All Versions
Latest Version
Avg Release Cycle
52 days
Latest Release
399 days ago

Changelog History
Page 1

  • v0.4.13 Changes

    April 27, 2022

    ๐Ÿ‘ Now supports ecto_sql 3.8.x and requires Elixir 1.11+.

    • Added [dynamic strategy configuration guide](guides/
  • v0.4.12 Changes

    September 30, 2021

    ๐Ÿ‘ Now supports Phoenix 1.6.x.

  • v0.4.11 Changes

    July 14, 2021

    ๐Ÿ› Bug fixes

    • โš  [PowAssent.Ecto.UserIdentities.Context] The macro no longer throws warning in Elixir 1.12
  • v0.4.10 Changes

    November 24, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Fixed bug where the :cache_store_backend was not being loaded from the application environment correctly #198
  • v0.4.9 Changes

    October 18, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Now stores a session cookie instead of using Plug.Session to prevent SameSite policy issue in form_post flow #190
    • [PowAssent.Plug] PowAssent.Plug.callback/4 now adds the userinfo with claims to the user identity params #160
  • v0.4.8 Changes

    May 18, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Added PowAssent.Plug.put_create_session_callback/2 #178
    • [PowAssent.Plug] Added PowAssent.Plug.fetch_config/1 #178
    • [PowAssent.Plug] Now calls create session callbacks set with PowAssent.Plug.put_create_session_callback/2 when a session is created #178
    • [PowAssent.Plug.Reauthorization] Added plug to enable reauthorization #178
    • ๐Ÿ‘ป [PowAssent.Phoenix.AuthorizationController] Now instead of raising an exception for strategy errors, the user is redirected to the sign in page with a generic error message #179
    • [PowAssent.Config] Added PowAssent.Config.merge_provider_config/3 #166
    • [PowAssent.Plug] Added PowAssent.Plug.merge_provider_config/3 #166
  • v0.4.7 Changes

    April 22, 2020

    ๐Ÿ‘ Now support Phoenix 1.5 and requires Pow ~> 1.0.19 and Elixir 1.7.

  • v0.4.6 Changes

    February 16, 2020

    The callback flow has been changed so sessions are now stored in the backend cache with PowAssent.Store.SessionCache instead of using Plug.Session. This prevents exposure of sensitive data, as the only thing stored in the Plug session is a random UUID.

    โšก๏ธ Updated Pow requirement to ~> 1.0.17. #141

    โœจ Enhancements

    • ๐Ÿ‘‰ [PowAssent.Plug] Added PowAssent.Plug.change_user/4 #118
    • [PowAssent.Operations] Added PowAssent.Operations.user_identity_changeset/4 #118
    • [PowAssent.Phoenix.AuthorizationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.AuthorizationController] Now stores :changeset in session when redirecting to :add_user_id page #137
    • [PowAssent.Phoenix.RegistrationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.RegistrationController] Now uses :changeset stored in the session when rendering :add_user_id page #137
    • [PowAssent.Plug] Moved business logic away from PowAssent.Phoenix.AuthorizationController into PowAssent.Plug.callback_upsert/4 that will authenticate, upsert user identity, or create user #133
    • [PowAssent.Store.SessionCache] Added session store module #135
    • [PowAssent.Plug] Added PowAssent.Plug.init_session/1 #135
    • [PowAssent.Plug] Added PowAssent.Plug.put_session/3 #135
    • [PowAssent.Plug] Added PowAssent.Plug.delete_session/2 #135

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  [PowAssent.Ecto.Schema] Fixed issue in PowAssent.Ecto.Schema.changeset/2 where confirmation token was not set thus allowing users with unconfirmed email to sign in #121

    ๐Ÿ“š Documentation

  • v0.4.5 Changes

    December 06, 2019
    • [PowAssent.Phoenix.AuthorizationController] Now supports :request_path param so the user will be redirected back to :request_path after successful authorization #110
    • ๐Ÿ”— [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3 now adds :request_path to the query param if assigned to the conn #110
    • ๐Ÿ”— [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3, PowAssent.Phoenix.ViewHelpers.deauthorization_link/3, and PowAssent.Phoenix.ViewHelpers.provider_links/2 now accepts keyword list with options to be passed on to the link generation #112
  • v0.4.4 Changes

    November 22, 2019

    Note: This release contains an important security fix.

    • [PowAssent.Plug] Now uses String.to_existing_atom/1 in PowAssent.Plug.providers_for_current_user/1
    • [PowAssent.Plug] Fixed security issue by removing String.to_atom/1 for user provided binary in PowAssent.Plug.authorize_url/3 and PowAssent.Plug.callback/4
    • [PowAssent.Config] PowAssent.Config.get_provider_config/2 now accepts binary provider