Releases v1.0.0
1.0.0 (2023-10-20)
Bug Fixes
change email update flow to return both ? messages and # messages (#1129 ) (77afd28 )
#1 changed fragment to query parameter in confirmation email and now allow confirmation of email token via GET request to /verify which will forward to SITEURL on success (452c77f )createNewIdentity uses provided transaction (#776 ) (3f61950 )Access to req.Body via getBodyBytes (#630 ) (99fed86 )
account linking logic (#990 ) (17162c9 )
add & update migrations (c9561c6 )
add email as verification type for email OTPs (#885 ) (8d21cbc )
add UserSignedUpAction to the audit log when the user is unconfirmed (#423 ) (3356266 ), closes #395 #396
add alter users migration (0a04884 )
add app_metadata in adminUserCreate (#628 ) (22aa3f6 )
add arm64 to docker releases (6b52c24 )
add auth.jwt() function (#484 ) (e22cbc7 )
Add automatic reuse detection for refresh tokens (#226 ) (27e22a7 )
add checks for ownership for unenroll and verify (#835 ) (bdd9947 )
add client_id and issuer fields to id_token grant (0808e33 ), closes #159 #299 #159 #299
add config to toggle num of email change links sent (3289d69 )
add configurable hcaptcha timeout (#441 ) (c353dbb )
add create_user field to otp endpoint (#318 ) (43d2e39 )
add default message for sending sms otp (26eb21f )
add discord global_name to custom_claims (#1171 ) (3b1a5b9 )
add discord discriminator to username (#381 ) (4bb1b4c )
add discord id to user_metadata (#136 ) (0855eea )
add docs for callback and authorize (83ca514 )
add email_change support to generateLink (#560 ) (7c452a8 )
add empty emails checks (53ecf93 )
Add full gosec support (w/o tests) (#636 ) (7994557 )
add gitlab types and handle primary email confirmation (ab65ec9 )
add guard check in case factor, session, or user are missing (#1099 ) (b4a3fec )
add http timeout to add external provider requests (#471 ) (1685bf2 )
add identities to access token jwt payload (d84e553 )
add identities to user json obj (e3a52e6 )
add identity model (68feb34 )
add improved HTTP metrics (#768 ) (2f78644 )
add index on (session_id, revoked) in refresh_tokens (#765 ) (5ba3aca )
add index on identities.user_id (#781 ) (6c2c734 )
add index on identites.user_id (096dc31 )
add IP Address to logs (df6bf87 )
add logic to sign-in based on identity (00b0c0a )
add login event to recover / magiclink verify (#396 ) (7312da7 )
add mfa migrations (#722 ) (afdb223 )
add migration for email change (08f2f73 )
add migration to backfill email identities (#823 ) (b54d60a )
add missing index on user_id under sessions (#763 ) (3332072 )
add missing namespace prefix to index targets (#892 ) (3961c55 ), closes #669
Add new SMS provider Textlocal (#342 ) (bf35829 )
Add Notion OAuth (#326 ) (accdb78 )
add nullif to auth functions (#391 ) (88498e0 )
add oauth token validation for facebook (7f8dbfe )
add phone field to gotrue claims (21de282 )
add profiler server (#1158 ) (58552d6 )
add provider field back for backward compatibility (4f4361c )
add provider to audit_log_entries for all signup and login actions (#373 ) (38d7d36 )
add rate limit emails sent envvar (d0982b3 )
add rate limit env vars (1548ccd )
add rate limiter for email endpoints (97e9ec8 )
add reuse interval for token refresh (#466 ) (6a6e3be )
add send email change logic (b5fd17f )
add sender name to SMTP config (1a3a9d2 )
add separate config for sms rate limits (#860 ) (1ff475c )
add session_id to refresh_tokens table (#600 ) (f427b9f ), closes #631
add Slack Team ID custom claim (#380 ) (4a745f5 )
add swagger docs (#695 ) (8eefabb )
add tag prefix to semver (500fdc2 )
