🔐 nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started

This is patch release 0.4.4. It does not contain breaking changes. To use the new version follow the installation instructions:

# install the new release of `nuxt-auth`
npm i -D @sidebase/[email protected]

# install `next-auth` as a peer-dependency if you haven't already done so
npm i [email protected]

What's Changed

• feat: add option to configure sign in url by @BracketJohn in #288
• docs: fix property typo by @kashalls in #278
• docs: fix typo in signIn by @zerekw in #277
• docs: Added Vercel deployment guide by @zoey-kaiser in #282
• fix: use callWithNuxt wrapper in signOut by @trijpstra-fourlights in #284
• release: 0.4.4 by @BracketJohn in #289

New Contributors

• @kashalls made their first contribution in #278
• @zerekw made their first contribution in #277
• @trijpstra-fourlights made their first contribution in #284

Full Changelog: 0.4.3...0.4.4

🔐 nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started

This is patch release 0.4.3. It does not contain breaking changes. To use the new version follow the installation instructions:

# install the new release of `nuxt-auth`
npm i -D @sidebase/[email protected]

# install `next-auth` as a peer-dependency if you haven't already done so
npm i [email protected]

What's Changed

🚀 Enhancements

• Passed headers to getServerSession by @zoey-kaiser in #272

🩹 Fixes & Chores

• chore: removed Dependabot by @zoey-kaiser in #273
• release: 0.4.3 by @zoey-kaiser in #275

📝 Documentation

• docs: fixed a spelling error in the docs by @CodyBontecou in #262
• docs: added Laravel passport SSO example by @Jericho1060 in #264
• docs: Fix spelling of ressources to resources by @janhoogeveen in #251
• docs: added index page to resources by @zoey-kaiser in #274

All Commits

• Passed headers to getServerSession by @zoey-kaiser in #272
• chore: removed Dependabot by @zoey-kaiser in #273
• docs: fixed a spelling error in the docs by @CodyBontecou in #262
• docs: added Laravel passport SSO example by @Jericho1060 in #264
• docs: Fix spelling of ressources to resources by @janhoogeveen in #251
• docs: added index page to resources by @zoey-kaiser in #274
• release: 0.4.3 by @zoey-kaiser in #275

New Contributors

• @CodyBontecou made their first contribution in #262
• @Jericho1060 made their first contribution in #264
• @janhoogeveen made their first contribution in #251

Full Changelog: 0.4.2...0.4.3

🔐 nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started

This is patch release 0.4.2. It does not contain breaking changes. To use the new version follow the installation instructions:

# install the new release of `nuxt-auth`
npm i -D @sidebase/[email protected]

# install `next-auth` as a peer-dependency if you haven't already done so
npm i [email protected]

What's Changed

🩹 Fixes & Chores

• Fix: Make sure SessionRefreshPeriodically is run on client only by @vanling in #237
• chore(deps-dev): bump eslint from 8.33.0 to 8.34.0 by @dependabot in #232
• Release 0.4.2 by @zoey-kaiser in #250

📝 Documentation

• Documentation update: Update 4.custom-session-data.md by @jorgv in #206

New Contributors

• @jorgv made their first contribution in #206

Full Changelog: 0.4.1...0.4.2

🔐 nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started

This is patch release 0.4.1. It does not contain breaking changes. To use the new version follow the installation instructions:

# install the new release of `nuxt-auth`
npm i -D @sidebase/[email protected]

# install `next-auth` as a peer-dependency if you haven't already done so
npm i [email protected]

Checkout the 0.4.0 release notes for the recent, big changes released yesterday.

What's Changed

🩹 Fixes & Chores

• fix: make @nuxt/kit a direct dep by @BracketJohn in #222
• release: 0.4.1-alpha.0 by @BracketJohn in #223

📝 Documentation

• docs: better instructions for peer dep for non-npm package managers by @BracketJohn in #221

All Commits

• docs: better instructions for peer dep for non-npm package managers by @BracketJohn in #221
• fix: make @nuxt/kit a direct dep by @BracketJohn in #222
• release: 0.4.1-alpha.0 by @BracketJohn in #223

Full Changelog: 0.4.0...0.4.1

nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started

This is a minor release 0.4.0 because it:

• makes next-auth a peer dependency
• bumps nuxt to 3.1
• starts the switch from NextAuthHandler AuthHandler

