26 Pull requests merged by 4 people

• Bugfix: Add clockTolerance to cookie decryption

  #2097 merged May 14, 2025

• Update middleware combination example to prevent unintended backend execution

  #2076 merged May 13, 2025

• feature/conditionally update session handleAccessToken

  #2054 merged May 13, 2025

• Add missing support for legacy chunked cookies

  #2071 merged May 13, 2025

• Bump eslint-plugin-react from 7.37.4 to 7.37.5

  #2091 merged May 13, 2025

• Bump @playwright/test from 1.50.1 to 1.52.0

  #2092 merged May 13, 2025

• Bump @vitest/coverage-v8 from 2.1.4 to 2.1.9

  #2093 merged May 13, 2025

• Bump typescript-eslint from 8.32.0 to 8.32.1

  #2094 merged May 13, 2025

• Bump eslint-config-prettier from 10.0.1 to 10.1.5

  #2090 merged May 13, 2025

• Fix stacking transaction cookies

  #2077 merged May 13, 2025

• Bump oauth4webapi from 3.1.4 to 3.5.1

  #2085 merged May 12, 2025

• chore(deps): bump @eslint/plugin-kit from 0.2.2 to 0.2.7 in /examples/with-shadcn

  #1995 merged May 12, 2025

• build(deps): bump jose from 5.9.6 to 5.10.0

  #1956 merged May 12, 2025

• Bump codecov/codecov-action from 5.3.1 to 5.4.2

  #2058 merged May 12, 2025

• Bump swr from 2.3.2 to 2.3.3

  #2086 merged May 12, 2025

• Bump typescript-eslint from 8.24.0 to 8.32.0

  #2084 merged May 12, 2025

• chore(deps): bump next from 15.0.2 to 15.2.3 in /examples/with-shadcn

  #1986 merged May 12, 2025

• Bump next from 15.0.3 to 15.2.4 in /examples/with-next-intl

  #2029 merged May 12, 2025

• Update deleteByLogoutToken arg type in EXAMPLES.md

  #2067 merged May 12, 2025

• Bump @auth0/nextjs-auth0 from 4.0.1 to 4.5.1 in /examples/with-shadcn

  #2073 merged May 12, 2025

• Bump @eslint/js from 9.20.0 to 9.26.0

  #2078 merged May 12, 2025

• Bump vite from 5.4.14 to 5.4.19

  #2075 merged May 12, 2025

• Bump typedoc from 0.27.7 to 0.28.4

  #2079 merged May 12, 2025

• chore(deps-dev): bump globals from 15.14.0 to 15.15.0

  #1969 merged May 9, 2025

• chore(deps-dev): bump prettier from 3.4.2 to 3.5.3

  #1967 merged May 9, 2025

• Update JSDocs to mention idpLogout defaults to true

  #2083 merged May 9, 2025

6 Pull requests opened by 4 people

• fix: correctly handle expired JWE's in cookies

  #2082 opened May 8, 2025

• Update useUser example to use a tag instead of Link

  #2087 opened May 12, 2025

• Enable GH Workflows for v3

  #2089 opened May 12, 2025

• Addressing GitHub issue 1983

  #2095 opened May 13, 2025

• Bump msw from 2.7.5 to 2.8.2

  #2098 opened May 14, 2025

• Bump eslint-plugin-prettier from 5.2.3 to 5.4.0

  #2099 opened May 14, 2025

6 Issues closed by 3 people

• Chunked v3 session cookies lost after v4 upgrade

  #2066 closed May 13, 2025

• v4: Infinitely stacking cookies

  #1917 closed May 13, 2025

• idpLogout documentation on default value is wrong

  #1770 closed May 9, 2025

• The access token has expired and a refresh token was not provided. The user needs to re-authenticate. at async middleware

  #1865 closed May 9, 2025

• JWEInvalid: Invalid Compact JWE at async middleware

  #2048 closed May 9, 2025

• v4.4.x | Empty onCallback context for InvalidStateError, `returnTo` missing.

  #2053 closed May 9, 2025

17 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• v4: Looks like all code in constructing Auth0Client must be edge-compatible. Can we lift this?

  #1932 commented on May 9, 2025 • 0 new comments

• No observability into `auth.middleware` calls

  #2060 commented on May 9, 2025 • 0 new comments

• Unable to persist to database within beforeSessionSaved

  #2049 commented on May 9, 2025 • 0 new comments

• v4: Unable to import sequelize/postgres

  #1885 commented on May 9, 2025 • 0 new comments

• 502 Bad Gateway issue in Production

  #1863 commented on May 9, 2025 • 0 new comments

• Unable to open Iframe with the universal login even after setting Environment Variable: AUTH0_COOKIE_SAME_SITE='none'

  #1763 commented on May 9, 2025 • 0 new comments

• getAccessToken expiration recovery

  #1718 commented on May 12, 2025 • 0 new comments

• Using Custom Claims to access `app_metadata`, data becomes stale

  #1735 commented on May 12, 2025 • 0 new comments

• `ERR_REQUIRE_ESM` on `vite build` when using '@auth0/nextjs-auth0/edge'

  #1752 commented on May 12, 2025 • 0 new comments

• `npm run build` and Session cookie not being set

  #2064 commented on May 13, 2025 • 0 new comments

• Middleware crashes when JWT is expired

  #2081 commented on May 14, 2025 • 0 new comments

• v4 middleware documentation is missing crucial details

  #1983 commented on May 14, 2025 • 0 new comments

• API Reference for version 3.6 is broken.

  #1936 commented on May 14, 2025 • 0 new comments

• Announcing the Beta Release of nextjs-auth0 SDK v4 🎉

  #1808 commented on May 14, 2025 • 0 new comments

• v4: First class support to handle a Refresh Token rotation failure

  #2036 commented on May 14, 2025 • 0 new comments

• fix: comment

  #1670 commented on May 12, 2025 • 0 new comments

• refactor: use a single client assertion audience

  #2024 commented on May 12, 2025 • 0 new comments