add test for all sms providers (#676 ) (de6cd79 )
add twitter provider status to settings (1bd4e66 )
add user_confirmation_requested action (445b22a )
add validation to admin update user (#717 ) (497ce10 )
add valuer & scanner interfaces to claims (4baa809 )
add verify email change logic (e2e67e9 )
Add Vonage SMS provider (#333 ) (be96fc1 )
adds a generated confirmed_at column (f394e86 )
adds a separate download for arm binary (a05400c )
adds random password generator for temp password on magic link endpoint (52cb0e7 )
adds release assets to releases (7b33ed3 )
adds support for Azure tenant configuration (#298 ) (e2528a3 )
adds support for wildcards in redirect URIs (#334 ) (0f5091f )
adds wildcard for upload files (d536ed5 )
admin delete factor should be allowed to delete unverified factors (#854 ) (4c2bac3 )
admin user create & update (#929 ) (5526627 )
allow all URL forms in redirects (#711 ) (4ece9e3 )
allow any oauth providers to pass query params (#757 ) (ac2e7ae )
allow enforcing of reauthentication when user updates password (#427 ) (5b08af3 )
allow gotrue to work with multiple custom domains (#999 ) (91a82ed ), closes #725
allow invite links to be sent more than once #134 (330f467 )
allow login with phone & password (a9babf5 )
allow max db pool size to be configurable (#409 ) (3e92e8d )
allow refresh token grant if no email in providers lit (181f209 )
allow signups always (#262 ) (401d4cf )
allow user to update phone number (#421 ) (b611f1a )
also adds max frquency error (14137e8 )
azure api_url config (#407 ) (fa4b7e6 )
backfill email identities for invited users (#914 ) (f7286dd ), closes #895
bad indirect import was causing module naming clash (30092f4 )
bubble up specific publicly accessible Postgres error messages (#404 ) (8ef6798 )
bump gotrue to v2.6.25 (#461 ) (a4af211 )
bump gotrue version (#518 ) (895644e )
bump gotrue version (#557 ) (3d84070 )
bypass captcha for certain routes (#693 ) (70a6070 )
case-insensitive user emails - issue #89 (8734b6d )
change confirmed_at field to read-only (bfb8003 )
change Discord's discriminator type to string (#457 ) (ca839e4 )
Change Dockerfile.dev target from netlify to Supabase (#973 ) (ee74d52 )
change msg returned upon verifying one email change link (355fae5 )
change refererParam to redirectParam (0017daa )
changes # to ? in external redirect callbacks (9ec992d )
changes slack oauth scopes to openid (ab41b63 )
check err before using user (#1154 ) (53e1b3a )
check freq on email change (#1090 ) (659ca66 )
cleanup unused const (6349ed1 )
close response body on the client side (7589873 )
confirm email on email change (#1084 ) (0624655 )
confirms invite signups on email link click and sets temporary password (7af29c7 )
convert string -> *string for AAL and AMR (#785 ) (d887d18 )
convert emails to lowercase before saving (#589 ) (545abbc )
cookie domain configuration (6e58305 )
correct pkce redirect generation (#1097 ) (bdf93b4 )
correct provider names (79381df )
corrects event hook for signup login (4ec7e60 )
create email or phone identity on signup (808ab25 )
create identity for invited user (#895 ) (8ddf54b ), closes /github.com/supabase/gotrue/blob/65817282f2ed05bae19b57f85d4c09cf20b7780c/models/linking.go#L73-L79
create_user should default to true (#352 ) (910363d )
default nil interface to empty byte slice (#422 ) (18a8a5f )
disable tests to test ci (fd6ae55 )
discord discriminator (#462 ) (b02f838 )
do not exclude updated_at (#473 ) (8689fd2 )
docker: fail when pushing to ecr (#376 ) (c507d09 )don't encode query fragment (#1153 ) (e414cb3 )
don't normalise mobile deeplinks (#591 ) (4042c80 )
