v1.17.0

Highlights

New and improved authentication methods

Version 1.17.0 of @medusajs/medusa ships new and improved authentication methods. A contribution by @dPreininger.

Medusa supports three authentication methods:

Sessions
Our session cookie authentication remains unchanged. However, the strategy name has been updated in both the store and admin API, making existing cookie sessions invalid.

⚠️ We will not convert existing sessions to work with this update. Make sure to plan your upgrade accordingly.

API tokens (⚠️ breaking changes)

The header for API token authentication has changed from a Bearer authorization scheme to a custom header scheme specific to Medusa, x-medusa-access-token.

Previously, you would use API tokens like so:

curl -L GET '<BACKEND_URL>/admin/products' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {api_token}'

This has changed to:

curl -L GET '<BACKEND_URL>/admin/products' \
  -H 'Content-Type: application/json' \
  -H 'x-medusa-access-token: {api_token}'

Bearer tokens
Bearer token authentication is a "new" method that utilizes JWT tokens and the Bearer scheme. Request a token from a client and attach it to subsequent requests to keep the authenticated session alive. The approach is identical to that of the old API authentication but uses a different token type.

First, request a token:

curl -L POST 'http://localhost:9000/admin/auth/token' \
  -H 'Content-Type: application/json' \
  --data-raw '{
    "email": "admin@medusa-test.com",
    "password": "supersecret"
  }'

Then, hit an authenticated route:

curl -L GET 'http://localhost:9000/admin/products?limit=1' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer some_access_token'

Arabic translations

Thanks to @PeterAbdalla, you can now operate Medusa Admin in Arabic.

Medusa UI 2.0

Version 2.0 of @medusajs/ui is out. To upgrade, run the following command in your project:

yarn add @medusajs/ui@2.0

The release includes:

• New components, including CurrencyInput, Tabs, and CommandBar
• New icons
• Updated API of Button, Badge, and CodeBlock (⚠️ breaking changes)

And much more.

Check out all changes and the upgrade guide in our documentation: https://docs.medusajs.com/upgrade-guides

Features

• feat(utils): Provide an utils that allows to convert an array of fields to a complete remote query object by @adrien2p in #5161
• feat(medusa): Migrate remote query usage in store product domain to use an object by @adrien2p in #5131
• feat(medusa): Admin get product with isolated module by @adrien2p in #5054
• feat(medusa): Admin list product with product isolated module by @adrien2p in #5046
• feat(medusa): Remove create product unnecessary input config workflow by @adrien2p in #5196
• feat(medusa): Authentication overhaul by @dPreininger in #4064
• feat(pricing): add price rule entity by @pKorsholm in #5050
• feat(medusa): Add product isolation FF to update cart by @adrien2p in #5168
• feat(admin-ui): Add Arabic translations by @PeterAbdalla in #5140
• feat(pricing, types, utils): Exact match based on context + fallback on rule priority if not by @riqwan in #5214

Bugs

• fix(medusa, workflows): Create product workflow with Isolated modules + module registration by @adrien2p in #5081
• fix(admin-ui): translation pt by @carlos-r-l-rodrigues in #5176
• fix(medusa-payment-stripe): adds missing undefined check by @srindom in #5177
• fix(admin-ui): Allow nullish values in update variant by @olivermrbl in #5173
• fix(admin-ui): typos in text by @gempain in #5032
• fix(medusa): Product model before insert hook by @adrien2p in #5200
• fix(medusa-react): @medusajs/medusa-js import by @olivermrbl in #5207
• fix(medusa): In product isolation, throw if product not found by @adrien2p in #5224
• fix(medusa): quantity prices for line item updates by @pKorsholm in #5137
• fix(create-medusa-app): fix inconsistency in checking errors in migrations by @shahednasser in #5189

Chores

• chore(medusa): link modules as medusa dependency by @carlos-r-l-rodrigues in #5208

Documentation

• docs: fix code in digital product recipe by @shahednasser in #5172
• docs: create docs workspace by @shahednasser in #5174
• docs: fix error related to Key type by @shahednasser in #5178
• docs: general fixes for docs workspace by @shahednasser in #5184
• docs: update contribution guideline by @shahednasser in #5188
• docs(ui): dark mode fixes by @shahednasser in #5204
• docs: Improve Loaders documentation by @shahednasser in #5205
• docs: improve tailwind configuration by @shahednasser in #5215
• docs: fix z-index across projects by @shahednasser in #5234
• docs: fix code block's usage of z-index by @shahednasser in #5238
• docs(ui,docs): Add documentation for Medusa UI 2.0.0 by @kasperkristensen in #5227
• docs: fix irregular scrolling in code tabs by @shahednasser in #5239
• docs(ui,docs): added upgrade guides link to UI docs by @shahednasser in #5240
• docs: add Next.js steps to digital product recipe by @shahednasser in #5231
• docs: fix details component + other styling fixes by @shahednasser in #5217
• docs: expanded rating form + UI docs improvement by @shahednasser in #5211

New Contributors

• @dPreininger made their first contribution in #4064
• @PeterAbdalla made their first contribution in #5140

Full Changelog: v1.16.1...v1.17.0