-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update supertokens (major) #4158
base: main
Are you sure you want to change the base?
Conversation
|
📚 Storybook DeploymentThe latest changes are available as preview in: https://c4447b79.hive-storybook.pages.dev |
🐋 This PR was built and pushed to the following Docker images (tag: Docker Bake metadata{
"app": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/kj6i3avlqi5gmqesn4mf7isj3",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:aa4024ebf56d0a9f7d8d6d29c68cbfaef73849f6fc30b9a0615c46408b7dcff2",
"size": 685
},
"containerimage.digest": "sha256:aa4024ebf56d0a9f7d8d6d29c68cbfaef73849f6fc30b9a0615c46408b7dcff2",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/app:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/app:renovate_major_supertokens"
},
"composition-federation-2": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/opw9yifyvv1tdrewzur7jz9ak",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:56e2ae62cac27f0b15c1dc520b53c779f5601eb1098c96278aa049deebb1c5f9",
"size": 685
},
"containerimage.digest": "sha256:56e2ae62cac27f0b15c1dc520b53c779f5601eb1098c96278aa049deebb1c5f9",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/composition-federation-2:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/composition-federation-2:renovate_major_supertokens"
},
"emails": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/t08rlp3c4l4f2ao0zelwuw3lp",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:376a81f5afc7455eb94750e5571ebe60025d79d7b5f39cc4d32c29a835b437b0",
"size": 685
},
"containerimage.digest": "sha256:376a81f5afc7455eb94750e5571ebe60025d79d7b5f39cc4d32c29a835b437b0",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/emails:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/emails:renovate_major_supertokens"
},
"policy": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/emju0128rstm4vf7nbpjtlx8g",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:f7e3705cfe21bc1753796847670a95ba62458f0e2a68bef79d5b263b379b8231",
"size": 685
},
"containerimage.digest": "sha256:f7e3705cfe21bc1753796847670a95ba62458f0e2a68bef79d5b263b379b8231",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/policy:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/policy:renovate_major_supertokens"
},
"rate-limit": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/mmv7flv9svywhrj2hn092gkrd",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:d3b613f78420882db2dd03c514f6a17af5df47b4d03985c422bd884cabea0791",
"size": 685
},
"containerimage.digest": "sha256:d3b613f78420882db2dd03c514f6a17af5df47b4d03985c422bd884cabea0791",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/rate-limit:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/rate-limit:renovate_major_supertokens"
},
"schema": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/mils7xm10v7scdbzez41wztr2",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:5ff0ffee831360c6f76db2258245d77848118dcf117183b403179262f1fee22f",
"size": 685
},
"containerimage.digest": "sha256:5ff0ffee831360c6f76db2258245d77848118dcf117183b403179262f1fee22f",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/schema:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/schema:renovate_major_supertokens"
},
"server": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/wfi7m4vfn1qpjl8p0ty6uubbx",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:a8854d3c5e49797949a5dbe5fe1cc0ecc6eaa57605d263e78820a66a607e9e0b",
"size": 685
},
"containerimage.digest": "sha256:a8854d3c5e49797949a5dbe5fe1cc0ecc6eaa57605d263e78820a66a607e9e0b",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/server:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/server:renovate_major_supertokens"
},
"storage": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/xsccfhci7zx2l91dxd8yd1o2g",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:e6e1a56fb0407380db1ee6c7c0174173d7899d74da288b68ab5bac77428fb549",