don't update user metadata on subsequent signups (#825 ) (9e97a32 )
drop mfa flag (#831 ) (f0642c0 )
duplicate identities on oauth signup (#291 ) (50064ee )
duplicate identity error on update user (#1141 ) (39ca89c )
empty password update should return explicit error (#297 ) (66a72ab )
enforce code challenge validity across endpoints (#1026 ) (be7c082 )
ensure confirmation & phone change sent at is saved (#425 ) (95fa5f6 )
expose x-total-count and link (#991 ) (e6dac54 ), closes #980
external-gitlab: don't override primary email with additional emails (5a4eddd )fetch new IDP metadata if stale (#833 ) (be3766d )
fetch provider id on external provider flow (7fb2158 )
fill last_sign_in_at with a non-null value on backfilled email identities (#850 ) (ef1a51f )
fix flow state expiry check (#1088 ) (6000e70 )
fixed case when Autoconfirm flag setted and magic link response ignored (44ce25c )
fixes typo on frequency (cfe5a36 )
ForStructWithAlias interface change at gobuffalo/pop@c81c996 (afe3cfa )
garbled text in sms message when message contains unicode (#971 ) (55544e2 )
generate password if empty in admin create user (a35db4c )
generate signup link (#556 ) (e6e6c4d )
generateLink should create identity for invite & signup (#774 ) (0032b65 )
get site url test (dd1fad4 )
global logrus configuration (#575 ) (fee9bf3 )
go fmt -> gofmt (#522 ) (0177301 )
go.sum deps (ddb7a1d )
handle all non-2xx errors (#515 ) (067d039 )
handle error properly for redirects (#887 ) (30c55e8 )
handle no twitter email (347bc7f )
handle non-2xx status code (#406 ) (2966dfc )
handle non-2xx status codes returned in provider http requests (#382 ) (b6a9c88 )
handle null session id (#667 ) (0f36e91 ), closes #668
netlify/gotrue#255 (6b141a5 )identities should return [] if null (76ecfc4 )
ignore exchangeCodeForSession when captcha is enabled (#1121 ) (4970bbc ), closes #1120
improve default settings used (4745451 )
improve migration logging (53705d1 )
improve sms provider error handling (386c2c3 )
include email claim in identityData (#796 ) (930f5af )
incorrect yaml syntax (4a46642 )
increase size of ip address field (7568953 )
IsDuplicatedEmail should filter out identities for the currentUser (#1092 ) (dd2b688 ), closes #1060 #988
Keycloak OAuth Provider (#371 ) (6de5ec1 )
linkedin email should be verified (c471151 )
linkedin provider issue with missing avatar url (#847 ) (895fc2a )
load user after sign-up to pull data from triggers (#712 ) (e553477 )
log auth actions (#479 ) (e01be0d )
log correct referer value (#1178 ) (a6950a0 )
logout cookies not cleared (#830 ) (596dd70 )
lowercase emails (#714 ) (d65ba60 )
lowercase oauth emails for account linking (#1125 ) (df22915 )
magiclink & recover verification should send login action to audit log (#395 ) (4dced2e )
maintain query params order (#1161 ) (c925065 )
make add_mfa_indexes re-runnable (#827 ) (00c21d8 )
make deps command (2803248 )
make deps was using wrong uuid so switch to gofrs/uuid over gobuffalo/uuid (8559b72 )
make deps was using wrong uuid so switch to gofrs/uuid over gobuffalo/uuid (4d51a55 )
make flow_state migrations idempotent, add index (#1086 ) (7ca755a )
make migration idempotent (#1079 ) (2be90c7 )
make migration idempotent (#923 ) (c792443 )
migration: create identities table (d16b889 )missing import & invalid type (5daa3e6 )
more specific URI_ALLOW_LIST documentation (5aba3d8 )
move config to releaserc (2408f1e )
move init_postgres script to the first migration ran (#394 ) (557c345 )
need to be able to pass full urls as template urls (b01eefc )
