nhost

Patch Changes

• @nhost/[email protected]

Patch Changes

• 7b23d33: Clean refreshToken and type from the url when the user is already signed in

Patch Changes

• 7b23d33: Get the refresh token in the right place in the url
  Hasura-auth puts the refresh token in the url as refreshToken, but it is not stored using the same key in localStorage / the cookie. This fix makes the right correspondance between the two.
  • @nhost/[email protected]
  • @nhost/[email protected]

Patch Changes

• @nhost/[email protected]

Patch Changes

• Updated dependencies [7b23d33]
  • @nhost/[email protected]

Minor Changes

• 616e320: Remove refreshToken from the url when autoSignIn is set
  On startup, when the autoSignIn option is set to true, the client now removes it from the URL when the page loads.
• 1ce55c5: Add new hooks: useDecodedAccessToken(), useHasuraClaims(), and useHasuraClaim(name: string)
• 616e320: Look for the refresh token both in the query parameters and in the hash
  Until now, after redirecting from an email, Hasura-auth puts refresh tokens in the hash part of the url. It is a problem when using SSR as the hash is not accessible to the server. This behaviour is likely to change. As a result, the client now parses both the hash and the query parameters of the url.
  See this issue to keep track of the progress on Hasura-auth.

Patch Changes

• 49545c0: Remove filtering of useLayoutEffect from logs
  The suppressConsoleMessage method was meant to suppress incorrect useLayoutEffect messages raised on Nextjs server-side renderings. Its implementation had an impact on the normal functionning of logging (see #447).
  This filtering was necessary when using former versions of xstate and can now be removed.
• b52b4fc: Bump xstate to latest version (4.31.0)
• Updated dependencies [d49b837]
  • @nhost/[email protected]

Minor Changes

• 616e320: Remove refreshToken from the url when autoSignIn is set
  On startup, when the autoSignIn option is set to true, the client now removes it from the URL when the page loads.
• 53f5226: Capture hasura-auth errors from the url
  When using social providers (Oauth) or email links, Hasura-Auth adds potential error codes and messages to the url.
  When the Nhost client loads, it now reads these errors and stores them in the authentication state.
• 616e320: Look for the refresh token both in the query parameters and in the hash
  Until now, after redirecting from an email, Hasura-auth puts refresh tokens in the hash part of the url. It is a problem when using SSR as the hash is not accessible to the server. This behaviour is likely to change. As a result, the client now parses both the hash and the query parameters of the url.
  See this issue to keep track of the progress on Hasura-auth.

Patch Changes

• 616e320: Improve startup
  When autoSignin was active, the client was fetching the refresh token twice on startup. This behaviour has been corrected.
• b52b4fc: Rename AuthClientSSR to AuthCookieClient
AuthClientSSR has been renamed to AuthCookieClient and is now deprecated
• b52b4fc: Bump xstate to latest version (4.31.0)

Minor Changes

• 1ce55c5: Add auth.getDecodedAccessToken(), auth.getHasuraClaims(), and auth.getHasuraClaim(name: string)

Patch Changes

• b52b4fc: Bump xstate to latest version (4.31.0)
• d49b837: Rename autoLogin to autoSignIn, and deprecate autoLogin
  Thourought Nhost, we use the term sign in rather than login. This version reflect this terminology in the NhostClient options
• Updated dependencies [b52b4fc]
  • @nhost/[email protected]

Patch Changes

• d49b837: Rename autoLogin to autoSignIn, and deprecate autoLogin
  Thourought Nhost, we use the term sign in rather than login. This version reflect this terminology in the NhostClient options
• Updated dependencies [d49b837]
  • @nhost/[email protected]

Patch Changes

• b52b4fc: Bump xstate to latest version (4.31.0)
• Updated dependencies [b52b4fc]
  • @nhost/[email protected]

Patch Changes

• Updated dependencies [b52b4fc]
  • @nhost/[email protected]
  • @nhost/[email protected]

Minor Changes

• b52b4fc: Introduce createServerSideNhostClient
  Until now, the Nhost client was not functionning correctly on the server side.
  The createServerSideNhostClient can be called inside the getServerSideProps function of a page.
  When called, it will try to get the refesh token in cookies, or from the request URL.
  If a refresh token is found, it uses it to get an up to date access token (JWT) and a user session
  This method returns a promise of an NhostClient and resolves only when the authentication status is known eventually.

  getNhostSession now uses the above method under the hood to extract the user session and hydrate the NhostClient context on the client side.

• 616e320: Look for the refresh token both in the query parameters and in the hash
  Until now, after redirecting from an email, Hasura-auth puts refresh tokens in the hash part of the url. It is a problem when using SSR as the hash is not accessible to the server. This behaviour is likely to change. As a result, the client now parses both the hash and the query parameters of the url.
  See this issue to keep track of the progress on Hasura-auth.

Patch Changes

• 49545c0: Remove filtering of useLayoutEffect from logs
  The suppressConsoleMessage method was meant to suppress incorrect useLayoutEffect messages raised on Nextjs server-side renderings. Its implementation had an impact on the normal functionning of logging (see #447).
  This filtering was necessary when using former versions of xstate and can now be removed.
• b52b4fc: Bump xstate to latest version (4.31.0)
• Updated dependencies [d49b837]
  • @nhost/[email protected]
  • @nhost/[email protected]

Patch Changes

• Updated dependencies [aa1fdf6]
  • @nhost/[email protected]

Patch Changes

• aa1fdf6: Fix refreshSession

Patch Changes

• @nhost/[email protected]
• @nhost/[email protected]

Patch Changes

• @nhost/[email protected]

Patch Changes

• @nhost/[email protected]
• @nhost/[email protected]

Patch Changes

• 5ee395e: Ensure the session is destroyed when signout is done
  The user session, in particular the access token (JWT), was still available after sign out.
  Any information about user session is now removed from the auth state as soon as the sign out action is called.

• e0cfcaf: fix and improve nhost.auth.refreshSession
nhost.auth.refreshSession is now functional and returns possible errors, or the user session if the token has been sucessfully refreshed.
  If the user was previously not authenticated, it will sign them in. See #286

• 7b7527a: Improve reliability of the token refresher
  The token refresher had an unreliable behaviour, leading to too many refreshes, or refreshes that are missed, leading to an expired access token (JWT).

  The internal refresher rules have been made more explicit in the code. Every second, this runs:

  • If the client defined a refreshIntervalTime and the interval between when the last access token has been created and now is more than this value, then it triggers a refresh
  • If the access token expires in less than five minutes, then it triggers a refresh

  If a refresh fails, then it switches to a specific rule: it will make an attempt to refresh the token every five seconds

Patch Changes

• 5ee395e: Ensure the session is destroyed when signout is done
  The user session, in particular the access token (JWT), was still available after sign out.
  Any information about user session is now removed from the auth state as soon as the sign out action is called.
• e0cfcaf: fix and improve nhost.auth.refreshSession
nhost.auth.refreshSession is now functional and returns possible errors, or the user session if the token has been sucessfully refreshed.
  If the user was previously not authenticated, it will sign them in. See #286
• Updated dependencies [5ee395e]
• Updated dependencies [e0cfcaf]
• Updated dependencies [7b7527a]
  • @nhost/[email protected]

Patch Changes

• Updated dependencies [5ee395e]
  • @nhost/[email protected]
  • @nhost/[email protected]