From 1560ae2038f6592c3568d2951c38d842cefe2aae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Preu=C3=9F?= <rene@preuss.io>
Date: Sat, 8 Apr 2023 16:26:32 +0200
Subject: [PATCH] Add UPGRADE.md

---
 README.md     |  4 ++--
 UPGRADE.md    | 26 ++++++++++++++++++++++++++
 src/module.ts |  4 ++--
 3 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 UPGRADE.md

diff --git a/README.md b/README.md
index 22d449b..2a94c9d 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ developers can quickly and easily implement secure OAuth authentication in their
 
 ## Quick Setup
 
-> **Note:** Starting with **@bitinflow/nuxt-oauth** v1.2.0, the default response type is `code`. If you want to use the
+> **Note:** Starting with **@bitinflow/nuxt-oauth** v2.0.0, the default response type is `code`. If you want to use the
 > `token` response type, you need to set it explicitly in the configuration.
 
 1. Add `@bitinflow/nuxt-oauth` dependency to your project
@@ -82,7 +82,7 @@ export default defineNuxtConfig({
 
 This will be your callback url (host is determined by `window.location.origin`):
 
-- Callback: `http://localhost:3000/login`
+- Callback: `http://localhost:3000/auth/login`
 
 That's it! You can now use @bitinflow/nuxt-oauth in your Nuxt app ✨
 
diff --git a/UPGRADE.md b/UPGRADE.md
new file mode 100644
index 0000000..4fe6933
--- /dev/null
+++ b/UPGRADE.md
@@ -0,0 +1,26 @@
+# Upgrade Guide
+
+## General Notes
+
+## Upgrading To 2.0 From 1.x
+
+### Changing default response type to `code`
+
+OAuth 2 Implicit Grant Token authentication
+is [not recommended](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics) anymore. If you still
+want to use the `token` response type, you need to set it explicitly with `responseType: 'token'` in the
+`oauth` configuration. Otherwise, you will use Authorization Code Grant with PKCE by default.
+
+### Refactor default `login` and `callback` routes to `/auth/login`
+
+We nested all authentication related routes under `/auth` prefix, so it aligned with our documentation and
+provided a better default configuration. If you want to use the old routes, you need to update your `oauth`
+configuration:
+
+```
+endpoints: {
+  login: '/login',
+  callback: '/login',
+},
+```
+
diff --git a/src/module.ts b/src/module.ts
index 7b5a34c..bbdc816 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -26,9 +26,9 @@ export interface ModuleOptions {
 
 const defaults: ModuleOptions = {
   redirect: {
-    login: '/login',
+    login: '/auth/login',
     logout: '/',
-    callback: '/login',
+    callback: '/auth/login',
     home: '/'
   },
   endpoints: {