nest hcaptcha token under a more generic field (#216 ) (57d4800 )
new external open signups (184a1fb )
nil pointer dereference in stale SAML metadata check (#977 ) (bb21c93 ), closes #833
no longer hardcode username for migration (#419 ) (fefed99 )
oauth spotify token url (eae806a )
oauth: Remove password, phone on subsequent OAuth login (#509 ) (0d86833 )only apply rate limit if autoconfirm is false (#1184 ) (46932da )
Only require nonce in id_token when also passed in body (#430 ) (a67a77d )
pass through redirect query parameters (#1224 ) (577e320 ), closes #1150
passes referer through to verify in emails (5fcf7e2 )
patch secure email change (double confirm) response format. (#1241 ) (064e8a1 ), closes #1240
pkce bug with magiclink (#1074 ) (4b84129 )
pkce issues (#1083 ) (eb50ba1 )
POST /verify should check pkce case (#1085 ) (7f42eaa )
prepend sms message with custom message (b113173 )
preserve backward compatibility with Twilio Existing API (#1260 ) (71fb156 )
properly escape redirectTo URL for magic links (#750 ) (cc1d49d )
rate limiting not applied on phone OTP (#788 ) (6a129f3 )
raw_app_meta_data returns all providers associated to user (06de241 )
re-adds confirmed_at to user struct (75fd723 )
re-use existing connection's transaction in emailChangeVerify (#424 ) (460b31b ), closes #379
reauthenticate bugs (#431 ) (b296849 )
redclared variable (8bcc505 )
redirect user on invalid or expired confirmation token / sms otp (#302 ) (04e0eac )
redirect_to should be verified (67523b7 )
redirects on email change (d9cba5b )
redirectTo allows unpermitted url (b94d4d7 )
reduce default maxfrequency for mails to 60 seconds (f47512a )
reduce max frequency for magic links and improve error message (7894ce9 )
refactor variable assignment (13b8b89 )
refactor: remove dependency on gothic sessions (1922234 )refine error message for sign up (#237 ) (5bc665b )
release action should be triggered after test (dd9517b )
releaserc (#680 ) (3f7f39e )
remove captcha on id_token grant (#1175 ) (910079c ), closes #1172
remove content length (de860d9 )
Remove deprecation notice for admin roles (#639 ) (6e51f4b )
remove duplicated index on refresh_tokens table (#1058 ) (1aa8447 )
remove email change confirm status from user json obj (df96c06 )
remove foreign key constraint on refresh_tokens.parent (af00058 )
remove identities from access token (df11b52 )
remove migration that requires elevated privileges (#428 ) (17587e5 )
remove more error raising clauses (59309b9 )
remove organizations from fly provider (#1267 ) (c79fc6e )
remove potentially leaking fields (dab2eac )
remove redundant queries to get session (#1204 ) (669ce97 )
remove user not found error (18dd2df )
remove x-use-cookie header from token & signup endpoints (#349 ) (2c6869e )
rename metadata to data (#764 ) (70e354d )
rename provider to providers (cbb2b34 )
rename Twitter authorizeURL to authenticateURL to stay consistent with the API naming (9eebf9c )
resend email change (#1151 ) (ddad10f )
resend email change & phone change issues (#1100 ) (184fa38 ), closes #1095
resolve nil pointer dereference issue (#813 ) (4d78d5f )
respect last_sign_in_at on secure password update (#1164 ) (963df37 )
return 404 instead of 500 in maybeLoadUserOrSession (#783 ) (92ddade )
return correct avatar URL for default discord avatars (8974a06 )
return err if oauth provider email is unverified (#307 ) (4c713c9 )
return error as json on POST verify (#387 ) (dbfeecd )
return error if user not found but identity exists (#1200 ) (1802ff3 )
return invalid login creds before email not confirmed (#284 ) (92abe18 )
