Next-auth: Decide on roadmap for future releases

Here are some nominations for the roadmap from me:

Awesome Antelope

_The goal of this release is to address critical bugs that come up after release and improving automated testing and release to provide a more stable platform for the future._

• Automate testing; add code coverage
• Add GitHub hook to publish to NPM when a new release is created
• Incorporate work that has been done on Types

Brave Badger

_The goal of this release is to address missing core features - in particular features that were in v1 that we want to have in v2 but were not done in time for the v2.0 release._

• Add delete account API endpoint
• Add API endpoints at /api/auth/link and /api/auth/unlink
• Display simple profile page if signed in, to allow users to update details?

Curious Cat

_I don't have a goal in mind for this release_

• Work on Prisma Adapter?

The Prisma 2.0 Adapter looks interesting, and depending on how it shapes up could even replace the existing TypeORM adapter as the default, but I guess it's worth waiting to see how it shapes up over time.

I'd vote for a Hasura adapter! @iaincollins

https://hasura.io/docs/1.0/graphql/manual/auth/authentication/index.html#authentication

Being able to adjust the jwt signing algorithm as an option (rather than having to write a custom override) would be helpful.

Being able to adjust the jwt signing algorithm as an option (rather than having to write a custom override) would be helpful.

@angjiang I agree!

I've been wondering if we could do something like just automatically extract it from the key (as there is usually at least some metadata for that in the JWK but not certain if what is there is enough).

An option for valid algos for signing (and another for encryption) would be a lot more accessible.

I don't really like the complexity right now which is why not all the options that are possible are in the documentation yet (and also why I haven't submitted a tutorial for it yet).

Being able to adjust the jwt signing algorithm as an option (rather than having to write a custom override) would be helpful.

@angjiang I agree!

I've been wondering if we could do something like just automatically extract it from the key (as there is usually at least some metadata for that in the JWK but not certain if what is there is enough).

An option for valid algos for signing (and another for encryption) would be a lot more accessible.

I don't really like the complexity right now which is why not all the options that are possible are in the documentation yet (and also why I haven't submitted a tutorial for it yet).

Makes sense! Thanks for your work on this project, it's very cool. Presumably many nextjs users who would use an auth lib would also be handling data in some fashion using external api services (like hasura). In such a scheme, having asymmetric encryption would be helpful where you have a single frontend that uses nextauth to sign with a private key while other separate services are verifying with a public key. When/if you decide to go this route, being able to choose something like RSA would be a pretty helpful initial use case.

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

I think we have now a good discussion about this internally. When we have a clear plan, we can create a ROADMAP.md for anyone to see. Closing this for now.