-
Fix auth refresh silent failure for React Native. This has been a slippery issue, if you use Convex Auth in a React Native app please let us know if this fixes for you.
-
Expose function reference types
SignInActionandSignOutActionfor the benefit of other client implementations (Svelte, Solid, etc.). As with all APIs in the library these are not stable and may change until this library reaches 1.0. -
Add a platform check in the recommended
ConvexAuthProvideruse for React Native in docs.
-
Add support for custom OAuth callback and sign-in URLs
-
Next.js middleware function
isAuthenticatedfails more loudly; previously it returned false in the case of a Convex backend that didn't expose an endpoint calledauth:isAuthenticated, now it throws an error. This should help people with the migration required for 0.0.76.
- Fix syntax of an import to work with convex-test.
-
BREAKING: A change in the logic for isAuthenticated for Next.js: it now involves a server-side check. Update your auth.ts file by adding a new
isAuthenticatedendpoint to the list of exported Convex functions, likeexport const { auth, signIn, signOut, store, isAuthenticated } = convexAuth(...If you're not using Next.js, you should still add this named export as it's the new suggested set of publicly exposed endpoints, but nothing should break if you don't.
-
Potentially breaking: For NextJS, switched to
path-to-regexp6.3.0 to avoid ReDoS vulnerability. That version, while protected from the vulnerability, has less expressive RegEx pattern support. If you are usingcreateRouteMatcherin middleware, it might not match some patterns that were previously available in the 0.7.x series. See the docs for supported patterns: https://www.npmjs.com/package/path-to-regexp/v/6.3.0. -
Upgraded to
@auth/core0.37.3. You may need upgrade @auth/core to "~0.37.3". -
Updated OAuth integration docs for supported providers (available at https://labs.convex.dev/auth/config/oauth).
- BREAKING:
convexAuthNextjsToken()andisAuthenticatedNextjs()now return promises so must beawaited. - Support for Next.js 15.
- Update convex peer dependency to ^1.17.0
- Fix to header propagation in Next.js middleware
- Update Password provider to separate password requirement validation from
custom profile information
- Breaking If using Password with a custom profile to enforce password
requirements, you must now implement
validatePasswordRequirements
- Breaking If using Password with a custom profile to enforce password
requirements, you must now implement
- Update implementation of refresh tokens reuse Note: After upgrading to
this version, downgrading will require migrating the
authRefreshTokenstable to drop theparentRefreshTokenIdfield. - Add configuration for cookie age in Next.js middleware
- Upgrade + pin
@auth/coreto 0.36.0 to avoid issues with mismatched types
- Fix bug with setting auth cookies on Next.js response
- Improve error handling when calling Convex auth functions from Next.js
- Add a 10s reuse window for refresh tokens
Note: After upgrading to this version, downgrading will require migrating
the authRefreshTokens table to drop the firstUsedTime field.
- Fix exported type for
signInfromconvexAuth
- [Next.js] Propagate auth cookies in middleware follow up
- Introduce
convexAuth.isAuthenticated()andconvexAuth.getToken()in favor ofisAuthenticatedNextJs()andconvexAuthNextJsToken()for middleware.
- [Next.js] Propagate auth cookies in middleware
- [Next.js] Match auth routes to proxy to Convex with and without trailing slash
- Add verbose logging to Next.js middleware
- Fix issue with re-entrant
fetchAccessTokenwith a mutex
Previous versions are documented in git history.