feat: updates to support header-based auth (#641)

* feat\!: remove emotion dependency from most recipes

* feat: removed last react-phone-number-input references + centralised import of utils

* test: update jest + move all unit tests to jest

* feat: self-review fixes

* chore: update PR template

* test: updated tsc version in with-typescript to match version root

* fix: remove left-over references to the old palette object

* chore: update size-limits

* docs: updated example styles

* refactor: rebuild + updated css variables for consistency

* chore: update changelog

* fix: minor fixes in phone number input

* build: updated start scripts to finish build before starting test apps

* chore: update changelog

* feat: updates to support header-based auth

* chore: updated web-js interface version

* build: remove checkTranslationKeys

* Revert "build: remove checkTranslationKeys"

This reverts commit 223faf1.

* build: re-implement checkTranslationKeys

* feat\!: moved web-js+website to peer-dep + fixed lint dep

* fix: added workaround for phone input lib incompatibility w/ shadow dom

* fix: correctly guess country when changing to phone input from emailOrPhone

* build: update website version

* build: revert to branch-based website peer dep for manual testing

* refactor: updated to new web-js version + removed website references&dep

* fix: dependency version + phone number input UX improvement

* refactor: removed unused styles/selectors + visual test improvements

* fix: make phone input country dropdown closer to old version

* refactor: cleanup, update version number and FDI

* fix: revert FDI update

.gitignore

@@ -14,4 +14,5 @@ screenshot.jpeg
 /eslint/node_modules
 /test_report/
 supertokens-auth-react-*.tgz
+**/node_modules
 stats.html

CHANGELOG.md

@@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.31.0] - 2023-02-01
+
+## Breaking changes
+
+-   Updated `supertokens-web-js` dependency that requires a backend SDK update to:
+    -   supertokens-node: >= 13.0.0
+    -   supertokens-python: >= 0.12.0
+    -   supertokens-golang: >= 0.10.0
+-   Renamed configuration options:
+    -   `sessionScope` renamed to `sessionTokenFrontendDomain`
+    -   `cookieDomain` renamed to `sessionTokenBackendDomain`
+
+### Added
+
+-   Added support for authorizing requests using the `Authorization` header instead of cookies
+    -   Added `tokenTransferMethod` config option
+    -   Check out https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information
+
 ## [0.30.2] - 2023-01-21
 
 ### Changes

examples/with-aws-lambda/frontend/package.json

@@ -23,7 +23,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "typescript": "^4.0.3",
         "web-vitals": "^0.2.4"
     },

examples/with-cli-login/package.json

@@ -22,7 +22,7 @@
         "react-dom": "^18.1.0",
         "react-router-dom": "^6.3.0",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node-dev": "^2.0.0",
         "typescript": "^4.7.2",

examples/with-emailpassword-vercel/package.json

@@ -13,7 +13,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-emailpassword/package.json

@@ -13,7 +13,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-emailverification-then-password-thirdpartyemailpassword/api-server.js

@@ -108,6 +108,7 @@ supertokens.init({
                                 // we have just created a user with the fake password.
                                 // so we mark their session as unusable by the APIs
                                 await Session.createNewSession(
+                                    input.options.req,
                                     input.options.res,
                                     user.id,
                                     {

examples/with-emailverification-then-password-thirdpartyemailpassword/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-emailverification-with-otp/package.json

@@ -20,7 +20,7 @@
         "react-dom": "^18.1.0",
         "react-router-dom": "^6.3.0",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node": "^10.8.0",
         "typescript": "^4.7.2",

examples/with-hasura-thirdpartyemailpassword/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-i18next/package.json

@@ -16,7 +16,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-jwt-localstorage/package.json

@@ -17,7 +17,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node": "^10.8.1",
         "ts-node-dev": "^2.0.0",

examples/with-localstorage/package.json

@@ -16,7 +16,7 @@
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
         "set-cookie-parser": "^2.5.0",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node-dev": "^2.0.0",
         "web-vitals": "^0.2.4"

examples/with-multiple-email-sign-in/package.json

@@ -15,7 +15,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node": "^10.8.1",
         "ts-node-dev": "^2.0.0",

examples/with-netlify/package.json

@@ -18,7 +18,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "typescript": "^4.0.3",
         "web-vitals": "^0.2.4"

examples/with-next-iframe/package.json

@@ -13,7 +13,7 @@
         "nextjs-cors": "^2.1.1",
         "react": "^18.0.0",
         "react-dom": "^18.0.0",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0"
     },
     "license": "MIT"

examples/with-no-session-on-sign-up-thirdpartyemailpassword/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-okta-multi-tenant-pkce-flow/package.json

