Release Explorer
- Current release
- Release - 10/10/2025
- Release - 11/10/2025
- Release - 12/10/2025
- Release - 13/10/2025
- Release - 14/10/2025
- Release - 15/10/2025
- Release - 16/10/2025
- Release - 17/10/2025
- Release - 18/10/2025
- Release - 19/10/2025
- Release - 20/10/2025
- Release - 21/10/2025
- Release - 22/10/2025
- Release - 23/10/2025
- Release - 24/10/2025
- Release - 25/10/2025
- Release - 26/10/2025
- Release - 27/10/2025
- Release - 28/10/2025
- Release - 29/10/2025
- Release - 30/10/2025
- Release - 31/10/2025
- Release - 01/11/2025
- Release - 02/11/2025
- Release - 03/11/2025
- Release - 04/11/2025
- Release - 05/11/2025
- Release - 07/11/2025
- Release - 07/11/2025
- Release - 08/11/2025
- Release - 09/11/2025
- Release - 10/11/2025
- Release - 11/11/2025
- Release - 12/11/2025
Release Debug 2024
Overview
This release introduces a debug mode bypass in the ms-nodejs-backend system’s authentication and authorization process to facilitate development and troubleshooting. It allows skipping OAuth token validation and disables platform ID permission checks when specific environment settings are enabled.
New Features
- Added a bypass for token validation and user setup when the configuration flag
ignoreExpirationinjwkConfigis enabled and an environment variableORG_IDis set. - Automatically assigns a test user with global admin role and injects organization details from
ORG_IDfor debugging purposes.
Improvements / Changes
- Disabled platform ID permission checks that previously enforced that a user must belong to the platform associated with the provider.
- Commented out the permission verification that throws errors if a user's
platformIdsdoes not include the provider’s ID, allowing un-restricted access during debugging. - Logging a fatal message
"USER logged in without oauth"whenever the bypass is triggered, to clearly indicate the non-standard auth flow. - These changes are gated behind the
jwkConfig.ignoreExpiration()setting and the presence ofORG_IDenvironment variable, thus not affecting standard production behavior.
Bug Fixes
- None in this release.
Technical / Developer Notes
- The new debugging logic short-circuits the OAuth token validation by injecting a hard-coded test user with global admin privileges, organization data loaded from the environment, and an empty decoded token.
- The original platform ID authorization checks are left in the code as commented-out lines, making it easy to re-enable them if needed.
- This debug mode should ONLY be enabled in safe, non-production environments to avoid security risks.
- Developers should set environment variable
ORG_IDand enableignoreExpirationin the JWT configuration to activate this mode. - Extensive logging is introduced to help diagnose when the bypass is engaged.
Breaking Changes
- None. The debug bypass is opt-in and controlled by configuration flags to avoid impacting production systems.
This release aims to speed up local debugging and testing by allowing bypass of OAuth token validation and permission checks, accelerating developer workflows while maintaining safe guardrails.