You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
@auth0/nextjs-auth0
Advanced tools
@auth0/nextjs-auth0 - npm Package Versions
a
auth0-ossChangelog
v4.9.0 (2025-08-01)
Added
- feat: Allow configuring transaction cookie maxAge #2245 (tusharpandey13)
- feat: Add flag to control parallel transactions #2244 (tusharpandey13)
- feat: add support for
withApiAuthRequiredhelper #2230 (guabu) - feat: add
withPageAuthRequiredfor server #2207 (guabu)
Fixed
- bugfix: respect path configuration when deleting cookies #2250 (tusharpandey13)
- bugfix: Clear cookies with the correct path when basePath is used #2232 (tusharpandey13)
- bugfix: Fix
clientAssertionSigningKeytype mismatch #2243 (tusharpandey13) - fix: correctly handle expired JWE's in cookies #2082 (frederikprijck)
Security
- chore: pin eslint-config-prettier and eslint-plugin-prettier versions to prevent malicious package installation #2239 (tusharpandey13)
a
auth0-ossChangelog
v4.8.0 (2025-07-03)
Added
- feat: Add alternate logout strategy #2203 (tusharpandey13)
- feat: add
withPageAuthRequiredfor protecting pages client side #2193 (guabu)
Fixed
- Use
max-age=0to delete cookie #2200 (guabu) - feat: update id_token when a new Access Token is fetched #2189 (tusharpandey13)
a
auth0-ossChangelog
v4.7.0 (2025-06-20)
Added
Fixed
- fix: typo in warning message #2169 (J-Amberg)
- fix: handle authorization code grant request errors #2175 (guabu)
- fix: Properly configure SDK to be distributed as ESM #2171 (frederikprijck)
- fix: consistently treat returnTo parameter as an absolute path #2185 (guabu)
Changed
- Export filterDefaultIdTokenClaims and update beforeSessionSaved docs #2119 (frederikprijck)
- return a 204 from the profile endpoint when unauthenticated (opt-in) #2159 (guabu)
- remove unnecessary error logs #2179 (guabu)
- Bump msw from 2.7.5 to 2.9.0 #2139 (dependabot)
- Bump msw from 2.9.0 to 2.10.2 #2153 (dependabot)
- Bump oauth4webapi from 3.5.1 to 3.5.2 #2154 (dependabot)
- Bump oauth4webapi from 3.5.2 to 3.5.3 #2177 (dependabot)
a
auth0-ossa
auth0-ossChangelog
v4.6.1 (2025-06-04)
Changed
- Bump codecov/codecov-action from 5.4.2 to 5.4.3 #2102 (dependabot[bot])
Fixed
- Fixes CVE-2025-48947
- Fix Missing idToken during Session Migration from v3 to v4 #2116 #2120 (KentoMoriwaki)
- fix(session): prevent accidental deletion of legacy-named session cookie #2114 (nandan-bhat)
- fix(client): add type-safe return for getAccessToken #2115 (nandan-bhat)
a
auth0-ossChangelog
v4.6.0 (2025-05-21)
Added
- feature/conditionally update session handleAccessToken #2054 (tusharpandey13)
- Add missing support for legacy chunked cookies #2071 (tusharpandey13)
Changed
- Update middleware combination example to prevent unintended backend execution #2076 (tusharpandey13)
Fixed
- Bugfix: Add clockTolerance to cookie decryption #2097 (tusharpandey13)
- Fix stacking transaction cookies #2077 (tusharpandey13)
a
auth0-ossChangelog
a
auth0-ossChangelog
v4.5.0 (2025-04-25)
Added
- Extensive Cookie Configuration #2059 (tusharpandey13)
- Allow refresh: true in getAccessToken() #2055 (tusharpandey13)
- Allow SWR mutation in useUser hook #2045 (tusharpandey13)
Changed
- Update README regarding access-token endpoint #2044 (frederikprijck)
Fixed
- Update tests for getAccessToken refresh flow #2068 (tusharpandey13)
- fix: make configuration validation not throw #2034 (tusharpandey13)
- feat: ensure cookie path is configurable #2050 (frederikprijck)
a
auth0-ossChangelog
v4.4.2 (2025-04-08)
Revert
- revert: fix: Properly configure SDK to be distributed as ESM #2046 (frederikprijck)
Fixed
- fix: Add id_token_hint on logout #2041 (frederikprijck)
a
auth0-ossChangelog
v4.4.1 (2025-04-03)
Fixed
- fix: Properly configure SDK to be distributed as ESM #2028 (frederikprijck)
- Fix broken links in jsdocs #2031 (frederikprijck)
- fix: Throw ConfigurationError when invalid Auth0Client configuration #2026 (tusharpandey13)