chore: fix lockfile (#3037)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/hasura-auth-js@2.7.0

### Minor Changes

-   fe6e8e2: feat: add email OTP sign-in functionality
- 72899a6: fix: use a unique `broadcastKey` per nhost client for
synchronizing authentication state across browser tabs

## @nhost/nhost-js@3.2.0

### Minor Changes

- 72899a6: fix: use a unique `broadcastKey` per nhost client for
synchronizing authentication state across browser tabs

### Patch Changes

-   Updated dependencies [fe6e8e2]
-   Updated dependencies [72899a6]
    -   @nhost/hasura-auth-js@2.7.0

## @nhost/react@3.7.0

### Minor Changes

-   fe6e8e2: feat: add email OTP sign-in functionality

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost/vue@2.7.0

### Minor Changes

-   fe6e8e2: feat: add email OTP sign-in functionality

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost/apollo@8.0.0

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost/react-apollo@14.0.0

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/apollo@8.0.0

## @nhost/react-urql@11.0.0

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0

## @nhost/nextjs@2.1.23

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0

## @nhost/dashboard@2.7.1

# @nhost/dashboard

## 1.30.0

### Minor Changes

- 50441a8: feat: add ui for project autoscaler settings and run services
autoscaler settings

## 1.29.0

### Minor Changes

-   55d8bb5: feat: integrate turnstile for signup verification
-   2a2e54c: fix: update docs url in run services form tooltip
- 18f942f: fix: display long error messages in error toast without
overflow

### Patch Changes

-   @nhost/react-apollo@13.0.0
-   @nhost/nextjs@2.1.22

## 1.28.2

### Patch Changes

- 52a38fe: chore: update dependencies to address security
vulnerabilities
-   Updated dependencies [52a38fe]
    -   @nhost/nextjs@2.1.21

## 1.28.1

### Patch Changes

-   9735fa2: chore: remove broken link

## 1.28.0

### Minor Changes

- 526183a: feat: allow filtering users in "make request as" in graphql
section
-   be3b85b: feat: add conceal errors toggle on auth settings page

### Patch Changes

- 35a2f12: fix: prevent run service details from opening when attempting
to delete
    -   @nhost/react-apollo@12.0.6
    -   @nhost/nextjs@2.1.20

## 1.27.0

### Minor Changes

-   a7cd02c: fix: resolve rate limit query

## 1.26.0

### Minor Changes

-   3773ad7: chore: update pricing information
- b63250d: fix: not allow run service creation form resubmission while
creating a run service
-   a44a1d4: feat: add rate limits settings page

### Patch Changes

-   @nhost/react-apollo@12.0.5
-   @nhost/nextjs@2.1.19

## 1.25.0

### Minor Changes

- d1ceede: feat: add setting to migrate postgres major and/or minor
versions
- e5d3d1a: fix: allow manually typing column for custom check in
database row permissions

### Patch Changes

-   @nhost/react-apollo@12.0.4
-   @nhost/nextjs@2.1.18

## 1.24.1

### Patch Changes

- 49f2e55: fix: use service subdomain in service form and service
details dialog
- 598b988: fix: use current project subdomain in ServiceDetailsDialog
component

## 1.24.0

### Minor Changes

-   abb24af: chore: add redirect to support page when project is locked
- 18a6455: feat: show contact us info and locked reason when project is
locked

### Patch Changes

-   e31eefa: fix: include ingresses field when updating run services

## 1.23.0

### Minor Changes

-   33284d3: fix: don't show double scrollbar in configuration editor

### Patch Changes

-   @nhost/react-apollo@12.0.3
-   @nhost/nextjs@2.1.17

## 1.22.0

### Minor Changes

-   998c037: fix: align drop-down list in select component
- 807b8c0: fix: show city name in region selection for project creation

## 1.21.0

### Minor Changes

- a2efeed: fix: improve project health error handling, add unknown state
and polling interval for health state

## 1.20.0

### Minor Changes

- 8ea4210: fix: error toasts can be closed individually, instead of
dismissing all toasts at once
- 58919ba: chore: add blink animation when project health service is
updating

## 1.19.0

### Minor Changes

- b519862: fix: get configuration in configuration editor using local
development environment

## 1.18.0

### Minor Changes

- 502abad: feat: add services health checks indicators to the overview
page
-   b3ff6ad: chore: update title text on service status modal
- dbadf59: feat: add project configuration TOML editor to the settings
page

## 1.17.0

### Minor Changes

- 77fba27: fix: postgres version validation when activating ai in ai
settings page
-   ac6d1b6: feat: use name instead of awsName

## 1.16.3

### Patch Changes

- 87a37cf: fix: remove unnecessary isPlatform check from verify button
disable logic on custom domains
    -   @nhost/react-apollo@12.0.2
    -   @nhost/nextjs@2.1.16

## 1.16.2

### Patch Changes

- a9413af: fix: update `GetAllWorkspacesAndProjects` query polling to
use exponential backoff
    -   @nhost/react-apollo@12.0.1
    -   @nhost/nextjs@2.1.15

## 1.16.1

### Patch Changes

-   @nhost/react-apollo@12.0.0
-   @nhost/nextjs@2.1.14

## 1.16.0

### Minor Changes

- c6d5c5c: feat: add toggle switch to enable/disable public access in
the database settings

## 1.15.2

### Patch Changes

-   @nhost/react-apollo@11.0.4
-   @nhost/nextjs@2.1.13

## 1.15.1

### Patch Changes

-   @nhost/react-apollo@11.0.3
-   @nhost/nextjs@2.1.12

## 1.15.0

### Minor Changes

-   a7bde37: feat: send metadata in the edit form

### Patch Changes

- 1bc615b: feat: improve error message handling in `ErrorToast`
component
    -   @nhost/react-apollo@11.0.2
    -   @nhost/nextjs@2.1.11

## 1.14.0

### Minor Changes

-   a448d7d: feat: allow configuring postmark and delete SMTP settings

## 1.13.3

### Patch Changes

-   5924bc3: fix: include password in `GetSmtpSettings` query
- c5ad634: fix: resolved an issue where one-click install links were
broken on Safari
- 7278991: fix: update graphql auto-embeddings configuration to use
String type for model field

## 1.13.2

### Patch Changes

-   026f84f: fix: use configuration server URL from environment variable

## 1.13.1

### Patch Changes

-   7e9a2ce: fix: resolve issue where run services form fails to open

## 1.13.0

### Minor Changes

-   dd5d262: feat: add model field to the auto-embeddings form
- 09962be: feat: enable settings and run services when running the
dashboard locally
- 9cdecb6: feat: enable users to update their email address from the
account settings page

## 1.12.2

### Patch Changes

-   c195c51: fix: send email upon signin for unverified users

## 1.12.1

### Patch Changes

- 93ebdf8: fix: use service urls when initilizaing NhostClient running
local dashboard
    -   @nhost/react-apollo@11.0.1
    -   @nhost/nextjs@2.1.10

## 1.12.0

### Minor Changes

- f242e4b: feat: add connect with github to the user's account settings
-   768ca17: chore: update dependencies
- d62bd0f: fix: "Track this" option within the SQL editor now correctly
updates the metadata
- 91c2bb6: feat: refactor sign-in and sign-up pages to enforce email
verification

### Patch Changes

-   943831f: fix: resolve an error toast issue when unpausing a project
-   Updated dependencies [768ca17]
    -   @nhost/react-apollo@11.0.0
    -   @nhost/nextjs@2.1.9

## 1.11.2

### Patch Changes

-   @nhost/react-apollo@10.0.2
-   @nhost/nextjs@2.1.8

## 1.11.1

### Patch Changes

-   981404f: fix: set default value for healthCheck field validation

## 1.11.0

### Minor Changes

- 7789469: chore: upgrade dependency `@graphql-codegen/cli` to `5.0.2`
to address vulnerability
- 6c11b75: feat: add update user displayName section in account settings

### Patch Changes

-   @nhost/react-apollo@10.0.1
-   @nhost/nextjs@2.1.7

## 1.10.0

### Minor Changes

-   49a80c2: chore: update dependencies
-   150c04a: feat: add healthcheck config to run services

### Patch Changes

- e03f141: fix: allow insert, update and delete on tables in `auth` and
`storage` schemas
- 28676f4: feat: add min postgres version check to enable the ai service
-   Updated dependencies [49a80c2]
    -   @nhost/react-apollo@10.0.0
    -   @nhost/nextjs@2.1.6

## 1.9.0

### Minor Changes

-   d86e5c9: feat: add support for filtering the logs using a RegExp

## 1.8.3

### Patch Changes

-   @nhost/react-apollo@9.0.3
-   @nhost/nextjs@2.1.5

## 1.8.2

### Patch Changes

- 6df4f02: fix: use custom error toast and show correct message when
sending an invite

## 1.8.1

### Patch Changes

-   @nhost/react-apollo@9.0.2
-   @nhost/nextjs@2.1.4

## 1.8.0

### Minor Changes

- 713d53c: feat: add catch-all route for workspace/project - useful for
documentation

