Skip to content

Commit

Permalink
4.0.0-beta.12 (#1848)
Browse files Browse the repository at this point in the history
  • Loading branch information
guabu authored Dec 18, 2024
1 parent 1e482a4 commit 5bd9a1e
Show file tree
Hide file tree
Showing 8 changed files with 17 additions and 56 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
### 1. Install the SDK

```shell
npm i @auth0/[email protected].11
npm i @auth0/[email protected].12
```

### 2. Add the environment variables
Expand Down
1 change: 1 addition & 0 deletions V4_MIGRATION_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -241,3 +241,4 @@ If you'd like to customize the `user` object to include additional custom claims
- All cookies set by the SDK default to `SameSite=Lax`
- `touchSession` method was removed. The middleware enables rolling sessions by default and can be configured via the [session configuration](https://github.com/auth0/nextjs-auth0/tree/v4?tab=readme-ov-file#session-configuration).
- `getAccessToken` can now be called in React Server Components.
- By default, v4 will use [OpenID Connect's RP-Initiated Logout](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0) if it's enabled on the tenant. Otherwise, it will fallback to the `/v2/logout` endpoint.
8 changes: 3 additions & 5 deletions e2e/test-app/pages/api/pages-router/update-session/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,9 @@ import type { NextApiRequest, NextApiResponse } from "next"

import { auth0 } from "@/lib/auth0"

type ResponseData =
| {}
| {
error: string
}
type ResponseData = {
error?: string
}

export default async function handler(
req: NextApiRequest,
Expand Down
18 changes: 9 additions & 9 deletions e2e/test-app/pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@auth0/nextjs-auth0",
"version": "4.0.0-beta.11",
"version": "4.0.0-beta.12",
"description": "Auth0 Next.js SDK",
"scripts": {
"build": "tsc",
Expand Down
32 changes: 0 additions & 32 deletions src/server/auth-client.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4007,38 +4007,6 @@ ca/T0LLtgmbMmxSv/MmzIg==
})
})
})

describe("allowInsecureRequests", async () => {
it("should now allow setting allowInsecureRequests when NODE_ENV is set to `production`", async () => {
process.env.NODE_ENV = "production"
const secret = await generateSecret(32)
const transactionStore = new TransactionStore({
secret,
})
const sessionStore = new StatelessSessionStore({
secret,
})
expect(
() =>
new AuthClient({
transactionStore,
sessionStore,

domain: DEFAULT.domain,
clientId: DEFAULT.clientId,
clientSecret: DEFAULT.clientSecret,

secret,
appBaseUrl: DEFAULT.appBaseUrl,

fetch: getMockAuthorizationServer(),
allowInsecureRequests: true,
})
).toThrowError(
"Insecure requests are not allowed in production environments."
)
})
})
})

const _authorizationServerMetadata = {
Expand Down
4 changes: 2 additions & 2 deletions src/server/auth-client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ export class AuthClient {
this.allowInsecureRequests = options.allowInsecureRequests ?? false

if (this.allowInsecureRequests && process.env.NODE_ENV === "production") {
throw new Error(
"Insecure requests are not allowed in production environments."
console.warn(
"allowInsecureRequests is enabled in a production environment. This is not recommended."
)
}

Expand Down
6 changes: 0 additions & 6 deletions src/server/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -152,12 +152,6 @@ export class Auth0Client {
if (protocol === "https:") {
cookieOptions.secure = true
}

if (process.env.NODE_ENV === "production" && !cookieOptions.secure) {
console.warn(
`The application's base URL (${appBaseUrl}) is not set to HTTPS. This is not recommended for production environments.`
)
}
}

this.transactionStore = new TransactionStore({
Expand Down

0 comments on commit 5bd9a1e

Please sign in to comment.