mirror of https://github.com/stack-auth/stack.git synced 2026-06-30 21:01:54 +08:00

History

BilalG1 7d49f3c009 docs: clarify Microsoft OAuth email verification and account types (#1623 ) ## What Adds a Things to Know About Microsoft OAuth section to the Microsoft auth provider docs covering provider-specific behavior: - Emails are not marked as verified — Microsoft doesn't attest control of the returned email, so Hexclave treats Microsoft emails as unverified. Links to Microsoft's [claims validation guidance](https://learn.microsoft.com/en-us/entra/identity-platform/claims-validation#validate-the-subject). - Supported account types (custom OAuth keys only) — explains how the tenant type set in the dashboard/config maps to Microsoft's `{tenant}` endpoint segment (`common` / `organizations` / `consumers` / tenant ID), with the default being `consumers`. Links to Microsoft's [endpoint reference](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols#endpoints). Also fixes a leftover branding issue: the dev shared-keys `<Info>` callout said "Stack" instead of "Hexclave". ## Why The unverified-email behavior is surprising (sign-in succeeds but the email isn't verified) and previously undocumented. The account-types note helps developers using their own OAuth app pick the right tenant setting. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds a “Things to Know About Microsoft OAuth” section explaining that Microsoft emails are treated as unverified and how account types map to Microsoft tenant endpoints (custom keys only, default is `consumers`). Also fixes the dev shared-keys callout to correctly use Hexclave branding and behavior. <sup>Written for commit `7ae78d6e52`. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/hexclave/pull/1623?utm_source=github" target="_blank" rel="noopener noreferrer" data-no-image-dialog="true"><picture><source media="(prefers-color-scheme: dark)" srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img alt="Review in cubic" src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Documentation * Updated Microsoft authentication provider guide to clarify that Hexclave automatically creates shared development keys and displays its logo on the OAuth sign-in page. * Added section explaining Microsoft OAuth email verification behavior and how account types map to Microsoft tenant settings. <!-- end of auto-generated comment: release notes by coderabbit.ai -->		2026-06-19 13:04:20 -07:00
..
api	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
guides	docs: clarify Microsoft OAuth email verification and account types (#1623 )	2026-06-19 13:04:20 -07:00
images	Python & REST API setup instructions	2026-06-03 17:12:18 -07:00
openapi	Update OpenAPI specs	2026-06-17 15:23:30 -07:00
sdk	Aggressively deprecate app.urls.xyz & update docs to avoid it	2026-06-17 09:56:41 -07:00
snippets	Update :without-hexclave to :inner	2026-06-17 10:25:00 -07:00
.gitignore	New setup (#1413 )	2026-05-06 12:03:06 -07:00
apps-sidebar-filter.js	Update docs apps filter field based on theme	2026-05-07 11:08:39 -07:00
code-language-labels.js	Update User Fundamentals	2026-05-22 16:28:43 -07:00
docs.json	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
index.mdx	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
llms.txt	Clearer local dev environment	2026-06-16 12:26:32 -07:00
migration.mdx	feat(oauth): per-provider customCallbackUrl for redirect_uri (#1512 )	2026-05-28 12:28:38 -07:00
package.json	chore: update package versions	2026-06-17 20:31:22 +00:00
README.md	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482 )	2026-05-29 15:21:59 -07:00
style.css	Fix docs sidebar icons	2026-05-25 10:59:34 -07:00

README.md

docs-mintlify

How to run the Mintlify docs preview locally from this repository.

Prerequisites

Node.js >=20.17.0
pnpm
Repository dependencies installed (pnpm install from repo root)
OpenAPI specs in openapi/ are committed to git. Hosted Mintlify cannot run monorepo codegen on deploy, so these files must be present in the repo for production docs.

When you change API route OpenAPI metadata, regenerate and commit the four specs from the repo root:
```
pnpm run --filter @hexclave/backend codegen-docs
git add docs-mintlify/openapi/
```
That writes client.json, server.json, admin.json, and webhooks.json into docs-mintlify/openapi/ (and into docs/openapi/ for the legacy Fumadocs app). CI fails if pnpm codegen produces different output than what is committed (see root lint-and-build workflow).

Run locally

From the repository root:

pnpm -C docs-mintlify run dev

This starts Mintlify in docs-mintlify on http://localhost:${NEXT_PUBLIC_HEXCLAVE_PORT_PREFIX:-81}04 (for example, http://localhost:8104 with the default prefix).

From inside docs-mintlify, you can also run:

pnpm dev

Useful variants:

# Override the default port
pnpm -C docs-mintlify run dev -- --port 3333

# Skip OpenAPI processing for faster iteration
pnpm -C docs-mintlify run dev -- --disable-openapi

Search + assistant in local preview

If you want local search and the Mintlify assistant:

pnpm -C docs-mintlify run login
pnpm -C docs-mintlify run status

Then re-run pnpm -C docs-mintlify run dev.

Package scripts

From repo root:

pnpm -C docs-mintlify run lint
pnpm -C docs-mintlify run typecheck
pnpm -C docs-mintlify run build
pnpm -C docs-mintlify run clean

lint runs both mint validate and mint broken-links.