Improves security and defence against bad actors by adding a hash that uses the secret as a salt and checking it on every request (and overriding the cookie with a new secure one if the check fails.)
* Sets site name + api route now prior to sign in so avalible sooner.
* Improved next-auth/client logic for server side session handling.
* next-auth/client now checks regular and `__Secure-` prefixed cookies.
While it is still somewhere between an alpha and a beta am publishing to NPM to facilitate further testing.
The software is not ready for use yet!
While belived to be functional there are no formal tests and only casual manual testing has been done.
Features such as logout and session expiry checks have not yet been implemented.
* Added React Hook to client.
* NextAuth.session() is now a universal method.
* Improved cookie support, all cookie names and options can be customised (feature request).
* Updated examples in documentation.
While not all signup flows are complete, basic core functionality is now working.
Users can sign in, have their identify verified and session is created for them in a secure manner.
* Added Session model and schema.
* Added createSession and getSessionByID handlers.
* Added getUserByID handler.
* Added /api/auth/session endpoint which displays info about the current session.
* /api/auth/session endpoint is secure as it requires the HTTP only cookie.
* Remove schema relationship data for now (no value currently and may cause problems if not modeled correctly).
We need to be able to return simple server-side rendered pages for authentication (e.g. signin).
Using Preact means we can use JSX in them while keeping depedancy size small.
Ultimately, these pages should be customizable - both by passing in CSS and by specifying custom URL for page.
Additionally, the babel config has been tweaked to reduce bundle size by minifying assets and stripping comments from built assets.
* Uses typeorm as works with a large number of data stores.
* Compatible with common SQL, document storage & lightweight databases.
* Adapter logic integrated into signup flow but not yet complete.
* Flow not fully complete or tested, but can complete signin journey.
* Does not include source code for adapter (test adapater source currently in client respository while under development).
* Wrapped all calls in promise to avoid early termination of serverless function.
* Callback and Session cookie names and cookie options can now be changed by passing options for them in (feature request from 1.x).
* Redesigned from the ground up for serverless!
* Doesn't require PassportJS or Express!
* Much simpler configuration!
* Interface exposed via single API endpoint.
* Supports both oAuth 1.x and 2.x services.
* Initial commit includes support for signing in with Twitter, Google and GitHub.
Code is functional, but not useable as adapter support (saving user information) is still in progress.
Still to come:
* Support for Facebook, email, and credential authentication flows.
* Adapter support - will provide out of the box support for MongoDB, Elasticsearch and SQL with support for writing custom adapters in a similar style to version 1.x.
* Automated User Acceptance Tests for all auth flows.
* Example usage . In a change from version 1.x a demo will exist in a seperate repository to make it easier to get started.
This version will (probably) not be published, at least not until 2.0 ships in the next few weeks.
This release contains several untested fixes and enhancements that were not in the last released version version of 1.x (1.12.1).
I would like to publish it then, so that it can be archived and available to those still using the 1.x branch after release of 2.0.
