API breaking changes tracking (May 2020)

[louischan-oursky]

• Removed the concept of current identity
  • Remove identity from auth response
  • Remove skygear_identity from OIDC id_token
  • Remove identity headers from session resolver endpoint
  • Remove identity info from sessions (used by hooks & session APIs)
• Supply 'is anonymous user' flag
  • anonymous: boolean in API user models
  • X-Skygear-User-Anonymous in session resolver headers.
• Changed shape of identities returned by list identity Auth API
  • type: identity type
  • claims: OIDC standard claims combined with custom Skygear claims
• Removed MFA Auth API for now (TBC)
• Changed signup/add Login ID Auth API to accept only one login ID (instead of multiple)
• Changed updating login ID to trigger single 'identity update' event, instead of 'identity add' and 'identity remove' events

[kiootic]

@louischan-oursky @carmenlau Here's the planned breaking changes we would make from what I remembered. Please help to check if there is any missing points so that we can track it for implementation/discuss it in next meeting.

[louischan-oursky]

I remember I proposed to remove identity info (including claims) in headers and hook context.

[louischan-oursky]

@kiootic We also need to tell the developer the user is anonymous or not, in the SDK, in hook context, and in headers.