"size": 685
},
"containerimage.digest": "sha256:e6e1a56fb0407380db1ee6c7c0174173d7899d74da288b68ab5bac77428fb549",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/storage:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/storage:renovate_major_supertokens"
},
"stripe-billing": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/qiiy1zgv1204cz4al6lgb0xog",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:aa625b02158b98672e05dd40ea83a4fbf619a58868223274fabbad94fcc1890c",
"size": 685
},
"containerimage.digest": "sha256:aa625b02158b98672e05dd40ea83a4fbf619a58868223274fabbad94fcc1890c",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/stripe-billing:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/stripe-billing:renovate_major_supertokens"
},
"tokens": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/x38z3yv7xy3cnkpbxu5hlj2lv",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:909e83eb8efb6d7e43042a9cd82f72b9e2c14f915c0ed80a07e005846002c629",
"size": 685
},
"containerimage.digest": "sha256:909e83eb8efb6d7e43042a9cd82f72b9e2c14f915c0ed80a07e005846002c629",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/tokens:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/tokens:renovate_major_supertokens"
},
"usage": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/yiroaj9cvgpuxxfzks7gwc6pg",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:6a07966e319abfe62411699eb3ff46137a607304fdd16e7cece660cd2e87754d",
"size": 685
},
"containerimage.digest": "sha256:6a07966e319abfe62411699eb3ff46137a607304fdd16e7cece660cd2e87754d",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/usage:renovate_major_supertokens"
},
"usage-estimator": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/nigr0iy17ewh8nv79t0h18439",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:192693e4dcb1b7109ac41752fb2004b90bc0e29ce015085f788b817c3d0f71a3",
"size": 685
},
"containerimage.digest": "sha256:192693e4dcb1b7109ac41752fb2004b90bc0e29ce015085f788b817c3d0f71a3",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage-estimator:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/usage-estimator:renovate_major_supertokens"
},
"usage-ingestor": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/1w8bq0fb2qadbh7wg8w7yvar2",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:07dcbd3bd51a104968f9c2cbb4a61a24e984cd2de347309118f236b28642c8b4",
"size": 685
},
"containerimage.digest": "sha256:07dcbd3bd51a104968f9c2cbb4a61a24e984cd2de347309118f236b28642c8b4",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage-ingestor:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/usage-ingestor:renovate_major_supertokens"
},
"webhooks": {
"buildx.build.ref": "builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f/builder-9d168160-ffc0-48cc-bfc3-7ab8517efd5f0/jr978n45agzjzenph8npdu31o",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:b1aa771d2cc8bfdd54df5d5edb7d00e13a0a208b990de69e11c5be682ac5d814",
"size": 685
},
"containerimage.digest": "sha256:b1aa771d2cc8bfdd54df5d5edb7d00e13a0a208b990de69e11c5be682ac5d814",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/webhooks:3cbefa0ff06f05bfd5a89cffa0ab616079d463fe,ghcr.io/kamilkisiela/graphql-hive/webhooks:renovate_major_supertokens"
}
} |
78eb993
to
7956a94
Compare
1702c08
to
36e794b
Compare
🚀 Snapshot Release (
|
Package | Version | Info |
---|---|---|
@graphql-hive/apollo |
0.33.0-alpha-20240423160101-610b4bb1f3d3a40e9989facf05fa35e9db00b773 |
npm ↗︎ unpkg ↗︎ |
@graphql-hive/cli |
0.37.0-alpha-20240423160101-610b4bb1f3d3a40e9989facf05fa35e9db00b773 |
npm ↗︎ unpkg ↗︎ |
@graphql-hive/core |
0.3.0-alpha-20240423160101-610b4bb1f3d3a40e9989facf05fa35e9db00b773 |
npm ↗︎ unpkg ↗︎ |
@graphql-hive/envelop |
0.33.0-alpha-20240423160101-610b4bb1f3d3a40e9989facf05fa35e9db00b773 |
npm ↗︎ unpkg ↗︎ |
@graphql-hive/yoga |
0.33.0-alpha-20240423160101-610b4bb1f3d3a40e9989facf05fa35e9db00b773 |
