2445 Commits

Author SHA1 Message Date
Paola Estefanía de Campos
b5bec193a5 fix(oauth): apply user input rules to provider profiles (#10196)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-26 04:06:54 +00:00
Maxwell
90d509e0b9 fix(adapter): fail closed on update misses (#10180)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-26 03:56:39 +00:00
Paola Estefanía de Campos
816d7f9252 fix(one-tap): apply configured Google hosted domain (hd) on the callback (#10197)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-26 03:56:20 +00:00
Bereket Engida
fa1e036ae7 fix(sso): validate SAML response binding against the Service Provider (#10226)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-26 03:07:43 +00:00
Bereket Engida
fcabaaffcb fix(sso): require DNS proof for every domain listed on a provider (#10227)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-26 02:49:15 +00:00
Gustavo Valverde
1bc370aef5 fix(siwe): reject sign-in when the provided email already belongs to another account (#10228) 2026-06-26 02:21:45 +00:00
Taesu
5f86c3bed7 docs: restore lubiah community adapter (#10230) 2026-06-25 13:44:27 -07:00
Maxwell
82cbbd6f1d docs: add missing disable-implicit-linking docs (#10218) 2026-06-25 10:59:14 +00:00
Taesu
5953157acf fix: harden forwarded client IP resolution (#10203)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-06-25 04:55:10 +00:00
Taesu
e7c8066cf1 docs: refine warning guidance across plugin docs (#10185) 2026-06-21 22:39:30 -07:00
moonevm
6e5f7e656b docs: fix the code block format on the Stripe plugin page (#10181) 2026-06-21 02:31:43 -07:00
moonevm
bdda5162f9 docs: remove extra spaces in documentation (#10174)
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
2026-06-20 22:48:59 -07:00
Roman Sirokov
58549652dd docs: fix open in markdown url (#10162) 2026-06-20 02:06:21 +00:00
Khairul Haziq
fb11c98930 fix(docs): add missing mode config to Drizzle bigint codegen (#10114) 2026-06-17 22:55:41 +10:00
Wilson Angelie Tan
3965752b5a fix(i18n): i18n en fallback and i18n documentation (#9872)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-06-16 20:51:48 +00:00
Gustavo Valverde
1e69725027 docs: clarify stateless Cognito token refresh (#10092) 2026-06-15 17:06:35 -07:00
Bereket Engida
2c8f925c48 docs: generate blog cover images from post titles (#10032)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-15 09:28:45 -07:00
Gustavo Valverde
36f345b1bc revert: fix: allow headerless get session checks (#10053) (#10074) 2026-06-15 00:10:22 -07:00
Tushar
d009daedc7 fix: allow headerless get session checks (#10053) 2026-06-15 06:14:34 +00:00
Maxwell
581f8271fb fix(last-login-method): include domain when clearing cross-subdomain cookies (#9319) 2026-06-13 11:52:33 +00:00
ElGauchooooo
b4b02660c7 feat(device-authorization): allow pre-binding device codes to a user (#9995)
Co-authored-by: Taesu <bytaesu@gmail.com>
2026-06-12 22:57:37 +00:00
Chris George
c1a8a64c14 fix(open-api): generate valid OpenAPI schemas for client generators (#9555)
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
2026-06-12 22:24:56 +00:00
Gautam Manchandani
729fd84034 fix(oauth-provider): canonicalize signed OAuth query params (#9941)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-06-12 15:17:00 +00:00
Taesu
def1624a13 docs(changelog): avoid false contributor avatars (#10019) 2026-06-12 01:18:52 -07:00
ZerGo0
029cbdc072 docs: update Apple client secret JWT guidance (#9938) 2026-06-11 17:54:44 -07:00
Jordan Kahtava
44a24ed948 docs: highlighted emailVerified requirement on manually inserted users (#9999) 2026-06-11 17:45:37 -07:00
Damien Maspero
e468ff37ce docs: update Node.js built-in SQLite status to Release Candidate (#9914) 2026-06-10 23:13:39 -07:00
Taesu
3e99e6c77e fix(admin): create credential account in setUserPassword when missing (#9482) 2026-06-11 05:36:55 +00:00
Taesu
6987c628f1 fix(cli): resolve SvelteKit, Vite asset, and Cloudflare virtual-module imports (#9834)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-06-11 01:06:43 +00:00
Prakash Kumar
128bc34572 docs: add horizontal scrolling to landing page code block (#9975) 2026-06-09 23:22:24 -07:00
Bereket Engida
cb1cbfa4cc fix: address bug findings across packages (#9974) 2026-06-09 19:46:12 -07:00
Gustavo Valverde
87e7aa5e0f fix(api): validate Origin/Referer on cookieless email sign-in and sign-up (#9973) 2026-06-10 01:43:41 +00:00
Paola Estefanía de Campos
afcb4dd7f3 docs(two-factor): document newSession is null during 2FA challenge (#9957) 2026-06-09 13:15:00 -07:00
Taesu
6a8dfa4f3e docs(changelog): show contributor avatars with proper size and styling (#9956) 2026-06-09 19:44:32 +00:00
Gustavo Valverde
d23735b1de feat(passkey): resolve authenticator name from AAGUID at read time (#9927)
Co-authored-by: Maxwell Weru <1645026+mburumaxwell@users.noreply.github.com>
2026-06-07 23:22:39 +00:00
Bereket Engida
ea64709ae6 docs: security update for June 2026 (#9884)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-06-07 14:41:58 -07:00
Kimaswa Emmanuel Yusufu
74c32fe56e docs: clarify organization-owned api keys also require a user (#9780)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-06-05 21:09:03 -07:00
Suliman Abdulrazzaq
f3396987a9 docs: add DBSC plugin documentation (#9892) 2026-06-05 18:58:50 -07:00
Decker
3bc7d09083 docs: restore Commet plugin documentation (#9798) 2026-06-04 20:46:46 +09:00
Taesu
17130ec6ef docs: mention minimal import option in installation guide (#9891)
Co-authored-by: Parship Chowdhury <parshipchowdhury@gmail.com>
2026-06-03 21:37:23 +00:00
Taesu
695753106d docs: update community adapters (#9881) 2026-06-03 09:11:14 +00:00
Gustavo Valverde
2d9781a83d fix(organization): split invitation verification gates (#9877) 2026-06-02 16:45:44 -04:00
Taesu
840a56a8ce docs(organization): document clearing logo with null (#9858) 2026-06-01 06:12:01 +00:00
Taesu
df9e8b2951 docs: align db adapter guide with adapter contract (#9830) 2026-05-31 09:01:50 +00:00
Gustavo Valverde
e8696388bf docs(oauth-provider): align metadata routing guidance (#9768) 2026-05-30 22:32:09 +01:00
Taesu
23d7cbfa79 fix(oauth): apply updateUserInfoOnLink in OAuth callback link flow (#8758)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-05-30 19:48:38 +01:00
Gustavo Valverde
d3919dc1a5 feat(account): support server-side accountInfo calls without session headers (#9813)
Co-authored-by: Nathan Colosimo <nathancolosimo@gmail.com>
2026-05-30 12:45:40 +01:00
Vishesh Verma
5f282bd382 fix(account): default storeStateStrategy to "database" when using secondaryStorage (#9591)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-05-30 11:05:28 +01:00
Taesu
e131d3ac5b fix(api-key): verify non-default keys when configId is omitted (#9794) 2026-05-30 03:14:57 +00:00
Gustavo Valverde
c5b9f93498 fix(generic-oauth): add accessTokenExpiresIn for providers that omit expires_in (#9799) 2026-05-29 20:49:59 +00:00