### Patch Changes

-   3db2999: fix: refresh table list after running SQL using the editor
- 3c4dd55: fix: handle `Error` objects properly in the `ErrorToast`
component
- 92b434e: fix: resolve an issue where the checkbox in the data-grid
header did not select all rows
    -   @nhost/react-apollo@9.0.1
    -   @nhost/nextjs@2.1.3

## 1.7.0

### Minor Changes

-   0d8d0eb: Update docs and dashboard references

## 1.6.9

### Patch Changes

-   @nhost/react-apollo@9.0.0
-   @nhost/nextjs@2.1.2

## 1.6.8

### Patch Changes

-   @nhost/react-apollo@8.0.1
-   @nhost/nextjs@2.1.1

## 1.6.7

### Patch Changes

-   5ef5189: fix: update `@apollo/client` to `3.9.4` to fix a cache bug

## 1.6.6

### Patch Changes

-   3ba485e: fix: added discord.com to connect-src
-   e5bab6a: chore: update dependencies
-   Updated dependencies [b19ffed]
-   Updated dependencies [e5bab6a]
    -   @nhost/nextjs@2.1.0
    -   @nhost/react-apollo@8.0.0

## 1.6.5

### Patch Changes

- ba73bb4: fix: update ErrorToast component to show the internal graphql
error
- d5337ff: fix: utilize accumulator in the creation of validation schema
within data grid utils

## 1.6.4

### Patch Changes

-   7c2a1c2: feat: show error and debug info in the error toast

## 1.6.3

### Patch Changes

-   6b8aad5: fix: add bare nhost.run to CSP

## 1.6.2

### Patch Changes

-   b18edc0: feat: added CSP and X-Frame-Options

## 1.6.1

### Patch Changes

-   8d91f71: chore: update deps and enable pnpm audit
- 3b8473b: chore: update turbo to `1.11.3` and pnpm to `8.10.5` in
Dockerfile
-   Updated dependencies [8d91f71]
    -   @nhost/react-apollo@7.0.2
    -   @nhost/nextjs@2.0.2

## 1.6.0

### Minor Changes

-   3ff1c2b53: fix: show upgrade option for pro projects

## 1.5.0

### Minor Changes

-   c2ef17c0a: feat: add support for new Team plan

## 1.4.0

### Minor Changes

-   7883bbcbd: feat: don't show deprecated plans
- 44be6dc0a: feat: set redirectTo during sign-in to support preview
environments

### Patch Changes

- 3c3594898: fix: allow access to graphite when configured running in
local dashboard
-   32c246b7a: chore: update docs icon

## 1.3.2

### Patch Changes

-   174b4165b: chore: use env variables when running graphql codegen
-   7c977e714: chore: change `Allowed Roles` to `Default Allowed Roles`
-   46f028b9f: fix: remove hardcoded ai version setting

## 1.3.1

### Patch Changes

- af33c21d1: chore: remove backendUrl deprecation notice and remove all
references to `providersUpdated`

## 1.3.0

### Minor Changes

-   04784d880: Fix graphite's default version

## 1.2.0

### Minor Changes

-   5733162ed: feat: add settings and ui for graphite

## 1.1.0

### Minor Changes

-   e2b79b5ec: chore: remove sharp from deps

## 1.0.1

### Patch Changes

-   @nhost/react-apollo@7.0.1
-   @nhost/nextjs@2.0.1

## 1.0.0

### Major Changes

- bc9eff6e4: chore: remove support for using backendUrl when
instantiating the Nhost client

### Patch Changes

-   Updated dependencies [bc9eff6e4]
    -   @nhost/nextjs@2.0.0
    -   @nhost/react-apollo@7.0.0

## 0.21.1

### Patch Changes

-   97ced73a3: fix(dashboard): prevent dashboard from resolving secrets

## 0.21.0

### Minor Changes

- ed1a8d458: Update alert message on increasing PostgreSQL's volume
capacity
-   2e2248fd4: feat(dashboard): add SQL editor

## 0.20.28

### Patch Changes

-   7c2c31082: feat: add support for users to delete their account
    -   @nhost/react-apollo@6.0.1
    -   @nhost/nextjs@1.13.40

## 0.20.27

### Patch Changes

- fa79b7709: chore(dashboard): tweaks and fixes to the service form and
dialog
-   8df84d782: fix(dashboard): allow resetting custom domains
    -   @nhost/react-apollo@6.0.0
    -   @nhost/nextjs@1.13.39

## 0.20.26

### Patch Changes

- 331ba0376: feat(dashboard): add postgres storage capacity modifier in
the settings
-   b7f801874: feat(dashboard): add new settings page for custom domains

## 0.20.25

### Patch Changes

-   @nhost/react-apollo@5.0.38

## 0.20.24

### Patch Changes

-   e10389ecf: fix(dashboard): disable run tab when developing locally
    -   @nhost/react-apollo@5.0.37

## 0.20.23

### Patch Changes

-   c01568a7d: chore(dashboard): show alert to update oauth providers

## 0.20.22

### Patch Changes

-   c3efb7ec8: feat(dashboard): query latest announcement from platform

## 0.20.21

### Patch Changes

-   3e46d3873: chore: update link to node18 announcement

## 0.20.20

### Patch Changes

-   @nhost/react-apollo@5.0.36
-   @nhost/nextjs@1.13.38

## 0.20.19

### Patch Changes

-   75c4c8ae3: feat(dashboard): make env value input multiline

## 0.20.18

### Patch Changes

- 425d485f8: fix(dashboard): make sure dedicated resources pricing
follows total resources

## 0.20.17

### Patch Changes

-   ae324f67f: fix(dashboard): remove unused graphql fields

## 0.20.16

### Patch Changes

-   df5b4302c: chore(dashboard): remove run feature flag
- bf4a1f6c2: feat(dashboard): fetch auth, postgres, hasura and storage
versions from dashboard
- 34fc08ca7: fix(dashboard/run): show correct private registry in
service details
-   885d10620: chore(dashboard): change feedback to contact us

## 0.20.15

### Patch Changes

- ed16c8b5d: feat(run): add a confirmation dialog when deleting a run
service
- 216990888: fix(run): center loading indicator when selecting a project

## 0.20.14

### Patch Changes

-   9fbea9787: feat: add node18 announcement

## 0.20.13

### Patch Changes

- e84acf469: fix(run): handle subdomain undefined error when creating a
new service

## 0.20.12

### Patch Changes

-   b7c799d62: feat(run): add dialog to copy registry and URLs

## 0.20.11

### Patch Changes

-   8903e6abd: fix(dashboard): show correct egress limit in usage stats

## 0.20.10

### Patch Changes

- 666a75a23: feat(dashboard): add functions execution time and egress
volume to usage stats

## 0.20.9

### Patch Changes

-   5e1e80aa8: fix(dashboard): show correct locales in user details
    -   @nhost/react-apollo@5.0.35
    -   @nhost/nextjs@1.13.37

## 0.20.8

### Patch Changes

-   @nhost/react-apollo@5.0.34
-   @nhost/nextjs@1.13.36

## 0.20.7

### Patch Changes

-   4a7ede11e: fix: distinguish files that were not uploaded
- 202b64723: feat(nhost-run): add support for one-click-install run
services
- 074a0fa11: feat(dashboard): add settings toggle to enable/disable
antivirus
    -   @nhost/react-apollo@5.0.33
    -   @nhost/nextjs@1.13.35

## 0.20.6

### Patch Changes

-   b20761e97: feat(services): add pricing info and confirmation dialog
-   90df6d81d: fix(services): handle null values when editing a service
-   aa8508467: fix: query service logs correctly
    feat: enable multiline support for environment value input

## 0.20.5

### Patch Changes

-   8d7f84b8d: fix: make announcement adapt to theme

## 0.20.4

### Patch Changes

-   3b75bfce2: fix: make announcement close properly
- f49819075: fix: show correct values when dedicated resources are
disabled

## 0.20.3

### Patch Changes

-   e643bd362: fix(services): fix errors when config is null
-   bcdab66bf: feat: add annoucement for nhost run
-   f967a2e59: added note about storage not being able to be downsized
-   311c7756d: chore(services): consistent naming for compute

## 0.20.2

### Patch Changes

-   9073182d5: chore(dashboard): bump `turbo` to 1.10.11
-   ece717d6e: feat(logs): show services in the logs page
- 82b335311: feat(metrics): change grafana link to point to the
dashboards
- b135ef695: fix(services): set command as optional and set min replicas
to 0

## 0.20.1

### Patch Changes

-   3d5c34f4c: fix(auth): fix users pagination limit

## 0.20.0

### Minor Changes

-   c99d117d1: feat(services): add support for custom services

## 0.19.2

### Patch Changes

-   face99ccd: chore(deps): bump turbo version
-   cfe527307: style: tweak pull config warning in dark mode
- a9d7da8af: chore(deps): update dependency @types/pluralize to ^0.0.30
-   9aa4371ef: chore: add hasura-auth version 0.21.2
- d14e112bf: chore(deps): update dependency prettier-plugin-tailwindcss
to ^0.4.0
-   d3e8bb94a: chore(deps): update dependency vite-plugin-dts to v3