In addition, this release includes a bunch of features & fixes 🚀

🚨 Breaking Changes

next-auth is a peer-dependency now, so with package managers other than npm you need to manually install it. So, to use the new version:

# install the new release of `nuxt-auth`
npm i -D @sidebase/[email protected]

# install `next-auth` as a peer-dependency
npm i [email protected]

See the full docs here: https://sidebase.io/nuxt-auth/getting-started

What's Changed

🚀 Enhancements

• feat: Make next-auth peer dep by @BracketJohn in #179
• feat: relax next auth requirements by @BracketJohn in #192
• feat: add the defaultProvider option by @IronicUsername in #164

🩹 Fixes & Chores

• fix: use route.matched to determine if 404 was hit by @BracketJohn in #201
• fix: #200 Refresh Token Rotation by @vanling @ayalon in #215
• fix: use route.matched to determine if 404 was hit by @BracketJohn in #201
• fix(getServerSession): avoid infinite middleware stack by @harlan-zw in #188
• fix: stub nitro plugin due to nuxt 3 upstream error by @BracketJohn in #191
• fix: all "nuxt instance is undefined" problems @BracketJohn in #190
• chore: bump next-auth to 4.18.8 by @BracketJohn in #181
• chore(deps-dev): bump eslint from 8.31.0 to 8.32.0 by @dependabot in #163
• chore: upgrade major nuxt dep to 3.1, fix related ts issues by @BracketJohn in #189
• chore: use string path to module by @danielroe in #198
• chore(deps-dev): bump eslint from 8.32.0 to 8.33.0 by @dependabot in #196
• chore(deps): bump nitropack from 2.1.0 to 2.1.1 by @dependabot in #211
• chore(deps-dev): bump eslint from 8.32.0 to 8.33.0 by @dependabot in #196
• release 0.4.0 by @BracketJohn in #182

📝 Documentation

• Fixed Docs Layout by @zoey-kaiser in #216
• Update 2.nuxt-config.md by @rannien in #208
• Fixed Discord invite link in Readme by @zoey-kaiser in #193

All Commits

• chore(deps-dev): bump eslint from 8.31.0 to 8.32.0 by @dependabot in #163
• Add defaultProvider by @IronicUsername in #164
• feat: use nuxt-auth and not next-auth as cookie name by @BracketJohn in #176
• Make next-auth peer dep by @BracketJohn in #179
• Revert "feat: use nuxt-auth and not next-auth as cookie name" by @BracketJohn in #180
• chore: bump next-auth to 4.18.8 by @BracketJohn in #181
• chore: upgrade major nuxt dep to 3.1, fix related ts issues by @BracketJohn in #189
• fix(getServerSession): avoid infinite middleware stack by @harlan-zw in #188
• fix: stub nitro plugin due to nuxt 3 upstream error by @BracketJohn in #191
• fix: replace all async composable calls with callWithNuxt calls by @BracketJohn in #190
• Fixed Discord invite link in Readme by @zoey-kaiser in #193
• chore: use string path to module by @danielroe in #198
• feat: relax next auth requirements by @BracketJohn in #192
• chore(deps-dev): bump eslint from 8.32.0 to 8.33.0 by @dependabot in #196
• fix: use route.matched to determine if 404 was hit by @BracketJohn in #201
• Fixed Docs Layout by @zoey-kaiser in #216
• Update 2.nuxt-config.md by @rannien in #208
• chore(deps): bump nitropack from 2.1.0 to 2.1.1 by @dependabot in #211
• #200 Refresh Token Rotation does not update cookie if called server s… by @vanling in #215
• Release 0.4.0 by @BracketJohn in #182

New Contributors

• @IronicUsername made their first contribution in #164
• @harlan-zw made their first contribution in #188
• @danielroe made their first contribution in #198
• @rannien made their first contribution in #208
• @vanling made their first contribution in #215

Full Changelog: 0.3.4...0.4.0

What's Changed

nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started.

This is release 0.3.4: There are no breaking changes in this release.

To use the new version:

npm i -D @sidebase/[email protected]

What's changed

🩹 Fixes & Chores

• basePath now correctly works for server- and non-server-routes #156
• release: 0.3.4 by @BracketJohn in #161

All Commits

• Fix base path by @BracketJohn in #156
• release: 0.3.4 by @BracketJohn in #161

New Contributors

• @dependabot made their first contribution in #146

Full Changelog: 0.3.3...0.3.4

nuxt-auth is an authentication package for Nuxt 3. It provides oauth sign-in, credential sign-in and magic-email sign-in flows. Read more: https://sidebase.io/nuxt-auth/getting-started.

