Skip to content

Releases: adonisjs/auth

Automatic intended-URL storage on unauthorized redirects

Choose a tag to compare

@github-actions github-actions released this 09 Apr 12:59

10.1.0 (2026-04-09)

The session guard's error handler now calls withIntendedUrl and withQs when redirecting unauthenticated users to the login page, so the current URL is automatically stored in the session. After login you can redirect users back to where they were heading without any manual wiring.

Intended-URL storage applies to GET navigational requests (including Inertia) and is skipped for AJAX and non-GET requests or when no route is matched. Query strings are forwarded to the login redirect.

Features

  • store intended URL when redirecting unauthenticated users to login (aaf8a06)

Full Changelog: v10.0.0...v10.1.0

Simplified withAuthFinder, new helpers and bug fixes

Choose a tag to compare

@github-actions github-actions released this 25 Feb 08:34

10.0.0 (2026-02-25)

Features

  • add deleteAll method on access token provider (#260) (a2efc9c)
  • add validatePassword method to throw error when password is invalid (ce6b53b)
  • make withAuthFinder mixin accept hash manager and make options optional (7ebc10e)
  • add checkUsing method (#257) (7ad0436)

Bug Fixes

  • emit event session logout before update local data (46d19f6)

What's Changed

  • feat: allow to pass custom guard to check method by @aadamcik in #257
  • fix: emit event session logout before update local data by @ad-momo in #259
  • feat: add deleteAll method on access token provider by @radiumrasheed in #260

New Contributors

Full Changelog: v9.4.2...v10.0.0

Add deleteAll method on TokensProvider

Pre-release

Choose a tag to compare

@github-actions github-actions released this 27 Jan 11:06

10.0.0-next.6 (2026-01-27)

Features

  • add deleteAll method on access token provider (#260) (a2efc9c)

What's Changed

New Contributors

Full Changelog: v10.0.0-next.5...v10.0.0-next.6

Add deleteAll method on TokensProvider

Choose a tag to compare

@github-actions github-actions released this 27 Jan 11:14

9.6.0 (2026-01-27)

Features

  • add deleteAll method on access token provider (#260) (2c72627)

Full Changelog: v9.5.1...v9.6.0

Add user.validatePassword via the AuthMixin

Choose a tag to compare

@github-actions github-actions released this 22 Jan 05:25

10.0.0-next.5 (2026-01-22)

Features

  • add validatePassword method to throw error when password is invalid (ce6b53b)

Full Changelog: v10.0.0-next.4...v10.0.0-next.5

Flash error message using the error key

Pre-release

Choose a tag to compare

@github-actions github-actions released this 21 Jan 05:32

10.0.0-next.4 (2026-01-21)

Features

  • flash error using error property (83bb92d)

Full Changelog: v10.0.0-next.3...v10.0.0-next.4

Update dependencies

Update dependencies Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 19 Dec 07:16

10.0.0-next.3 (2025-12-19)

Full Changelog: v10.0.0-next.2...v10.0.0-next.3

Simplify usage of `withAuthFinder` mixin

Choose a tag to compare

@github-actions github-actions released this 27 Oct 08:50

10.0.0-next.2 (2025-10-27)

Not a big change, but small things matter too. The withAuthFinder mixin also accepts the hash manager and will use the default driver. Also, the config has been made optional to use sane defaults.

FROM

const AuthFinder = withAuthFinder(() => hash.use('scrypt'), {
  uids: ['email'],
  passwordColumnName: 'password',
})

export default class User extends compose(
  BaseModel,
  AuthFinder,
) {
}

TO

export default class User extends compose(
  BaseModel,
  withAuthFinder(hash),
) {
}

Features

  • make withAuthFinder mixin accept hash manager and make options optional (7ebc10e)

Full Changelog: v10.0.0-next.1...v10.0.0-next.2

Make sure the user is defined in the session logout event

Choose a tag to compare

@github-actions github-actions released this 20 Oct 06:06

10.0.0-next.1 (2025-10-20)

Bug Fixes

  • emit event session logout before update local data (46d19f6)

What's Changed

  • fix: emit event session logout before update local data by @ad-momo in #259

New Contributors

Full Changelog: v10.0.0-next.0...v10.0.0-next.1

Make sure the user is defined in the session logout event

Choose a tag to compare

@github-actions github-actions released this 20 Oct 05:58

9.5.1 (2025-10-20)

Bug Fixes

  • emit event session logout before update local data (028945c)

Full Changelog: v9.5.0...v9.5.1