Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Commit

Permalink
Merge pull request #213 from stormpath/update-changelog
Browse files Browse the repository at this point in the history 
Update changelog
  • Loading branch information
@rdegges
rdegges committed Nov 30, 2015
2 parents 8abab6d + d357384 commit 1b6a8d5
Showing 1 changed file with 39 additions and 9 deletions.
48 changes: 39 additions & 9 deletions docs/upgrading.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ Version 1.0.6 -> Version 2.0.0
**Many changes needed!**

This is a **major release** in the life of this library. This release includes
tons of new features, refactorings, etc.
tons of new features, refactoring, etc.

To upgrade from **1.0.6**, please pay careful attention to the below notes.

Expand Down Expand Up @@ -191,14 +191,44 @@ This will enable the default *website* features this library provides:
- A registration page (`/register`).
- A logout route (`/logout`).

Session management has changed. We now issue OAuth access tokens and refresh
tokens when a user logs in with a username and password. These are stored in
the browser in HTTP-Only, Secure cookies. This means that we no longer need
a local cookie session mechanism, as the session is managed by Stormpath via
these tokens. Thus the ``secreyKey`` option has been deprecated, and the timeout
settings for cookies are now tied to the TTL settings of the Access Tokens and
Refresh Tokens. These can be modified on the OAuth Policy of your Stormpath
Application, which is easily accessible through your Stormpath Admin Console.
We'll now also automatically enable certain features (*like password reset and
account verification emails*) based on your Stormpath Directory settings. So,
if you've already configured your Stormpath Directory to enable the Account
Verification Workflow, no additional settings are required to make this work --
it'll just magically turn itself on =)

Furthermore, automatic expansion has changed.

Previously, you'd be able to enable Custom Data expansion, for instance, by
saying something like:

.. code-block:: javascript
stormpath.init(app, {
expandCustomData: true
});
You'll now list expansion options inside of an ``expansion`` option, like so:

.. code-block:: javascript
stormpath.init(app, {
expand: {
customData: true
}
});
The above also applies to all other expansion options.

Session management has also changed. We now issue OAuth access tokens and
refresh tokens when a user logs in with a username and password. These are
stored in the browser in HTTP-Only, Secure cookies. This means that we no
longer need a local cookie session mechanism, as the session is managed by
Stormpath via these tokens. Thus the ``secretKey`` option has been deprecated,
and the timeout settings for cookies are now tied to the TTL settings of the
Access Tokens and Refresh Tokens. These can be modified on the OAuth Policy
of your Stormpath Application, which is easily accessible through your
Stormpath Admin Console.

Next, we've disabled the `/oauth` endpoint we previously enabled by default. If
you want to enable this, with its default settings, you can now do the
Expand Down

0 comments on commit 1b6a8d5

Please sign in to comment.