Skip to content

Latest commit

 

History

History
392 lines (238 loc) · 22 KB

CHANGELOG.md

File metadata and controls

392 lines (238 loc) · 22 KB

Change Log

v2.0.0 (2022-12-01)

Full Changelog

⚠️ BREAKING CHANGES

See V2 Migration Guide for full details.

v2.0.0-beta.4 (2022-11-18)

Full Changelog

⚠️ BREAKING CHANGES

  • Rearrange exports for RSC and add experimental RSC route to example #913 (adamjmcgrath)

Fixed

  • WithMiddlewareAuthRequired should return 401 for /api routes #909 (adamjmcgrath)

v2.0.0-beta.3 (2022-11-08)

Full Changelog

Fixed

v2.0.0-beta.2 (2022-11-02)

Full Changelog

Added

Fixed

v2.0.0-beta.1 (2022-10-21)

Full Changelog

Fixed

  • status getter is not enumerable so needs to be added to NextResponse #875 (adamjmcgrath)

v2.0.0-beta.0 (2022-10-11)

Full Changelog

See V2 Migration Guide for full details.

v1.9.2 (2022-10-07)

Full Changelog

Added

  • Fix updates to session not reflected in async getServerSideProps #843 (adamjmcgrath)

v1.9.1 (2022-06-16)

Full Changelog

Fixed

v1.9.0 (2022-05-20)

Full Changelog

Added

  • [SDK-3332] Constrain session lifecycle to withPageAuthrequired to avoid Next warning #664 (adamjmcgrath)

v1.8.0 (2022-05-04)

Full Changelog

Added

Fixed

v1.7.0 (2022-01-06)

Full Changelog

Added

Fixed

  • Honor configured sameSite in transient cookies so you can login to iframe using 'none' #571 (adamjmcgrath)
  • Cookies with samesite=none must have the secure attr set #570 (adamjmcgrath)
  • Improve types in server-side withPageAuthRequired #554 (misoton665)

v1.6.2 (2021-12-16)

Full Changelog

Fixed

Security

v1.6.1 (2021-10-13)

Full Changelog

Fixed

  • [Snyk] Upgrade openid-client from 4.8.0 to 4.9.0 #518 (snyk-bot)

v1.6.0 (2021-10-11)

Full Changelog

Added

Fixed

  • Fix types in server-side withPageAuthRequired #512 (Widcket)

1.5.0 (2021-07-14)

Added

1.4.2 (2021-06-24)

Fixed

1.4.0 (2021-06-03)

Added

  • withPageAuthRequired CSR now adds user to wrapped component props #405 (adamjmcgrath)

Fixed

  • env var substitutions now means you can define AUTH0_BASE_URL from VERCEL_URL in next.config.js #404 (adamjmcgrath)

1.3.1 (2021-05-05)

Fixed

  • Use window.location.toString() as the default returnTo value #370 (Widcket)
  • returnTo should be encoded as it contains url unsafe chars #365 (adamjmcgrath)

1.3.0 (2021-03-26)

Added

1.2.0 (2021-03-10)

Added

  • Export UserContext for overriding default hook initialisation behaviour #325 (adamjmcgrath)

Fixed

  • returnTo should respect application’s basePath configuration #317 (Widcket)

1.1.0 (2021-02-24)

Added

  • Add redirect_uri option to callback handler #298 (mariano)

Fixed

  • Chunked cookies should not exceed browser max #301 (adamjmcgrath)
  • Cleanup unused cookies when switching between chunked and unchunked #303 (adamjmcgrath)
  • New tokens should be applied to existing session after handleProfile #307 (adamjmcgrath)

1.0.0 (2021-02-15)

New features

  • New suite of frontend tools:
    • useUser hook and UserProvider to simplify checking and managing the user’s logged in state on the client.
    • withPageAuthRequired higher order component to protect client side routes.
  • New handleAuth feature to reduce the amount of boilerplate required to set up the server side authentication handlers.
  • Simpler server side API where creation of an SDK instance is handled by the SDK.

