v1.1.0 April 16, 2026
Configurable Auth Method Toggles
Added
- • Configurable auth method toggles via NUXT_DISABLED_AUTH_METHODS environment variable. Supports disabling any combination of password, emailOtp, magicLink, passkey, Google, and GitHub login methods.
- • Startup validation that at least one sign-in method and one onboarding-capable method remain enabled (fail-fast, no silent fallback).
- • Server API endpoint (/api/auth/methods) for runtime-accurate auth method availability.
- • useAuthMethods composable for reactive auth method state in the frontend.
- • Email OTP sign-in flow on the login page with two-step modal (enter email, then enter 6-digit OTP).
- • Route middleware to guard disabled auth pages before component setup.
- • Server-side enforcement hook blocking emailOtp sign-in API calls when the method is disabled, while preserving infrastructure OTP usage for org deletion verification.
- • Conditional rendering for all toggled auth methods across login, register, and settings pages.
- • Unit tests for auth method resolver, validation, env integration, and magicLink-with-password-disabled login flow.
Changed
- • emailOTP Better Auth plugin is now always registered regardless of the emailOtp toggle, since organization deletion depends on it for OTP verification.
- • ONBOARDING_METHODS narrowed to password, Google, and GitHub. emailOtp and magicLink are excluded until the register page has complete passwordless onboarding flows.
- • Test count increased from 463 to 465 cases across 81 test files.