Session callback params changed for worse

[fivaz]

Goals

This would enable us to utilize parameter destructuring when passing data to the session in the session callback, which would make the code cleaner and less verbose.

Background

In the version 0.17 of @auth/core, as far as I have observed, the session callback expected the following parameters:

async session ( 
  {
     session: Session;   
     user: AdapterUser | undefined;  
     token: JWT | undefined; 
     newSession: any;   
    trigger?: 'update' | undefined; 
  }
)

However, in version 0.20, the session callback now expects the following structure:

async session ( 
  ({   
     session: Session;   
    user: AdapterUser; 
  } | {   
    session: Session;   
    token: JWT; 
  }) & {   
    newSession: any;   
    trigger?: 'update' | undefined; 
  }
)

The issue with this change is that it requires more verbose code to manipulate the parameter values, as illustrated below :

async session(params) {
  if ('token' in params) { 
    params.session.accessToken = params.token.accessToken
  }
  
  return params.session
}

In contrast, in previous versions, parameter destructuring could be used more succinctly:

async session( { session, token } ) {
  if (token) { 
    session.accessToken = token.accessToken
  }
  
  return session
}

Proposal

If the intention is to convey that the keys user and token will never be returned simultaneously, consider changing the type definition to the following:

async session ( {
   session: Session;   
   newSession: any;   
   trigger?: 'update' | undefined; 
  (
   user: AdapterUser ;  
   token: undefined; 
   ) | (
   user: undefined;  
   token: JWT; 
   )
} )

This modification allows for continued use of parameter destructuring.