PKCE (Proof Key for Code Exchange)
The main feature of this release is PKCE support for 3rd-party OAuth flows of the Hanko API. When using Hanko with a mobile app, the oauth_state cookie might not be stored, so the thirdparty_oauth action now accepts a code_verifier. When the code_verifier ist set, the state cookie is optional, but the code_verifier is required when exchanging the Hanko token with the exchange_token action.
What's Changed
- fix: user verification on passkey creation by @lfleischmann in #2239
- fix: change module name corresponding to version by @FreddyDevelop in #2257
- fix: export the Claims type by @FreddyDevelop in #2268
- fix: check for SAML before email existence by @FreddyDevelop in #2270
- Feat oauth prompt by @FreddyDevelop in #2260
- PKCE OAuth flow by @FreddyDevelop in #2266
Full Changelog: backend/v2.1.1...backend/v2.2.0