## 0.19.1

### Patch Changes

-   @nhost/react-apollo@5.0.32
-   @nhost/nextjs@1.13.34

## 0.19.0

### Minor Changes

- 9c61c69a7: chore(dashboard):add postgres 14.6-20230705-1 to the
version selector

### Patch Changes

-   47bda15ff: feat(settings): add warning to pull config

## 0.18.0

### Minor Changes

- ee0b9b8ed: chore(dashboard):add hasura v2.28.2 and v2.29.0 to the
version selector

## 0.17.20

### Patch Changes

-   @nhost/react-apollo@5.0.31
-   @nhost/nextjs@1.13.33

## 0.17.19

### Patch Changes

-   f866120a6: fix(users): use the password length from the config

## 0.17.18

### Patch Changes

-   @nhost/react-apollo@5.0.30
-   @nhost/nextjs@1.13.32

## 0.17.17

### Patch Changes

-   ea7b102c0: fix(pat): highlight expired tokens

## 0.17.16

### Patch Changes

- b3b64a3b7: chore(deps): bump `@types/react` to `v18.2.14` and
`@types/react-dom` to `v18.2.6`
-   32b221f94: chore(deps): bump `graphiql` to `v3`
-   3a56c12df: chore(deps): bump `turbo` to `v1.10.6`
-   Updated dependencies [b3b64a3b7]
    -   @nhost/react-apollo@5.0.29
    -   @nhost/nextjs@1.13.31

## 0.17.15

### Patch Changes

-   f41fdc12a: chore(deps): bump `turbo` to `1.10.5`
-   6199c1c55: fix(projects): don't redirect to 404 page
-   Updated dependencies [07a45fde0]
    -   @nhost/react-apollo@5.0.28
    -   @nhost/nextjs@1.13.30

## 0.17.14

### Patch Changes

- 80b22724d: chore(deps): bump `@types/react` to `v18.2.13`,
`@types/react-dom` to `v18.2.6` and `@storybook/testing-library` to
`v0.2.0`

## 0.17.13

### Patch Changes

-   cc02902cb: chore(docs): update environment variable documentation

## 0.17.12

### Patch Changes

-   660d339e1: fix(storybook): don't break storybook
-   660d339e1: fix(tests): prevent warnings during tests
    -   @nhost/react-apollo@5.0.27
    -   @nhost/nextjs@1.13.29

## 0.17.11

### Patch Changes

- bd4d0c270: chore(dashboard):add postgres 14.6-20230613-1 to the
version selector

## 0.17.10

### Patch Changes

-   c8c2a10b2: fix(database): don't break the password reset flow
- e70b45498: chore(deps): bump `@types/react` to `v18.2.12` and
`@types/react-dom` to `v18.2.5`

## 0.17.9

### Patch Changes

- 842055099: chore(deps): bump `turbo` to `v1.10.3` and `pnpm` to
`v8.6.2`
- fd12aa0a8: chore(projects): remove the postgres password input from
the project creation screen
-   022b76e78: chore(deps): bump `@types/react` to `v18.2.11`
-   3555ab2b7: chore(deps): bump `vitest` monorepo to `v0.32.0`
-   c43e54922: feat(backups): add download button to backups

## 0.17.8

### Patch Changes

-   d0457fe5c: feat(settings): improve the dashboard and config parity
    -   @nhost/react-apollo@5.0.26
    -   @nhost/nextjs@1.13.28

## 0.17.7

### Patch Changes

-   4f0368b95: fix(account): don't break account settings page

## 0.17.6

### Patch Changes

- 64a8f41d0: chore(resources): lower the maximum allowed resources per
service

## 0.17.5

### Patch Changes

-   @nhost/react-apollo@5.0.25
-   @nhost/nextjs@1.13.27

## 0.17.4

### Patch Changes

- 9b1d0f7a5: fix(deployments): use correct timestamp for deployment
details
-   6d2963ffa: chore(deps): bump `@types/react` to `v18.2.8`
- 8871267b9: chore(deps): downgrade `pnpm` to `v8.5.1` because of no
Turborepo support

## 0.17.3

### Patch Changes

-   01eeef9de: chore(misc): under the hood improvements
- 21e13db05: chore(deps): bump `@types/react` to `v18.2.7` and `turbo`
to `v1.10.1`
- f16433ae6: chore(secrets): allow empty secrets and environment
variables
-   aa3c62989: chore(cli): bump Nhost CLI version to v1.0
    -   @nhost/react-apollo@5.0.24
    -   @nhost/nextjs@1.13.26

## 0.17.2

### Patch Changes

-   88a4983f: chore(misc): under the hood improvements

## 0.17.1

### Patch Changes

-   9b0d4dde: feat(secrets): enable secrets

## 0.17.0

### Minor Changes

-   15d84a19: Add postgres 14.6-20230525

## 0.16.14

### Patch Changes

-   4c626174: chore: updated import paths, improved directory structure
-   cc047b71: chore(deps): bump `@fontsource` monorepo to `v5.0.0`
-   99edd012: feat(account): add support for personal access tokens

## 0.16.13

### Patch Changes

-   78c7109c: feat(settings): allow selecting service versions

## 0.16.12

### Patch Changes

- 399009d6: fix(gql): don't enter an infinite loop when fetching remote
app data
- 329e5a91: fix(deployments): use the same sorting of deployments
everywhere
- 6d559d6e: chore(settings): add under the hood improvements to the
settings page
- 12eb236c: chore(deps): bump `prettier-plugin-tailwindcss` to `v0.3.0`
-   f9b81a2a: chore(deps): bump `turbo` to `v1.9.8`
-   1345741b: fix(projects): don't redirect to 404 on project creation
-   Updated dependencies [7fea29a8]
    -   @nhost/react-apollo@5.0.23
    -   @nhost/nextjs@1.13.25

## 0.16.11

### Patch Changes

- 1230b722: fix(projects): don't redirect to 404 on when the project is
renamed
    -   @nhost/react-apollo@5.0.22
    -   @nhost/nextjs@1.13.24

## 0.16.10

### Patch Changes

-   Updated dependencies [da03bf39]
    -   @nhost/react-apollo@5.0.21
    -   @nhost/nextjs@1.13.23

## 0.16.9

### Patch Changes

- 349aac36: fix(settings): use region domain when constructing the
postgres connection string

## 0.16.8

### Patch Changes

- 20fb69fa: chore(projects): change the way how API URLs are constructed

## 0.16.7

### Patch Changes

- 49f9b837: chore(docker): bump `pnpm` to `v8.4.0` and `turbo` to
`v1.9.3`
- 3f478a4e: chore(deps): bump `vitest` to `v0.31.0`, `@types/react` to
`v18.2.6` and `@types/react-dom` to `v18.2.4`

## 0.16.6

### Patch Changes

- d926f156: fix(projects): redirect to 404 when an invalid project is
opened
- 49b99728: fix(projects): disable features for non-owner members of
workspaces

## 0.16.5

### Patch Changes

-   12e2855f: chore(deps): bump `jsdom` to v22
-   e4972b83: feat(metrics): add Grafana page

## 0.16.4

### Patch Changes

- 3f396a9e: fix(projects): unpause after upgrading a paused project to
pro
- 3f396a9e: fix(projects): don't redirect to 404 page after project
creation

## 0.16.3

### Patch Changes

-   Updated dependencies [90c60311]
    -   @nhost/react-apollo@5.0.20
    -   @nhost/nextjs@1.13.22

## 0.16.2

### Patch Changes

-   0f34f0c6: fix(projects): disallow downgrading to free plan
- 8da291ad: chore(deps): bump `@types/react` to v18.2.0 and
`@types/react-dom` to v18.2.1

## 0.16.1

### Patch Changes

- adc828a5: fix(gql): don't enter an infinite loop when fetching remote
app data

## 0.16.0

### Minor Changes

-   2fb1145f: feat(compute): add support for replicas

### Patch Changes

- d8ceccec: chore(env): remove deprecated `NHOST_BACKEND_URL`
environment variable

## 0.15.2

### Patch Changes

-   84b84ab7: fix(projects): filter projects by workspace

## 0.15.1

### Patch Changes

-   2faf7907: chore(deps): bump `graphql-request` to v6
-   f1b5a944: chore(deps): bump `@vitejs/plugin-react` to v4
-   7f1785ac: chore(deps): bump `@types/react` to v18.0.37
    -   @nhost/react-apollo@5.0.19

## 0.15.0

### Minor Changes

-   85889ee8: feat(dashboard): add Compute management to the settings

## 0.14.8

### Patch Changes

-   668c8771: chore(dialogs): unify dialog management of payment dialogs

## 0.14.7

### Patch Changes

-   d4ccc656: chore: cleanup unused code
    -   @nhost/react-apollo@5.0.18
    -   @nhost/nextjs@1.13.21

