Changes to verification model mean it can be used for other kinds of verification requests when ...

* Using method preserves current URL on signin / signout
* Reloads browser window once complete ...

* Added REST API docs to sidebar
* Added documentation for the Apple Provider (WIP)
* Added clar...

Seems like `clientSecret` is mandatory for Auth0 Provider.

Includes some minor tweaks to options to match documentation (non breaking changes).

* shortened some long urls

* some fixes in text

* Fix bug in parser (.query -> search)
* Comments to explain what is going on
* Fallback to Type...

* Database configuration now only needs a single line!
* You can still specify options using que...

Now supports 'pages' option, which can be any URL.

If specified, these replace the built in pag...

These changes fix compatibility issues with common SQL databases including MySQL, MariaDB and Po...

Resolves #157

* Fixes #145
* See also #131

This doesn't allow signing in without an email address, but it han...

* Now accepts 'database' as an option as an alterantive to 'adapter'.
* If specified, 'database'...

Due to typo, was setting default expiry time to 30 hours, instead of 30 days.

This also made up...

The name baseURL (and basePath) are exposed as options.

As they are more more widely used than ...

The name baseURL (and basePath) are exposed as options.

As they are more more widely used than ...

* some initial cleanup

* cleaned up the config table

* added FB and fixed some alignments

This constraint provides a cross-platform way of enforcing that a given oAuth account can only b...

Added the detailed steps on to set up an environment locally from #105

* Refactored adapter, with less redundant logic
* Removed logic from models
* Added email verifi...

This makes it possible to configure session tokens to be deleted when the browser window is clo...

Accidentally included set cookie of a conditional it needs to be in.

* By default, sessions are 30 day 'rolling sessions' and the timestamp for when they expire is e...

* added Auth0 and updated docs

* changed to proper Auth0 urls

I think I broke this earlier by mistake

Debugging issue with deployment of docs site.

Although previous config worked locally, it turns out it isn't compatible with now.sh.

It turns...

* Now has 'www' directory at root level for the website (was 'docs').
* The 'docs' directory now...

Some of the logic was wrong following refactoring.

In some flows the signout values was returning 'undefined'.

No longer needed.

* Improve CSRF token verification
* Improved access token generation
* Added work in progress co...

* Renamed the `serverUrl` configuration variable to `site`.
* Improved cosmetic apperance of pla...

* CSRF token is verified first.
* If token doesn't match, redirect client to signout URL to prom...

Can now securely sign out. Session cookie and entry in session db are deleted.

* Sets site name + api route now prior to sign in so avalible sooner.
* Improved next-auth/clien...

Use .status() and .json() where possible.

Brings them into line with other methods.

Not refactoring other getUser* methods at this time a...

* Should database compatability issues with the model.
* Session expiry dates are still not enfo...

Better default security for cookies, without impacting UX or DX.

Further work to do on CSRF pro...

This is very much a work in progress!