- d6a900c: bump dependencies for security update
- Updated dependencies [d6a900c]
- @logto/node@3.1.1
- f583d81: export logtoEventHandler
- Updated dependencies [8c352b5]
- @logto/node@3.1.0
- 1fb33d0: force bump for republish
- Updated dependencies [1fb33d0]
- @logto/node@3.0.3
- @logto/node@3.0.2
- 28bc32e: force bump for republish
- Updated dependencies [28bc32e]
- @logto/node@3.0.1
-
8bc63e0: fix the default value of customRedirectBaseUrl
Previously, it was set to '', which is not a valid value. Now the default value is removed because it's not a required value.
-
Updated dependencies [9fa75c6]
- @logto/node@3.0.0
-
4c51e3b: support sign in options
Add new option
signInOptions, see https://docs.logto.io/docs/references/openid-connect/authentication-parameters for more details.
- @logto/node@2.5.9
- Updated dependencies [8d0b058]
- @logto/node@2.5.8
-
5f4de8c: add support for secure cookie storage in Nuxt SDK and improve security handling
This is a breaking change that enhances security but requires manual configuration:
- Introduce new
cookieSecureconfiguration option to set whether Logto cookie should be secure - Remove automatic HTTPS detection based on Request URL and headers
- No longer trust
x-forwarded-protoor similar headers by default for security reasons
Previously, the SDK would automatically determine whether to use secure cookies based on the Request URL and headers. This automatic detection has been removed to prevent potential security vulnerabilities, especially in environments using reverse proxies or load balancers.
Now, users must explicitly configure the
cookieSecureoption based on their deployment environment. This change gives users more control and ensures that secure cookies are used only when explicitly configured.It's strongly recommended to set
cookieSecuretotruewhen using HTTPS, especially in production environments.Usage example:
// nuxt.config.ts export default defineNuxtConfig({ modules: ['@logto/nuxt'], logto: { cookieSecure: true, // Enable secure cookie in HTTPS environments }, });
- Introduce new
- 71f3b53: support custom redirect base url settings for nuxt SDK
- @logto/node@2.5.7
- @logto/node@2.5.6
- ea4555f: use warning to replace the error of empty configuration
- @logto/node@2.5.5
- @logto/node@2.5.4
-
eaa7836: use
trySafefor allcontext.logtoUsermethodsAll
context.logtoUsermethods now use thetrySafefunction to prevent errors from crashing the server. -
22f3555: remove commonjs export, fix non-default exports
- The CJS build generated by
@nuxt/module-builderonly exports the default export, causing issues for users who want to use named exports. - Nuxt stills uses the CJS build if certain fields are found, regardless of the
"type": "module"field inpackage.json. Since Nuxt 3 uses ESM by default, we just remove the CJS export to avoid confusion.
- The CJS build generated by
- @logto/node@2.5.3
-
3ba2e81: return undefined when fetchUserInfo failed
When
fetchUserInfois set totrue,useLogto()will callfetchUserInfoto get user info. IffetchUserInfofailed, it now returnsundefinedinstead of throwing an error.You can check the value of
userLogto()to see if the user is authenticated.
- @logto/node@2.5.2
- @logto/node@2.5.1
- Updated dependencies [957a1c9]
- @logto/node@2.5.0
- @logto/node@2.4.7
- @logto/node@2.4.6
- @logto/node@2.4.5
- 24d1680: fix: clear access token storage on sign-in
- Updated dependencies [24d1680]
- @logto/node@2.4.4
- Updated dependencies [76d113f]
- @logto/node@2.4.3
- @logto/node@2.4.2
- @logto/node@2.4.1
- 0675d61: fix test cases
- 329de84: fix import issues
- 15062aa: fix
defineEventHandler is not definederror` - 84621ba: fix typo in sample
- e0c0247: add nuxt sdk and playground