Tinyauth v2.0.0

Hello everyone, this is an unexpected breaking release and that's because of a typo I made in the environment variables. The major change is that the WHITELIST environment variable is not OAUTH_WHITELIST. I also decided to change the email/password back to username/password because there was no reason to keep an email. The security has also been upgraded since now the OAuth token is not stored on the client anymore.

Migration guide

To migrate you can just change the WHITELIST environment variable to OAUTH_WHITELIST and everything will work correctly. You can also change all your emails back to usernames if you prefer username/password but tinyauth won't stop you from using an email as a username.

Full changelog

Here is the full changelog:

New features

• New SECRETS_FILE (--secrets-file) environment variable allowing you to use a file to store the app secret.
• New GITHUB_CLIENT_SECRET_FILE (--github-client-secret-file) environment variable allowing you to use a file to store the secret.
• New GOOGLE_CLIENT_SECRET_FILE (--google-client-secret-file) environment variable allowing you to use a file to store the secret.
• New GENERIC_CLIENT_SECRERT_FILE (--generic-client-secret-file) environment variable allowing you to use a file to store the secret.
• New LOG_LEVEL (--log-level) environment variable allowing you to use debug log level for verbose logging.

Improvements

• OAuth token is only used to obtain the user email address and it is not stored on the client.
• Login screen allows you to use non-email values.
• Cookie logic has been rewritten to use the cookie store correctly.
• Debug logs have been added everywhere in the app to make debugging easy.
• Users are not a requirement when using OAuth.
• User parsing has been rewritten.

Fixes

• Fix the WHITELIST environment variable not matching with the --oauth-whitelist flag.

If you come across any bugs or issues please let me know so I can fix them as soon as possible.