Add UPGRADE.md

README.md

@@ -20,7 +20,7 @@ developers can quickly and easily implement secure OAuth authentication in their
 
 ## Quick Setup
 
-> **Note:** Starting with **@bitinflow/nuxt-oauth** v1.2.0, the default response type is `code`. If you want to use the
+> **Note:** Starting with **@bitinflow/nuxt-oauth** v2.0.0, the default response type is `code`. If you want to use the
 > `token` response type, you need to set it explicitly in the configuration.
 
 1. Add `@bitinflow/nuxt-oauth` dependency to your project
@@ -82,7 +82,7 @@ export default defineNuxtConfig({
 
 This will be your callback url (host is determined by `window.location.origin`):
 
-- Callback: `http://localhost:3000/login`
+- Callback: `http://localhost:3000/auth/login`
 
 That's it! You can now use @bitinflow/nuxt-oauth in your Nuxt app ✨
 

UPGRADE.md

@@ -0,0 +1,26 @@
+# Upgrade Guide
+
+## General Notes
+
+## Upgrading To 2.0 From 1.x
+
+### Changing default response type to `code`
+
+OAuth 2 Implicit Grant Token authentication
+is [not recommended](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics) anymore. If you still
+want to use the `token` response type, you need to set it explicitly with `responseType: 'token'` in the
+`oauth` configuration. Otherwise, you will use Authorization Code Grant with PKCE by default.
+
+### Refactor default `login` and `callback` routes to `/auth/login`
+
+We nested all authentication related routes under `/auth` prefix, so it aligned with our documentation and
+provided a better default configuration. If you want to use the old routes, you need to update your `oauth`
+configuration:
+
+```
+endpoints: {
+  login: '/login',
+  callback: '/login',
+},
+```
+

src/module.ts

@@ -26,9 +26,9 @@ export interface ModuleOptions {
 
 const defaults: ModuleOptions = {
   redirect: {
-    login: '/login',
+    login: '/auth/login',
     logout: '/',
-    callback: '/login',
+    callback: '/auth/login',
     home: '/'
   },
   endpoints: {