OpenAPI definition for next-auth endpoints

[marcinkrasowski]

Goals

1. Provide complete OpenAPI/swagger definition for every endpoint that is exposed by next-auth

Non-Goals

No response

Background

In one our commercial projects our client has a requirement that every exposed endpoint must be documented with a Swagger specification - they execute complex server-side validation of network traffic based on that specification, so every request needs to be precisely documented (every request/response parameter needs to have a pattern, min/max lengths etc.).

We are currently in process of reverse-engineering such definition based on network requests and source code, but it's not exactly easy. For example, REST API documentation doesn't mention the /_log endpoint at all even though it can be called in case there is some kind of client-side error.

Proposal

Having an official OpenAPI specification would be beneficial in cases where there's some kind of request validation process, but also could give developers a better overview of endpoints provided by next-auth - currently it is only documented at https://next-auth.js.org/getting-started/rest-api but without information about parameters, responses etc.