Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 0 additions & 14 deletions .changeset/harden-magic-link-otp.md

This file was deleted.

11 changes: 0 additions & 11 deletions .changeset/login-methods-env-config.md

This file was deleted.

8 changes: 0 additions & 8 deletions .changeset/oauth-provider-config-defaults.md

This file was deleted.

26 changes: 26 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,31 @@
# seamless-auth-api

## 0.2.2

### Patch Changes

- 03651ba: Harden and regression-test the magic link and OTP sign-in flows.
- Magic link: polling while waiting now returns `204` (no body) instead of `500`,
fixing the broken starter sign-in; removed dead device-binding code from verify
(binding is enforced at the poll step); the post-session write is awaited.
- OTP: the verify endpoints are now rate-limited; OTPs are stored and compared
hashed-only (the transitional plaintext fallback is removed); post-session writes
are awaited.
- CI: formatting is enforced (`prettier --check`) and coverage thresholds are
ratcheted so these flows cannot silently regress.

- 3292605: Env-mapped system config (e.g. `LOGIN_METHODS`) now takes effect over
migration-seeded defaults. Previously the login-policy migration hard-seeded
`login_methods` and `bootstrapSystemConfig` only seeded missing rows, so the env
var was permanently ignored. Now bootstrap re-applies env values over config that
was never changed through the admin API (`updatedBy IS NULL`), admin edits record
`updatedBy` so they are preserved, and a migration re-applies env to existing
un-edited rows.
- 6b6f1e6: Apply OAuthProviderConfigSchema defaults to providers configured via OAUTH_PROVIDERS. The
env value was parsed with a raw JSON.parse, so per-provider fields like subjectJsonPath and
emailJsonPath stayed undefined and OAuth profile extraction failed with a generic
"OAuth login failed". The OAuth callback now also logs the underlying error. Fixes #49.

## 0.2.1

### Patch Changes
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "seamless-auth-api",
"version": "0.2.1",
"version": "0.2.2",
"description": "Seamless Auth API - A web application server for supporting a Seamless Auth server instance.",
"main": "index.js",
"type": "module",
Expand Down
Loading