Breaking changes

For a full list of breaking changes and migration guide, checkout the V1_MIGRATION_GUIDE.md

1.0.0-beta.2 (2021-02-11)

Additions

  • Added afterRefetch hook option to handleProfile to modify the session after refetching it.

1.0.0-beta.1 (2021-02-03)

Additions

  • Added a new way to configure the custom profile url. Now it can be configured with an environment variable as well.

Changes

  • The way to configure the custom login url has changed. Instead of passing it in every call to withPageAuthRequired now it can be configured with an environment variable.
  • The Vercel configuration docs have been updated with the latest guidance.

Fixes

  • Fixed a logout issue related to custom IdPs.

1.0.0-beta.0 (2021-01-14)

Install

npm install @auth0/nextjs-auth0@beta

New features

  • New suite of frontend tools:
    • useUser hook and UserProvider to simplify checking and managing the user’s logged in state on the client.
    • withPageAuthRequired higher order component to protect client side routes.
  • New handleAuth feature to reduce the amount of boilerplate required to set up the server side authentication handlers.
  • Simpler server side API where creation of an SDK instance is handled by the SDK.

Breaking changes

For a full list of breaking changes and migration guide, checkout the V1_MIGRATION_GUIDE.md

Changes

v0.16.0 (2020-08-19)

  • Updating dependencies with security issues
  • Added the ability to force refreshing the access_token (#147)

v0.15.0 (2020-07-13)

  • Improve redirect URI validation when double forward slashes are provided (commit)
  • Fix double encoding issue of postLogoutRedirectUri when using a different OIDC IdP (#127)
  • Keep previously set cookies in the callbackHandler (#133)

v0.14.0 (2020-07-08)

  • Allow overriding the returnTo setting when signing out a user (in the logoutHandler)

v0.13.0 (2020-05-15)

  • Updated handlers to use NextApiRequest and NextApiResponse
  • Automatically redirect to what is provided in the redirectTo querystring parameter, eg: /api/login?redirectTo=/profile

v0.12.0 (2020-05-11)

  • Support end_session_endpoint (#102)
  • Allow full control over the state generation
  • Allow full control over the session creation

v0.11.0 (2020-03-31)

  • Make options optional in handlers (#78)
  • Add domain when clearing cookie (#79)
  • Add redirectTo support (#81)

v0.10.0 (2020-01-10)

  • Add support to refetch the user in the profile handler.

v0.9.0 (2020-01-08)

  • Make options on the login handler optional

v0.8.0 (2020-01-08)

  • Improved TypeScript types
  • Added support to automatically refresh access tokens

v0.7.0 (2019-12-18)

  • Add support for SameSite and set to Lax by default to mitigate CSRF attacks.

v0.6.0 (2019-12-18)

  • Add support for the cookieDomain option which allows you to share the session across subdomains.
  • Fix the interface for the handleLogin method.
  • Support sending a custom state to Auth0.

v0.5.0 (2019-10-14)

  • Added support for custom authorization parameters in the Login handler

v0.4.0 (2019-10-10)

  • Rename the httpClient to oidcClient setting to support more OIDC related settings.
  • Added support for id_token leeway for when the time on your server is running behind on Auth0.
  • Improve handling of Secure cookies. Don't force Secure cookies when running on localhost (to fix issues related to next start)

v0.3.0 (2019-10-09)

  • Fixed issue related to audience not being passed to the /authorize request
  • Rename useAuth0 to initAuth0 to clear any confusion about React Hooks (this SDK does not provide a hook)
  • Added a new handler to require authentication on API routes.

v0.2.0 (2019-09-25)

  • Added support for storeRefreshToken to persist the refresh_token in the session
  • Added prettier
  • Removed the need build time configuration

v0.1.0 (2019-09-17)

Initial release.