Releases: zitadel/nuxt-auth
Releases · zitadel/nuxt-auth
v2.0.1
v2.0.0
2.0.0 (2026-05-26)
- refactor!: remove local provider support (dbef8e0)
Bug Fixes
- audit fixes — docs typos, GitHub casing, SignInResult typing, remove stale cookie-es peer dep (a75bba7)
- enable coverage collection and align report output with other repos (0057fba)
- fix docs deploy (#1079) (0ee41e7)
- getServerSession: narrow recursion guard to Auth.js actions only (fefab83)
- getServerSession: reject non-200 Auth.js responses (d89cd38)
- gitignore playground-authjs and broaden nuxt ignore in eslint config (230a89f)
- harden navigateToAuthPage against script protocol injection (edb5376), closes #5 nuxt/nuxt#33273
- install Playwright browsers in CI test workflow (2e565ed)
- remove unused external parameter from signIn/signOut/getSession (1833062)
- replace @nuxtjs/tailwindcss with CDN to fix CI dependency check (cf0844f)
- send X-Auth-Return-Redirect header in signIn and signOut requests (bac5adc)
- update vitest.nuxt.config.ts rootDir from playground-authjs to playground (108dc2c), closes #imports
- use exact path prefix in getServerSession recursion guard (f139dde)
- use relative doc links, remove unused ModulePublicRuntimeConfig (b768843)
- use uppercase env var and absolute path for npm cache in devbox (68f877d)
Code Refactoring
- rename middleware from sidebase-auth to zitadel-auth (6519561)
Features
- added support for nuxt 4 (336a062)
- align with Auth.js conventions — AUTH_URL default + type re-exports (186c70b)
- urls: add signInUrl / signOutUrl helpers (fe0ea3c)
BREAKING CHANGES
-
The middleware name has changed from 'sidebase-auth'
to 'zitadel-auth'. Update any references in your code:definePageMeta({
- middleware: 'sidebase-auth'
- middleware: 'zitadel-auth'
})
🤖 Generated with Claude Code
- The local provider has been completely removed.
Only the authjs provider is now supported.
- Delete src/runtime/composables/local/ directory
- Delete src/runtime/plugins/refresh-token.server.ts
- Delete playground-local/ directory
- Delete tests/local.url.spec.ts
- Remove ProviderLocal type and local-specific types from types.ts
- Simplify module.ts to only support authjs
- Remove JSON pointer utilities from helpers.ts
- Simplify middleware to remove local provider fallbacks
- Update refreshHandler to remove local token refresh logic
- Update tsconfig and package.json scripts
v1.1.0
v1.0.0
1.0.0 (2026-05-07)
- refactor!: remove local provider support (dbef8e0)
Bug Fixes
- #356 - Extend/change local signIn credentials type to allow all kinds of data to be passed with the login request (#375) (1f5ecdc)
- sidebase#1042,sidebase#1052: handle value returned by navigateToAuthPage (#1057) (5bb5478), closes #1042 #1052 #1042
- sidebase#1063: always include browser cookies by default (#1065) (a34eff1), closes #1063
- sidebase#523: deduplicate
appendHeaderin auth handler (#693) (7ae1d3a), closes #523 #523 - sidebase#732: disable server side refresh token plugin when disableServerSideAuth (#1021) (58193dd), closes #732
- sidebase#792: do not block login page for refresh provider (#814) (8cbe629), closes #792
- sidebase#793: avoid using nitro on client (#817) (53a50f4), closes #793
- sidebase#834: Do not refresh on window focus for unprotected pages (#858) (de1dca6), closes #834
- sidebase#860: make node version requirement less strict (#865) (8b074e5), closes #860
- sidebase#879: do not format
refresh_token(#886) (15630ca), closes #879 - sidebase#896: set rawRefreshToken default value (#899) (ccf7ba0), closes #896
- sidebase#922: always proxy cookies in signIn and getSession (#1067) (ed9afad), closes #922 #922
- sidebase#926: correct and clarify Guest Mode (#929) (1aa5e17), closes #926
- sidebase#927: fix the warnings produced by Nuxt when awaiting runtime config (#959) (b1db6ec)
- sidebase#967: allow
signUpendpoint to be disabled (#968) (52d4b9a), closes #967 - sidebase#970: make redirect implementation match Nuxt's (#985) (0d3181c), closes #970
- sidebase#984: allow custom endpoint subpaths for authjs (#986) (d975989), closes #984
- sidebase#990: use a dedicated
hostcalculation forauthjs(#992) (e62f677), closes #990 #990 loadingstatus was always loading when no initial session was set (#393) (3be5b06)navigateTothrows error on local provider (#540) (26aaa45)- Abort SSR rendering on redirect (#438) (6b9da1a)
- accept boolean value for globalAppMiddleware option (#423) (465d72d)
- add missing imports (#671) (b49aa78)
- add set-cookie header for each set-cookie (#726) (93e63a6)
- addDefaultCallback can be set with refresh and local providers (#710) (1d5a1a4)
- Added getCurrentInstance check to conditionally register onMounted in useAuthState. (#771) (4ea90f1)
- also use
callWithNuxtwrapper insignOut(#284) (c839716) - always set method to
GETfor internal getServerSession requests (#54) (4b303e0) - always upper-case methods before passing them around or comparing them (#56) (e90f6ac)
- attempt shot at lazily instantiating
nuxtAuthHandleringetServerSessionif no auth-endpoint was called yet (#125) (4c8f383) - audit fixes — docs typos, GitHub casing, SignInResult typing, remove stale cookie-es peer dep (a75bba7)
- augment #app rather than more complex subpath (#582) (4b4b7f0), closes #app
- Autocomplete for 'auth' middleware in definePageMeta (sidebase#157) (#379) (2587f4e)
- avoid content-flash of protected pages by faking a
navigateTo(0568254) - avoided calling getSession endpoint when token is absent (#355) (5cf5975)
- await for the joinPathToApiURLWN of signinUrl on authjs / useAuth / signIn() / (#359) (#360) (92ad14e)
- await sendRedirect in auth handler (#769) (ecf945f)
- better _fetch typing (e0ce5a5)
- better ts-ignore for
.defaultssr import (cad1fc4) - cannot set headers after they are sent to the client ([sidebase#875](https://github.com/zitadel/nuxt-auth/issues/...