return provider_refresh_token in query fragment (#641 ) (86ec668 )
return signup confirmation if signup is incomplete for magiclink / otp (#889 ) (8137dd8 )
return the latest flow state (#1076 ) (00c9a11 )
return type for github id (bf54ddb )
return unauthorized error for invalid jwt (#744 ) (85cff37 )
return user already exists message on signing up more than once in a minute (ac0ac5e )
return user for POST verify endpoints (#397 ) (c854baf )
Revert "feat: no email password resets for users with no email identi… (#822 ) (1129482 ), closes #793
revert domain setting in cookie change (4e9198a )
Revert URL normalization (#535 , #591 ) (#592 ) (f9b28dd )
saml: access DB with context for SSO admin functions (#805 ) (ca9ad7a )saml: always request persistent NameID in authn requests (#840 ) (3c2b56e )saml: correct SSO domain, SAML attribute mapping update logic (#816 ) (9dbdd61 )saml: not specifying domains should not delete all domains (#851 ) (c1ad911 )saml: persist attribute mappings on provider create and update (#802 ) (af7c8ba )saml: saml user accounts not being set as is_sso_user (#841 ) (e290983 )saml: use SessionNotOnOrAfter from the authn. statement instead of conditions (#838 ) (35acc4c )sanitize id from user obj (30ddd76 )
search existing users by verified emails, unless Autoconfirm is true (9af1d1e )
send otp in email link (#379 ) (f853f45 )
serve http traffic (a6ea1eb )
set access_token & refresh_token in cookies (#336 ) (4d5c8b0 )
set ConfirmationSentAt after successful sms sent (fcb766d )
set cookies on oauth callback (#351 ) (467fb94 )
set emailChange to email (#920 ) (c23b6ce ), closes #897
set idle_in_transaction_session_timeout to 5min (#418 ) (9489d7e )
set the otp if it's not a test otp (#1223 ) (3afc8a9 )
Set version number at compile time (3d6886f ), closes #272
setting up ci for supabase repo (ea1ee89 )
shorten email otp (#446 ) (c64f331 )
shorten email otp length (#513 ) (397c949 )
simplify semantic release action (e2583cf )
skip capcha if admin jwt in header (#632 ) (4339913 )
skip captcha on POST /verify (#795 ) (eef1bb7 )
skip rate limit if header not present (#706 ) (8fb0c1e )
SmsOtp should still send otp the first time when sms autoconfirm is true (#426 ) (924a8a5 )
specify default value in migration (1f8b333 )
spotify accounts base url change (7167f0d )
standardise logging format to use json (#562 ) (396646a )
stops special symbols corrupting json body intermittently (7e57ad5 )
support email verification type on token hash verification (#1177 ) (ffa5efa )
support message IDs for Twilio Whatsapp (#1203 ) (77e85c8 )
support multiple emails for external providers (9d3195a )
switch to aws roles (#893 ) (76c8710 )
take into account test otp for twilio verify (#1255 ) (18b4291 ), closes #1252
temp trigger build (ae74da1 )
test otp with twilio verify (#1259 ) (ab2aba6 )
trigger build (9d9fc0e )
trigger build (499f246 )
trigger build (#259 ) (aead739 )
trigger docker release (faa5f97 )
trigger dockerhub build (6ed356d )
trigger patch release (a751d4e )
trigger release (6bfa8f2 )
trigger release (9d525ed )
Trigger release for #70 (1875f98 )
Trigger v1.7.2 release (0d2c0b8 )
trigging arm build (984fc18 )
Twitter: use HTTPS profile image URL for AvatarURL (ce9f527 )
typo (78640b3 )
unenroll should remove totp amr claim (#758 ) (c7a62de )
unique index should not apply to phone otps (#460 ) (60a7a6f )
update .yml to mfa (#731 ) (e034ca0 )
update auth functions (#289 ) (ee6027c )
update auth.jwt function (#488 ) (0d5d599 )
update auth.uid function (e8a670c )
update default message for phone otp (baf14da )
update email change link sent (9194895 )
