[Test] Add next-auth to e2e tests

[khuezy]

Summary There have been a couple people who have had their production app leak sessions due to misconfiguration of their middleware. We should add next-auth to our E2E suite as a standard/template so users don't accidentally make this crucial mistake.

Tasks

• [ ] Add next-auth to E2E app
• [ ] Generate JWT for test users
• [ ] Add test case to log in and out
• [ ] Add test case with 2 users to verify that session is not leaked
• [ ] Update docs with link to example and WARN users not to cache their SSR

Playwright cookies - injecting the mock JWT token to the test context:

export async function addCookies(context: any, token: Object) {
  const e = await encode({
    token,
    secret: process.env.NEXTAUTH_SECRET!,
  })

  await context.addCookies([
    {
      name: `next-auth.session-token`,
      value: e,
      url: 'http://localhost:3000',
    },
  ])
}

[sommeeeer]

Which of the E2E? appRouter / appPagesRouter or pagesRouter?

[khuezy]

Which of the E2E? appRouter / appPagesRouter or pagesRouter?

At least the appRouter.

[khuezy]

@sommeeeer maybe we should hold off until next-auth 5 is more stable? I'm not sure what the situation is w/ v5.

[sommeeeer]

maybe we should hold off until next-auth 5 is more stable? I'm not sure what the situation is w/ v5.

im not sure either, they are probably waiting a bit for next15 too. this is the latest release i found for v5: https://github.com/nextauthjs/next-auth/releases/tag/next-auth%405.0.0-beta.24

we could wait a few weeks and see.