Release 0.6.3

0.6.3 (2022-04-21)

Bug Fixes

• filter internal user fields in session (d1c4c9b)

Release 0.6.2

0.6.2 (2022-04-20)

Bug Fixes

• revert 00002 migration name to previous name when migration fails because of it (6a0856a)
  We modified migration file names in previous versions. However while Hasura migration system seems to ignore such name changes, @djgrant/postgres-migrations is not happy with it as it checks hashes from file names.

This fix handles the following cases:

• migration from 0.2 (_ name) to further versions (- name)
• migration from 0.3 (- name) to further versions (- name)

closes #129

Release 0.6.1

0.6.1 (2022-04-20)

Bug Fixes

• allow redirectTo option to start with any AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS value (dac0332)
• correct redirectTo and fall back to AUTH_CLIENT_URL if the redirectTo option is invalid (2e1819d), closes #137
• remove the AUTH_HOST environment variable (cacce97), closes #139
• run a metadata reload before and after applying hasura-auth metadata (bd9b361)

Performance Improvements

• improve logging on startup (c172c8a)
• improve startup with async imports (e00c073)
• set AUTH_CLIENT_URL and AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS to lower case (8bb351d)

Release 0.6.0

0.6.0 (2022-04-06)

Bug Fixes

• change default refresh token expiration to 30 days (a2e0d2a), closes #48
• rename JWT claim x-hasura-isAnonymous to x-hasura-is-anonymous (a4ca42e), closes #126

Features

• add emailVerified, phoneNumber, phoneNumberVerified, and activeMfaType to User (4d452d7)

Release 0.5.0

0.5.0 (2022-03-31)

Consistent error messages

Error messages were either sent as string or as an object (other errors). Moreover, the request payload validation was performed in two separate places in the code, as and a result, it was not possible to predict if payload validation errors were sent as a string or an object.
In addition, error codes and messages were inconsistent or missing from one endpoint to another, given the same type of error.

All errors sent back to the client now follow the same format:

{
  error: string // machine-readable error code
  status: number // http status
  message: string // human-readable message
}

The list of errors is comprehensive and available here.

Closes #98, #46

Redirect errors

Until now, endpoints that were redirecting the user to the frontend client were stopping redirection when an error occurred. It lead to bad user experience as users where stopped on a

In all the endpoints that have a redirectTo option, errors are now instead passed on to the frontend client as a query parameter, so the frontend can handle these errors and guide the user accordingly.

The two following keys are added to the query string:

• error: machine-readable error code
• errorDescription: human-readable message

Validate email when using OAuth providers

Email were not validated when authenticating with an Oauth provider. When the Oauth provider calls back to Hasura Auth, users with an email that don't follow the rules determined by AUTH_ACCESS_CONTROL_ALLOWED_EMAILS, AUTH_ACCESS_CONTROL_ALLOWED_EMAIL_DOMAINS, AUTH_ACCESS_CONTROL_BLOCKED_EMAILS and AUTH_ACCESS_CONTROL_BLOCKED_EMAIL_DOMAINS are now not able to complete authentication.

Closes #84

Fix allowed roles validation

The validation of allowedRoles were failing when passed on as an option.
Closes #116

Improve code readability

This release comes with improvements in the code structure and readiblity:

• Request payload validation is consistently done by Joi prior to the handling of the endpoint logic
• The payload validation rules have been move to each route file, instead of putting them all in the same place
• Http status codes and messages are not hard coded anymore, but are writtent with http-status-codes
• Helpers and utils files are restructured in a more sensible way, and exported/imported in the ESM way
• Dead code and uneless/stale comments have been removed

Release 0.4.3

0.4.3 (2022-03-18)

Bug Fixes

• Signing up using a provider without email was not working (#122 )
• Root field typo (#117) (ebb19f8)

Release 0.4.2

0.4.2 (2022-03-15)

Bug Fixes

• Discord sign-in not working for users without an avatar (#115) (aab9637)

Release 0.4.1

0.4.1 (2022-03-15)

Bug Fixes

• Discord OAuth patch was not applied (#114) (0024aa1)
• Redirect URLs was not correctly generated (02e75cf)

Release 0.4.0

0.4.0 (2022-03-14)

What's new

Error Redirects

If any error happens when a user clicks on a link generated by Hasura Auth (e.g. magic link) the user now gets redirected to the client app together with information about the error as query parameters.

Errors:

• MissingVerificationTicket
• MissingVerificationType
• InvalidOrExpiredVerificationTicket

The previous behavior was to not redirect the user and instead show an error message that was not meant for users.

Options for providers

Signup options (like defaultRole or metadata) and the redirectTo parameter now work when signing up with a provider.

---

Bug Fixes

• Sign-in and sign-up options was not working for OAuth providers (#108) (068f9c0)

Features

• Redirect user to client with error query parameters instead of showing error message from Hasura Auth (#109) (0dcb370)

Release 0.3.2

0.3.2 (2022-03-09)

Bug Fixes

• patch twitch Oauth provider (1cd9926)