npm ↗︎ unpkg ↗︎ |
36e794b
to
c4abcd6
Compare
85b72ef
to
2077879
Compare
9157d78
to
d8f305b
Compare
dbef41a
to
d110b04
Compare
d110b04
to
f77a884
Compare
b0666eb
to
38d5eef
Compare
439caaf
to
3173415
Compare
3cbefa0
to
814fa4d
Compare
814fa4d
to
416826d
Compare
This PR contains the following updates:
7.0
->9.0
15.2.1
->18.0.0
Release Notes
supertokens/supertokens-node (supertokens-node)
v18.0.0
Compare Source
Breaking change
rid
query param from:test@example.com
as an emailpassword user (and not passwordless user), the passwordless API for does email exist would return true, but now, it won't.Changes
rid
header is present in an API call, the routing now not only depends on that. If the SDK cannot resolve a request handler based on therid
, request path and method, it will try to resolve a request handler only based on the request path and method (therefore ignoring therid
header).GET /emailpassword/email/exists
=> email password, does email exist API (used to beGET /signup/email/exists
withrid
ofemailpassword
orthirdpartyemailpassword
which is now deprecated)GET /passwordless/email/exists
=> email password, does email exist API (used to beGET /signup/email/exists
withrid
ofpasswordless
orthirdpartypasswordless
which is now deprecated)GET /passwordless/phonenumber/exists
=> email password, does email exist API (used to beGET /signup/phonenumber/exists
which is now deprecated)Migration guide
If you were using
ThirdPartyEmailPassword
, you should now initThirdParty
andEmailPassword
recipes separately. The config for the individual recipes are mostly the same, except the syntax may be different. Check our recipe guides for ThirdParty and EmailPassword for more information.If you were using
ThirdPartyPasswordless
, you should now initThirdParty
andPasswordless
recipes separately. The config for the individual recipes are mostly the same, except the syntax may be different. Check our recipe guides for ThirdParty and Passwordless for more information.Fixes
input.override
object in the ThirdParty providers list.config
object inTypeProvider
in the provider override. The issue was theoriginalImplementation.config
object did not have the updatedconfig
values that was being used in the provider implementation.v17.1.3
Compare Source
What's Changed
Full Changelog: supertokens/supertokens-node@v17.1.2...v17.1.3
v17.1.2
Compare Source
Fixes
v17.1.1
Compare Source
Fixes
BaseRequest
to handle the form data parser returningFormData
instead of the raw parsed object. This is to address/fix the above issues, possibly present in other frameworks.v17.1.0
Compare Source
olderCookieDomain
config option in the session recipe. This will allow users to clear cookies from the older domain when thecookieDomain
is changed.verifySession
detects multiple access tokens in the request, it will return a 401 error, prompting a refresh, even if one of the tokens is valid.refreshPOST
(/auth/session/refresh
by default) API changes:config.olderCookieDomain
is not set.olderCookieDomain
is specified and multiple refresh/access token cookies exist, without updating the front-token or any of the tokens.Rationale
This update addresses an edge case where changing the
cookieDomain
config on the server can lead to session integrity issues. For instance, if the API server URL is 'api.example.com' with a cookie domain of '.example.com', and the server updates the cookie domain to 'api.example.com', the client may retain cookies with both '.example.com' and 'api.example.com' domains, resulting in multiple sets of session token cookies existing.Previously, verifySession would select one of the access tokens from the incoming request. If it chose the older cookie, it would return a 401 status code, prompting a refresh request. However, the
refreshPOST
API would then set new session token cookies with the updatedcookieDomain
