Why this is a MAJOR:

Breaking changes

sessionJwt renamed to sessionJWT
Whatsapp renamed to WhatsApp
redirectURLS renamed to redirectURLs

Also relevant (though not a breaking change):

• Updated fundamental logic behind JWKS cache refreshing

What's Changed

• Bump ch.qos.logback:logback-core from 1.3.15 to 1.3.16 by @dependabot[bot] in #133
• [MAJOR] Update JWKS caching and naming conventions by @logan-stytch in #136

Full Changelog: 8.2.0...9.0.0

What's Changed

• Support SHA-512 password migration by @ci-stytch in #134
• Refresh JWKS and RBACPolicy in background by @logan-stytch in #135

Full Changelog: 8.0.0...8.2.0

What's Changed

• Add status code and request ID to JWT auth errors by @logan-stytch in #132

JWT Authentication Error Handling Improvements

New Features

Enhanced Error Information

JWT authentication failures now return detailed error information including:

• Status code (401, 403, 500, etc.)
• Request ID for debugging and support tickets
• Error type and error message for better error handling
• Error URL linking to relevant documentation

Consumer Sessions (Non-Breaking)

New JWTErrorResponse Type

A new response type has been added to provide error details when remote JWT authentication fails:

public data class JWTErrorResponse(
    val statusCode: Int,
    val requestId: String?,
    val errorType: String,
    val errorMessage: String,
    val errorUrl: String,
) : JWTResponse

Usage Example

when (val result = consumerSessions.authenticateJwt(jwt)) {
    is StytchResult.Success -> when (result.value) {
        is JWTSessionResponse -> {
            // Local JWT validation succeeded
            val session = result.value.response
        }
        is JWTAuthResponse -> {
            // Remote authentication succeeded
            val session = result.value.response.session
        }
        is JWTErrorResponse -> {
            // NEW: Remote authentication failed with details
            println("Authentication failed: ${result.value.statusCode}")
            println("Error: ${result.value.errorMessage}")
            println("Request ID: ${result.value.requestId}")
        }
        is JwtNullResponse -> {
            // Fallback for other error types (unchanged)
        }
    }
}

B2B Sessions (Breaking Change)

Migration Required

B2B JWT authentication now properly returns StytchResult.Error when remote authentication fails, instead of StytchResult.Success(null).

Before (Old Code)

when (val result = b2bSessions.authenticateJwt(jwt)) {
    is StytchResult.Success -> {
        val memberSession = result.value // Could be null on failure
        if (memberSession != null) {
            // Authentication succeeded
        } else {
            // Authentication failed - no error details available
        }
    }
    is StytchResult.Error -> {
        // Handle local JWT validation errors only
    }
}

After (New Code Required)

when (val result = b2bSessions.authenticateJwt(jwt)) {
    is StytchResult.Success -> {
        val memberSession = result.value // Never null
        // Authentication succeeded
    }
    is StytchResult.Error -> {
        when (val exception = result.exception) {
            is StytchException.Response -> {
                // NEW: Remote authentication failed with full error details
                val error = exception.reason
                println("Auth failed: ${error.statusCode} - ${error.errorMessage}")
                println("Request ID: ${error.requestId}")

                // Handle specific error types
                when (error.statusCode) {
                    401 -> handleInvalidToken()
                    403 -> handlePermissionDenied()
                    500 -> handleServerError()
                }
            }
            is StytchException.Critical -> {
                // Local JWT validation errors (unchanged)
            }
        }
    }
}

Migration Checklist

For Consumer Sessions Users

• No action required - existing code continues to work
• Optional: Add handling for JWTErrorResponse to get enhanced error information

For B2B Sessions Users

• Required: Update JWT authentication error handling
• Replace null checks with StytchResult.Error handling
• Access error details via StytchException.Response.reason
• Update test cases that expected Success(null)

Full Changelog: 7.34.0...8.0.0

What's Changed

• Add organization_external_id to org creation via discovery by @ci-stytch in #129
• Bump version for external ID change by @mjiang-stytch in #130

New Contributors

• @mjiang-stytch made their first contribution in #130

Full Changelog: 7.33.0...7.34.0

What's Changed

• Bump jreleaser by @jhaven-stytch in #127
• Add roles to consumer sessions by @ci-stytch in #128

Full Changelog: 7.32.0...7.33.0

What's Changed

• Add delivery method option to member email update by @ci-stytch in #126

Full Changelog: 7.31.0...7.32.0

What's Changed

• Add raw signals to DFP fingerprint lookup by @ci-stytch in #124

Full Changelog: 7.30.0...7.31.0

What's Changed

• Make CreateUserRequest roles Optional by @ci-stytch in #123

Full Changelog: 7.29.0...7.30.0

What's Changed

• Release Debug.WhoAmI endpoint by @ci-stytch in #122

Full Changelog: 7.28.0...7.29.0

What's Changed

• Add User Roles for Consumer RBAC support by @ci-stytch in #121

Full Changelog: 7.27.0...7.28.0