This is release 0.3.3:

• there are no breaking changes in this release,
• there is one fixed CVE in this release

To use the new version:

npm i -D @sidebase/[email protected]

What's changed

There's a number of new features, fixes and docs-updates as well as one security-update.

🚀 Enhancements

• feat: make origin configurable at runtime by @BracketJohn in #140
• feat: do not protect 404 pages by default, add config option for this #136
• feat: unify and shorten all error messages #136
• ci: add smoketest to start playground and curl from it by @BracketJohn in #137
• docs: be clearer that catch-all name must be catch-all by @BracketJohn in #141
• docs: add a "error and warnings" page to document error codes & resolutions https://sidebase.io/nuxt-auth/ressources/errors #140

🩹 Fixes & Chores

• origin is correctly inferred and warning for it missing is correctly displayed #136
• resolve "nuxt instance undefined" by not using an async composables in auth middleware by @BracketJohn in #136
• resolve ERR_HTTP_HEADERS_SENT by @BracketJohn in #136
• attempt lazy auth-handler setup if getServerSession is called befor any auth endpoint @BracketJohn in #125
• chore: bump eslint and ufo by @BracketJohn in #126
• fix(middleware): redirect to signIn without using location.replace by @JoaoPedroAS51 in #127
• chore: update deps nuxt/kit and defu by @BracketJohn in #138
• provide type for disabling global auth middleware by @BracketJohn in #139
• chore(deps-dev): bump eslint from 8.30.0 to 8.31.0 by @dependabot in #146
• Release 0.3.3 by @BracketJohn in #147

🔒 Security

• resolve CVE-2022-46175 by @BracketJohn in #142
  • parse5 problem of the sub-dep @nuxt/kit
  • no impact on module-users: was only used in an internal build-step, not during production

All Commits

• Improve auth handler setup by @BracketJohn in #125
• chore: bump eslint and ufo by @BracketJohn in #126
• fix(middleware): redirect to signIn without using location.replace by @JoaoPedroAS51 in #127
• ci: add smoketest to start playground and curl from it by @BracketJohn in #137
• chore: update deps nuxt/kit and defu by @BracketJohn in #138
• feat: provide type for disabling global auth middleware by @BracketJohn in #139
• fix: do not use async composables in auth middleware by @BracketJohn in #136
• feat: make origin configurable at runtime by @BracketJohn in #140
• docs: be clearer that catch-all name must be catch-all by @BracketJohn in #141
• security: resolve CVE-2022-46175 by @BracketJohn in #142
• chore(deps-dev): bump eslint from 8.30.0 to 8.31.0 by @dependabot in #146
• Release 0.3.3 by @BracketJohn in #147

New Contributors

• @dependabot made their first contribution in #146

Full Changelog: 0.3.2...0.3.3

To use:

npm i -D @sidebase/[email protected]

This is a small follow-up release to 0.3.2 that attempts to fix a longer standing content-flash issue by faking a navigateTo. The full analysis for this problem can be seen in #100.

What's Changed

• fix: avoid content-flash of protected pages by faking a navigateTo (0568254)
• docs: improve getServerSession docs by showing how to pass along cookies during universal rendering by @BracketJohn in #124
• docs: point to sidebase as easy way to start (6980e15)

Full Changelog: 0.3.1...0.3.2

To use:

npm i -D @sidebase/[email protected]

Main impact of this release is:

1. Better Session typing: With this release Session typing is now correctly inferred thanks to @JoaoPedroAS51 in #115. This means that custom typing of the session will now work:

   import NextAuth, { DefaultSession } from "next-auth";
   
   declare module "next-auth" {
     interface Session {
       user: {
         /** The user's postal address. */
         address: string
       } & DefaultSession["user"]
     }
   }

   Then in code .address becomes available:
   

2. Fix redirect: false being ignored for signIn and signOut: There was a bug that effectively lead to redirect: false being ignored on signIn and signOut. This releases fixes this which in turn allows you to for example perform a custom signIn flow or handle sign in errors yourself. See the new documentation on this:
   

