🚀 Features
- Add
auth.api.verifyPassword- by @SaviruFr and @himself65 in #6934 (cf8ce) - anonymous: Delete anonymous user endpoint - by @ping-maxwell in #6377 (6b288)
- generic-oauth: Add
Gumroadlogin support - by @ptaberg and @himself65 in #7100 (d996c) - saml: Reject SAML responses containing multiple assertions - by @Paola3stefania and Alexander Asomba in #6836 (6f58c)
- stripe: Enhance stripe plugin with organization customer support - by @bytaesu and Cmion in #7142 (70f91)
🐞 Bug Fixes
- Filter null values from dynamic trusted origins - by @bytaesu and @himself65 in #7080 (506b1)
- Call hooks on
change-email-verificationflow - by @bytaesu in #7160 (aabbd) - Clean up expired rate-limit entries on memory storage - by @ping-maxwell in #7161 (04bee)
- Set Location header on redirected responses - by @GautamBytes and @ping-maxwell in #6232 (7109f)
- anonymous:
- Prevent Convex cleanup from deleting fresh sessions - by @RodrigoRafaelSantos7 and @ping-maxwell in #5825 (9715f)
- api-key:
- Remove strict length pre-check in
verifyApiKey- by @GautamBytes and @ping-maxwell in #6259 (9647f)
- Remove strict length pre-check in
- core:
- Detect dual module error - by @himself65 in #7097 (42920)
- docs:
- Correct tos and policy types in oauth-provider - by @GautamBytes, Gautam Manchandani and @ping-maxwell in #7194 (aa393)
- email-otp:
- Call afterEmailVerification hook on verification - by @GautamBytes and Gautam Manchandani in #7121 (837ee)
- email-verification:
- Sending email verification of another user fails with EMAIL_ALREADY_VERIFIED - by @ping-maxwell in #7215 (328d6)
- mcp:
- one-tap:
- open-api:
- Correctly infer type for
ZodDefaultfields - by @MuzzaiyyanHussain and Taesu in #7150 (65041)
- Correctly infer type for
- organization:
- passkey:
- Add error logs during client verification error - by @ping-maxwell in #7193 (6e67b)
- prisma-adapter:
- Lift eq AND conditions to root so update detects unique where field - by @ping-maxwell in #7096 (e2681)
- stripe: