feat: add client id secret and refresh token rotation settings + fix CI issues

.circleci/config_continue.yml

@@ -5,6 +5,26 @@ orbs:
     slack: circleci/slack@3.4.2
     jq: circleci/jq@2.2.0
 
+parameters:
+    force:
+        type: boolean
+        default: false
+    cdi-core-map:
+        type: string
+        default: "{}"
+    cdi-plugin-interface-map:
+        type: string
+        default: "{}"
+    fdi-node-map:
+        type: string
+        default: "{}"
+    fdi-auth-react-map:
+        type: string
+        default: "{}"
+    fdi-website-map:
+        type: string
+        default: "{}"
+
 jobs:
     test-dev-tag-as-not-passed:
         docker:

.circleci/forceRunCI.sh

@@ -2,11 +2,11 @@ PAT=`cat .pat`
 auth=`echo "${PAT}:" | tr -d '\n' | base64 --wrap=0`
 branch=`git rev-parse --abbrev-ref HEAD`
 
-cdiCoreMap='{ "5.2": "feat/oauth-provider-base" }'
-cdiPluginInterfaceMap='{ "5.2": "feat/oauth-provider-base" }'
-fdiNodeMap='{ "3.1": "21.0", "4.0": "21.0" }'
+cdiCoreMap='{ "5.2": "feat/oauth/remaining-changes" }'
+cdiPluginInterfaceMap='{ "5.2": "feat/oauth/remaining-changes" }'
+fdiNodeMap='{ "3.1": "feat/add_clientId_secret_and_refreshTokenRotation_settings", "4.0": "feat/add_clientId_secret_and_refreshTokenRotation_settings" }'
 fdiWebsiteMap='{ "1.17": "20.1", "1.18": "20.1", "1.19": "20.1", "2.0": "20.1", "3.0": "20.1", "3.1": "20.1", "4.0": "20.1" }'
-fdiAuthReactMap='{ "3.1": "0.49", "4.0": "0.49" }'
+fdiAuthReactMap='{ "3.1": "0.48", "4.0": "0.48" }'
 
 data=`jq -cn --arg branch "$branch" \
   --arg cdiCoreMap "$cdiCoreMap" \

.circleci/setupAndTestBackendSDKWithFreeCore.sh

@@ -77,6 +77,7 @@ git checkout $coreTag
 sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
 sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
 sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
 
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag

.circleci/setupAndTestWithAuthReact.sh

@@ -73,6 +73,7 @@ git checkout $coreTag
 sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
 sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
 sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
 
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag

.circleci/setupAndTestWithFreeCore.sh

@@ -76,6 +76,7 @@ git checkout $coreTag
 sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
 sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
 sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
 
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag

.circleci/setupAndTestWithFrontend.sh

@@ -73,6 +73,7 @@ git checkout $coreTag
 sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
 sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
 sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
 
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag

CHANGELOG.md

@@ -27,16 +27,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     -   By setting this to true you can enable MFA flows (trying to connect to the session user)
     -   If set to false, the sign-in/up will be considered a first-factor
     -   Changed APIs:
+        -   `EmailPassword.signInPOST`
+        -   `EmailPassword.signUpPOST`
         -   `ThirdParty.signInUpPOST`
         -   `Passwordless.createCodePOST`
         -   `Passwordless.consumeCodePOST`
-        -   `Passwordless.consumeCodePOST`
+        -   `Passwordless.resendCodePOST`
     -   Changed functions:
+        -   `EmailPassword.signIn`
+        -   `EmailPassword.signUp`
         -   `ThirdParty.signInUp`
         -   `ThirdPary.manuallyCreateOrUpdateUser`
         -   `Passwordless.createCode`
         -   `Passwordless.consumeCode`
--   We no longer try to load the session if `shouldTryLinkingWithSessionUser` is set to false and overwriteSessionDuringSignInUp is set to true or left as the default value.
+-   We no longer try to load the session if `shouldTryLinkingWithSessionUser` is set to false.
 -   Changed the return type of `getOpenIdConfiguration` and `getOpenIdDiscoveryConfigurationGET`, and added the following props:
     -   authorization_endpoint
     -   token_endpoint