## 0.14.6

### Patch Changes

-   b299cfc9: chore(deps): bump `vitest` to v0.30.0
-   411cb65b: chore(projects): refactor workspace and project hooks
- 43b1b144: chore(deps): bump `@types/react` to v18.0.34 and
`@types/react-dom` to v18.0.11
-   Updated dependencies [43b1b144]
    -   @nhost/react-apollo@5.0.17
    -   @nhost/nextjs@1.13.20

## 0.14.5

### Patch Changes

-   ba0d57ee: fix(i18n): revert i18n library
-   3328ed05: feat(projects): improve overview when there is an error

## 0.14.4

### Patch Changes

-   5e0920ba: chore(deps): bump `next-seo` to v6
-   706c9dc3: chore(deps): bump `@types/react` to 18.0.33
-   99f8f6b3: feat(metrics): show metrics on the overview

## 0.14.3

### Patch Changes

-   @nhost/react-apollo@5.0.16

## 0.14.2

### Patch Changes

-   3cb67300: fix(logs): don't break UI when clearing time picker
-   7453bf3b: feat(projects): show project creator info
-   c166dad0: chore(tests): improve auth page tests
-   6a290bb2: chore(deps): bump `@types/react` to 18.0.32

## 0.14.1

### Patch Changes

-   @nhost/react-apollo@5.0.15
-   @nhost/nextjs@1.13.19

## 0.14.0

### Minor Changes

-   6e1f03ea: feat(dashboard): add support for the Azure AD provider

### Patch Changes

-   1bd2c373: chore(deps): bump `turbo` to 1.8.6
-   d329b621: chore(deps): bump `@types/react` to 18.0.30
-   cb248f0d: fix(tests): avoid name collision in database tests
-   867c8076: chore(deps): bump `@types/react` to 18.0.29

## 0.13.10

### Patch Changes

- e93b06ab: fix(dashboard): remove left margin from workspace list on
mobile
-   1c4806bf: chore(deps): bump `sharp` to 0.32.0
    -   @nhost/react-apollo@5.0.14
    -   @nhost/nextjs@1.13.18

## 0.13.9

### Patch Changes

-   912ed76c: chore(dashboard): bump `@apollo/client` to 3.7.10
-   Updated dependencies [912ed76c]
    -   @nhost/react-apollo@5.0.13

## 0.13.8

### Patch Changes

-   7c127372: chore(dashboard): bump `react-error-boundary` to v4

## 0.13.7

### Patch Changes

- 9130ab12: chore(dashboard): bump `yup` to v1 and `@hookform/resolvers`
to v3

## 0.13.6

### Patch Changes

- 253dd235: using new mutation to create projects + refactor Create
Project page.

## 0.13.5

### Patch Changes

-   @nhost/react-apollo@5.0.12
-   @nhost/nextjs@1.13.17

## 0.13.4

### Patch Changes

-   b48bc034: fix(dashboard): disable new users
-   798e591b: fix(dashboard): show correct date in data grid

## 0.13.3

### Patch Changes

-   bfb4c1a6: chore(dashboard): remove `useAxios` property
-   d8d8394b: Dashboard: allow to override hasura admin secret in docker
-   Updated dependencies [ce1ee40d]
    -   @nhost/nextjs@1.13.16
    -   @nhost/react-apollo@5.0.11

## 0.13.2

### Patch Changes

-   beed2eba: Fix docker entrypoint for dashboard
- 2c8559a3: fix(dashboard): refresh project list after deleting a
project
-   4329d048: chore(dashboard): bump `graphiql` dependencies

## 0.13.1

### Patch Changes

-   cbb1fc5b: chore(dashboard): cleanup GraphQL operations

## 0.13.0

### Minor Changes

-   088584e7: feat(dashboard): add support for custom local subdomains

### Patch Changes

-   2ac90dfd: fix(dashboard): improve mobile responsive layout
-   Updated dependencies [f375eacc]
    -   @nhost/nextjs@1.13.15
    -   @nhost/react-apollo@5.0.10

## 0.12.4

### Patch Changes

-   @nhost/react-apollo@5.0.9
-   @nhost/nextjs@1.13.14

## 0.12.3

### Patch Changes

-   2b1338f7: chore(dashboard): bump `turbo` to 1.8.3
- 5223ee93: fix(dashboard): show correct deployment status on the main
page
-   850a049c: chore(deps): update docker/build-push-action action to v4
-   Updated dependencies [850a049c]
    -   @nhost/nextjs@1.13.13
    -   @nhost/react-apollo@5.0.8

## 0.12.2

### Patch Changes

-   4bf40995: chore(deps): bump `typescript` to `4.9.5`
-   8bb097c9: chore(deps): bump `vitest`
- 35d52aab: chore(deps): replace `cross-fetch` with `isomorphic-unfetch`
-   Updated dependencies [4bf40995]
-   Updated dependencies [8bb097c9]
-   Updated dependencies [35d52aab]
    -   @nhost/react-apollo@5.0.7
    -   @nhost/nextjs@1.13.12

## 0.12.1

### Patch Changes

-   c96d7ccd: fix(dashboard): fix docker builds

## 0.12.0

### Minor Changes

-   d1671210: feat(dashboard): use mimir to manage project configuration

### Patch Changes

-   f65e4de9: chore(deps): bump @graphql-codegen monorepo to v3

## 0.11.20

### Patch Changes

-   4b4f0d01: chore(dashboard): improve dialog management

## 0.11.19

### Patch Changes

-   @nhost/react-apollo@5.0.6
-   @nhost/nextjs@1.13.11

## 0.11.18

### Patch Changes

-   01318860: fix(nhost-js): use correct URL for functions requests
-   Updated dependencies [01318860]
    -   @nhost/react-apollo@5.0.5
    -   @nhost/nextjs@1.13.10

## 0.11.17

### Patch Changes

-   f673adea: fix(dashboard): set correct Content-Type for user creation
-   445d8ef4: chore(deps): bump `@nhost/react-apollo` to 5.0.4
-   445d8ef4: chore(deps): bump `@nhost/nextjs` to 1.13.9
- 0368663d: fix(dashboard): allow permission editing for auth and
storage schemas
-   Updated dependencies [445d8ef4]
-   Updated dependencies [445d8ef4]
    -   @nhost/react-apollo@5.0.4
    -   @nhost/nextjs@1.13.9

## 0.11.16

### Patch Changes

-   b755e908: fix(dashboard): use correct date for last seen
-   2d9145f9: chore(deps): revert GraphQL client
- 1ddf704c: fix(dashboard): don't show false positive message for failed
user creation
    -   @nhost/react-apollo@5.0.3
    -   @nhost/nextjs@1.13.8

## 0.11.15

### Patch Changes

-   @nhost/react-apollo@5.0.2
-   @nhost/nextjs@1.13.7

## 0.11.14

### Patch Changes

- 2cc18dcb: fix(dashboard): prevent permission editor dropdown from
being always open

## 0.11.13

### Patch Changes

- 3343a363: chore(dashboard): bump `@testing-library/react` to v14 and
`@testing-library/dom` to v9
    -   @nhost/react-apollo@5.0.1
    -   @nhost/nextjs@1.13.6

## 0.11.12

### Patch Changes

- 87eda76e: chore(dashboard): bump `@types/react` to v18.0.28 and
`@types/react-dom` to v18.0.11
-   6f0ac570: feat(dashboard): show dashboard version in account menu

## 0.11.11

### Patch Changes

-   bf1e4071: chore(dashboard): bump `react-is` version to `18.2.0`
-   Updated dependencies [bf1e4071]
-   Updated dependencies [5013213b]
    -   @nhost/nextjs@1.13.5
    -   @nhost/react-apollo@4.13.5

## 0.11.10

### Patch Changes

- a37a430b: fix(dashboard): don't break UI when deployments are
unavailable
    -   @nhost/react-apollo@4.13.4
    -   @nhost/nextjs@1.13.4

## 0.11.9

### Patch Changes

-   7b970e68: fix(dashboard): fix header link color

## 0.11.8

### Patch Changes

- f33242f2: feat(dashboard): add new sign up, sign in and reset password
pages

## 0.11.7

### Patch Changes

-   e9c8909c: fix(dashboard): use correct theme color in dark mode

## 0.11.6

### Patch Changes

-   902f486b: fix(dashboard): re-enable Hasura on logs page

## 0.11.5

### Patch Changes

-   1f9720fa: fix(dashboard): apply select permissions properly

## 0.11.4

### Patch Changes

-   deb14b51: fix(dashboard): don't break billing form

## 0.11.3

### Patch Changes

-   @nhost/react-apollo@4.13.3
-   @nhost/nextjs@1.13.3

## 0.11.2

### Patch Changes

-   f143e51d: chore(dashboard): pin Turborepo to 1.6.3

## 0.11.1

### Patch Changes

-   c2b5a41a: chore(dashboard): select system colors by default

## 0.11.0

### Minor Changes

-   1ebaf429: feat(dashboard): introduce Dark Mode 🌚

### Patch Changes

- 63b445c4: fixed duplicated logs bug and made to date count during live
mode

## 0.10.1

### Patch Changes

-   e146d32e: chore(deps): update dependency @types/react to v18.0.27
-   59347fcd: correct allowed role name
-   5b65cac9: updated authentication documentation
-   963f9b5e: feat(dashboard): include project info in feedback

## 0.10.0

### Minor Changes

-   ed4c7801: chore(dashboard): remove Functions section

## 0.9.10

### Patch Changes

-   4e2f8ccd: fix(dashboard): don't break Auth page in local mode

## 0.9.9

### Patch Changes

-   31abbe5f: fix(dashboard): enable toggle when settings are filled in

## 0.9.8

### Patch Changes

- 5bdd31ad: chore(dashboard): list fewer images per page on the Storage
page
- 5121851c: fix(dashboard): don't throw validation error for valid
permission rules

## 0.9.7

### Patch Changes

-   c126b20d: fix(dashboard): correct redeployment button

## 0.9.6

### Patch Changes

-   36c3519c: feat(dashboard): retrigger deployments

## 0.9.5

### Patch Changes

- 200e9f77: chore(deps): update dependency @types/react-dom to v18.0.10
-   Updated dependencies [200e9f77]
    -   @nhost/nextjs@1.13.2
    -   @nhost/react-apollo@4.13.2

## 0.9.4

### Patch Changes

- dbd3ded5: fix(dashboard): workspaces creation, new form, correct
redirects.

