Features

• callback: return always status code 401 on error (#4601) (4daa63d)
• middleware: support custom cookieName (#4385) (7d8cc70)
• middleware: support custom jwt.decode (#4210) (16622f6)
• provider: Add United Effects provider (#4546) (81afeef)
• providers: make issuer configurable on Salesforce (#4658) (358b80d)

Bugfixes

• middleware: use relative URL for sign-in page callbackUrl (#4534) (75602a3)
• ts: allow getToken in getServerSideProps (#4659) (e4ee520)
• ts: remove unused type (#4657) (0a7a916)
• ts: signIn infer provider type (#4623) (46089eb)
• handle invalid callbackUrl

Other

• signout: fix skipped test (#4484) (0b953bd)

Bugfixes

• client: add additional type (#4402) (9f40cd1)
• providers: profile types (#4202) (8288ae5)
• ts: handle NextRequest type (#4472) (fb4bbc3)
• allow react@18 as peer dependency
• loosen env variable URL fallback (#4443)

Other

• remove redundant and deprecated doc (#4475)

Bugfixes

• providers: add optional chaining to avoid nullish reference errors (#4365) (59daa0e)
• signin: set email sign-in input to "email" & "required"(#4352) (fd755bc)
• more strict default callback url handling
• Cleanup global __NEXTAUTH state after unmount (#4383)
• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• bump versions
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#4313)

Features

• deps: upgrade minimal peer dependency @upstash/redis@v1 (#4213) (3f396be)

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• bump versions

BREAKING CHANGES

• From now on, you will need a minimum version of @upstash/redis@v1 installed if you want to use this adapter.

You can upgrade by running npm i @upstash/redis@latest or yarn add @upstash/redis@latest

Features

• deps: upgrade minimal peer dependency @upstash/redis@v1 (#4213) (3f396be)

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)

BREAKING CHANGES

• From now on, you will need a minimum version of @upstash/redis@v1 installed if you want to use this adapter.

You can upgrade by running npm i @upstash/redis@latest or yarn add @upstash/redis@latest

Bugfixes

• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#4313)

Features

• adapters: simplify mikro-orm configuration (#4008) (e87d5a61)
• deps: drop mikro-orm <5 support (#3875) (7feda249)

Other

• adapters: code clean-up (0c0a070d)
• move adapters to monorepo (#3805)

BREAKING CHANGES

• With this release, we only support @mikro-orm/*@5

To migrate, run the following (replace the * with your driver):

npm install @mikro-orm/core@5 @mikro-orm/*@5

Check out the MikroORM v5 changelog for more details.

Bugfixes

• ts: make refresh_token nullable (#4064) (bc401657)

Other

• move adapters to monorepo (#3805)

Bugfixes

• deduplicate id, return correct updated data (#4082)

Other

• move adapters to monorepo (#3805)

Bugfixes

• ensure Prisma/MongoDB integration (#4083)

Other

• move adapters to monorepo (#3805)

Features

• providers: add BoxyHQ SAML provider (#3782) (001354e)

Bugfixes

• providers: fix BattleNet (163149b)
• providers: issuer instead of region (4234742)
• providers: refactor WorkOS to work in v4 (#3886) (caa9a17)
• ts: SignInAuthorisationParams -> SignInAuthorizationParams (#4072) (0a267d9)
• remove action from bad request response
• only warn when using Twitter + OAuth 2.0 (#4003)
• Switch BattleNet to OIDC (#4015)

Other

• deps: bump next from 12.0.9 to 12.1.0 (#4005) (b6bf236)
• add WorkOS to readme.md (#4091)
• fix providers overview page link in readme.md (#4079)
• disable coverage, fix dynamodb jest config
• enforce build before publish
• tweak Turbo
• Convert to monorepo (#3788)
• exclude tests from release artifact (#4011)
• add release script (#3891)
• separate build commands for core and app (#3845)
• move adapters to monorepo (#3805)
• monorepo 1 (#3804)

4.2.1 (2022-02-03)

Bug Fixes

• middleware: handle no argument case (#3799) (f7fc562)

4.2.0 (2022-02-03)

Bug Fixes

• core: only show Twitter OAuth 2 warning once (c9e16fb)
• providers: properly warn when using Twitter OAuth 2 (#3784) (a7d34f9)
• Allow React 18 as peer dependency (#3728) (1bf56a2)
• providers: Check for valid profile picture response before converting to base64 (#3656) (4824f8c)

Features

• core: detect NEXTAUTH_SECRET (#3783) (f20d679)
• middleware: introduce withAuth Next.js method (#3657) (f3be5e8)
• providers: add authentik provider (#3625) (a4d831d)
• providers: add Trakt provider (#3771) (844c9b1)
• react: add refetchOnWindowFocus option to SessionProvider (#3730) (af157da)
• ts: strongly type sign-in and error page errors (#3740) (53baf6d)

4.1.2 (2022-01-17)

Bug Fixes

• providers: use openid scopes by default (#3651) (5998526)

4.1.1 (2022-01-16)

Bug Fixes

• pass csrf & callbackUrl cookies in session api (#3607) (c844296)
• core: detect Vercel without NEXTAUTH_URL (#3649) (8139126)
• ts: match GoogleProfile interface with Google docs (#3643) (d1aa2a1)

4.1.0 (2022-01-10)

Bug Fixes

• display inline errors when using custom error page. (#3576) (82447f8)
• oauth: set httpOptions before issuer discovery (#3537) (c71cb84)
• providers: fix url and auth method for Kakao provider (#3501) (db65afe)
• providers: make Strava work again (#3520) (a09a75b)
• providers: refactor naver provider profile (#3500) (49e4af1)

Features

• better out-of-the-box id_token detection (#3514) (a0b3814)
• providers: add Patreon provider (#3581) (0510c9b)
• providers: add support to Twitter OAuth 2.0 (#3446) (90c7d53)

4.0.6 (2021-12-23)

Bug Fixes

• jwt: use authorization header as fallback (#3453) (87d0beb), closes #3452
• pages: remove default placeholder for credentials provider (#3451) (48749d7), closes #3449
• providers: refactor FusionAuth to v4 (#3376) (8b9a109)
• providers: use id_token by default on Okta provider (#3418) (2c269a6)
• providers: use idToken by default in Cognito provider (#3448) (d1d2d97)

4.0.5 (2021-12-08)

Bug Fixes

• properly handle callback URL fallback (#3402) (30a0fc6)

4.0.4 (2021-12-08)

Bug Fixes

• default to VERCEL_URL for callbackUrl (1c7fe57)

4.0.3 (2021-12-08)

Bug Fixes

• use VERCEL_URL by default for secureCookie (#3399) (59797bb)
• providers: convert 42 School profile id to string (#3351) (5ac688c)
• ts: improve types for encode/decode functions (#3346) (0431c2a)
• ts: typo in Auth0Profile interface (#3347) (8ea75f0)