MiddlewareAuth enabled blocks auth/callback by default

[ryendu]

Hey, I setup middlewareAuth as introduced in #29 to prevent unauthorized users from accessing most endpoints. However, I kept running into a bug where unauthenticated users attempting to sign in would just keep getting redirected to the sign in page after attempting to sign in if middlewareAuth is enabled. I did some debugging and realized that by default if middlewareAuth is enabled, the /auth/callback endpoint that handles user sign in in is also blocked and users are prevented from signing in. The easy fix would to be to add '/auth/callback' or one's callback route to the unauthenticatedPaths, but I wanted to bring this up because I thought this should be made clear in the documentation or somewhere to prevent others from running into this as well and getting confused.

[PaulAsjes]

Thanks for the report, you likely had /auth/callback in your middleware matcher which would trigger the middleware after login. In that case if you don't have the callback URL added to unauthenticatedPaths the "check if user is auth'd" logic hits before the session logic can execute, putting you in a login loop.

An easier fix would be to just leave /auth/callback out of your middleware matcher, but I'll make sure to update the docs to make this clearer.