fix: only warn when using Twitter + OAuth 2.0

[balazsorban44]

@theobr reported this to me, thank you. We should only show the warning if the user opts into Twitter + OAuth 2.0, as their implementation is still somewhat subject to change.

In a future release, we can swap this warning to encourage people to use OAuth 2.0, so after that we can finally drop support for OAuth 1.0 support together with a 5-year-old 130kb dependency, decreasing the install size by ~40%!

• https://packagephobia.com/result?p=oauth
• https://packagephobia.com/result?p=next-auth

I would like to entertain the idea that once we get the green light from Twitter to advertise their OAuth 2 over OAuth 1, we just bump to v5 and only require the user to install the oauth dependency only if they use Twitter 1.

The code is already pretty safe and would not block other users to decrease their bundle size.

Reasoning 💡

Checklist 🧢

• Documentation
• Tests
• Ready to be merged

Affected issues 🎟

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nextauthjs/next-auth/UtptxnASPCkb1mk393u8LZa8bCqK
✅ Preview: Canceled

[t3dotgg]

Thank you for this!!

[github-actions]

🎉 Experimental release published on npm!

npm i next-auth@0.0.0-pr.4003.e7e3e60a

yarn add next-auth@0.0.0-pr.4003.e7e3e60a