## 0.9.3

### Patch Changes

-   85f0f943: fix(dashboard): don't break the table creation process

## 0.9.2

### Patch Changes

-   Updated dependencies [d42c27ae]
-   Updated dependencies [927be4a2]
    -   @nhost/nextjs@1.13.1
    -   @nhost/react-apollo@4.13.1

## 0.9.1

### Patch Changes

-   d0f80811: fix(dashboard): don't show error when signing out the user

## 0.9.0

### Minor Changes

- d92891b2: feat(dashboard): add Permission Editor to the Database
section

### Patch Changes

-   3d379128: fix(dashboard): create new user
    -   @nhost/react-apollo@4.13.0
    -   @nhost/nextjs@1.13.0

## 0.8.1

### Patch Changes

-   7cadd944: fix(dashboard): display Twitter provider settings

## 0.8.0

### Minor Changes

-   9a1aa7bb: add functions to the log dashboard
-   f29abe62: feat(dashboard): Users Management v2

### Patch Changes

-   7766624b: feat(dashboard): add JWT secret editor modal
    -   @nhost/react-apollo@4.12.1
    -   @nhost/nextjs@1.12.1

## 0.7.13

### Patch Changes

-   dd0738d5: fix(dashboard): provisioning status polling

## 0.7.12

### Patch Changes

-   b21222b3: chore(deps): update dependency @types/node to v16
-   9e0486a3: fix(dashboard): close modals when navigating
-   Updated dependencies [b21222b3]
-   Updated dependencies [65687bee]
-   Updated dependencies [54df0df4]
    -   @nhost/nextjs@1.12.0
    -   @nhost/react-apollo@4.12.0

## 0.7.11

### Patch Changes

-   d6527122: fix(dashboard): use correct service URLs

## 0.7.10

### Patch Changes

-   Updated dependencies [57db5b83]
    -   @nhost/nextjs@1.11.0
    -   @nhost/nhost-js@1.7.0
    -   @nhost/react@0.17.0
    -   @nhost/react-apollo@4.11.0

## 0.7.9

### Patch Changes

- a6d31dc2: fix(dashboard): don't break the UI when project is not
loaded yet

## 0.7.8

### Patch Changes

- 7f251111: Use `NhostProvider` instead of `NhostReactProvider` and
`NhostNextProvider`

    `NhostReactProvider` and `NhostNextProvider` are now deprecated

-   f4d70f88: fix(dashboard): do not break when region is nullish

- 4a9471cc: Windows Live Provider displayed link updated to match
backend url

- 594488e4: fix(dashboard): do not show error when submitting Apple
provider settings

-   Updated dependencies [7f251111]
    -   @nhost/nextjs@1.10.0
    -   @nhost/react@0.16.0
    -   @nhost/react-apollo@4.10.0

## 0.7.7

### Patch Changes

-   80b604ad: fix(dashboard): use correct Hasura slug

## 0.7.6

### Patch Changes

-   2d2beb53: fix(dashboard): prevent error on GraphQL page
-   ac8efcbd: chore(dashboard): deprecate old DNS name

## 0.7.5

### Patch Changes

-   132a4f4b: chore(dashboard): remove unused dependencies
- 132a4f4b: chore(deps): synchronize @types/react-dom and @types/react
versions
-   db57572f: fix(dashboard): correct section paddings when no env vars
-   Updated dependencies [132a4f4b]
    -   @nhost/react@0.15.2
    -   @nhost/react-apollo@4.9.2
    -   @nhost/nextjs@1.9.3

## 0.7.4

### Patch Changes

-   34d85e54: chore(deps): update dependency critters to ^0.0.16
- 9b93cf95: chore(deps): update dependency @netlify/functions to ^0.11.0
-   e0439030: chore(deps): update dependency @types/react-dom to v18.0.9
-   Updated dependencies [82124329]
    -   @nhost/nextjs@1.9.2

## 0.7.3

### Patch Changes

-   a1193da4: fix(dashboard): remove character limit from env var inputs

## 0.7.2

### Patch Changes

-   44f13f62: chore(dashboard): cleanup unused files

## 0.7.1

### Patch Changes

- e01cb2ed: chore(dashboard): change settings sidebar menu item density

## 0.7.0

### Minor Changes

- db342f45: chore(dashboard): refactor Roles and Permissions settings
sections
-   8b9fa0b1: feat(dashboard): add Environment Variables page

### Patch Changes

-   Updated dependencies [66b4f3d0]
-   Updated dependencies [2e6923dc]
-   Updated dependencies [ef117c28]
-   Updated dependencies [aebb8225]
    -   @nhost/core@0.9.4
    -   @nhost/nhost-js@1.6.2
    -   @nhost/nextjs@1.9.1
    -   @nhost/react@0.15.1
    -   @nhost/react-apollo@4.9.1

## 0.6.0

### Minor Changes

-   eef9c914: feat(dashboard): add Roles and Permissions page

## 0.5.0

### Minor Changes

-   a48dd5bf: feat(dashboard): make backend port configurable

## 0.4.3

### Patch Changes

-   5de965d9: fix(dashboard): alphabetic ordering of providers
-   b9087a4a: fix(dashboard): console -> dashboard terminology
-   ca012d79: docs(workos): WorkOS Docs

## 0.4.2

### Patch Changes

-   89bd37bc: fix(dashboard): correct redirect URL input opacity
-   Updated dependencies [4601d84e]
-   Updated dependencies [843087cb]
    -   @nhost/react@0.15.0
    -   @nhost/nextjs@1.9.0
    -   @nhost/react-apollo@4.9.0

## 0.4.1

### Patch Changes

-   766cb612: fix(dashboard): correct redirect URL for oauth providers
-   Updated dependencies [53bdc294]
-   Updated dependencies [f2aaff05]
    -   @nhost/nextjs@1.8.3
    -   @nhost/core@0.9.3
    -   @nhost/react@0.14.3
    -   @nhost/nhost-js@1.6.1
    -   @nhost/react-apollo@4.8.3

## 0.4.0

### Minor Changes

-   9211743d: feat(dashboard): migrate Settings page features

## 0.3.0

### Minor Changes

-   73da6a67: fix(dashboard): avoid using BACKEND_URL locally

## 0.2.0

### Minor Changes

-   db118f97: feat(dashboard): generate Docker image

## @nhost/docs@2.22.0

### Minor Changes

-   10b0f74: feat: add jwt docs + openapi improvements
-   fe6e8e2: feat: add signin with otp reference docs
- 8f77914: fix: added pg_repack and an extension overview to database
guide

## @nhost-examples/react-apollo@1.1.0

### Minor Changes

-   fe6e8e2: feat: add signin with otp

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/react-apollo@14.0.0

## @nhost-examples/vue-apollo@0.7.0

### Minor Changes

-   fe6e8e2: feat: add signin with otp

### Patch Changes

-   Updated dependencies [fe6e8e2]
-   Updated dependencies [72899a6]
    -   @nhost/vue@2.7.0
    -   @nhost/nhost-js@3.2.0
    -   @nhost/apollo@8.0.0

## @nhost-examples/cli@0.3.13

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost-examples/codegen-react-apollo@0.4.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/react-apollo@14.0.0

## @nhost-examples/codegen-react-query@0.4.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0

## @nhost-examples/codegen-react-urql@0.3.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/react-urql@11.0.0

## @nhost-examples/multi-tenant-one-to-many@2.2.14

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost-examples/nextjs@0.3.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/react-apollo@14.0.0
    -   @nhost/nextjs@2.1.23

## @nhost-examples/node-storage@0.2.13

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost-examples/nextjs-server-components@0.4.15

### Patch Changes

-   Updated dependencies [72899a6]
    -   @nhost/nhost-js@3.2.0

## @nhost-examples/react-gqty@1.2.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0

## @nhost-examples/react-native@0.0.7

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/react@3.7.0
    -   @nhost/react-apollo@14.0.0

