Add ability to extend database session and use in session callback

[camsloanftc]

Description 📓

Currently, as you can see here, only a subset of the session (from the database) is passed to the session callback.

Pasting here as well:

// packages/core/src/lib/routes/session.ts
const sessionPayload = await callbacks.session({
        // By default, only exposes a limited subset of information to the client
        // as needed for presentation purposes (e.g. "you are logged in as...").
        session: {
          user: {
            name: user.name,
            email: user.email,
            image: user.image,
          },
          expires: session.expires.toISOString(),
        },
        user,
      })

If I want to extend that session to add additional properties and use them within the session callback, I need to go back to the database with the sessionToken (which is not available within the session call so I end up needing to do a custom initializer to pass it in). It's not very efficient to do the extra database query, and the DX is a pain.

I would love to have the ability to extend which session fields we pass (maybe using a whitelist?), or better yet, we could just pass the session to the callback directly how we get it from the DB, and omit any unnecessary fields (like id for example).

How to reproduce ☕️

N/A

Contributing 🙌🏽

Yes, I am willing to help implement this feature in a PR

[floppey]

I'm trying to use next-auth with the patreonProvider and I believe this is what's stopping me from seeing if a user has made a pledge to my patreon account.

I was able to add the required scopes to get this information from patreon, but the user object accessible in the session only has the users name, email and image, and not the information I need about pledges.

[KATT]

I started a draft on this in #7150 as I also want/need to extend the session (at least with the ID, passing the token around feels scary)

[dimm0]

Anybody solved this a year later?