better-release[bot]
|
a6f38c72ee
|
chore: release v1.6.13 (#9804)
|
2026-05-31 12:41:17 +01:00 |
|
Gustavo Valverde
|
17ab66c3a4
|
fix(oauth-provider): enforce clientPrivileges on dynamic client registration (#9837)
|
2026-05-31 11:02:27 +00:00 |
|
Taesu
|
87c1a0cab2
|
fix(organization): allow null logo on create and update (#9842)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-31 10:58:24 +00:00 |
|
Gustavo Valverde
|
be32012ca3
|
fix(oauth): validate redirect_uri schemes in oidc-provider and mcp (#9838)
|
2026-05-31 11:38:52 +01:00 |
|
Taesu
|
5c3e248cbf
|
fix(core): throw on non-numeric deleteMany in consumeOne fallback (#9831)
|
2026-05-31 09:00:18 +00:00 |
|
Gustavo Valverde
|
4c3bbc4e56
|
fix(sso): update samlify to 2.13.1 for signed-assertion XML injection (#9821)
|
2026-05-30 23:58:05 +01:00 |
|
Gustavo Valverde
|
9c8ded67b1
|
docs(two-factor): mark viewBackupCodes as server-only in its API comment (#9822)
|
2026-05-30 23:52:38 +01:00 |
|
Gustavo Valverde
|
43c08a2bc7
|
fix(account): scope OAuth account identity and fix buggy internalAdapter helpers (#9818)
Co-authored-by: Krish Garg <kgarg@chapman.edu>
|
2026-05-30 20:48:10 +00:00 |
|
Taesu
|
23d7cbfa79
|
fix(oauth): apply updateUserInfoOnLink in OAuth callback link flow (#8758)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-30 19:48:38 +01:00 |
|
Gustavo Valverde
|
e24ddfd13b
|
fix(expo): persist large account cookies by chunking device storage (#9815)
|
2026-05-30 18:24:14 +01:00 |
|
Gustavo Valverde
|
d3919dc1a5
|
feat(account): support server-side accountInfo calls without session headers (#9813)
Co-authored-by: Nathan Colosimo <nathancolosimo@gmail.com>
|
2026-05-30 12:45:40 +01:00 |
|
Vishesh Verma
|
5f282bd382
|
fix(account): default storeStateStrategy to "database" when using secondaryStorage (#9591)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-30 11:05:28 +01:00 |
|
Taesu
|
e131d3ac5b
|
fix(api-key): verify non-default keys when configId is omitted (#9794)
|
2026-05-30 03:14:57 +00:00 |
|
better-release[bot]
|
c0c574ea50
|
chore: release v1.6.12 (#9590)
|
2026-05-29 22:28:58 +01:00 |
|
Gustavo Valverde
|
c5b9f93498
|
fix(generic-oauth): add accessTokenExpiresIn for providers that omit expires_in (#9799)
|
2026-05-29 20:49:59 +00:00 |
|
Maxwell
|
17cd433c66
|
fix(oauth-proxy): missing state-cookie skip for oauth-proxy (#9385)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-29 15:06:34 +00:00 |
|
Gustavo Valverde
|
c92cd74162
|
fix: URL-encode callbackURL in verify-email links (#9792)
|
2026-05-29 08:08:42 +00:00 |
|
Gustavo Valverde
|
0a7cb70647
|
fix(oauth): honor per-flow errorCallbackURL when state validation fails (#9789)
|
2026-05-28 23:24:40 +00:00 |
|
Gustavo Valverde
|
ac96316af3
|
fix(oauth): forward specific callback error codes via shared redirectOnError (#9788)
Co-authored-by: Gautam Manchandani <manchandanigautam@gmail.com>
|
2026-05-28 21:42:16 +00:00 |
|
James Jackson
|
a3b0c63de9
|
fix: accept hashed nonces for native iOS sign-in with Apple (#8870)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-28 12:35:09 +00:00 |
|
reslear
|
33a3632731
|
fix: hotfix passkey handle undefined transports (#9746)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
|
2026-05-28 01:11:45 +00:00 |
|
Daniel Müller
|
d64174ec86
|
fix(oauth-provider): hide DCR endpoint unless enabled (#9448)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-27 13:18:16 +00:00 |
|
Krish Garg
|
8401d11f43
|
fix(oauth-provider): serve path-prefixed issuer metadata aliases (#9668)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-27 12:38:27 +00:00 |
|
Rayan Salhab
|
7bf5449b11
|
fix(oauth2): map jose token verification errors (#9655)
Co-authored-by: cyphercodes <cyphercodes@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-27 09:45:02 +00:00 |