, but older cookies will persist, leading to repeated 401 errors and refresh loops.With this update, verifySession will return a 401 error if it detects multiple access tokens in the request, prompting a refresh request. The
refreshPOST
API will clear cookies from the old domain ifolderCookieDomain
is specified in the configuration, then return a 200 status. IfolderCookieDomain
is not configured, therefreshPOST
API will return a 500 error with a message instructing to setolderCookieDomain
.Example:
apiDomain
: 'api.example.com'cookieDomain
: 'api.example.com'Flow:
domain=api.example.com
, but the access token has expired.cookieDomain
to.example.com
.domain=api.example.com
) results in a 401 response.domain=.example.com
.olderCookieDomain
is not set, the refresh fails with a 500 error. - The user remains stuck until they clear cookies manually orolderCookieDomain
is set. - IfolderCookieDomain
is set, the refresh clears the older cookie, returning a 200 response. - The frontend retries the original API call, sending only the new cookie (domain=.example.com
), resulting in a successful request.v17.0.7
Compare Source
no-cache
header when querying core, so that frameworks like NextJS don't cache GET requests (https://nextjs.org/docs/app/building-your-application/caching#data-cache)v17.0.6
Compare Source
v17.0.5
Compare Source
.local
: https://github.com/supertokens/supertokens-node/issues/823v17.0.4
Compare Source
Changes
resyncSessionAndFetchMFAInfoPUT
will throw if the user is in a stuck state, because they are required to complete factors, but they are not allowed to because of some configuration issue.v17.0.3
Compare Source
Fixes
Passwordless
:createCodePOST
where the flowtype wasn't appropriately set in some MFA casesfirstFactors
config of theMultiFactorAuth
recipe increateCodePOST
resendCodePOST
where the email/text message included a magic link when it shouldn't have in some MFA casesv17.0.2
Compare Source
getTenantLoginMethodsInfo
dashboard API to remove querying core in loop and return only firstFactors.v17.0.1
Compare Source
Changes
v17.0.0
Compare Source
Changes
useDynamicAccessTokenSigningKey
settings by allowing refresh calls to change the signing key type of a sessiondisableCoreCallCache: true
, in the config.overwriteSessionDuringSignInUp
configuration option to the Session recipecheckCode
to Passwordless and ThirdPartyPasswordless recipesverifyCredentials
to EmailPassword and ThirdPartyEmailPassword recipesMultiFactorAuth
andTOTP
recipes. To start using them you'll need compatible versions:Breaking changes
userContext
:Record<string, any>
instead ofany
asuserContext
. This means that primitives (strings, numbers) are no longer allowed asuserContext
.userContext
parameter now get a well typeduserContext
parameter ensuring that the right object is passed to the original implementation callsoverwriteSessionDuringSignInUp: true
to the Session recipe config.reason
strings ofSIGN_IN_NOT_ALLOWED
,SIGN_UP_NOT_ALLOWED
andSIGN_IN_UP_NOT_ALLOWED
responses.Session
recipe:AccountLinking
recipe:session
parameter:createPrimaryUserIdOrLinkAccounts
isSignUpAllowed
isSignInAllowed
isEmailChangeAllowed
shouldDoAutomaticAccountLinking
callback: it now takes a new (optional) session parameter.EmailPassword
:signUp
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
signIn
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
signInPOST
signUpPOST
signUp
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
signIn
session
parameterMultitenancy
:createOrUpdateTenant
: Added optionalfirstFactors
andrequiredSecondaryFactors
parameters.getTenant
: AddedfirstFactors
andrequiredSecondaryFactors
to the return typelistAllTenants
: AddedfirstFactors
andrequiredSecondaryFactors
to the returned tenantscreateOrUpdateTenant
: Now gets optionalfirstFactors
andrequiredSecondaryFactors
in the input.getTenant
: AddedfirstFactors
andrequiredSecondaryFactors
to the return typelistAllTenants
: AddedfirstFactors
andrequiredSecondaryFactors
