Releases: Grenish/authrix
Release list
Authrix v2.1.0
Authrix Release Notes — API Simplification & Critical Bug Fixes
This release delivers major stability improvements, critical bug fixes, and the first phase of our Email Services API and Core Auth API simplification.
It focuses on unifying duplicate code paths, fixing security-sensitive issues, and improving developer experience, while preserving backward compatibility via shims and one‑time warnings.
Highlights
🔒 Critical Security & Stability Fixes
- Password Pepper Stability (Dev/Test) — Pepper now deterministically derived from
JWT_SECRETif env pepper missing, preventing post‑restart sign‑in failures during development. Production still requires explicitAUTHRIX_PASSWORD_PEPPER. - Hashed Passwords for SSO Users — Random passwords generated for SSO accounts are now securely hashed before DB storage; user records also track
authMethodandauthProvider. - PostgreSQL Schema Updates —
full_nameandprofile_picturecolumns (plus optionalauth_methodandauth_provider) added to match Mongo adapter and persist extra profile fields. - Cookie Unit Normalization — Fixed
maxAgeseconds/milliseconds mismatch inSet-Cookieheaders for predictable expiry across frameworks. - Middleware Signature Validation — Structural JWT checks now enforce signature verification if secret configured.
📧 Email Services API Unification
- Single
EmailServiceRegistryreplaces multiple registries;setDefault()ensures consistent default resolution. - New explicit initialization:
initEmailServices({ defaultEmailService: 'resend', providers: { resend: {...}, sendgrid: {...} } })
- Normalized types (
SendEmailOptions,EmailMetadata,EmailServiceCapabilities) and environment validation across providers. - Side‑effect–free imports (no auto‑init) for cleaner application bootstraps.
⚙️ Core Auth API Consolidation
- New grouped namespace:
auth.actions(signup, signin, logout)auth.session(getUser, isAuthenticated)auth.handlers(factory route handlers)
- Legacy flat exports remain with one‑time deprecation warnings; full migration doc provided.
Developer Experience Improvements
- Reduced inline comment noise; concise TSDoc added for public APIs to improve IDE hover help.
- Deterministic default email service selection (
resend > sendgrid > gmail > smtp > console) when only environment configuration provided. - Centralized registry and cookie helpers reduce configuration complexity.
Migration Notes
- Email: Prefer
initEmailServices()or pass email config viainitAuth(). LegacyinitializeEmailServicescalls still work but warn. - Auth Actions: Update imports to
auth.actions.*andauth.session.*where possible. Old Next/App/Pages-specific exports map directly. - PostgreSQL: Apply provided
ALTER TABLEsnippet to add missing columns for profile and auth method/provider fields. - Env Vars: Set
AUTHRIX_PASSWORD_PEPPER(required in prod) andJWT_SECRET. In dev, missing pepper falls back to deterministic derivation.
Status
- Critical fixes complete for pepper stability, SSO hashing, Postgres fields, cookie expiry, and JWT signature enforcement.
- Email and core API unification Phase 1 complete; shims ensure non-breaking transition.
- Upcoming: Enhanced provider diagnostics, logging unification, rolling session refresh option, and migration doc for API simplification.
Recommended Action:
Upgrade promptly to benefit from security and stability fixes. Apply the Postgres migration if applicable, update environment variables, and begin transitioning to the unified auth and initEmailServices APIs.
Authrix v2.0.3
-
New Features
- Major password/security utilities added: Argon2-first hashing, verification with transparent rehash, policy-driven validation, secure password generator, rehash detection, and rate-limiting/pepper protections. Public APIs now expose these helpers.
- Sign-in now transparently upgrades stored password hashes when supported.
-
Tests
- Expanded password/security test suite and added test helpers.
- New test scripts: security and performance.
-
Chores
- Version bump to 2.0.3; added argon2 dependency.
Authrix v2.0.2
What's Changed
-
New Features
- Unified SSO URL generation across providers, plus helpers to fetch single or all auth URLs and handle callbacks.
- Flexible Next.js auth helpers that work across App Router, Pages, and Middleware.
- Added a universalAuth aggregator for framework-agnostic auth operations.
-
Refactor
- Standardized cookie handling and token extraction; safer encoding/decoding.
- Centralized React API calls with consistent error handling; clearer universal auth error messages.
-
Documentation
- Added contributor instructions and best practices.
-
Chores
- Introduced a post-build trim to reduce package size; version bumped to 2.0.2.
-
Package Size Optimization
- Reduced the package size from 117.5 kB to 106.5 kB, achieving an approximate 9.36% decrease.
- Reduced the unpacked size from 497.9 kB to 438.8 kB, resulting in an approximate 11.87% decrease.
Authrix v2.0.1
-
New Features
- Added Prisma adapter.
- Expanded SSO: Apple, Discord, Facebook, LinkedIn, X, plus enhanced Google/GitHub.
- Introduced SMS-based 2FA and multiple email services (Gmail, SendGrid, Resend, SMTP, Console) with discovery.
- Next.js: ready-to-use API handlers and flexible helpers.
- Upgraded signup/signin/logout, session APIs, and cross‑framework auth middleware.
- Rebuilt Forgot Password with 2FA and rate limiting.
-
Improvements
- Mongo/PostgreSQL adapters support fullName/profilePicture and clearer duplicate handling.
- Centralized email verification with resend and cleanup utilities.
- Streamlined OAuth exports and utilities.
-
Chores
- Removed legacy example endpoints/components.
- Bumped version to 2.0.1.
Authrix v2.0.0
Bug Fixes
- Enhanced validation for email and username uniqueness.
- Standardized normalization across authentication adapter
New Features
- PostgreSQL Support: Added comprehensive PostgreSQL adapter with support for 2FA, user profile fields, and credential validation.
- 2FA & Email Verification: Full two-factor authentication and verification flows implemented, compatible with Gmail, Resend, SendGrid, SMTP, and CLI-based mailing.
- SSO (Single Sign-On): Integrated Google and GitHub OAuth with Express and Next.js middleware helpers.
- Forgot Password: Implemented secure password recovery via code-based and temporary password strategies.
- Extended User Schema: Optional support for username, first name, and last name fields.
Documentation
- Major documentation overhaul: added in-depth guides for 2FA, SSO, PostgreSQL adapter, and Express/Next.js integration.
- Expanded the README to serve as a full manual.
Refactor
- Deprecated and removed Firebase and Supabase adapter support, along with associated tests and dependencies.
- Reorganized export structure and utility functions for SSO, password recovery, and Next.js usage.
Chores
- Updated TypeScript configuration for better module isolation and performance.
- Synchronized peer dependencies with updated provider implementations.
What's Changed
Full Changelog: prod...factor-auth
authrix v1.0.4
- Secure JWT Authentication
- HttpOnly Cookie Support
- Flexible Middleware
- Fixed NextJs detection
- Fixed edge runtime error
- Optimized api endpoints
- Minimize the bundle size
What's Changed
New Contributors
Full Changelog: https://github.com/Grenish/authrix/commits/prod