* New callbacks implemented
* Some events added (not all wired up)
* Documentation for old callbacks removed, new documentation to be added
* All flows seem to be working with all databases.
* If debug is set to true, debug messages can now be easily logged anywhere in the app
The refactoring has been a success - the code is much more maintainable and the flows are better.
This update need further testing to be sure it's all working as intended
Not a breaking change, just a refactor!
* Removes dependency on external library
* Resolves problem of messy logic in models and transform by putting it all in a naming strategy
* No change to table / collection schemas!
Trying to create some structure to get external contributors to think about feature requests and/or provide more information when raising issues.
This is not intended for core committers - I'm just trying to wrangle the input we get to reduce signal to noise, especially as I'm also starting to get emails asking for support now.
## Database
- [x] Databases are now optional - useful with OAuth + JWT if you only need access control
- [x] Updated documentation and added example code for custom database adapters
## JWT
- [x] JWT option is now an object that groups JWT related options together (was a boolean)
- [X] Refactored JWT lib and add AES encryption / decryption as well as signing / verification
- [x] Allows JWT encode/decode methods to be overridden as options
- [x] Contents of JWT can easily customised - without needing to use custom encode/decode
- [x] Exported JWT methods so they can be called from custom API routes
- [x] Updated documentation for new JWT options
## Sessions
- [x] All session options (eg. `maxAge`, `updateAge`) now grouped under single `session` option
- [x] Using JWT for sessions is now enabled from session object (`session.jwt: true`)
- [x] All options involving time now use seconds (instead of milliseconds) for consistency
- [x] Added option to customise the Session object that is returned from `/api/auth/session`
- [x] Update documentation for new Session options
## Other improvements
- [x] Added `allowSignin()` option to control what users / accounts are allowed to sign in
- [x] Refactored `callbackUrlHandler()` - this option is now called `allowCallbackUrl()`
- [x] Minor improvements to NextAuth.js client API methods
- [x] Minor to NextAuth.js API routes
- [x] Minor improvements to built-in error pages
- [x] Refactored database models
All tables now include a `created` column for each row which contains the `datetime` of when the row (e.g. User / Account / Session) was created.
Additionally, sessions now use the name 'expiry' for the expiry `datetime` value for consistency with other models.
