Light

supertokens / frontend-driver-interface Goto Github PK

Spec for frontend-driver-interface versions

frontend-driver-interface's Introduction

Frontend Driver Interface

View the latest FDI spec on swaggerhub.

This is the API spec that is exposed by the SuperTokens backend SDKs which integrate with your backend APIs. An example SDK is our NodeJS SDK.

It is meant to be consumed only by frontend clients like a website client or a mobile app client.

frontend-driver-interface's People

Contributors

Stargazers

Watchers

Forkers

kant01ne

frontend-driver-interface's Issues

Changes between v1.5.0 and v1.6.0

The FDI spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.6.0.md

New API: {apiBasePath}/signinup
New API: {apiBasePath}/signout
New API: {apiBasePath}/authorisationurl

Email verification related changes

Moved {apiBasePath}/user/email/verify/token to its own recipe (email verification)
Moved {apiBasePath}/user/email/verify to its own recipe (email verification)
Moved {apiBasePath}/user/email/verify to its own recipe (email verification)

Changes between 1.11 and 1.12

Changes

Adding passwordless recipe APIs
- /signinup/code
- /signinup/code/consume
- /signup/email/exists
- /signup/phoneNumber/exists

SDKs:

Changes between v1.4.0 and v1.5.0

The FDI spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.5.0.md

Discussion points:

What should the output of {apiBasePath}/user/email/verify/token be if the email is already verified? Should it just be OK?
Are the API paths OK?

Changes between v1.8.0 and v1.9.0

FDI Spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.9.0.md

Email OTP Recipe

{apiBasePath}/signin POST
{apiBasePath}/signup POST
{apiBasePath}/signinup/email/exists GET
{apiBasePath}/signinup/otp POST

Changes between v1.3.0 and 1.4.0

The FDI spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.4.0.md

Add fdi-version header to requests

Frontend SDKs must

API requests have a fdi-version header for versioning purposes. The format is a X.Y,X1.Y1... for example 1.2,3.4,1.1. In the driver, we must take care to remove spaces and then get the latest common version between the two SDKs (like we do for CDI)

Drivers must:

Extracting the latest, common (between frontend and backend SDK) FDI version from the request and passing that to the module. If no FDI is present, then assume the latest FDI supported by the backend SDK. If FDI is present, but none matching, then throw an appropriate error.
This also needs to be exposed in Access-Control-Allow-Headers
If it is missing, we assume the latest version supported by the driver.

Changes between v1.2.0 and v1.3.0

The FDI spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.3.0.md

All API requests must have an optional rid header. This also needs to be exposed in Access-Control-Allow-Headers
Removal of supertokens-sdk-name and supertokens-sdk-version
Refresh API URL change
New API: {apiBasePath}/signin
New API: {apiBasePath}/signup
New API: {apiBasePath}/user/password/reset/token
New API: {apiBasePath}/user/password/reset

Changes between 1.9 and 1.10

Adds authCodeResponse to thirdparty and thirdpartyemailpassword's signinup POST API to support auth code exchange via PKCE method.
Adds an optional clientId in signinup API to thirdparty and thirdpartyemailpassword
Adds apple sign in callback API

SDKs:

Manual Testing:

All backend SDKs with auth-react tests without SKIP_OAUTH=true
All backend SDKs with react native demo app

Other TODOs:

Move FDI into master and on swagger hub

Changes between v1.7.1 and 1.8.0

All requests that go through session interception will have a custom header rid to prevent CSRF attacks (see this). The backend would then need to check for the existence of this header in case CSRF is enabled

Changes between v1.6.0 and 1.7.0

The FDI spec: https://github.com/supertokens/frontend-driver-interface/blob/master/v1.7.0.md

New API: {apiBasePath}/session/signout

Passwordless code consume is missing phoneNumber or Email in documentation

The payload to send to /auth/signinup/code must also include a phone number or email.

Otherwise we receive:

{"message": "Please provide exactly one of email or phoneNumber"}

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.