update email change logic to support secure option (407e20c )
update email, phone identities on change (#824 ) (390e34d )
update encoding (ba5eaf5 )
update from oauth_pkce to pkce (#1017 ) (63bc007 ), closes /github.com/supabase/gotrue/blob/master/internal/api/token.go#L630
update generateLink response (#537 ) (b2696dd )
update gh workflow (#388 ) (41a3719 )
update github.com/crewjam/saml from 0.4.8 to 0.4.9 (#839 ) (7a10a05 )
update gobuffalo to v5.3.4 (#814 ) (aa1ff23 )
update logging in migrate cmd (b1c9f24 )
update makefile (b43cb0c )
update messagebird error parameter field casing (#257 ) (9893b49 )
update migration (861aebd )
update migration (a843b89 )
update migration for creating partial indices (#463 ) (48d6554 )
update migration to use provider & id as primary key (93bcbcc )
update password min length config (#399 ) (154f968 )
update password should logout all other sessions (#806 ) (4b4ca39 )
update provider field on adminCreate (d5e07a3 )
update provider field on processInvite (d4f4b37 )
update release action (#393 ) (64e8070 )
update settings & route for SAML (#1009 ) (f405615 )
update soft deletion (#894 ) (6581728 )
update sql logic for filter users (ee4d2e5 )
update tests (8fe5fc6 )
update user email should not fail when current email doesn't exist (#408 ) (32b0802 )
updates confirmation url params to be consumable by new verify interface (ffbe85a )
upgrade pop version (#1069 ) (969691f )
use delete instead of truncate for fast tests (#654 ) (5115c5f )
use clear hCaptcha error messages (#789 ) (2906976 )
use configured redirect URL for external providers (#1114 ) (42bb1e0 ), closes #999
use email change template for current and new (#433 ) (c83d01e )
use linkedin oidc endpoint (#1254 ) (6d5c8eb ), closes #1216
use proper index name in 20221215195500_modify_users_email_unique_index (9eda0ab )
use started transaction, not a new one (#1196 ) (0b5b656 ), closes /github.com/supabase/gotrue/pull/1190#discussion_r1270861390
user email & phone update (#432 ) (b4d9ca3 )
user_metadata shd return {} if null (62e7ccd )
using correct Twitter authorize URL so that user only has to authorize the app on the first login (963f69d )
validate email & phone number in shouldCreateUser (#448 ) (dd54189 )
verify email for email-based zoom signup (#403 ) (db05a27 )
verify failure should redirect to valid redirect_url (44e3c1b )
verify identity email (#332 ) (c28a8e3 )
verify oauth_token in oauth1 flow (b42f04b )
workflow: update semantic release node version (4b58acc )wrap error returned by GetSmsProvider (#429 ) (1cde881 )
Features
add actor_via_sso to audit log (#1002 ) (c52de4a )
add is_sso_user column to users which allows duplicate emails to exist on those rows (#828 ) (0e2cd70 )
add kid, iss, iat claims to the JWT (#1148 ) (3446197 )
add provider claim to amr when the method is sso/saml (#837 ) (68acb95 )
add basic user banning functionality (#343 ) (cc94302 )
add captcha to verify and token endpoints (#520 ) (32a6e1f )
add cookie domain env var (1a29533 )
add CORS allowed headers config (#1197 ) (7134000 )
add database cleanup logic, runs after each request (#875 ) (aaad5bd )
add different logout scopes (#1112 ) (df07540 )
add email rate limit breach metric (#1208 ) (4ff1fe0 ), closes #1213
add endpoint to generate email action links (9cb6116 )
add endpoint to resend email confirmation (#912 ) (a50b5a7 ), closes #312
add Figma provider (#1139 ) (007324c ), closes /www.figma.com/developers/api#oauth2
add fly oauth provider (#1261 ) (0fe4285 )
add generated admin client (#924 ) (3ee3f34 )
add huawei cloud msgsms support (#1 ) (b797a03 )