to the returned tenantsloginMethodsGET
: Now returnsfirstFactors
Passwordless
:revokeCode
(and the related overrideable func) can now be called with eitherpreAuthSessionId
orcodeId
instead of onlycodeId
.signInUp
,createCode
: Takes a new (optional)session
parameterconsumeCode
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
consumedDevice
if the code was successfully consumedcreateCode
: Takes a new (optional)session
parameterconsumeCode
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
consumedDevice
if the code was successfully consumedcreateCodePOST
resendCodePOST
consumeCodePOST
build
function and thefetchValue
callback of session claims now take a newcurrentPayload
param.EmailVerificationClaim
,UserRoleClaim
,PermissionClaim
,AllowedDomainsClaim
.ThirdParty
:manuallyCreateOrUpdateUser
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
signInUp
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
manuallyCreateOrUpdateUser
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
signInUpPOST
ThirdPartyEmailPassword
:emailPasswordVerifyCredentials
thirdPartyManuallyCreateOrUpdateUser
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
emailPasswordSignUp
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
thirdPartySignInUp
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
thirdPartyManuallyCreateOrUpdateUser
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
emailPasswordSignUp
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
emailPasswordSignInPOST
emailPasswordSignUpPOST
thirdPartySignInUpPOST
ThirdPartyPasswordless
:revokeCode
(and the related overrideable func) can now be called with eitherpreAuthSessionId
orcodeId
instead of onlycodeId
.thirdPartyManuallyCreateOrUpdateUser
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
passwordlessSignInUp
,createCode
: Takes a new (optional)session
parameterconsumeCode
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
consumedDevice
if the code was successfully consumedthirdPartySignInUp
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
thirdPartyManuallyCreateOrUpdateUser
session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
createCode
: Takes a new (optional)session
parameterconsumeCode
:session
parameterstatus: "LINKING_TO_SESSION_USER_FAILED"
consumedDevice
if the code was successfully consumedthirdPartySignInUpPOST
createCodePOST
resendCodePOST
consumeCodePOST
Migration guide
shouldDoAutomaticAccountLinking signature change
If you use the
userContext
ortenantId
parameters passed toshouldDoAutomaticAccountLinking
, please update your implementation to account for the new parameter.Before:
After:
Optional
session
parameter added to public functionsWe've added a new optional
session
parameter to many function calls. In all cases, these have been added as the last parameter beforeuserContext
, so this should only affect you if you are using that. You only need to pass a session as a parameter if you are using account linking and want to try and link the user signing in/up to the session user.You can get the necessary session object using
verifySession
in an API call.Here we use the example of
EmailPassword.signIn
but this fits other functions with changed signatures.Before:
After:
fetchValue
signature changeIf you use the
userContext
parameter passed tofetchValue
, please update your implementation to account for the new parameter.Before:
After:
build
signature changeIf you were using the
build
function for custom or built-in session claims, you should update the call signature to also pass the new parameter.Before:
After:
Post sign-in/up actions
Since now sign in/up APIs and functions can be called with a session (e.g.: during MFA flows), you may need to add an extra check to your overrides to account for that:
Before:
After:
Sign-in/up linking to the session user
Sign in/up APIs and functions will now attempt to link the authenticating user to the session user if a session is available (depending on AccountLinking settings). You can disable this and get the old behaviour by:
