[Epic] Auth 2.0.0

[ekryski]

There are a couple things that didn't make it into the Auth 1.0 release that I would like to refactor and get in, as well as a couple bug fixes that are breaking changes.

This is a ZenHub Epic. You'll need the ZenHub plugin to see everything.

Proposal

I have a couple auth PRs up to fix bugs that are breaking changes. I have some other local code that would also be breaking changes so maybe it constitutes rolling them together into a new major pre-release. Specifically:

• Using the correct config key name Fix default authentication config keys #506
• rolling in some support on both server + client side pieces of auth for refresh tokens
• making oauth redirects use querystrings instead of cookies
• adding a jwt-refresh strategy
• removing the jwt strategy from the before hooks on authentication. You shouldn’t be able to use a valid access token to get a new one
• making the authentication service an actual service and moving the JWT generation to hooks. This allows you to provide a backing store to your authentication service where you can blacklist/whitelist access/refresh tokens and store whatever fields you want alongside those tokens (ie. user, client id, ip, TTL, etc.)
• utilize jwt.id create a unique ID for each JWT generated so that it is easier to blacklist/whitelist

[ForsakenHarmony]

(unrelated, can delete if you want) is zenhub better than github projects?

[eddyystop]

We only use github.

[ForsakenHarmony]

This is a zenhub epic though?

[ekryski]

@ForsakenHarmony, not really any more. Some additional perks to Zenhub like velocity and sprint planning but we don't use those. I think we'll end up discussing moving to just using Github projects now that they are getting more robust.

[ekryski]

We've decided to move to Github projects instead. You can see the progress here: https://github.com/feathersjs/feathers-authentication/projects/1