add idle db connection options (duration, count, healthcheck period) (#811 ) (e187280 )
add index on user_id of mfa_factors (#1247 ) (6ea135a )
add log entries for pkce (#1068 ) (9c3ba87 )
add logic for apple oauth (f4f5062 )
add metadata to magic link (2529a5c )
add mfa cleanup (#1105 ) (f5c9afb ), closes #875
add mfa indexes (#746 ) (cb6a879 )
add MFA support (disabled by default) (#736 ) (940f582 ), closes #564 #643 #646 #624 #652 #660 #650 #655 #648 #649 #659 #682 #692 #696 #697 #698 #723 #726 #727 #728 #729 #730 #732 #733 #734 #691 #694 #740 #742 #737 #743 #745 #747 #751 #753 #752 #755 #756
Add new Kakao Provider (#834 ) (bafb89b ), closes /github.com/supabase/gotrue/issues/451#issuecomment-1101928384
add new Linkedin OIDC due to deprecated scopes for new linkedin applications (#1248 ) (f40acfe ), closes /github.com/supabase/gotrue/issues/1216#issuecomment-1688943690
add opentelemetry tracer and metrics (#679 ) (650fa3b )
add password hashing metrics (#769 ) (47adfef )
add phone auth & twilio provider (de87fd4 )
add PKCE (OAuth) (#891 ) (cf47ec2 )
add pkce recovery (#1022 ) (1954560 )
add pkce to email_change routes (#1082 ) (0f8548f )
add safe deferred closing (#945 ) (29c431f )
add SAML config (disabled by default) (#759 ) (91fa9bd )
add saml metadata force update every 24 hours (#1020 ) (965feb9 )
add soft delete option to admin delete endpoint (#489 ) (2a2f425 )
add sso pkce (#1137 ) (2c0e0a1 )
add steps to upload Docker image to ECR (2bfd871 )
add support for Twilio Verify (#1124 ) (7e240f8 )
add test OTP support for mobile app reviews (#1166 ) (2fb0cf5 )
add turnstile support (#1094 ) (b1d2f1c )
Adds a docker deployment (6017f34 )
adds ability auto-login users who receive account recovery email (3718106 )
adds ability to specify redirectURL on external authorize calls (9f9066e )
adds Discord external authentication provider (a8b708e )
adds supabase based admin endpoint authentication (012ed98 )
allow POST /verify to accept a token hash (#1165 ) (e9ab555 )
allow whatsapp channels with Twilio Verify (#1207 ) (ff98d2f )
allow more than one verified factor per user (#856 ) (47e4afc )
allow updating saml providers metadata_xml (#1096 ) (20e503e )
basic hcaptcha support (b5685fb )
complete OIDC support for Apple and Google providers (#1108 ) (aab7c34 )
deprecate and explicitly allow freeform ID token issuers (#934 ) (99df661 )
drop restriction that PKCE cannot be used with autoconfirm (#1176 ) (0a6f218 )
expose email address being sent to for email change flow (#1231 ) (f7308ad ), closes /github.com/supabase/supabase/blob/master/studio/stores/authConfig/schema/AuthProviders/AuthTemplatesValidation.tsx#L128
fix account linking (#1098 ) (93d12d9 )
fix empty string parsing for GOTRUE_SMS_TEST_OTP_VALID_UNTIL (#1234 ) (25f2dcb )
fix SAML metadata XML update on fetched metadata (#1135 ) (aba0e24 )
implement twitter oauth (7655b75 )
infer Mail in SAML assertion and allow deleting SSO user (#1132 ) (47ad9de )
initial fix for invite followed by signup. (#1262 ) (76c8eeb )
initial workos implementation (07fdc5d )
internalize implementation (#925 ) (1a52eb6 )
linkedin provider (#238 ) (786efee )
make dropping users_email_key backward compatible (#995 ) (aff2fe6 )
make phone data type alter backward compatible (#994 ) (551793e ), closes #489
Mask user existence on /recover (#534 ) (0d30743 )
modify email duplicate lookup to use identities (#826 ) (a31545f )
no email password resets for users with no email identity (#793 ) (21c37ed )
Normalize redirection URLs and globs (#535 ) (d6f4a2a )
PKCE magic link (#1016 ) (6fdad13 )