## @nhost-examples/vue-quickstart@0.2.14

### Patch Changes

-   Updated dependencies [fe6e8e2]
    -   @nhost/vue@2.7.0
    -   @nhost/apollo@8.0.0

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

changelog_summary.sh

@@ -0,0 +1,17 @@
+#/usr/bin/env bash
+PREV_MONTH=$(date -d "1 month ago" +%Y-%m)
+
+echo "prev: $PREV_MONTH"
+
+files=$(git log --since="$PREV_MONTH-01" --until="$PREV_MONTH-31" --name-only -- '**/CHANGELOG.md' | grep CHANGE | sort -u)
+
+echo "files: $files"
+
+echo "Below you can find the latest release for each individual package released during this month:"
+echo
+
+for file in $files; do
+  name=$(grep '^# ' $file | awk '{ print substr($0, 4) }')
+  last_release=$(grep '^## ' $file | awk '{ print substr($0, 4) }' | head -n 1)
+  echo "@$name: $last_release [CHANGELOG.md](https://github.com/nhost/nhost/blob/main/$file)"
+done

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "2.5.0",
+  "version": "2.7.1",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",

dashboard/src/components/layout/Header/ProjectSettingsPagesComboBox.tsx

@@ -38,6 +38,11 @@ const projectSettingsPages = [
     slug: 'authentication',
     route: 'authentication',
   },
+  {
+    name: 'JWT',
+    slug: 'jwt',
+    route: 'jwt',
+  },
   {
     name: 'Sign-In methods',
     slug: 'sign-in-methods',
@@ -126,7 +131,7 @@ export default function ProjectSettingsPagesComboBox() {
           ) : (
             <>Select a page</>
           )}
-          <ChevronsUpDown className="w-5 h-5 text-muted-foreground" />
+          <ChevronsUpDown className="h-5 w-5 text-muted-foreground" />
         </Button>
       </PopoverTrigger>
       <PopoverContent className="p-0" side="bottom" align="start">
@@ -156,7 +161,7 @@ export default function ProjectSettingsPagesComboBox() {
                     )}
                   />
                   <div className="flex flex-row items-center gap-2">
-                    <span className="truncate max-w-52">{option.label}</span>
+                    <span className="max-w-52 truncate">{option.label}</span>
                   </div>
                 </CommandItem>
               ))}

dashboard/src/components/layout/Header/ProjectsComboBox.tsx

@@ -8,13 +8,20 @@ import {
   CommandItem,
   CommandList,
 } from '@/components/ui/v3/command';
+import {
+  HoverCard,
+  HoverCardContent,
+  HoverCardTrigger,
+} from '@/components/ui/v3/hover-card';
 import {
   Popover,
   PopoverContent,
   PopoverTrigger,
 } from '@/components/ui/v3/popover';
+import { useAppState } from '@/features/orgs/projects/common/hooks/useAppState';
 import { useOrgs } from '@/features/orgs/projects/hooks/useOrgs';
 import { cn } from '@/lib/utils';
+import { ApplicationStatus } from '@/types/application';
 import { Box, Check, ChevronsUpDown } from 'lucide-react';
 import { useRouter } from 'next/router';
 import { useEffect, useState } from 'react';
@@ -24,17 +31,76 @@ type Option = {
   label: string;
 };
 
+function ProjectStatusIndicator({ status }: { status: ApplicationStatus }) {
+  const indicatorStyles: Record<
+    number,
+    { className: string; description: string }
+  > = {
+    [ApplicationStatus.Errored]: {
+      className: 'bg-destructive',
+      description: 'Project errored',
+    },
+    [ApplicationStatus.Pausing]: {
+      className: 'bg-primary-main animate-blinking',
+      description: 'Project is pausing',
+    },
+    [ApplicationStatus.Restoring]: {
+      className: 'bg-primary-main animate-blinking',
+      description: 'Project is restoring',
+    },
+    [ApplicationStatus.Paused]: {
+      className: 'bg-slate-400',
+      description: 'Project is paused',
+    },
+    [ApplicationStatus.Unpausing]: {
+      className: 'bg-primary-main animate-blinking',
+      description: 'Project is unpausing',
+    },
+    [ApplicationStatus.Live]: {
+      className: 'bg-primary-main',
+      description: 'Project is live',
+    },
+  };
+  const style = indicatorStyles[status];
+
+  if (style) {
+    return (
+      <HoverCard openDelay={0}>
+        <HoverCardTrigger asChild>
+          <span
+            className={cn('mt-[1px] h-2 w-2 rounded-full', style.className)}
+          />
+        </HoverCardTrigger>
+        <HoverCardContent side="top" className="h-fit w-fit py-2">
+          {style.description}
+        </HoverCardContent>
+      </HoverCard>
+    );
+  }
+
+  return null;
+}
+
 export default function ProjectsComboBox() {
   const {
     query: { appSubdomain },
     push,
   } = useRouter();
 
+  const { state: appState } = useAppState();
   const { currentOrg: { slug: orgSlug, apps = [] } = {} } = useOrgs();
-  const selectedProjectFromUrl = apps.find(
-    (item) => item.subdomain === appSubdomain,
-  );
+
   const [selectedProject, setSelectedProject] = useState<Option | null>(null);
+  const [open, setOpen] = useState(false);
+
+  const options: Option[] = apps.map((app) => ({
+    label: app.name,
+    value: app.subdomain,
+  }));
+
+  const selectedProjectFromUrl = apps.find(
+    (app) => app.subdomain === appSubdomain,
+  );
 
   useEffect(() => {
     if (selectedProjectFromUrl) {
@@ -45,68 +111,64 @@ export default function ProjectsComboBox() {
     }
   }, [selectedProjectFromUrl]);
 
-  const options: Option[] = apps.map((app) => ({
-    label: app.name,
-    value: app.subdomain,
-  }));
-
-  const [open, setOpen] = useState(false);
+  const handleProjectSelect = (option: Option) => {
+    setSelectedProject(option);
+    setOpen(false);
+    push(`/orgs/${orgSlug}/projects/${option.value}`);
+  };
 
   return (
-    <Popover open={open} onOpenChange={setOpen}>
-      <PopoverTrigger asChild>
-        <Button
-          variant="ghost"
-          size="sm"
-          className="justify-start gap-2 bg-background text-foreground hover:bg-accent dark:hover:bg-muted"
-        >
-          {selectedProject ? (
-            <div className="flex flex-row items-center justify-center gap-1">
-              <Box className="h-4 w-4" />
-              {selectedProject.label}
-              <ProjectStatus />
-            </div>
-          ) : (
-            <>Select a project</>
-          )}
-          <ChevronsUpDown className="h-5 w-5 text-muted-foreground" />
-        </Button>
-      </PopoverTrigger>
-      <PopoverContent className="p-0" side="bottom" align="start">
-        <Command>
-          <CommandInput placeholder="Select a project..." />
-          <CommandList>
-            <CommandEmpty>No results found.</CommandEmpty>
-            <CommandGroup>
-              {options.map((option) => (
-                <CommandItem
-                  keywords={[option.label]}
-                  key={option.value}
-                  value={option.value}
-                  onSelect={() => {
-                    setSelectedProject(option);
-                    setOpen(false);
-                    push(`/orgs/${orgSlug}/projects/${option.value}`);
-                  }}
-                >
-                  <Check
-                    className={cn(
-                      'mr-2 h-4 w-4',
-                      selectedProject?.value === option.value
-                        ? 'opacity-100'
-                        : 'opacity-0',
-                    )}
-                  />
-                  <div className="flex flex-row items-center gap-1">
-                    <Box className="h-4 w-4" />
-                    <span className="max-w-52 truncate">{option.label}</span>
-                  </div>
-                </CommandItem>
-              ))}
-            </CommandGroup>
-          </CommandList>
-        </Command>
-      </PopoverContent>
-    </Popover>
+    <div className="flex items-center gap-1">
+      <Popover open={open} onOpenChange={setOpen}>
+        <PopoverTrigger asChild>
+          <Button
+            variant="ghost"
+            size="sm"
+            className="justify-start gap-2 bg-background text-foreground hover:bg-accent dark:hover:bg-muted"
+          >
+            {selectedProject ? (
+              <div className="flex items-center gap-2">
+                <ProjectStatusIndicator status={appState} />
+                {selectedProject.label}
+                <ProjectStatus />
+              </div>
+            ) : (
+              <>Select a project</>
+            )}
+            <ChevronsUpDown className="h-5 w-5 text-muted-foreground" />
+          </Button>
+        </PopoverTrigger>
+        <PopoverContent className="p-0" side="bottom" align="start">
+          <Command>
+            <CommandInput placeholder="Select a project..." />
+            <CommandList>
+              <CommandEmpty>No results found.</CommandEmpty>
+              <CommandGroup>
+                {options.map((option) => (
+                  <CommandItem
+                    key={option.value}
+                    value={option.value}
+                    onSelect={() => handleProjectSelect(option)}
+                  >
+                    <Check
+                      className={cn(
+                        'mr-2 h-4 w-4',
+                        selectedProject?.value === option.value
+                          ? 'opacity-100'
+                          : 'opacity-0',
+                      )}
+                    />
+                    <div className="flex items-center gap-1">
+                      <Box className="h-4 w-4" />
+                      <span className="max-w-52 truncate">{option.label}</span>
+                    </div>
+                  </CommandItem>
+                ))}
+              </CommandGroup>
+            </CommandList>
+          </Command>
+        </PopoverContent>
+      </Popover>
+    </div>
   );
 }

