🚀 Features
- Add
auth.api.verifyPassword- by @SaviruFr and @himself65 in #6934 (0ff06) - anonymous: Delete anonymous user endpoint - by @ping-maxwell in #6377 (7d821)
- generic-oauth: Add
Gumroadlogin support - by @ptaberg and @himself65 in #7100 (01f84) - saml: Reject SAML responses containing multiple assertions - by @Paola3stefania and Alexander Asomba in #6836 (dbfb7)
- stripe: Enhance stripe plugin with organization customer support - by @bytaesu and Cmion in #7142 (11325)
🐞 Bug Fixes
- Filter null values from dynamic trusted origins - by @bytaesu and @himself65 in #7080 (2b514)
- Call hooks on
change-email-verificationflow - by @bytaesu in #7160 (c8adf) - Clean up expired rate-limit entries on memory storage - by @ping-maxwell in #7161 (b49c3)
- Set Location header on redirected responses - by @GautamBytes and @ping-maxwell in #6232 (b6488)
- anonymous:
- Prevent Convex cleanup from deleting fresh sessions - by @RodrigoRafaelSantos7 and @ping-maxwell in #5825 (b4efb)
- api-key:
- Remove strict length pre-check in
verifyApiKey- by @GautamBytes and @ping-maxwell in #6259 (e87f1)
- Remove strict length pre-check in
- core:
- Detect dual module error - by @himself65 in #7097 (ffa13)
- docs:
- Correct tos and policy types in oauth-provider - by @GautamBytes, Gautam Manchandani and @ping-maxwell in #7194 (456d3)
- email-otp:
- Call afterEmailVerification hook on verification - by @GautamBytes and Gautam Manchandani in #7121 (0b3d8)
- email-verification:
- Sending email verification of another user fails with EMAIL_ALREADY_VERIFIED - by @ping-maxwell in #7215 (a8994)
- mcp:
- one-tap:
- open-api:
- Correctly infer type for
ZodDefaultfields - by @MuzzaiyyanHussain and Taesu in #7150 (8f734)
- Correctly infer type for
- organization:
- passkey:
- Add error logs during client verification error - by @ping-maxwell in #7193 (a2470)
- prisma-adapter:
- Lift eq AND conditions to root so update detects unique where field - by @ping-maxwell in #7096 (7f618)
- stripe: