Changelog

2.151.0 (2024-05-06)

Features

refactor one-time tokens for performance (#1558) (d1cf8d9)

Bug Fixes

do call send sms hook when SMS autoconfirm is enabled (#1562) (bfe4d98)
format test otps (#1567) (434a59a)
log final writer error instead of handling (#1564) (170bd66)

2.150.1 (2024-04-28)

Bug Fixes

add db conn max idle time setting (#1555) (2caa7b4)

2.150.0 (2024-04-25)

Features

add support for Azure CIAM login (#1541) (1cb4f96)
add timeout middleware (#1529) (f96ff31)
allow for postgres and http functions on each extensibility point (#1528) (348a1da)
merge provider metadata on link account (#1552) (bd8b5c4)
send over user in SendSMS Hook instead of UserID (#1551) (d4d743c)

Bug Fixes

return error if session id does not exist (#1538) (91e9eca)

2.149.0 (2024-04-15)

Features

refactor generate accesss token to take in request (#1531) (e4f2b59)

Bug Fixes

linkedin_oidc provider error (#1534) (4f5e8e5)
revert patch for linkedin_oidc provider error (#1535) (58ef4af)
update linkedin issuer url (#1536) (10d6d8b)

2.148.0 (2024-04-10)

Features

add array attribute mapping for SAML (#1526) (7326285)

2.147.1 (2024-04-09)

Bug Fixes

add validation and proper decoding on send email hook (#1520) (e19e762)
remove deprecated LogoutAllRefreshTokens (#1519) (35533ea)

2.147.0 (2024-04-05)

Features

add send email Hook (#1512) (cf42e02)

2.146.0 (2024-04-03)

Features

add custom sms hook (#1474) (0f6b29a)
forbid generating an access token without a session (#1504) (795e93d)

Bug Fixes

add cleanup statement for anonymous users (#1497) (cf2372a)
generate signup link should not error (#1514) (4fc3881)
move all EmailActionTypes to mailer package (#1510) (765db08)
refactor mfa and aal update methods (#1503) (31a5854)
rename from CustomSMSProvider to SendSMS (#1513) (c0bc37b)

2.145.0 (2024-03-26)

Features

add error codes (#1377) (e4beea1)
add kakao OIDC (#1381) (b5566e7)
clean up expired factors (#1371) (5c94207)
configurable NameID format for SAML provider (#1481) (ef405d8)
HTTP Hook - Add custom envconfig decoding for HTTP Hook Secrets (#1467) (5b24c4e)
refactor PKCE FlowState to reduce duplicate code (#1446) (b8d0337)

Bug Fixes

add http support for https hooks on localhost (#1484) (5c04104)
cleanup panics due to bad inactivity timeout code (#1471) (548edf8)
docs: remove bracket on file name for broken link (#1493) (96f7a68)
impose expiry on auth code instead of magic link (#1440) (35aeaf1)
invalidate email, phone OTPs on password change (#1489) (960a4f9)
move creation of flow state into function (#1470) (4392a08)
prevent user email side-channel leak on verify (#1472) (311cde8)
refactor email sending functions (#1495) (285c290)
refactor factor_test to centralize setup (#1473) (c86007e)
refactor mfa challenge and tests (#1469) (6c76f21)
Resend SMS when duplicate SMS sign ups are made (#1490) (73240a0)
unlink identity bugs (#1475) (73e8d87)

2.144.0 (2024-03-04)

Features

add configuration for custom sms sender hook (#1428) (1ea56b6)
anonymous sign-ins (#1460) (130df16)
clean up test setup in MFA tests (#1452) (7185af8)
pass transaction to invokeHook, fixing pool exhaustion (#1465) (b536d36)
refactor resource owner password grant (#1443) (e63ad6f)
use dummy instance id to improve performance on refresh token queries (#1454) (656474e)

Bug Fixes

expose provider under amr in access token (#1456) (e9f38e7)
improve MFA QR Code resilience so as to support providers like 1Password (#1455) (6522780)
refactor request params to use generics (#1464) (e1cdf5c)
revert refactor resource owner password grant (#1466) (fa21244)
update file name so migration to Drop IP Address is applied (#1447) (f29e89d)

2.143.0 (2024-02-19)

Features

calculate aal without transaction (#1437) (8dae661)

Bug Fixes

deprecate hooks (#1421) (effef1b)
error should be an IsNotFoundError (#1432) (7f40047)
populate password verification attempt hook (#1436) (f974bdb)
restrict mfa enrollment to aal2 if verified factors are present (#1439) (7e10d45)
update phone if autoconfirm is enabled (#1431) (95db770)
use email change email in identity (#1429) (4d3b9b8)

2.142.0 (2024-02-14)

Features

alter tag to use raw (#1427) (53cfe5d)
update README.md to trigger release (#1425) (91e0e24)

2.141.0 (2024-02-13)

Features

drop sha hash tag (#1422) (76853ce)
prefix release with v (#1424) (9d398cd)

2.140.0 (2024-02-13)

Features

deprecate existing webhook implementation (#1417) (5301e48)
update publish.yml checkout repository so there is access to Dockerfile (#1419) (7cce351)

2.139.2 (2024-02-08)

Bug Fixes

improve perf in account linking (#1394) (8eedb95)
OIDC provider validation log message (#1380) (27e6b1f)
only create or update the email / phone identity after it's been verified (#1403) (2d20729)
only create or update the email / phone identity after it's been verified (again) (#1409) (bc6a5b8)
unmarshal is_private_email correctly (#1402) (47df151)
use pattern for semver docker image tags (#1411) (14a3aeb)

Reverts

"fix: only create or update the email / phone identity after i… (#1407) (ff86849)