Update suggested ways of securing pages and API routes

[balazsorban44]

In vercel/next.js#34316 (comment) I concluded that getInitialProps really does not play well with our auth model. There are simply much better solutions for this now.

We should discourage the usage of it entirely.

https://next-auth.js.org/tutorials/securing-pages-and-api-routes should be updated to also mention Middleware support and finally decide how and where we should document getServerSession (#1535)

[ndom91]

In terms of where we should document getServerSession, I feel like in the client page by where getSession is would make a lot of sense, no?

I'd also link where we say "Client Side: yes, Server Side: yes" under getSession, to getServerSession instead of "Server side: yes" under getSession. Know what I mean?

[balazsorban44]

I'm not really sure actually. I want the Client page to go away mostly, or document how a framework-specific client should be implemented (similar to how we have the REST API docs).

getServerSession is Next.js specific, so I might put it under https://next-auth.js.org/configuration/nextjs probably.

[ndom91]

I think we can close this issue. We've got these two PRs out:

• chore(docs): update securing pages tutorial #3982
• feat: introduce experimental unstable_getServerSession API #4116

What do you think?

[imtheaman]

i think documentation structure need a refresh. it's designed in the same old school fashion.

[ndom91]

@urtheaman we're always open for suggestions - what were you thinking specifically?

[imtheaman]

@urtheaman we're always open for suggestions - what were you thinking specifically?

now it's well structured. previously i had to switch b/w tutorials and docs.

[ndom91]

Migrating away from the Client page in favor of individua client pages (i.e. Next.js, Svelte, etc.). Closing this issue now 👍

[ifonefox]

Now that this issue is closed, what's going to happen two the 2 PRs mentioned earlier? (#4116 and #3982)