Release v4.5.3

Authentication is now handled by the next-auth library.

All authentication code - including express and passport integration - has been forked off into this npm module making it easier to manage and providing complete separation of auth configuration and database code.

• next-auth.config.js <- Basic configuration
• next-auth.functions.js <- CRUD methods for user management and email sending function
• next-auth.providers.js <- oAoth provider configuration

The session handling code is now provided by next-auth-client.

While authentication is still more complicated to add to a new project than is ideal, future updates to next-auth may provide easier interfaces to do this in future.

Release v4.2.1

• Includes Next.js 4.2.1 and React 16
• Improved examples and documentation
• Now redirects back to the page you were on when signing in (*Requires client side JavaScript)
• Refactoring of server side code for better clarity
• Updated Bootstrap and Reactstrap
• Added Ionicons icon font
• A new layout and homepage

Release v2.11.0

• Includes fixes from 2.10.0 that address issues with the Facebook API oAuth API no longer returning email address (and also improves the error handling around that).
• Bumps us up to using Next.js 2.0 release version.

A pre-release 2.0 beta version was previously listed, although it was a recent beta so there are no actual changes to the code for the release version.

Release v2.8.0

• Can now link and unlink oAuth accounts and view session info on the sign in page.
• More robust session handling.
• Improved compatibility with Internet Explorer (all known issues resolved).
• Updated clock / redux demo (thanks to @HaNdTriX).

This is the only supported version and it's is strongly recommended you upgrade to this version, especially for Internet Explorer compatibility.

Release v2.5.3

This release is identical to v2.5.4 but is missing a polyfill for Promise which resolves a problem caused by Internet Explorer lacking native Promise support.

You should use release v2.5.4 instead of this release.

Release v2.5.4

This release features email and oAuth based authentication, with CSRF protection and using httpOnly cookies to project against XSS exploits. It also adds support for live reloading of CSS/SCSS and linting with 'xo' and has extended documentation.

Client and server configuration (including oAuth providers) is easily configurable. A range of options, including oAuth configuration options, are exposed and can be configured in .env (see .env.defaults for examples). Additionally options can be configured within the app in 'auth.js'.

This release uses Next.js 2.0.0-beta.23. It has been tested in recent versions of all major browsers (Chrome, Firefox, Internet Explorer and Safari).

Release v2.4.4

This release features email only based authentication, with CSRF protection and using httpOnly cookies to project against XSS exploits.

It is the first release to feature a fully implemented session class, that includes being able to specify how long a client should consider a session valid for before it checks with the server again.

This value can be 0 (to force the client to check the session state on every page navigation or interaction with the session component, which is how sessions behave normally with server-only rendering) or 30 seconds or longer, to reduce the amount of traffic to the server, which will make navigating between pages faster for users.

The default value for 'clientMaxAge' been set to 60 seconds and like all other auth options can be configured when 'routes/auth.js' is invoked. Note this is distinct (and less than) the actual session maxAge.

Note: Regardless of this value, users will always see their session status updated immediately if the sign or out, as that information is shared between tabs and windows.

Future releases will see updates and refactoring to the authentication to add new features. If you wish to just reference a simpler release, this would be an appropriate release to choose.