v2.0.0
Summary
- 🚀 Added: Magic Connect developers can now use the Admin SDK to validate DID tokens. #111 (@magic-ravi)
⚠️ Changed: After creating the Magic instance, it is now necessary to call a new initialize method for Magic Connect developers that want to utilize the Admin SDK. #111 (@magic-ravi)- 🛡️ Security: Additional validation of
aud
(client ID) is now being done during initialization of the SDK. #111 (@magic-ravi)
Developer Notes
🚀 Added
Admin SDK for MC
Magic Connect developers can now use the Admin SDK to validate DID tokens.
Details
There is full support for all TokenResource
SDK methods for MC. This is intended to be used with client side magic-js
SDK which will now emit an id-token-created
event with a DID token upon login via the connectWithUI
method.
This functionality is replicated on our other SDKs on Python and Ruby.
⚠️ Changed
Constructor initialization
The existing constructor has been deprecated in place of a new async init
method.
The init
method will pull clientId from Magic servers if one is not provided in the options
parameter.
Previous Version
const magic = new Magic(secretKey);
try {
magic.token.validate(DIDT);
} catch (e) {
console.log(e);
}
try {
await magic.users.getMetadataByToken(DIDT);
} catch (e) {
console.log(e);
}
Current Version
const magic = await Magic.init(mcSecretKey);
try {
magic.token.validate(DIDT);
} catch (e) {
console.log(e);
}
try {
await magic.users.getMetadataByToken(DIDT);
} catch (e) {
console.log(e);
}
Attachment Validation
- Skip validation of attachment if 'none' is passed in
validate
.
🛡️ Security
Client ID Validation
Additional validation of aud
(client ID) is now being done during initialization of the SDK. This is for both Magic Connect and Magic Auth developers.
🚨 Breaking
None, all changes are fully backwards compatible. Default constructor is now deprecated in place of async init
method.
Authors: 1
- Ravi Bhankharia (@magic-ravi)