2.149.0 (2024-04-15)
- linkedin_oidc provider error (#1534) (4f5e8e5)
- revert patch for linkedin_oidc provider error (#1535) (58ef4af)
- update linkedin issuer url (#1536) (10d6d8b)
2.148.0 (2024-04-10)
2.147.1 (2024-04-09)
- add validation and proper decoding on send email hook (#1520) (e19e762)
- remove deprecated LogoutAllRefreshTokens (#1519) (35533ea)
2.147.0 (2024-04-05)
2.146.0 (2024-04-03)
- add custom sms hook (#1474) (0f6b29a)
- forbid generating an access token without a session (#1504) (795e93d)
- add cleanup statement for anonymous users (#1497) (cf2372a)
- generate signup link should not error (#1514) (4fc3881)
- move all EmailActionTypes to mailer package (#1510) (765db08)
- refactor mfa and aal update methods (#1503) (31a5854)
- rename from CustomSMSProvider to SendSMS (#1513) (c0bc37b)
2.145.0 (2024-03-26)
- add error codes (#1377) (e4beea1)
- add kakao OIDC (#1381) (b5566e7)
- clean up expired factors (#1371) (5c94207)
- configurable NameID format for SAML provider (#1481) (ef405d8)
- HTTP Hook - Add custom envconfig decoding for HTTP Hook Secrets (#1467) (5b24c4e)
- refactor PKCE FlowState to reduce duplicate code (#1446) (b8d0337)
- add http support for https hooks on localhost (#1484) (5c04104)
- cleanup panics due to bad inactivity timeout code (#1471) (548edf8)
- docs: remove bracket on file name for broken link (#1493) (96f7a68)
- impose expiry on auth code instead of magic link (#1440) (35aeaf1)
- invalidate email, phone OTPs on password change (#1489) (960a4f9)
- move creation of flow state into function (#1470) (4392a08)
- prevent user email side-channel leak on verify (#1472) (311cde8)
- refactor email sending functions (#1495) (285c290)
- refactor factor_test to centralize setup (#1473) (c86007e)
- refactor mfa challenge and tests (#1469) (6c76f21)
- Resend SMS when duplicate SMS sign ups are made (#1490) (73240a0)
- unlink identity bugs (#1475) (73e8d87)
2.144.0 (2024-03-04)
- add configuration for custom sms sender hook (#1428) (1ea56b6)
- anonymous sign-ins (#1460) (130df16)
- clean up test setup in MFA tests (#1452) (7185af8)
- pass transaction to
invokeHook, fixing pool exhaustion (#1465) (b536d36) - refactor resource owner password grant (#1443) (e63ad6f)
- use dummy instance id to improve performance on refresh token queries (#1454) (656474e)
- expose
providerunderamrin access token (#1456) (e9f38e7) - improve MFA QR Code resilience so as to support providers like 1Password (#1455) (6522780)
- refactor request params to use generics (#1464) (e1cdf5c)
- revert refactor resource owner password grant (#1466) (fa21244)
- update file name so migration to Drop IP Address is applied (#1447) (f29e89d)
2.143.0 (2024-02-19)
- deprecate hooks (#1421) (effef1b)
- error should be an IsNotFoundError (#1432) (7f40047)
- populate password verification attempt hook (#1436) (f974bdb)
- restrict mfa enrollment to aal2 if verified factors are present (#1439) (7e10d45)
- update phone if autoconfirm is enabled (#1431) (95db770)
- use email change email in identity (#1429) (4d3b9b8)
2.142.0 (2024-02-14)
2.141.0 (2024-02-13)
2.140.0 (2024-02-13)
- deprecate existing webhook implementation (#1417) (5301e48)
- update publish.yml checkout repository so there is access to Dockerfile (#1419) (7cce351)
2.139.2 (2024-02-08)
- improve perf in account linking (#1394) (8eedb95)
- OIDC provider validation log message (#1380) (27e6b1f)
- only create or update the email / phone identity after it's been verified (#1403) (2d20729)
- only create or update the email / phone identity after it's been verified (again) (#1409) (bc6a5b8)
- unmarshal is_private_email correctly (#1402) (47df151)
- use
patternfor semver docker image tags (#1411) (14a3aeb)