* Uses typeorm as works with a large number of data stores.
* Compatible with common SQL, document storage & lightweight databases.
* Adapter logic integrated into signup flow but not yet complete.
* Flow not fully complete or tested, but can complete signin journey.
* Does not include source code for adapter (test adapater source currently in client respository while under development).
* Wrapped all calls in promise to avoid early termination of serverless function.
* Callback and Session cookie names and cookie options can now be changed by passing options for them in (feature request from 1.x).
* Redesigned from the ground up for serverless!
* Doesn't require PassportJS or Express!
* Much simpler configuration!
* Interface exposed via single API endpoint.
* Supports both oAuth 1.x and 2.x services.
* Initial commit includes support for signing in with Twitter, Google and GitHub.
Code is functional, but not useable as adapter support (saving user information) is still in progress.
Still to come:
* Support for Facebook, email, and credential authentication flows.
* Adapter support - will provide out of the box support for MongoDB, Elasticsearch and SQL with support for writing custom adapters in a similar style to version 1.x.
* Automated User Acceptance Tests for all auth flows.
* Example usage . In a change from version 1.x a demo will exist in a seperate repository to make it easier to get started.
This version will (probably) not be published, at least not until 2.0 ships in the next few weeks.
This release contains several untested fixes and enhancements that were not in the last released version version of 1.x (1.12.1).
I would like to publish it then, so that it can be archived and available to those still using the 1.x branch after release of 2.0.
* All dependancies updated, including the example to include latest release of Next.js and React.
* Includes fix for Keycloak strategy support and improved oAuth strategy compatibility.
* Includes enhancement for exposing additional parameters when calling getProfile().
* `sessionResave` now defaults to `true`, which ensures sessions always rotate properly.
This can be disabled for special use cases - it does not work well with some Express Session Stores, but for most people it should be fine and should rotate sessions correctly. If set to `false` user sessions are likely to expire prematurely. It is strongly recommended you do not change this from the default setting.
As a side effect, this will case all sessions - including anonymous sessions created when users have connected but not logged in yet - to be saved as a session in the store. This is because the current Cross Site Request Forgery option associates a token with a session in the browser.
If you want to avoid creating anonymous sessions, set `csrf` to `false` to disable CSRF protection; sessions will then only be created when a user signs in. A future update should include the option to implement CSRF using the Double Submit Cookie method so it can be enabled without causing this side effect.
passport-oauth2 calls back with extra parameters if specified - this is based on the number of arguments passed to the callback function when defining the strategy (https://github.com/jaredhanson/passport-oauth2/blob/master/lib/strategy.js). This change exposes that extra parameter. This is useful if users want to store id_token for instance which is available in the _params object.
Add Typescript types by @NickBolles. Not pushing to a new release yet but can't see how it would break anything and I need to catch up with PRs :)
Thanks Nick!
Strategy name in Passoport is not enforced to be all lower case, and it's up to strategy author to pick a name.
So, there's a chance that strategy with mixed case name [exists](https://github.com/exlinc/keycloak-passport/blob/master/index.js#L23)
Without this change such strategies won't work with next-auth.
* Added Babel Pollyfill to the next-auth client and rollup config.
* Client longer relies on ES6 features and so works in Internet Explorer (support for which had been dropped was was conflicting with newerver version of webpack when building isomorphic libraries).
* Example client now has slightly better example of how to handle the callback screen for browsers that don’t have JavaScript enabled.
You can use a custom object to define paths to white list or set it to `false` if you don't want CSRF protection (or want to apply your own).
* Refactored session support to custom session objects to be returned to clients.
* Migrated to rollup from webpack, as webpack no longer generates working isomorphic code in latest versions.
* The webpack generated client was also causing an error in Internet Explorer 11 (Microsoft Edge was and still is working fine).
* There are _still_ breaking issues in Internet Explorer 11 with the example project (cause TBD), but it no longer crashes the app, so fallback of server side rendering still works.
