v2.23.0

2.23.0 (2023-08-02)

Bug Fixes

• change email update flow to return both ? messages and # messages (#1129) (77afd28)
• log correct referer value (#1178) (a6950a0)
• only apply rate limit if autoconfirm is false (#1184) (46932da)
• remove captcha on id_token grant (#1175) (910079c), closes #1172
• remove redundant queries to get session (#1204) (669ce97)
• return error if user not found but identity exists (#1200) (1802ff3)
• support email verification type on token hash verification (#1177) (ffa5efa)
• use started transaction, not a new one (#1196) (0b5b656), closes /github.com/supabase/gotrue/pull/1190#discussion_r1270861390

Features

• add CORS allowed headers config (#1197) (7134000)
• add test OTP support for mobile app reviews (#1166) (2fb0cf5)
• allow whatsapp channels with Twilio Verify (#1207) (ff98d2f)
• drop restriction that PKCE cannot be used with autoconfirm (#1176) (0a6f218)
• remove flow state expiry on Magic Links (PKCE) (#1179) (caa9393)
• return expires_at in addition to expires_in (#1183) (3cd4bd5)
• serialized access to session in refresh_token grant (#1190) (a8f1712)
• update github.com/rs/cors to v1.9.0 (#1198) (27d3a7f)