feat: simplify Adapter API

[balazsorban44]

In this PR, I am significantly simplifying the Adapter API. Hopefully, this will result in a better DX (as adding new adapters will require less boilerplate) and a better UX, as we will now merge database queries into single transactions where possible for fewer database calls and thus faster responses. 🔥

If you are using an official adapter, you won't need to do any changes.

• Session methods
• User methods
• Verification token methods
• Docs
• Tests
• - remove getAdapter
• Create an experimental release and try with an adapter

Related issues: #779, #876

BREAKING CHANGE:

prisma-legacy is now gone. Use @next-auth/prisma-adapter. Any features from the old adapter will be migrated over to the new one eventually. This is done so we can require the same default set of options from all the built-in providers, rather than allowing ambiguity on what an official adapter has to support. The TypeORM adapter will probably be the only one migrated as-is, but in the future we would like to break it down to lighter-weight adapters that only support single databases.

Adapters no longer have to return a getAdapter() method, they can return the actual adapter methods instead. All the values previously being provided through the arguments of getAdapter will now be available in a more digestible format directly in the concerning methods. This behavior was created so that connections could be handled more efficiently. Our review has shown that currently, the TypeORM adapter is the only one that does not handle connections out-of-the-box, so we are going to look into how we can create a wrapper/util function to make it work in the new version. For all other adapters, this will be a huge gain, as with this new API, methods are actually overrideable without creating a whole new custom adapter! 🥳

Example:

function MySlightlyCustomAdapter(...args) {
  const adapter = AdapterFromSomeoneElse(...args)
  adapter.someMethodIWantToModify = (...args) => {
    // Much better implementation goes here.
  }
  return adapter
}

The following method names are changing:

- getSession
+ getSessionAndUser

This method now requires that you return both the user and the session as {user, session}. If any of these could not be retrieved, you will have to return null instead. (In other words, this must be a transaction.) This requires one less database call, improving the user session retrieval. Any expiry logic included in the Adapter before is now done in the core as well.

- createVerificationRequest
+ createVerificationToken

Better describes the functionality. This method no longer needs to call provider.sendVerificationRequest, we are moving this into the core. This responsibility shouldn't have fallen to the adapter in the first place.

createVerificationToken will now receive a VerificationToken object, which looks like this:

interface VerificationToken {
  identifier: string
  expires: Date
  token: string
}

The token provided is already hashed, so nothing has to be done, simply write it to your database. (Here we lift up the responsibility from the adapter to hash tokens)

- getVerificationRequest
+ useVerificationToken

Better describes the functionality. It now also has the responsibility to delete the used-up token from the database. Most ORMs should support retrieving the value while deleting it at the same time, so it will reduce the number of database calls.

- deleteVerificationRequest

This method is gone. See useVerificationToken.

Most of the method signatures have been changed, have a look at the TypeScript interface to get a better picture.

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nextauthjs/next-auth/4q1cdN9ZmakYQy9zBsorDP4LHYPc
✅ Preview: https://next-auth-git-feat-simplify-adapter-nextauthjs.vercel.app

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 159 lines in your changes missing coverage. Please review.

Project coverage is 11.52%. Comparing base (55132e5) to head (8a2f8fa).

Files with missing lines	Patch %	Lines
src/server/lib/callback-handler.js	0.00%	32 Missing and 13 partials ⚠️
src/server/routes/callback.js	0.00%	19 Missing and 9 partials ⚠️
src/lib/errors.js	0.00%	19 Missing and 1 partial ⚠️
src/server/routes/session.js	0.00%	14 Missing and 3 partials ⚠️
src/server/lib/email/signin.js	0.00%	13 Missing and 1 partial ⚠️
src/providers/email.js	0.00%	9 Missing ⚠️
src/server/routes/signin.js	0.00%	7 Missing and 1 partial ⚠️
src/server/lib/utils.js	0.00%	6 Missing ⚠️
src/server/index.js	0.00%	4 Missing ⚠️
src/server/routes/signout.js	0.00%	3 Missing ⚠️
... and 3 more

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #2361      +/-   ##
==========================================
- Coverage   11.56%   11.52%   -0.05%     
==========================================
  Files          85       84       -1     
  Lines        1314     1319       +5     
  Branches      370      378       +8     
==========================================
  Hits          152      152              
- Misses        966      970       +4     
- Partials      196      197       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[balazsorban44]

Session["expires"] is a string by default so it can easily be passed to the client, but it makes more sense to retrieve it as Date from DB.

See: vercel/next.js#11498

[balazsorban44]

emailVerified is always set by createUser and can be updated by updateUser in the DB.

[ndom91]

LGTM 👍

[ndom91]

LGTM 👍

[EarthlingDavey]

I noticed one minor thing then coding the neo4j adapter.

Most of the dates are instances of JS Date. All except account.expires, which is epoch.

Is this intentionally different, or something that should be changed?