All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added new FDI version support: 3.1, 4.0
- Adds support for debug logs using a
debug
option in the init() method of the SDK.
- Removed redundant calls to
removeToken
- Fixed the session refresh loop in all the request interceptors that occurred when an API returned a 401 response despite a valid session. Interceptors now attempt to refresh the session a maximum of ten times before throwing an error. The retry limit is configurable via the
maxRetryAttemptsForSessionRefresh
option.
- Adds FDI 2.0 and 3.0 to the list of supported versions
- Fixed missing payload encoding conversion (from UTF-8 to UTF-16)
The shouldDoInterceptions
function now returns true:
- If
sessionTokenBackendDomain
is a valid subdomain of the URL's domain. This aligns with the behavior of browsers when sending cookies to subdomains. - Even if the ports of the URL you are querying are different compared to the
apiDomain
's port ot thesessionTokenBackendDomain
port (as long as the hostname is the same, or a subdomain of thesessionTokenBackendDomain
): supertokens/supertokens-website#217
- Relaxes dependency on
http
to be anything below2.0.0
- New FDI version support: 1.19
- Added Dio extension for interceptor setup
- Updated the mutex package to version ^3.1.0
- Updated the dio package to version ^5.0.0
- Adds 1.18 to the list of supported FDI versions
- Fixes an issue where requests to the refresh endpoint would always send auth mode as cookies in the headers for http
- Updates supported FDI versions to include
- Updates package dependencies to use ranges for
shared_preferences
andhttp
- Fixed an issue where the Authorization header was getting removed unnecessarily
- Refactors session logic to delete access token and refresh token if the front token is removed. This helps with proxies that strip headers with empty values which would result in the access token and refresh token to persist after signout
- Adds tests based on changes in the session management logic in the backend SDKs and SuperTokens core
- Moved
SuperTokensTokenTransferMethod
from utilities to supertokens for cleaner imports
- Fixes an issues that caused reference documentaiotn regeneration to fail
- Properties passed when calling SuperTokens.init have been renamed:
cookieDomain
->sessionTokenBackendDomain
userDefaultdSuiteName
-> removed (unused variable)
- The SDK now supports managing sessions via headers (using
Authorization
bearer tokens) instead of cookies - A new property has been added when calling SuperTokens.init:
tokenTransferMethod
. This can be used to configure whether the SDK should use cookies or headers for session management (header
by default). Refer to https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information
- Added fix for dio Interceptors
Bad State: Future already completed
error
- Updates dependency declaration to support correct minor versions of packages
- The SDK now only supports FDI version 1.16
- The backend SDK should be updated to a version supporting the header-based sessions!
- supertokens-node: >= 13.0.0
- supertokens-python: >= 0.12.0
- supertokens-golang: >= 0.10.0
- Updates session management logic to be compatible with the latest version of SuperTokens core and backend SDKs
- Updates FDI version support
- Adds support for Dio by exposing an interceptor that handles session management
- General fixes