Skip to content

v0.7.0
Compare
Choose a tag to compare
@jacobobryant jacobobryant released this 18 Feb 19:40
· 176 commits to master since this release
v0.7.0
6a5ba0a

Upgrade instructions

  • Follow the upgrade instructions for any previous releases.
  • Update your Biff dependency in deps.edn to {:tag "v0.7.0", :sha "6a5ba0a", ...}
  • Update your Biff dependency in tasks/deps.edn to {:tag "v0.7.0", :sha "6a5ba0a", :deps/root "tasks", ...}
  • Optional: follow the authentication plugin upgrade instructions below.

Email code signin

In addition to the existing email link authentication flow, where users sign in by clicking a link in an email, Biff can now send
six-digit codes via email. After submitting their email address, users enter the codes into the same browser tab. While signin links generally have a bit less friction, they do sometimes have problems on mobile devices. PWAs on iOS don't share cookies with the main browser, so signin links don't work at all for those. In addition, mobile email clients often open signin links in an embedded browser. The user is authenticated successfully, but if they visit your site in the main browser again, they'll be unauthenticated.

The code authentication flow solves these problems, since the entire flow happens in the same browser tab. You can use either signin links or signin codes, or a combination. The example project uses links for creating an account and codes for signing in to an existing account.

Authentication plugin

Previously, the backend routes for authentication were defined in your project's code, in an auth.clj file. Biff now provides an authentication-plugin function, which can be included with the rest of your app's features:

(def features
  [app/features
   (biff/authentication-plugin {})
   home/features
   schema/features
   worker/features])

This replaces the old auth.clj file. UI and email templates are still defined in your project's code, so they're easily customizable.

See the reference docs and API docs for more details.

Upgrading

Follow the changes in this commit:

  1. Remove the auth.clj file and replace it with the biff/authentication-plugin function.
  2. Copy the new email.clj file into your project. If you're not using Postmark, rewrite the send-postmark function to use your chosen email provider. Add a :biff/send-email #'email/send-email line to your system map.
  3. Update the malli-opts var so that it includes schema defined in your feature maps. Update schema.clj so that it exposes its schema via a feature map.
  4. Update the pages in home.clj so they use the new /auth/send-link, /auth/send-code and other routes.

Changed

  • Remove Java 11 check from new project script. It was too brittle, and most people are probably on at least Java 11 by now anyway.
  • Use SecureRandom/getInstanceStrong for generating new project secrets.
  • The tutorial now instructs you to create your project with bb -e "$(curl -s https://biffweb.com/new-project.clj)" tutorial, which ensures that your project is based on the same version of Biff that the tutorial was written against.

Fixed

  • The com.biffweb/wrap-internal-error function actually works now.
Assets 2
Loading