* `functions.update(user, null, { delete: 'emailToken' })`
* `functions.update(user, null, { delete: 'facebook' })`
* `functions.update(user, null, { delete: 'google' })`
* `functions.update(user, null, { delete: 'twitter' })`
This is to make it easier to integrate with databases like Mongoose.
It's needed because if you pass a Mongoose object it will *not let* the key be deleted by NextAuth, so you will have to check for this third pararam in your .update() function and use Mongoose specific commands to unset the field for the user.
* Resolves#18 by providing an easy way to define a custom credentials based sign in end point and use it with NextAuth.
The NextAuth client explicitly supports this option and an new example in example/pages/credentials.js shows how to use it (it’s super easy to use and and you can pass any fields you like to it).
Note that this does not explicitly allow a localStrategy to be defined but provides the same ability to define a custom auth hook - allowing custom localStrategies would probably be a footgun and likely generate support requests (as it’s more complicated to implement) so I’m inclined to keep it simple for everyone.
* Resolves#20 by passing the req to email sign in method (useful for things like language and hostname detection).
* If you do not pass a sendSignInEmail() or signIn() functions (or set them to null) then the routes for these will not be created, so that they are easy to disable.
The module `isomorphic-fetch` is required by `next-auth/client` (but should not be bundled in as the code also needs to run server side, which is why it’s listed an an external in the webpack config).
This update moves the dependancy on it from devDependancies into dependancies, which is where it should be (as is required in production as well). You would already get a warning if you didn’t have it installed, but now you you don’t need to explicitly include it.
* Fixes bug in v1.6.0 with the return reponse (for those extending NextAuth), it was returning an empty response after refactoring.
* The instance of Express is now returned in ‘expressApp’, the value ‘express’ now contains Express library being referenced (making it easier to use it for things like creating static routes).
* Removed depdancy for cookie parser (resolves#15).
* Example now uses Next.js 5.0.
* Pruned unused dependancies.
* Fixed missing depdendancies for example project.
* Resolved issue with missing dependancies for building the client lib.
* Now trust proxies running in front when they say they are running the site over SSL (e.g. Heroku, nginx, AWS, etc).
* Now uses secure cookies on HTTPS enabled sites.
The oAuth profile for a service is now passed to update() and insert() when signing in via oAuth (or linking accounts).
e.g. `update(user, oAuthProfile)` and `insert(user, oAuthProfile)`
This provides a way to also capture oAuth provider specific fields, such as avatar, location, organisation, etc. as needed.
Thanks to @gielcobben for raising this.
