One more breaking change - and introducing tokens!

[pilcrowonpaper]

This will likely be the final update (feature wise) to Lucia before 1.0. This fixes some major bugs with the newly introduced single use keys and just better integrate them into the package in general.

See #406 for a full list of breaking changes for the core package and OAuth integration.

Introducing tokens!

This release also introduces tokens! This makes it much easier to work with single use keys to implement verification links and OTPs. Check out the documentation to learn how it works and for guides on using it: https://lucia-auth.com/tokens

Major changes to Lucia

Make sure to update the adapters and integration packages!

1. Replace getKey() and validateKeyPassword() with useKey()

getKey() still exists but does not check for expiration!!!. Use useKey() for validating keys with and without passwords.

2. Key type

The Key object is now a bit different, with clear distinction between persistent and single use keys:

type Key = SingleUseKey | PersistentKey;

type SingleUseKey = Readonly<{
	type: "single_use";
	userId: string;
	providerId: string;
	providerUserId: string;
	isPasswordDefined: boolean;
	expires: Date | null;
	isExpired: () => boolean;
}>;
type PersistentKey = Readonly<{
	type: "persistent";
	userId: string;
	providerId: string;
	providerUserId: string;
	isPasswordDefined: boolean;
	isPrimary: boolean;
}>;

3. Removed getKeyUser()

This wasn't doing anything special. You can replicate this by getting the key and then getting the user.

4. createUser() accepts primaryKey instead of key

auth.createUser({
	primaryKey: {}
});

5. Update createKey()

It now requires you to explicitly define the key type.

// example for persistent

const key = await auth.createKey(userId, {
	 type: "persistent",
	 providerId: "github",
	 providerUserId: githubUsername,
	 password: null
});

6. getAllUserKeys() returns all keys, including those that are expired

This is more consistent with getAllUserSessions()