Skip to content

chore: update version and changelog#44

Merged
Bccorb merged 1 commit into
mainfrom
changeset-release/main
Jun 29, 2026
Merged

chore: update version and changelog#44
Bccorb merged 1 commit into
mainfrom
changeset-release/main

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

seamless-auth-api@0.2.2

Patch Changes

  • 03651ba: Harden and regression-test the magic link and OTP sign-in flows.

    • Magic link: polling while waiting now returns 204 (no body) instead of 500,
      fixing the broken starter sign-in; removed dead device-binding code from verify
      (binding is enforced at the poll step); the post-session write is awaited.
    • OTP: the verify endpoints are now rate-limited; OTPs are stored and compared
      hashed-only (the transitional plaintext fallback is removed); post-session writes
      are awaited.
    • CI: formatting is enforced (prettier --check) and coverage thresholds are
      ratcheted so these flows cannot silently regress.
  • 3292605: Env-mapped system config (e.g. LOGIN_METHODS) now takes effect over
    migration-seeded defaults. Previously the login-policy migration hard-seeded
    login_methods and bootstrapSystemConfig only seeded missing rows, so the env
    var was permanently ignored. Now bootstrap re-applies env values over config that
    was never changed through the admin API (updatedBy IS NULL), admin edits record
    updatedBy so they are preserved, and a migration re-applies env to existing
    un-edited rows.

  • 6b6f1e6: Apply OAuthProviderConfigSchema defaults to providers configured via OAUTH_PROVIDERS. The
    env value was parsed with a raw JSON.parse, so per-provider fields like subjectJsonPath and
    emailJsonPath stayed undefined and OAuth profile extraction failed with a generic
    "OAuth login failed". The OAuth callback now also logs the underlying error. Fixes OAuth providers from OAUTH_PROVIDERS env skip schema defaults (subjectJsonPath etc.) → silent login failure #49.

@github-actions github-actions Bot force-pushed the changeset-release/main branch 3 times, most recently from 12d5b54 to d5afcba Compare June 29, 2026 09:04
@github-actions github-actions Bot force-pushed the changeset-release/main branch from d5afcba to c9d594c Compare June 29, 2026 16:41
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Bccorb Bccorb merged commit dcf3146 into main Jun 29, 2026
2 of 3 checks passed
@Bccorb Bccorb deleted the changeset-release/main branch June 29, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OAuth providers from OAUTH_PROVIDERS env skip schema defaults (subjectJsonPath etc.) → silent login failure

2 participants