Commits

• fix: catch errors and retrieve their data on signIn, signOut by @BracketJohn in #122
• fix: use type Session from next-auth by @JoaoPedroAS51 in #115
• feat(playground): add example custom sign in page by @BracketJohn in #96
• feat(docs): cleanup readme, dont repeat same claim multiple times by @BracketJohn in #98
• fix(docs): finish intro sentence by @BracketJohn in #101
• fix(docs): Removed index page of docs from mobile sidebar by @zoey-kaiser in #105
• feat(docs): improve .default ts ignore by replacing it with ts expect error by @BracketJohn in #114
• feat(docs): state more clearly that this lib is for non-static libraries, state more clearly that next auth ressources can be used by @BracketJohn in #121

Full Changelog: 0.3.0...0.3.1

To use the new version:

npm i -D @sidebase/[email protected]

See the docs here: https://sidebase.io/nuxt-auth/getting-started

What's Changed

This release is a bigger one and contains some breaking things, which is why we go from 0.2 to 0.3. If you were already using 0.3.0-alpha.X you're fine and none of the below breaking changes apply to you.

In comparison to 0.2.x this release:

• feat: delegates auth- and session-lifecycle management to a plugin
• feat!: makes useSession sync based on this change: no more await in your setup code
• feat: adds lastRefreshedAt to the session properties to allow you to act based on this time
• feat!: adds a auth middleware, use it:
  • globally via the nuxt.config.ts: https://github.com/sidebase/nuxt-auth#global-middleware
  • locally via definePageMeta: https://github.com/sidebase/nuxt-auth#local-middleware
• feat!: getCsrfToken returns the token string directly, instead of an object that contains the token
• refactors the internal structure a bit: add utils/ folders, clean up some typing and comments

Breaking changes

1. feat!: makes useSession sync

useSession is now synchronous. The initial session is fetched via a plugin that is loaded on app-startup. In your app replace:

// 1. old way to get data and status without forcing auth
const { data, status } = await useSession({ required: false })

// 2. old way to force auth
await useSession()

with:

// 1. new way to get data and status without forcing auth
const { data, status } = useSession()

// 2. new way to force auth: there's 2
// - recommended: use middlewares, read on in breaking change number (2) below or in docs https://github.com/sidebase/nuxt-auth#middleware
// - possible to support old-style manual checks:
const { getSession } = useSession()
await getSession()

and you're good to go. Note that useSession will also not directly force a login anymore. This is instead done via the new authentication middleware, see the related change below at number (2).

2. feat!: adds a auth middleware

This is a new approach to page protection that works either globally for the whole app or locally for certain pages. Check out the docs on this here: https://github.com/sidebase/nuxt-auth#middleware

If you want to keep using the 0.2.x approach of writing protection middlewares yourself, you can do this as follows:

const { getSession } = useSession()

// This will trigger a redirect if not logged in, just as `await useSession()` used to do. Also supports same additional options like `callbackUrl`
await getSession({ required: true })  

3. feat!: getCsrfToken returns the token string directly, instead of an object that contains the token

The return of getCsrfToken changed:

// old
console.log(await getCsrfToken())
// outputs: { token: 'asdfjklasdhjklasdhjlasdjlasdjkljklasd' }


// new
console.log(await getCsrfToken())
// outputs: 'asdfjklasdhjklasdhjlasdjlasdjkljklasd'

Commites

• Make use session sync, use a plugin based approach for session fetching by @BracketJohn in #69

• fix: don't set loading to true on use getSession by @JoaoPedroAS51 in #75

• fix: nuxt instance unavailable by @BracketJohn in #78

• feat: add trustHost option and fallback to host if not in production by @JoaoPedroAS51 in #76

• docs: switch to docus, rework all docs, add more docs by @BracketJohn in #90

• docs: Fixed redirect link in docs by @zoey-kaiser in #92

• fix(middleware): redirect to signIn using location.replace by @JoaoPedroAS51 in #87

• Updated images in README.md by @zoey-kaiser in #93

• fix: use exact nextauth version to avoid breaking change by @BracketJohn in #94

• release: 0.3.0-alpha.1 by @BracketJohn in #73

• release: 0.3.0-alpha.2 by @BracketJohn in #79

• release: 0.3.0-alpha.3 by @BracketJohn in #80

• release: 0.3.0 by @BracketJohn in #95

New Contributors

• @JoaoPedroAS51 made their first contribution in #75

Full Changelog: 0.2.1...0.3.0