fix: don't send sign-in options in request payload

[despatates]

🔗 Linked issue

#411

❓ Type of change

• 📖 Documentation (updates to the documentation, readme or JSdoc annotations)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality like performance)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

When using method signIn(credentials, { callbackUrl: '/' }) method with local or refresh provider, the callbackUrl and other options were sent to the server.
As mentioned in #411 (comment), some servers can reject the request if the payload contains invalid parameters.

Those options are only used when the sign-in request is done, they shouldn't be sent to the server. They can be set directly in credentials data if they have to.

Flagged as breaking change because some options may have to be copied from signInOptions to credentials.

📝 Checklist

• I have linked an issue or discussion.
• I have added tests (if possible).
• I have updated the documentation accordingly.

[phoenix-ru]

Hi, thank you for your PR, it looks good already. As per

Flagged as breaking change because some options may have to be copied from signInOptions to credentials.

I think it's safe to assume that options shouldn't be sent to the server and anyone relying on that should instead send options in the sign in body.

[Ulrich-Mbouna]

Yes i faced the same issue

[sandrinejoy]

is this fixed?
I am still facing this issue when using signIn(payload, { external: true, redirect: false });
the options are send as the payload

[despatates]

The issue is fixed but not yet released.
If you don't want to wait, install the 0.8.0-alpha.2 version (this is what I did).