This error page will be used to handle display all errors to the client.
There will be an option to provide a custom error page URL.
Update includes some tweaks to CSS.
* Should database compatability issues with the model.
* Session expiry dates are still not enforced in client.
* All cookies are still sesison cookies and expire when the browser is closed.
* AccessToken expiry has been removed for now.
These are all know issues and intended behaviour for now, and will be addressed before release.
* Logic now centralized to avoid duplicaiton across multiple routes.
* Improved validation of query params.
* Also checks and cookie values as mitigation against cookie hijacking.
* CSRF token is verified first.
* If token doesn't match, redirect client to signout URL to prompt for confirmation.
* `deleteSessionById()` not yet implemented in default adapter, so does not work.
* Identified area for reafactoring around callbackUrl behaviour.
Improves security and defence against bad actors by adding a hash that uses the secret as a salt and checking it on every request (and overriding the cookie with a new secure one if the check fails.)
* Sets site name + api route now prior to sign in so avalible sooner.
* Improved next-auth/client logic for server side session handling.
* next-auth/client now checks regular and `__Secure-` prefixed cookies.
While it is still somewhere between an alpha and a beta am publishing to NPM to facilitate further testing.
The software is not ready for use yet!
While belived to be functional there are no formal tests and only casual manual testing has been done.
Features such as logout and session expiry checks have not yet been implemented.
* Added React Hook to client.
* NextAuth.session() is now a universal method.
* Improved cookie support, all cookie names and options can be customised (feature request).
* Updated examples in documentation.
While not all signup flows are complete, basic core functionality is now working.
Users can sign in, have their identify verified and session is created for them in a secure manner.
* Added Session model and schema.
* Added createSession and getSessionByID handlers.
* Added getUserByID handler.
* Added /api/auth/session endpoint which displays info about the current session.
* /api/auth/session endpoint is secure as it requires the HTTP only cookie.
* Remove schema relationship data for now (no value currently and may cause problems if not modeled correctly).
We need to be able to return simple server-side rendered pages for authentication (e.g. signin).
Using Preact means we can use JSX in them while keeping depedancy size small.
Ultimately, these pages should be customizable - both by passing in CSS and by specifying custom URL for page.
Additionally, the babel config has been tweaked to reduce bundle size by minifying assets and stripping comments from built assets.