Before:
After:
v16.7.6
Compare Source
What's Changed
Full Changelog: supertokens/supertokens-node@v16.7.5...v16.7.6
v16.7.5
Compare Source
What's Changed
Full Changelog: supertokens/supertokens-node@v17.0.2...v16.7.5
v16.7.4
Compare Source
v16.7.3
Compare Source
v16.7.2
Compare Source
createNewSession
now defaults to the value of thest-auth-mode
header (if available) if the configuredgetTokenTransferMethod
returnsany
.v16.7.1
Compare Source
resetPasswordUsingToken
in emailpassword and thirdpartyemailpassword recipe to not include statuses that happen based on email change.v16.7.0
Compare Source
withSession
,getSSRSession
andwithPreParsedRequestResponse
for Next.js App directory.errorHandler
callback function was invoked only upon encountering an error. This behavior has been rectified, and now the callback is invoked in both error and success cases.v16.6.8
Compare Source
v16.6.7
Compare Source
v16.6.6
Compare Source
userContext
input to thevalidate
function in form fields. You can use this to fetch the request object from theuserContext
, read the request body, and then read the other form fields from there. If doing so, keep in mind that for the email and password validators, the request object may not always be available in thevalidate
function, and even if it's available, it may not have the request body of the sign up API since thevalidate
functions are also called from other operations (like in password reset API). For custom form fields that you have added to the sign up API, the request object will always be there in theuserContext
.node-fetch
)v16.6.5
Compare Source
v16.6.4
Compare Source
verifySession
adding generic to extend the fastify base request.v16.6.3
Compare Source
v16.6.2
Compare Source
getBackwardsCompatibleUserInfo
to not throw an error in case of session and user id mismatch.v16.6.1
Compare Source
crypto
library to enable Apple OAuth usage in Cloudflare Workers.v16.6.0
Compare Source
Added
v16.5.2
Compare Source
passwordReset
in emailpassword recipe for custom frameworks (#746)v16.5.1
Compare Source
createResetPasswordLink
andsendResetPasswordEmail
in thirdpartyemailpassword recipe.v16.5.0
Compare Source
networkInterceptor
to theTypeInput
config.v16.4.0
Compare Source
debug
property toTypeInput
. When set totrue
, it will enable debug logs.v16.3.4
Compare Source
Fixes
Access-Control-Expose-Headers
header value would contain duplicatesv16.3.3
Compare Source
null
values inProviderConfig
saved in corev16.3.2
Compare Source
Fixes
getUsersNewestFirst
andgetUsersOldestFirst
will now properly filter users by tenantId.v16.3.1
Compare Source
Fixes
.amazonaws.com
) separately while extracting TLDs for SameSite attribute.v16.3.0
Compare Source
Added
origin
property toappInfo
, this can be configured to be a function which allows you to conditionally return the value of the frontend domain. This property will replacewebsiteDomain
in a future release ofsupertokens-node
websiteDomain
insideappInfo
is now optional. Usingorigin
is recommended over usingwebsiteDomain
. This is not a breaking change and usingwebsiteDomain
will continue to workFixed
Changes
v16.2.1
Compare Source
v16.2.0
Compare Source
Changes
validateAccessToken
to the configuration for social login providers, this function allows you to verify the access token returned by the social provider. If you are using Github as a provider, there is a default implmentation provided for this function.v16.1.0
Compare Source
twitter
as a built-in thirdparty providerv16.0.0
Compare Source
Overview
Introducing account-linking
With this release, we are introducing a new AccountLinking recipe, this will let you:
Check our guide for more information.
To use this you'll need compatible versions:
The new User object and primary vs non-primary users
In this release, we've removed the recipes specific user types and instead introduced a new
