supertokens-web-js - npm Package Versions

[0.8.0] - 2023-09-25

Overview

Introducing account-linking

With this release, we are introducing AccountLinking, this will let you:

• link accounts automatically,
• implement manual account linking flows.

Check our guide for more information.

To use this you'll need compatible versions:

• Core>=7.0.0
• supertokens-node>=16.0.0 (support is pending in other backend SDKs)
• supertokens-website>=17.0.3
• supertokens-web-js>=0.8.0
• supertokens-auth-react>=0.35.0

Breaking changes

• Added support for FDI 1.18 (Node SDK>= 16.0.0), but keeping support FDI version1.17 (node >= 15.0.0, golang>=0.13, python>=0.15.0)
• User type has changed across recipes and functions: recipe specific user types have been removed and replaced by a generic one that contains more information
• createdNewUser has been renamed to createdNewRecipeUser
• createCode, consumeCode, createPasswordlessCode and consumePasswordlessCode can now return status: SIGN_IN_UP_NOT_ALLOWED
• signInAndUp and thirdPartySignInAndUp can now return new status: SIGN_IN_UP_NOT_ALLOWED
• sendPasswordResetEmail can now return status: "PASSWORD_RESET_NOT_ALLOWED"
• signIn and emailPasswordSignIn can now return SIGN_IN_NOT_ALLOWED
• signUp and emailPasswordSignUp can now return SIGN_UP_NOT_ALLOWED

Migration

New User structure

We've added a generic User type instead of the old recipe specific ones. The mapping of old props to new in case you are not using account-linking:

• user.id stays user.id
• user.email becomes user.emails[0]
• user.phoneNumber becomes user.phoneNumbers[0]
• user.thirdParty becomes user.thirdParty[0]
• user.timeJoined is still user.timeJoined
• user.tenantIds is still user.tenantIds

Checking if a user signed up or signed in

• When calling passwordless consumeCode / social login signinup APIs, you can check if a user signed up by:

    // Here res refers to the result the function/api functions mentioned above.
    const isNewUser = res.createdNewRecipeUser && res.user.loginMethods.length === 1;

• When calling the emailpassword sign up API, you can check if a user signed up by:

    const isNewUser = res.user.loginMethods.length === 1;

[0.7.3] - 2023-08-21

Fixes

• Fixed clientType usage in thirdpartypasswordless

[0.7.2] - 2023-08-07

Fixes

• Fixed clientType usage in thirdpartyemailpassword and thirdpartypasswordless

[0.7.1] - 2023-07-31

Changes

• Removed unused tenant id param from isEmailVerified and sendVerificationEmail requests

[0.7.0] - 2023-07-19

Added

• Multitenancy recipe
• Added an overrideable getTenantIdFromURL to multiple recipes
• Optional clientType config in the input for SuperTokens.init function, that is used by thirdparty and multitenancy recipes.

Breaking changes

• Only supporting FDI 1.17
• Backend SDKs have to be updated first to a version that supports multi-tenancy for thirdparty
  • supertokens-node: >= 15.0.0
  • supertokens-golang: >= 0.13.0
  • supertokens-python: >= 0.15.0
• In ThirdParty recipe,
  • Changed signatures of the functions getAuthorisationURLWithQueryParamsAndSetState
  • Removed functions - setStateAndOtherInfoToStorage, getAuthorisationURLFromBackend, generateStateToSendToOAuthProvider, verifyAndGetStateOrThrowError, getAuthCodeFromURL, getAuthErrorFromURL, getAuthStateFromURL
• In ThirdPartyEmailpassword recipe,
  • Changed signatures of the functions getAuthorisationURLWithQueryParamsAndSetState
  • Removed functions - setStateAndOtherInfoToStorage, getAuthorisationURLFromBackend, generateStateToSendToOAuthProvider, verifyAndGetStateOrThrowError, getAuthCodeFromURL, getAuthErrorFromURL, getAuthStateFromURL
• In ThirdPartyPasswordless recipe,
  • Changed signatures of the functions getThirdPartyAuthorisationURLWithQueryParamsAndSetState
  • Removed functions - setThirdPartyStateAndOtherInfoToStorage, getAuthorisationURLFromBackend, generateThirdPartyStateToSendToOAuthProvider, verifyAndGetThirdPartyStateOrThrowError, getThirdPartyAuthCodeFromURL, getThirdPartyAuthErrorFromURL, getThirdPartyAuthStateFromURL

Changes

• Updates dependencies and backend config for the vue with-thirdpartyemailpassword example app

Migration

Renamed parameters in getAuthorisationURLWithQueryParamsAndSetState

Before:

    const authUrl = await ThirdPartyEmailPassword.getAuthorisationURLWithQueryParamsAndSetState({
        providerId: "google",
        authorisationURL: `${websiteDomain}/auth/callback/google`,
    });

After:

    const authUrl = await ThirdPartyEmailPassword.getAuthorisationURLWithQueryParamsAndSetState({
        thirdPartyId: "google",
        frontendRedirectURI: `${websiteDomain}/auth/callback/google`,
    });

If the provider is redirecting to the backend directly (i.e.: Apple)

Before:

    const authUrl = await ThirdPartyEmailPassword.getAuthorisationURLWithQueryParamsAndSetState({
        providerId: "apple",
        authorisationURL: `${websiteDomain}/auth/callback/apple`,
    });

After:

    const authUrl = await ThirdPartyEmailPassword.getAuthorisationURLWithQueryParamsAndSetState({
        thirdPartyId: "apple",
        frontendRedirectURI: `${websiteDomain}/auth/callback/apple`,
        redirectURIOnProviderDashboard: `${apiDomain}/auth/callback/apple`
    });

[0.6.0] - 2023-03-14

Additions

• Re-export getGlobalClaimValidators function from supertokens-website
• Re-export PrimitiveArrayClaimConfig & PrimitiveClaimConfig from supertokens-website

Breaking changes

• Remove EmailVerificationClaimClass constructor's updateContextOnIsVerifiedFalse prop
• Update to web-js interface version
• Updated supertokens website dependency, which made SessionClaimValidator a type instead of an abstract class

[0.5.0] - 2023-02-01

Breaking changes

• Only supporting FDI 1.16
• Updated supertokens-website dependency that requires a backend SDK update to:
  • supertokens-node: >= 13.0.0
  • supertokens-python: >= 0.12.0
  • supertokens-golang: >= 0.10.0
• Renamed configuration options:
  • sessionScope renamed to sessionTokenFrontendDomain
  • cookieDomain renamed to sessionTokenBackendDomain

Added

• Added support for authorizing requests using the Authorization header instead of cookies
  • Added tokenTransferMethod config option
  • Check out https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information

[0.4.0] - 2023-01-19

Added

• Re-exporting cookieHandler, windowHandler and sessionClaimValidatorStore from supertokens-website.

Breaking Changes

• Updated website dependency, which added getWindowUnsafe to the WindowHandlerInterface. This function should return the raw window object.

[0.3.0] - 2022-10-17

Added

• Adding an interceptor for XMLHttpRequest by default upon initializing SuperTokens
• Marked addAxiosInterceptors as deprecated
• Request interception can now be disabled by adding superTokensDoNotDoInterception to the hash of the request (works as a queryparam as well)

Changes

• Make the UserRoleClaim and PermissionClaim never expire by default (you can still use the maxAgeInSeconds param of validators to check expiration)