|
Maxwell
|
f6bf45123f
|
fix(api-key): add better-call as peer dependency to fix TS4023 declaration emit (#9759)
|
2026-05-27 00:05:31 +00:00 |
|
Maxwell
|
85ca603eec
|
fix: drizzle mixed and/or (#9756)
|
2026-05-26 14:08:11 +00:00 |
|
Taesu
|
8907c7df9c
|
fix(passkey): consume challenge atomically and propagate inner verify errors (#9622)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-24 23:40:52 +00:00 |
|
Taesu
|
83fa3695e7
|
feat(core): add string case conversion utilities (#9727)
|
2026-05-24 23:40:22 +00:00 |
|
Taesu
|
015f96bc63
|
fix(oauth-proxy): forward result.error verbatim in callback redirect (#9723)
|
2026-05-22 02:52:48 +00:00 |
|
Taesu
|
f47aa4aa96
|
fix(sso): url-encode error query value in OIDC callback redirect (#9722)
|
2026-05-22 02:52:32 +00:00 |
|
Taesu
|
43cc49c640
|
fix(open-api): emit unique operationIds for multi-method endpoints (#9721)
|
2026-05-22 01:16:56 +00:00 |
|
Taesu
|
23dbe1ad0e
|
fix: redirect hook rejections to errorCallbackURL across auth callback flows (#9702)
|
2026-05-22 00:14:48 +00:00 |
|
Krish Garg
|
5190c2658f
|
fix: fail fast on unsafe MySQL insert returns (#9665)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
|
2026-05-21 22:14:04 +00:00 |
|
Krish Garg
|
5626e1b437
|
fix: forward session cookie refresh headers (#9667)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-21 20:17:19 +00:00 |
|
Rayan Salhab
|
3f8f310a0f
|
fix(session): preserve real session expiry during stateless cache refresh (#8817)
Co-authored-by: cyphercodes <cyphercodes@users.noreply.github.com>
Co-authored-by: cyphercodes <7407177+cyphercodes@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-21 20:12:04 +00:00 |
|
Maxwell
|
2d73ffff44
|
fix(core): respect dynamic baseURL protocol option in getTrustedOrigins (#9644)
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
|
2026-05-19 19:27:09 +00:00 |
|
Maxwell
|
276d67fad5
|
fix: build synthetic user safely without including extra fields (#9347)
|
2026-05-19 17:17:54 +00:00 |
|
Maxwell
|
9d91eb77f5
|
fix: getMigration field index order (#9691)
|
2026-05-19 16:42:19 +00:00 |
|
Taesu
|
f77060af3a
|
fix: consumeVerificationValue returns null for expired rows (#9624)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-19 16:37:55 +00:00 |
|
Taesu
|
dcb2e6d29c
|
fix(cookies): percent-encode values on Cookie header serialize (#9631)
|
2026-05-19 16:35:44 +00:00 |
|
Taesu
|
f5e29eaf1e
|
fix(organization): wrap delete cascades in a transaction (#9630)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
2026-05-18 21:44:09 +00:00 |
|
Taesu
|
a6f144ad0a
|
fix(client): decode escape sequences in parseJSON quoted strings (#9617)
|
2026-05-18 18:45:39 +00:00 |
|
Taesu
|
1d372bbab9
|
fix(organization): reject invitation team ids containing a comma (#9616)
|
2026-05-18 18:41:32 +00:00 |
|
Taesu
|
09a1d50a80
|
fix: tighten changeEmail config gate and encode callbackURL (#9614)
|
2026-05-18 18:40:45 +00:00 |
|
Taesu
|
9bd53e191c
|
fix(access): reject empty action lists and continue "OR" evaluation on unknown resources (#9603)
|
2026-05-18 18:40:03 +00:00 |
|
Gustavo Valverde
|
e637c7d8ff
|
fix(deps): resolve dependabot security alerts (#9662)
|
2026-05-18 01:41:47 +00:00 |
|
Gustavo Valverde
|
62dabf6678
|
fix: harden URL and Stripe escaping (#9661)
|
2026-05-17 21:25:32 +00:00 |
|
Paola Estefanía de Campos
|
c01b2f1321
|
fix(two-factor): delete session cookie cache on 2fa response (#9639)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
|
2026-05-17 16:40:50 +00:00 |
|
Maxwell
|
f5fcc9d37f
|
fix(admin): export AdminClientOptions and OrganizationClientOptions (#9642)
|
2026-05-16 02:46:57 +00:00 |
|
Roman
|
db4263cd3d
|
chore: use correct auth cli (#9638)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
|
2026-05-16 02:27:55 +00:00 |
|