User
class to support the "Primary user" concept introduced by account linkingUser
class now provides the same interface for all recipes.isPrimary
field that you can use to differentiate between primary and recipe usersloginMethods
array contains objects that covers all props of the old (recipe specific) user types, with the exception of the id. Please check the migration section below to get the exact mapping between old and new props.loginMethods
array should contain exactly 1 element.user.id
will be the same asuser.loginMethods[0].recipeUserId.getAsString()
.user.id
will change if it is linked to another user.loginMethods
array can have 1 or more elements, each corresponding to a single recipe user.user.id
will not change even if other users are linked to it.Primary vs RecipeUserId
Because of account linking we've introduced a new Primary user concept (see above). In most cases, you should only use the primary user id (
user.id
orsession.getUserId()
) if you are associating data to users. Still, in some cases you need to specifically refer to a login method, which is covered by the newRecipeUserId
class:session.getRecipeUserId()
.loginMethods
array of aUser
object (see above):user.loginMethods[0].recipeUserId
.recipeUserId.getAsString()
.Breaking changes
Now only supporting CDI 4.0. Compatible with core version >= 7.0
Now supporting FDI 1.18
Removed the recipe specific
User
type, now all functions are using the new genericUser
type.The
build
function and thefetchValue
callback of session claims now take a newrecipeUserId
param.EmailVerificationClaim
,UserRoleClaim
,PermissionClaim
,AllowedDomainsClaim
.Now ignoring protected props in the payload in
createNewSession
andcreateNewSessionWithoutRequestResponse
createdNewUser
has been renamed tocreatedNewRecipeUser
in sign up related APIs and functionsEmailPassword:
getUserById
,getUserByEmail
. You should usesupertokens.getUser
, andsupertokens. listUsersByAccountInfo
insteadconsumePasswordResetToken
. This function allows the consumption of the reset password token without changing the password. It will return OK if the token was valid.createNewRecipeUser
function that is called during sign up and password reset flow (in case a new email password user is being created on the fly). This is mostly for internal use.recipeUserId
is added to the input ofgetContent
of the email delivery configemail
was added to the input ofcreateResetPasswordToken
,sendResetPasswordEmail
,createResetPasswordLink
updateEmailOrPassword
:recipeUserId
instead ofuserId
EMAIL_CHANGE_NOT_ALLOWED_ERROR
statussignIn
:recipeUserId
prop in thestatus: OK
casesignUp
:recipeUserId
prop in thestatus: OK
caseresetPasswordUsingToken
:consumePasswordResetToken
andupdateEmailOrPassword
signInPOST
:SIGN_IN_NOT_ALLOWED
signUpPOST
:SIGN_UP_NOT_ALLOWED
generatePasswordResetTokenPOST
:PASSWORD_RESET_NOT_ALLOWED
passwordResetPOST
:user
and theemail
whose password was resetPASSWORD_POLICY_VIOLATED_ERROR
EmailVerification:
createEmailVerificationToken
,createEmailVerificationLink
,isEmailVerified
,revokeEmailVerificationTokens
,unverifyEmail
:recipeUserId
instead ofuserId
sendEmailVerificationEmail
:recipeUserId
parameterverifyEmailUsingToken
:attemptAccountLinking
parameterrecipeUserId
instead ofid
sendEmail
now requires a newrecipeUserId
as part of the user infogetEmailForUserId
config option was renamed togetEmailForRecipeUserId
verifyEmailPOST
,generateEmailVerifyTokenPOST
: returns an optionalnewSession
in case the current user session needs to be updatedPasswordless:
getUserById
,getUserByEmail
,getUserByPhoneNumber
updateUser
:recipeUserId
instead ofuserId
"EMAIL_CHANGE_NOT_ALLOWED_ERROR
andPHONE_NUMBER_CHANGE_NOT_ALLOWED_ERROR
statusescreateCodePOST
andconsumeCodePOST
can now returnSIGN_IN_UP_NOT_ALLOWED
Session:
recipeUserId
is now added to the payload of theTOKEN_THEFT_DETECTED
errorcreateNewSession
