Rename signin code to cvxAuthCode

[thomasballinger]

OAuth requires the query param from OAuth providers like Google to be code but after the OAuth handshake finishes we can use another name. This is useful for [not intercepting other OAuth flows that use the code query parameter]#145) but it also make the code a bit clearer.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
convex-auth-docs	✅ Ready (Inspect)	Visit Preview	Dec 20, 2024 11:45pm

[pkg-pr-new]

npm i https://pkg.pr.new/get-convex/convex-auth/@convex-dev/auth@146

commit: ae6dfd8

[thomasballinger]

After some investigation in this PR the name of the code= query parameter is out of our hands for things like Resend verification emails, which we want to be able to send you back your site URL instead of your Convex backend site URL so that SPA auth flows work well.

The most pragmatic thing seems to be a list of URL patterns to ignore or a callback to examine the request in middleware to know to skip it. This would be a change to middleware, a callback or pattern you pass in that returns true or matches when the ?code= query parameter should be ignored, but normal auth logic should still apply (the Next.js route should still be protected, an user not signed in will still be e.g. redirected to /sign-in).

Any design thoughts welcome, I'm going to hit some more urgent auth things first but if this blocking anyone else please let me know and we can reprioritize.