Add UPGRADE.md

2026-03-13 13:45:59 +00:00 · 2023-04-08 16:26:32 +02:00
parent 4b7d11f44d
commit 1560ae2038
3 changed files with 30 additions and 4 deletions
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -0,0 +1,26 @@
+# Upgrade Guide
+
+## General Notes
+
+## Upgrading To 2.0 From 1.x
+
+### Changing default response type to `code`
+
+OAuth 2 Implicit Grant Token authentication
+is [not recommended](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics) anymore. If you still
+want to use the `token` response type, you need to set it explicitly with `responseType: 'token'` in the
+`oauth` configuration. Otherwise, you will use Authorization Code Grant with PKCE by default.
+
+### Refactor default `login` and `callback` routes to `/auth/login`
+
+We nested all authentication related routes under `/auth` prefix, so it aligned with our documentation and
+provided a better default configuration. If you want to use the old routes, you need to update your `oauth`
+configuration:
+
+```
+endpoints: {
+  login: '/login',
+  callback: '/login',
+},
+```
+