2.186.0 (2026-01-28)
Features
- Add email send operation metrics (#2311) (0096575)
- add Supabase Auth identifier to OAuth redirect URLs (#2299) (2d3dbc6)
- log sb-auth-user-id, sb-auth-session-id, ... on sign in not just refresh token (#2342) (a486ada)
- oauth-server: store and enforce token_endpoint_auth_method (#2300) (bcd6cd5)
- replace JWT OAuth state with
flow_state.idUUID (#2331) (645654d) - upgrade existing sessions to v2 refresh tokens though config value (#2356) (6fb0e8a)
- Add Sb-Forwarded-For header and IP-based rate limiting (#2295) (e8f679b)
- allow amr claim to be array of strings or objects (#2274) (607da43)
- Treat rate limit header value as comma-separated list (#2282) (5f2e279)
Bug Fixes
- reloader unittest races on writeWg (#2352) (088b714)
- update migration version (#2343) (61ef4db)
- check each type independently (#2290) (d9de0af)
- fix the wrong error return value (#1950) (e2dfb5d)
- indexworker: remove pg_trgm extension (#2301) (c553b10)
- oauth-server: allow custom URI schemes in client redirect URIs (#2298) (ea72f57)
- tighten email validation rules (#2304) (33bb372)
Checksums
SHA1
auth-v2.186.0-arm64.tar.gz:
94cd063227e01dcc71811aa63ecdd996d0c0419c
auth-v2.186.0-x86.tar.gz:
8528d7b324e161496bafcec6edcf70ae58d108e9
auth-v2.186.0-arm64.tar.xz:
64d85ed460b5ec01359a997b8f07e1ba71781cc8
SHA256
auth-v2.186.0-arm64.tar.gz:
61aa53ea5e2d7e4f50f2b10312c1e6b73e4767b753815239956082fdcc623270
auth-v2.186.0-x86.tar.gz:
2683b9549e922d0644621129fdabd7edb8b78c35274e133e61a3280ad9675161
auth-v2.186.0-arm64.tar.xz:
0404eef4bc6845652c9672fa375882af69e4464818f9ab1249d6826c0572b863