dashboard/src/components/layout/MainNav/NavTree.tsx

@@ -30,73 +30,73 @@ import { useTreeNavState } from './TreeNavStateContext';
 const projectPages = [
   {
     name: 'Overview',
-    icon: <HomeIcon className="w-4 h-4" />,
+    icon: <HomeIcon className="h-4 w-4" />,
     route: '',
     slug: 'overview',
   },
   {
     name: 'Database',
-    icon: <DatabaseIcon className="w-4 h-4" />,
+    icon: <DatabaseIcon className="h-4 w-4" />,
     route: 'database/browser/default',
     slug: 'database',
   },
   {
     name: 'GraphQL',
-    icon: <GraphQLIcon className="w-4 h-4" />,
+    icon: <GraphQLIcon className="h-4 w-4" />,
     route: 'graphql',
     slug: 'graphql',
   },
   {
     name: 'Hasura',
-    icon: <HasuraIcon className="w-4 h-4" />,
+    icon: <HasuraIcon className="h-4 w-4" />,
     route: 'hasura',
     slug: 'hasura',
   },
   {
     name: 'Auth',
-    icon: <UserIcon className="w-4 h-4" />,
+    icon: <UserIcon className="h-4 w-4" />,
     route: 'users',
     slug: 'users',
   },
   {
     name: 'Storage',
-    icon: <StorageIcon className="w-4 h-4" />,
+    icon: <StorageIcon className="h-4 w-4" />,
     route: 'storage',
     slug: 'storage',
   },
   {
     name: 'Run',
-    icon: <ServicesIcon className="w-4 h-4" />,
+    icon: <ServicesIcon className="h-4 w-4" />,
     route: 'run',
     slug: 'run',
   },
   {
     name: 'AI',
-    icon: <AIIcon className="w-4 h-4" />,
+    icon: <AIIcon className="h-4 w-4" />,
     route: 'ai/auto-embeddings',
     slug: 'ai',
   },
   {
     name: 'Deployments',
-    icon: <RocketIcon className="w-4 h-4" />,
+    icon: <RocketIcon className="h-4 w-4" />,
     route: 'deployments',
     slug: 'deployments',
   },
   {
     name: 'Backups',
-    icon: <CloudIcon className="w-4 h-4" />,
+    icon: <CloudIcon className="h-4 w-4" />,
     route: 'backups',
     slug: 'backups',
   },
   {
     name: 'Logs',
-    icon: <FileTextIcon className="w-4 h-4" />,
+    icon: <FileTextIcon className="h-4 w-4" />,
     route: 'logs',
     slug: 'logs',
   },
   {
     name: 'Metrics',
-    icon: <GaugeIcon className="w-4 h-4" />,
+    icon: <GaugeIcon className="h-4 w-4" />,
     route: 'metrics',
     slug: 'metrics',
   },
@@ -121,6 +121,11 @@ const projectSettingsPages = [
     slug: 'authentication',
     route: 'authentication',
   },
+  {
+    name: 'JWT',
+    slug: 'jwt',
+    route: 'jwt',
+  },
   {
     name: 'Sign-In methods',
     slug: 'sign-in-methods',
@@ -204,7 +209,7 @@ const createOrganization = (org: Org, isPlatform: boolean) => {
     data: {
       name: 'New project',
       slug: 'new',
-      icon: <Plus className="w-4 h-4 mr-1 font-bold" strokeWidth={3} />,
+      icon: <Plus className="mr-1 h-4 w-4 font-bold" strokeWidth={3} />,
       targetUrl: `/orgs/${org.slug}/projects/new`,
       disabled: !isPlatform,
     },
@@ -219,7 +224,7 @@ const createOrganization = (org: Org, isPlatform: boolean) => {
       data: {
         name: app.name,
         slug: app.subdomain,
-        icon: <Box className="w-4 h-4" />,
+        icon: <Box className="h-4 w-4" />,
         targetUrl: `/orgs/${org.slug}/projects/${app.subdomain}`,
       },
       children: projectPages.map(
@@ -398,9 +403,9 @@ export default function NavTree() {
             className="h-8 px-1"
           >
             {context.isExpanded ? (
-              <ChevronDown className="w-4 h-4 font-bold" strokeWidth={3} />
+              <ChevronDown className="h-4 w-4 font-bold" strokeWidth={3} />
             ) : (
-              <ChevronRight className="w-4 h-4" strokeWidth={3} />
+              <ChevronRight className="h-4 w-4" strokeWidth={3} />
             )}
           </Button>
         );
@@ -492,9 +497,9 @@ export default function NavTree() {
         }
 
         return (
-          <div className="flex flex-row w-full">
+          <div className="flex w-full flex-row">
             <div className="flex justify-center px-[12px] pb-3">
-              <div className="w-0 h-full border-r border-dashed" />
+              <div className="h-full w-0 border-r border-dashed" />
             </div>
             <ul {...containerProps} className="w-full">
               {children}

dashboard/src/features/orgs/components/members/components/AnnouncementsTray/AnnouncementsTray.tsx

@@ -155,7 +155,10 @@ export default function AnnouncementsTray() {
                       >
                         <DropdownMenuItem
                           disabled={announcement.read.length > 0}
-                          onClick={() => handleSetRead(announcement.id)}
+                          onClick={(e) => {
+                            e.stopPropagation();
+                            handleSetRead(announcement.id);
+                          }}
                         >
                           Mark as read
                         </DropdownMenuItem>

dashboard/src/features/orgs/layout/ProjectLayout/ProjectLayout.tsx

@@ -5,6 +5,7 @@ import { Alert } from '@/components/ui/v2/Alert';
 import type { BoxProps } from '@/components/ui/v2/Box';
 import { Box } from '@/components/ui/v2/Box';
 import { ApplicationPaused } from '@/features/orgs/projects/common/components/ApplicationPaused';
+import { ApplicationPausedBanner } from '@/features/orgs/projects/common/components/ApplicationPausedBanner';
 import { ApplicationProvisioning } from '@/features/orgs/projects/common/components/ApplicationProvisioning';
 import { ApplicationRestoring } from '@/features/orgs/projects/common/components/ApplicationRestoring';
 import { ApplicationUnknown } from '@/features/orgs/projects/common/components/ApplicationUnknown';
@@ -15,7 +16,7 @@ import { useProject } from '@/features/orgs/projects/hooks/useProject';
 import { ApplicationStatus } from '@/types/application';
 import { NextSeo } from 'next-seo';
 import { useRouter } from 'next/router';
-import { useMemo } from 'react';
+import { useCallback, useMemo, type ReactNode } from 'react';
 import { twMerge } from 'tailwind-merge';
 
 export interface ProjectLayoutProps extends AuthenticatedLayoutProps {
@@ -34,11 +35,53 @@ function ProjectLayoutContent({
     query: { appSubdomain },
   } = useRouter();
 
-  const isPlatform = useIsPlatform();
   const { state } = useAppState();
+  const isPlatform = useIsPlatform();
   const { project, loading, error } = useProject({ poll: true });
+
   const isOnOverviewPage = route === '/orgs/[orgSlug]/projects/[appSubdomain]';
 
+  const renderPausedProjectContent = useCallback(
+    (_children: ReactNode) => {
+      const baseProjectPageRoute = '/orgs/[orgSlug]/projects/[appSubdomain]/';
+      const blockedPausedProjectPages = [
+        'database',
+        'database/browser/[dataSourceSlug]',
+        'graphql',
+        'hasura',
+        'users',
+        'storage',
+        'ai/auto-embeddings',
+        'ai/assistants',
+        'metrics',
+      ].map((page) => baseProjectPageRoute.concat(page));
+
+      // show an alert box on top of the overview page with a wake up button
+      if (isOnOverviewPage) {
+        return (
+          <>
+            <div className="mx-auto mt-5 flex max-w-7xl p-4 pb-0">
+              <ApplicationPausedBanner
+                alertClassName="flex-row"
+                textContainerClassName="flex flex-col items-center justify-center text-left"
+                wakeUpButtonClassName="w-fit self-center"
+              />
+            </div>
+            {children}
+          </>
+        );
+      }
+
+      // block these pages when the project is paused
+      if (blockedPausedProjectPages.includes(route)) {
+        return <ApplicationPaused />;
+      }
+
+      return _children;
+    },
+    [route, isOnOverviewPage, children],
+  );
+
   // Render application state based on the current state
   const projectPageContent = useMemo(() => {
     if (!appSubdomain || state === undefined) {
@@ -67,7 +110,7 @@ function ProjectLayoutContent({
         return children;
       case ApplicationStatus.Pausing:
       case ApplicationStatus.Paused:
-        return <ApplicationPaused />;
+        return renderPausedProjectContent(children);
       case ApplicationStatus.Unpausing:
         return <ApplicationUnpausing />;
       case ApplicationStatus.Restoring:
@@ -79,7 +122,13 @@ function ProjectLayoutContent({
       default:
         return <ApplicationUnknown />;
     }
-  }, [state, children, appSubdomain, isOnOverviewPage]);
+  }, [
+    state,
+    children,
+    appSubdomain,
+    isOnOverviewPage,
+    renderPausedProjectContent,
+  ]);
 
