v0.7.0
Upgrade instructions
- Follow the upgrade instructions for any previous releases.
- Update your Biff dependency in
deps.edn
to{:tag "v0.7.0", :sha "6a5ba0a", ...}
- Update your Biff dependency in
tasks/deps.edn
to{:tag "v0.7.0", :sha "6a5ba0a", :deps/root "tasks", ...}
- Optional: follow the authentication plugin upgrade instructions below.
Email code signin
In addition to the existing email link authentication flow, where users sign in by clicking a link in an email, Biff can now send
six-digit codes via email. After submitting their email address, users enter the codes into the same browser tab. While signin links generally have a bit less friction, they do sometimes have problems on mobile devices. PWAs on iOS don't share cookies with the main browser, so signin links don't work at all for those. In addition, mobile email clients often open signin links in an embedded browser. The user is authenticated successfully, but if they visit your site in the main browser again, they'll be unauthenticated.
The code authentication flow solves these problems, since the entire flow happens in the same browser tab. You can use either signin links or signin codes, or a combination. The example project uses links for creating an account and codes for signing in to an existing account.
Authentication plugin
Previously, the backend routes for authentication were defined in your project's code, in an auth.clj
file. Biff now provides an authentication-plugin
function, which can be included with the rest of your app's features:
(def features
[app/features
(biff/authentication-plugin {})
home/features
schema/features
worker/features])
This replaces the old auth.clj
file. UI and email templates are still defined in your project's code, so they're easily customizable.
See the reference docs and API docs for more details.
Upgrading
Follow the changes in this commit:
- Remove the
auth.clj
file and replace it with thebiff/authentication-plugin
function. - Copy the new
email.clj
file into your project. If you're not using Postmark, rewrite thesend-postmark
function to use your chosen email provider. Add a:biff/send-email #'email/send-email
line to your system map. - Update the
malli-opts
var so that it includes schema defined in your feature maps. Updateschema.clj
so that it exposes its schema via a feature map. - Update the pages in
home.clj
so they use the new/auth/send-link
,/auth/send-code
and other routes.
Changed
- Remove Java 11 check from new project script. It was too brittle, and most people are probably on at least Java 11 by now anyway.
- Use
SecureRandom/getInstanceStrong
for generating new project secrets. - The tutorial now instructs you to create your project with
bb -e "$(curl -s https://biffweb.com/new-project.clj)" tutorial
, which ensures that your project is based on the same version of Biff that the tutorial was written against.
Fixed
- The
com.biffweb/wrap-internal-error
function actually works now.