* update(org): additional fields improvements
Fix: type error in client plugin auth generic
update: improved change-logs blog
* fix: teams still inferred
* update: changelog
* feat: first draft of SIWE plugin
* fix: run biome linter
* refactor(siwe): rename publicKey to walletAddress for clarity
- Add ensName as an optional param from the client
- Add emailDomainName to plugin options - fallback to getOrigin()
- Move schema to a separate file
* fix(siwe): update emailDomainName assignment to use nullish coalescing operator
* run biome linter
* fix(siwe): avatar field is not included in createUser call
* refactor(siwe): remove siwe dependency and implement nonce generation and message verification through plugin options
- Removed direct dependency on 'siwe' package.
- Introduced 'generateSiweNonce' and 'verifySiweMessage' as user functions
- Updated tests to reflect changes in nonce handling and message verification logic (WIP)
* feat: add anonymous flag to plugin options
* refactor(siwe): improve test coverage - anonymous flag, missing nonce & other edge cases
* feat(siwe): add checksum address validation using keccak256 + test case
* fix(siwe): refactor hashing utility to use @noble/hashes
* feat(siwe): enhance SIWE plugin with chainId support, strong typing, dedicated table for wallet adresses and more test coverage
* refactor(siwe): remove unused SIWE interfaces
* fix(siwe): PR review issues
* fix(siwe): rename const "siweClientPlugin" to "siweClient" for simplicity
* feat(siwe): add docs
* chore: fix lock file
* fix: account linking & code formatting
* run pnpm lint
---------
Co-authored-by: Bereket Engida <Bekacru@gmail.com>
* refactor: Pass both building and getRequestEvent from outside of library
- Removes the need for importing from virtual modules at the expense of more user boilerplate
* chore: add Svelte and related dependencies to externals
* chore: lint
* refactor(docs): update SvelteKit integration docs with new building and getRequestEvent usage
* feat: add an option to encrypt tokens by default
* feat(auth): add OAuth token encryption support
* refactor(auth): streamline token handling in OAuth callback by utilizing setTokenUtil
* refactor(auth): replace direct token handling with setTokenUtil for improved clarity and maintainability
* refactor(auth): unify token handling by utilizing setTokenUtil for access and refresh tokens
* docs(auth): enhance documentation for OAuth token encryption, clarifying security risks and benefits
* chore: cleanup
* update test
* feat(mcp): add support for public clients with PKCE authentication
- Add conditional client authentication based on client type
- Support public clients using PKCE without client_secret requirement
- Add "none" to supported token endpoint authentication methods
- Make clientSecret optional in database schema for public clients
- Update client registration to handle public clients automatically
- Maintain backward compatibility with confidential clients
Fixes authentication issues with Claude.ai and other public OAuth clients
that use PKCE (Proof Key for Code Exchange) without client secrets.
Resolves#2813
* style: format code with prettier and fix trailing commas
* fix: resolve TypeScript errors in MCP plugin and tests
- Fix missing loginPage in oidcConfig for MCP tests
- Add type assertions for unknown response data types
- Handle optional clientSecret with null coalescing operators
- Update OIDC provider to support "none" auth method in metadata
- Fix type compatibility issues between public and confidential clients
* fix: resolve TypeScript, Vitest, and CI compatibility issues
- Fix missing loginPage in oidcConfig for MCP tests
- Add type assertions for unknown response data types
- Handle optional clientSecret with null coalescing operators
- Update OIDC provider to support "none" auth method in metadata
- Fix async describe callback to use synchronous setup with beforeAll
- Use ephemeral port allocation to prevent CI port conflicts
- Add explicit type annotations to avoid implicit any errors
* OpenAPI Schema Contract Fixed
* fix: resolve lint
* fix: ensure OAuth 2.0 spec compliance for public client registration
- Fix public client registration to omit client_secret field entirely
- Public clients now receive no client_secret property (was empty string)
- Maintains backward compatibility with confidential clients
- Addresses OAuth 2.0 Dynamic Client Registration (RFC 7591) requirements
* update docs
* remove any
* dont return secret on public client oidc
* remove any
* conditionally verify client secret
* update test
---------
Co-authored-by: Bereket Engida <Bekacru@gmail.com>
* refactor: remove useless variable assignment
* refactor: remove unused param
* docs: extend rate limit docs to include info about connecting ip address and how it's used
* fix: linting