refactor password changes and logout (#1162 ) (b079c35 )
reinstate upgrade whatsapp support on Twilio Programmable Messaging to support Content API (#1266 ) (00ee75c )
Remove conf.Configuration and getConfig(ctx) (#609 ) (9381b73 )
Remove globalConfig.MultiInstanceMode and dependents (#606 ) (df62340 )
remove id_token flow with freeform provider (#927 ) (2646967 )
Remove IsSuperAdmin (#625 ) (30eeb38 )
remove SafeRoundTripper and allow private-IP HTTP connections (#1152 ) (773e45e )
remove duplicate add_identities_email_column migrations, reorder others (#863 ) (ed08260 )
remove flow state expiry on Magic Links (PKCE) (#1179 ) (caa9393 )
Remove remnants of getInstanceID(ctx) (#621 ) (be99cf2 )
remove saml beta warning (#1003 ) (794dab0 )
Remove SAML external provider (deprecated) (#607 ) (55bc7c6 )
Remove system user (deprecated) (#610 ) (04dbd6f )
remove unused API NewAPIFromConfigFile (#909 ) (f91a450 )
rename package to supabase from netlify (#947 ) (4f5c2f6 )
require different passwords on update (#1163 ) (154dd91 )
retrieve GitHub username via OAuth (a1f3d5c )
retrieving Twitter username (8730230 )
retry concurrent refresh token attempts (#1202 ) (d894012 ), closes #1190
return expires_at in addition to expires_in (#1183 ) (3cd4bd5 )
return SMS ID when possible (#1145 ) (02cb927 )
revert "remove id_token flow with freeform provider" (#933 ) (4d98e30 ), closes supabase/gotrue#927
saml: add not_after column to sessions table (not used) (#810 ) (8d7477a )saml: add SAML ACS handler (disabled by default) (#779 ) (ae83dce )saml: add SAML metadata endpoint (disabled by default) (#775 ) (41668b7 )saml: add session expiration (not after timestamp) support (disabled by default) (#812 ) (6c6d3ad )saml: add SSO authorization API (disabled by default) (#786 ) (fc6f58d )saml: add SSO/SAML admin endpoints (disabled by default) (#771 ) (273b41f )saml: add SSO/SAML migrations (#762 ) (437e683 )saml: add X.509 Distinguished Name to generated certificate (#801 ) (8d85788 )saml: remove unused features, small refactors (#846 ) (61c8eb8 )saml: return JSON response on POST /sso with optional JSON response (#800 ) (dfe9143 )serialized access to session in refresh_token grant (#1190 ) (a8f1712 )
set updated_at on refresh_tokens when revoking family (#1167 ) (bebd27a )
signs up user if not found on magic link request (0416cbb )
simplify token reuse algorithm (#1072 ) (9ee3ab6 )
support for whatsapp as a channel for sending OTPs (#981 ) (d0d079f )
switch to github.com/supabase/mailme package (#1159 ) (dbb9cf7 ), closes #870
update github.com/lestrrat-go/jwx/jwk to 1.2.25 (#926 ) (ff8ee5a )
update github.com/coreos/go-oidc/[email protected] (#1115 ) (23c8b45 ), closes #1108
update github.com/rs/cors to v1.9.0 (#1198 ) (27d3a7f )
update magiclink to include metadata (20500cd )
update migrations (8eee2f0 )
update to Go 1.19 (#770 ) (e6525ab )
upgrade whatsapp support on Twilio Programmable Messaging (#1249 ) (c58febe )
use otherMails with Azure (#1130 ) (fba1988 )
use template/text instead of strings.Replace for phone OTP messages (#1188 ) (5caacc1 )
use account linking algorithm (#829 ) (c709ed5 ), closes #792 #826
use proper ip address (#649 ) (a691197 )
use unique message IDs for emails to prevent grouping (#986 ) (aaf2765 )
Performance Improvements
Reverts
Revert "feat: upgrade whatsapp support on Twilio Programmable Messagi… (supabase#1263 ) (12bfe1e ), closes #1263 #1249
Revert "WorkOS provider: do not mark emails as verified" (6807ae5 )
Revert "WorkOS provider: fix tests by enabling autoconfirm" (bcb1d5a )
You can’t perform that action at this time.
