Merge pull request #231 from supertokens/feat/header-based-auth

feat: add support for header based auth

Author: rishabhpoddar

CHANGELOG.md

@@ -7,8 +7,58 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.10.0]
+
+### Fixes
 -   Fixes issue with go-fiber example, where updating accessTokenPayload from user defined endpoint doesn't reflect in the response cookies.
 
+### Added
+-   Added support for authorizing requests using the `Authorization` header instead of cookies
+-   Optional `GetTokenTransferMethod` config is Session recipe input, which determines the token transfer method.
+-   Check out https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information
+
+### Removed
+-   ID Refresh token is removed from the SDK
+
+### Breaking changes
+-   The frontend SDK should be updated to a version supporting the header-based sessions!
+    -   supertokens-auth-react: >= 0.32.0
+    -   supertokens-web-js: >= 0.5.0
+    -   supertokens-website: >= 16.0.0
+    -   supertokens-react-native: >= 4.0.0
+-   `CreateNewSession` now requires passing the request as well as the response.
+    -   This only requires a change if you manually created sessions (e.g.: during testing)
+    -   Check the migration example below
+-   `CreateNewSessionWithContext` and `CreateNewSession` in the session recipe accepts new 
+-   Only supporting FDI 1.16
+parameter `req` of type `*http.Request`
+
+### Migration
+
+Before:
+
+```go
+func httpHandler(w http.ResponseWriter, r *http.Request,) {
+    sessionContainer, err := session.CreateNewSession(w, "userId", map[string]interface{}{}, map[string]interface{}{})
+    if err != nil {
+        // handle error
+    }
+    // ...
+}
+```
+
+After:
+
+```go
+func httpHandler(w http.ResponseWriter, r *http.Request,) {
+    sessionContainer, err := session.CreateNewSession(r, w, "userId", map[string]interface{}{}, map[string]interface{}{})
+    if err != nil {
+        // handle error
+    }
+    // ...
+}
+```
+
 ## [0.9.14] - 2022-12-26
 
 -   Fixes an issue in the dashboard recipe when fetching user details for passwordless users that don't have an email associated with their accounts

frontendDriverInterfaceSupported.json

@@ -1,6 +1,6 @@
 {
         "_comment": "contains a list of frontend-driver interfaces branch names that this core supports",
         "versions": [
-                "1.15"
+                "1.16"
         ]
 }

recipe/emailpassword/api/implementation.go

@@ -145,7 +145,7 @@ func MakeAPIImplementation() epmodels.APIInterface {
 		}
 
 		user := response.OK.User
-		session, err := session.CreateNewSessionWithContext(options.Res, user.ID, map[string]interface{}{}, map[string]interface{}{}, userContext)
+		session, err := session.CreateNewSessionWithContext(options.Req, options.Res, user.ID, map[string]interface{}{}, map[string]interface{}{}, userContext)
 		if err != nil {
 			return epmodels.SignInPOSTResponse{}, err
 		}
@@ -184,7 +184,7 @@ func MakeAPIImplementation() epmodels.APIInterface {
 
 		user := response.OK.User
 
-		session, err := session.CreateNewSessionWithContext(options.Res, user.ID, map[string]interface{}{}, map[string]interface{}{}, userContext)
+		session, err := session.CreateNewSessionWithContext(options.Req, options.Res, user.ID, map[string]interface{}{}, map[string]interface{}{}, userContext)
 		if err != nil {
 			return epmodels.SignUpPOSTResponse{}, err
 		}