: now takesrecipeUserId
instead ofuserId
validateClaimsInJWTPayload
revokeAllSessionsForUser
now takes an optionalrevokeSessionsForLinkedAccounts
paramgetAllSessionHandlesForUser
now takes an optionalfetchSessionsForAllLinkedAccounts
paramregenerateAccessToken
return value now includesrecipeUserId
getGlobalClaimValidators
andvalidateClaims
now get a newrecipeUserId
paramgetRecipeUserId
to the session classThirdParty:
signInUp
override:isVerified
paramSIGN_IN_UP_NOT_ALLOWED
manuallyCreateOrUpdateUser
:isVerified
paramEMAIL_CHANGE_NOT_ALLOWED_ERROR
,SIGN_IN_UP_NOT_ALLOWED
getUserByThirdPartyInfo
,getUsersByEmail
,getUserById
signInUpPOST
can now returnSIGN_IN_UP_NOT_ALLOWED
ThirdPartyEmailPassword:
getUserByThirdPartyInfo
,getUsersByEmail
,getUserById
thirdPartyManuallyCreateOrUpdateUser
:isVerified
paramEMAIL_CHANGE_NOT_ALLOWED_ERROR
,SIGN_IN_UP_NOT_ALLOWED
thirdPartySignInUp
override:isVerified
paramSIGN_IN_UP_NOT_ALLOWED
email
was added to the input ofcreateResetPasswordToken
,sendResetPasswordEmail
,createResetPasswordLink
createNewEmailPasswordRecipeUser
function that is called during email password sign up and in the “invitation link” flowconsumePasswordResetToken
updateEmailOrPassword
:recipeUserId
instead ofuserId
EMAIL_CHANGE_NOT_ALLOWED_ERROR
statusresetPasswordUsingToken
:consumePasswordResetToken
andupdateEmailOrPassword
createNewEmailPasswordRecipeUser
function that is called during sign up and in the “invitation link” flowemailPasswordSignIn
:recipeUserId
prop in thestatus: OK
caseemailPasswordSignUp
:recipeUserId
prop in thestatus: OK
caseemailPasswordSignInPOST
:SIGN_IN_NOT_ALLOWED
emailPasswordSignUpPOST
:SIGN_UP_NOT_ALLOWED
generatePasswordResetTokenPOST
:PASSWORD_RESET_NOT_ALLOWED
passwordResetPOST
:user
and theemail
whose password was resetPASSWORD_POLICY_VIOLATED_ERROR
thirdPartySignInUpPOST
can now returnSIGN_IN_UP_NOT_ALLOWED
ThirdPartyPasswordless:
getUserByThirdPartyInfo
,getUsersByEmail
,getUserByPhoneNumber
,getUserById
thirdPartyManuallyCreateOrUpdateUser
:isVerified
paramEMAIL_CHANGE_NOT_ALLOWED_ERROR
,SIGN_IN_UP_NOT_ALLOWED
thirdPartySignInUp
override:isVerified
paramSIGN_IN_UP_NOT_ALLOWED
updatePasswordlessUser
:recipeUserId
instead ofuserId
"EMAIL_CHANGE_NOT_ALLOWED_ERROR
andPHONE_NUMBER_CHANGE_NOT_ALLOWED_ERROR
statusesthirdPartySignInUpPOST
can now returnSIGN_IN_UP_NOT_ALLOWED
createCodePOST
andconsumeCodePOST
can now returnSIGN_IN_UP_NOT_ALLOWED
Multitenancy:
associateUserToTenant
can now returnASSOCIATION_NOT_ALLOWED_ERROR
associateUserToTenant
anddisassociateUserFromTenant
now takeRecipeUserId
instead of a string user idChanges
RecipeUserId
and a genericUser
classgetUser
,listUsersByAccountInfo
,convertToRecipeUserId
to the main exportsMigration guide
New User structure
We've added a generic
User
class instead of the old recipe specific ones. The mapping of old props to new in case you are not using account-linking:user.id
staysuser.id
(oruser.loginMethods[0].recipeUserId
in case you needRecipeUserId
)user.email
becomesuser.emails[0]
user.phoneNumber
becomesuser.phoneNumbers[0]
user.thirdParty
becomesuser.thirdParty[0]
user.timeJoined
is stilluser.timeJoined
user.tenantIds
is stilluser.tenantIds
RecipeUserId
Some functions now require you to pass a
RecipeUserId
instead of a string user id. If you are using our auth recipes, you can find the recipeUserId as:user.loginMethods[0].recipeUserId
(you'll need to worry about selecting the right login method after enabling account linking). Alternatively, if you already have a string user id you can convert it to aRecipeUserId
usingsupertokens.convertToRecipeUserId(userIdString)
Checking if a user signed up or signed in
Changing user emails
v15.2.3
Compare Source
What's Changed
Full Changelog: supertokens/supertokens-node@v15.2.2...v15.2.3
v15.2.2
Compare Source
What's Changed
Full Changelog: supertokens/supertokens-node@v17.0.2...v15.2.2
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.