v3.6.0

New Features

• Adding support for our Password product

v3.5.0

Features

• Add to request body, response is returned as raw JSON
• Custom claims will not be visible on the session object until the product is officially released

v3.4.0

New Features

• A client can now be created with a custom URL base as the env value to allow use within Stytch's internal development environments. If your app runs on Stytch's production environments (Live or Test) using :live or :test, the correct base URL is already set for you, and you shouldn't need to use this feature.

v3.3.0

New Features

Add support for PKCE to OAuth and Email Magic Link flows.

v3.2.1

Fixes

• When determining the session's expiration time from a JWT, prefer the session's expires_at value over the "exp" claim.
• When using the "exp" claim as the session expiration, use the same string formatting as the other timestamps.

v3.2.0

New Features

• client.sessions.authenticate_jwt now does remote verification in response to any JWT error.

v3.1.1

Fixes

• Session JWTs: Extract the session ID from the session claim instead of the "jti" claim.

v3.1.0

New Features

• Support for the user search endpoint: client.users.search
• A helper for lazily iterating through the search results: client.users.search_all

v3.0.0

New Features

• The API has support for IdP and Stytch sessions at the same time from the OAuthAuthenticate endpoint. The IdP session is always returned, and a Stytch session can be requested by including a session_duration_minutes field.

Breaking Changes

• The session_management_type field is removed from the OAuth authenticate method, and the response is has changed. The new response can be found at https://stytch.com/docs/api/oauth-authenticate.

Fixes

• n/a

Upgrade Guide

• See breaking changes

v2.12.0

New Features

• Add support for session JWTs