@@ -11,7 +11,7 @@
         "react-dom": "^18.2.0",
         "react-router-dom": "^6.3.0",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "web-vitals": "^2.1.4"
     },
     "scripts": {

examples/with-one-login-many-subdomains/frontend/package.json

@@ -11,7 +11,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "web-vitals": "^0.2.4"
     },
     "scripts": {

examples/with-one-login-many-subdomains/frontend/src/App.js

@@ -25,7 +25,7 @@ SuperTokens.init({
             },
         }),
         Session.init({
-            sessionScope: ".example.com",
+            sessionTokenFrontendDomain: ".example.com",
         }),
     ],
 });

examples/with-one-login-many-subdomains/frontend/src/utils.js

@@ -27,7 +27,7 @@ export async function getRedirectionUrlForUser() {
 
 export async function redirectIfOnWrongSubdomain() {
     try {
-        if (Session.doesSessionExist()) {
+        if (await Session.doesSessionExist()) {
             const currentSubdomain = window.location.hostname.split(".")[0];
             const currentUserSubdomain = await getSubdomainForCurrentUser();
             // location.origin check ensures that user gets the option to click

examples/with-one-login-per-subdomain/package.json

@@ -13,7 +13,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-one-login-per-subdomain/src/App.js

@@ -16,7 +16,7 @@ SuperTokens.init({
     recipeList: [
         EmailPassword.init(),
         Session.init({
-            sessionScope: ".example.com:3000",
+            sessionFrontendDomain: ".example.com:3000",
         }),
     ],
 });

examples/with-passwordless/package.json

@@ -15,7 +15,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "twilio": "^3.73.1",
         "web-vitals": "^0.2.4"

examples/with-phone-password/package.json

@@ -19,7 +19,7 @@
         "react-dom": "^18.1.0",
         "react-router-dom": "^6.3.0",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node-dev": "^2.0.0",
         "typescript": "^4.6.4",

examples/with-sign-in-up-split-emailpassword/package.json

@@ -13,7 +13,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-supabase/package.json

@@ -10,7 +10,7 @@
         "next": "latest",
         "react": "^18.0.0",
         "react-dom": "^18.0.0",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0"
     },
     "devDependencies": {

examples/with-svelte-react-thirdpartyemailpassword/package.json

@@ -41,7 +41,7 @@
         "react-dom": "^18.1.0",
         "react-router-dom": "^6.3.0",
         "sirv-cli": "^2.0.0",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "svelte-navigator": "^3.1.5"
     }

examples/with-thirdparty/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-thirdpartyemailpassword-2fa-passwordless/package.json

@@ -22,7 +22,7 @@
         "react-dom": "^18.1.0",
         "react-router-dom": "^6.3.0",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node-dev": "^2.0.0",
         "typescript": "^4.7.2",

examples/with-thirdpartyemailpassword-passwordless/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "ts-node-dev": "^2.0.0",
         "web-vitals": "^0.2.4"

examples/with-thirdpartyemailpassword/package.json

@@ -14,7 +14,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "web-vitals": "^0.2.4"
     },

examples/with-thirdpartypasswordless-electron/package.json

@@ -117,7 +117,7 @@
         "react": "^17.0.2",
         "react-dom": "^17.0.2",
         "react-router-dom": "^6.3.0",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "twilio": "^3.76.1",
         "web-vitals": "^2.1.4"

examples/with-thirdpartypasswordless/package.json

@@ -15,7 +15,7 @@
         "react-dom": "^18.0.0",
         "react-router-dom": "^6.2.1",
         "react-scripts": "^5.0.1",
-        "supertokens-auth-react": "^0.30.0",
+        "supertokens-auth-react": "^0.31.0",
         "supertokens-node": "^12.0.0",
         "twilio": "^3.73.1",
         "web-vitals": "^0.2.4"

examples/with-thirdpartypasswordless/src/App.js

@@ -39,7 +39,9 @@ SuperTokens.init({
             },
             contactMethod: "EMAIL_OR_PHONE",
         }),
-        Session.init(),
+        Session.init({
+            tokenTransferMethod: "header",
+        }),
     ],
 });