Skip to content

feat(auth): add token_endpoint_auth_method to OAuth client create/update#2132

Merged
cemalkilic merged 1 commit intomasterfrom
cemal/fix-oauth-client-token-auth-endpoint
Feb 24, 2026
Merged

feat(auth): add token_endpoint_auth_method to OAuth client create/update#2132
cemalkilic merged 1 commit intomasterfrom
cemal/fix-oauth-client-token-auth-endpoint

Conversation

@cemalkilic
Copy link
Contributor

@cemalkilic cemalkilic commented Feb 24, 2026

Allow configuring the token endpoint authentication method when creating or updating OAuth clients. Also narrows the OAuthClient type from string to a union type for better type safety.

Fixes supabase/auth#2369

@cemalkilic cemalkilic requested review from a team as code owners February 24, 2026 07:37
@github-actions github-actions bot added the auth-js Related to the auth-js library. label Feb 24, 2026
@coderabbitai
Copy link

coderabbitai bot commented Feb 24, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a808c54 and 040c58d.

📒 Files selected for processing (1)
  • packages/core/auth-js/src/lib/types.ts
📝 Walkthrough

Summary by CodeRabbit

  • New Features
    • OAuth client token endpoint authentication method is now strongly typed with supported values ('none', 'client_secret_basic', 'client_secret_post'). This ensures proper validation when creating or updating OAuth clients and improves API reliability.

Walkthrough

The changes introduce a stricter TypeScript type OAuthClientTokenEndpointAuthMethod that constrains the token_endpoint_auth_method field to three specific values: 'none', 'client_secret_basic', or 'client_secret_post'. This type is applied to the OAuthClient interface and added as optional fields to the CreateOAuthClientParams and UpdateOAuthClientParams types, tightening type safety for OAuth client token endpoint authentication method handling.

Assessment against linked issues

Objective Addressed Explanation
Enforce and constrain token\_endpoint\_auth\_method to valid values (#2369)
Maintain backward compatibility for existing clients using client\_secret\_post (#2369) Type constraints alone do not address the breaking change; existing clients still require server-side logic to preserve their original authentication method or alternative migration handling.

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 24, 2026

Open in StackBlitz

@supabase/auth-js

npm i https://pkg.pr.new/@supabase/auth-js@2132

@supabase/functions-js

npm i https://pkg.pr.new/@supabase/functions-js@2132

@supabase/postgrest-js

npm i https://pkg.pr.new/@supabase/postgrest-js@2132

@supabase/realtime-js

npm i https://pkg.pr.new/@supabase/realtime-js@2132

@supabase/storage-js

npm i https://pkg.pr.new/@supabase/storage-js@2132

@supabase/supabase-js

npm i https://pkg.pr.new/@supabase/supabase-js@2132

commit: 040c58d

@cemalkilic cemalkilic mentioned this pull request Feb 24, 2026
Closed
2 tasks
@cemalkilic cemalkilic merged commit a704482 into master Feb 24, 2026
29 of 30 checks passed
@cemalkilic cemalkilic deleted the cemal/fix-oauth-client-token-auth-endpoint branch February 24, 2026 09:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grdsdev grdsdev grdsdev approved these changes

Assignees

No one assigned

Labels

auth-js Related to the auth-js library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Breaking change introduced in existing OAuth clients

2 participants

@cemalkilic @grdsdev