API breaking changes tracking (May 2020)

[louischan-oursky]

• [x] Removed the concept of current identity
  • [x] Remove identity from auth response
  • [x] Remove skygear_identity from OIDC id_token
  • [x] Remove identity headers from session resolver endpoint
  • [x] Remove identity info from sessions (used by hooks & session APIs)
• [ ] Supply 'is anonymous user' flag
  • [ ] anonymous: boolean in API user models
  • [ ] X-Skygear-User-Anonymous in session resolver headers.
• [x] Changed shape of identities returned by list identity Auth API
  • type: identity type
  • claims: OIDC standard claims combined with custom Skygear claims
• [x] Removed MFA Auth API for now (TBC)
• [x] Changed signup/add Login ID Auth API to accept only one login ID (instead of multiple)
• [x] Changed updating login ID to trigger single 'identity update' event, instead of 'identity add' and 'identity remove' events

[kiootic]

@louischan-oursky @carmenlau Here's the planned breaking changes we would make from what I remembered. Please help to check if there is any missing points so that we can track it for implementation/discuss it in next meeting.

[louischan-oursky]

I remember I proposed to remove identity info (including claims) in headers and hook context.

[louischan-oursky]

@kiootic We also need to tell the developer the user is anonymous or not, in the SDK, in hook context, and in headers.