   // Handle loading state
   if (loading) {

dashboard/src/features/orgs/projects/authentication/settings/OTPEmailSettings/OTPEmailSettings.tsx

@@ -0,0 +1,139 @@
+import { ApplyLocalSettingsDialog } from '@/components/common/ApplyLocalSettingsDialog';
+import { useDialog } from '@/components/common/DialogProvider';
+import { useUI } from '@/components/common/UIProvider';
+import { Form } from '@/components/form/Form';
+import { SettingsContainer } from '@/components/layout/SettingsContainer';
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
+import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimirClient';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
+import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
+import {
+  useGetSignInMethodsQuery,
+  useUpdateConfigMutation,
+} from '@/generated/graphql';
+import { yupResolver } from '@hookform/resolvers/yup';
+import { useEffect } from 'react';
+import { FormProvider, useForm } from 'react-hook-form';
+import * as Yup from 'yup';
+
+const validationSchema = Yup.object({
+  enabled: Yup.boolean(),
+});
+
+export type OTPEmailSettingsFormValues = Yup.InferType<typeof validationSchema>;
+
+export default function OTPEmailSettings() {
+  const { project } = useProject();
+  const { openDialog } = useDialog();
+  const isPlatform = useIsPlatform();
+  const { maintenanceActive } = useUI();
+  const localMimirClient = useLocalMimirClient();
+
+  const [updateConfig] = useUpdateConfigMutation({
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const { data, loading, error } = useGetSignInMethodsQuery({
+    variables: { appId: project?.id },
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const { enabled } = data?.config?.auth?.method?.otp?.email || {};
+
+  const form = useForm<OTPEmailSettingsFormValues>({
+    reValidateMode: 'onSubmit',
+    defaultValues: {
+      enabled,
+    },
+    resolver: yupResolver(validationSchema),
+  });
+
+  useEffect(() => {
+    if (!loading) {
+      form.reset({ enabled });
+    }
+  }, [loading, enabled, form]);
+
+  if (loading) {
+    return (
+      <ActivityIndicator
+        delay={1000}
+        label="Loading one-time passwords over email settings..."
+        className="justify-center"
+      />
+    );
+  }
+
+  if (error) {
+    throw error;
+  }
+
+  const handleOTPEmailSettingsChange = async (
+    values: OTPEmailSettingsFormValues,
+  ) => {
+    const updateConfigPromise = updateConfig({
+      variables: {
+        appId: project.id,
+        config: {
+          auth: {
+            method: {
+              otp: {
+                email: {
+                  enabled: values.enabled,
+                },
+              },
+            },
+          },
+        },
+      },
+    });
+
+    await execPromiseWithErrorToast(
+      async () => {
+        await updateConfigPromise;
+        form.reset(values);
+
+        if (!isPlatform) {
+          openDialog({
+            title: 'Apply your changes',
+            component: <ApplyLocalSettingsDialog />,
+            props: {
+              PaperProps: {
+                className: 'max-w-2xl',
+              },
+            },
+          });
+        }
+      },
+      {
+        loadingMessage:
+          'One-time passwords over email settings are being updated...',
+        successMessage:
+          'One-time passwords over email settings have been updated successfully.',
+        errorMessage:
+          'An error occurred while trying to update one-time passwords over email settings.',
+      },
+    );
+  };
+
+  return (
+    <FormProvider {...form}>
+      <Form onSubmit={handleOTPEmailSettingsChange}>
+        <SettingsContainer
+          title="One-Time Passwords over email"
+          description="Allow users to sign in with a one-time password sent to their email address."
+          slotProps={{
+            submitButton: {
+              disabled: !form.formState.isDirty || maintenanceActive,
+              loading: form.formState.isSubmitting,
+            },
+          }}
+          switchId="enabled"
+          showSwitch
+          className="hidden"
+        />
+      </Form>
+    </FormProvider>
+  );
+}

dashboard/src/features/orgs/projects/authentication/settings/OTPEmailSettings/index.ts

@@ -0,0 +1 @@
+export { default as OTPEmailSettings } from './OTPEmailSettings';

dashboard/src/features/orgs/projects/authentication/settings/components/AppleProviderSettings/AppleProviderSettings.tsx

@@ -50,6 +50,7 @@ const validationSchema = Yup.object({
       is: true,
       then: (schema) => schema.required(),
     }),
+  audience: Yup.string().label('Audience'),
   enabled: Yup.boolean(),
 });
 
@@ -72,7 +73,7 @@ export default function AppleProviderSettings() {
     ...(!isPlatform ? { client: localMimirClient } : {}),
   });
 
-  const { clientId, enabled, keyId, privateKey, teamId } =
+  const { clientId, enabled, keyId, privateKey, teamId, audience } =
     data?.config?.auth?.method?.oauth?.apple || {};
 
   const form = useForm<AppleProviderFormValues>({
@@ -82,6 +83,7 @@ export default function AppleProviderSettings() {
       keyId: keyId || '',
       clientId: clientId || '',
       privateKey: privateKey || '',
+      audience: audience || '',
       enabled: enabled || false,
     },
     resolver: yupResolver(validationSchema),
@@ -94,10 +96,11 @@ export default function AppleProviderSettings() {
         keyId: keyId || '',
         clientId: clientId || '',
         privateKey: privateKey || '',
+        audience: audience || '',
         enabled: enabled || false,
       });
     }
-  }, [loading, teamId, keyId, clientId, privateKey, enabled, form]);
+  }, [loading, teamId, keyId, clientId, privateKey, audience, enabled, form]);
 
   if (loading) {
     return (
@@ -237,6 +240,18 @@ export default function AppleProviderSettings() {
             error={!!formState.errors?.privateKey}
             helperText={formState.errors?.privateKey?.message}
           />
+          <Input
+            {...register('audience')}
+            name="audience"
+            id="audience"
+            label="Audience (optional)"
+            placeholder="Apple Audience"
+            className="col-span-2"
+            fullWidth
+            hideEmptyHelperText
+            error={!!formState.errors?.audience}
+            helperText={formState.errors?.audience?.message}
+          />
           <Input
             name="redirectUrl"
             id="apple-redirectUrl"

dashboard/src/features/orgs/projects/authentication/settings/components/GoogleProviderSettings/GoogleProviderSettings.tsx

@@ -9,10 +9,6 @@ import { CopyIcon } from '@/components/ui/v2/icons/CopyIcon';
 import { Input } from '@/components/ui/v2/Input';
 import { InputAdornment } from '@/components/ui/v2/InputAdornment';
 import type { BaseProviderSettingsFormValues } from '@/features/orgs/projects/authentication/settings/components/BaseProviderSettings';
-import {
-  BaseProviderSettings,
-  baseProviderValidationSchema,
-} from '@/features/orgs/projects/authentication/settings/components/BaseProviderSettings';
 import {
   useGetSignInMethodsQuery,
   useUpdateConfigMutation,
@@ -28,6 +24,28 @@ import { generateAppServiceUrl } from '@/features/orgs/projects/common/utils/gen
 import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimirClient';
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
 import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
+import * as Yup from 'yup';
+
+const googleProviderValidationSchema = Yup.object({
+  clientId: Yup.string()
+    .label('Client ID')
+    .when('enabled', {
+      is: true,
+      then: (schema) => schema.required(),
+    }),
+  clientSecret: Yup.string()
+    .label('Client Secret')
+    .when('enabled', {
+      is: true,
+      then: (schema) => schema.required(),
+    }),
+  audience: Yup.string().label('Audience'),
+  enabled: Yup.bool(),
+});
+
+export type GoogleProviderFormValues = Yup.InferType<
+  typeof googleProviderValidationSchema
+>;
 
 export default function GoogleProviderSettings() {
   const { project } = useProject();
@@ -45,17 +63,18 @@ export default function GoogleProviderSettings() {
     ...(!isPlatform ? { client: localMimirClient } : {}),
   });
 
-  const { clientId, clientSecret, enabled } =
+  const { clientId, clientSecret, enabled, audience } =
     data?.config?.auth?.method?.oauth?.google || {};
 
-  const form = useForm<BaseProviderSettingsFormValues>({
+  const form = useForm<GoogleProviderFormValues>({
     reValidateMode: 'onSubmit',
     defaultValues: {
       clientId: clientId || '',
       clientSecret: clientSecret || '',
+      audience: audience || '',
       enabled: enabled || false,
     },
-    resolver: yupResolver(baseProviderValidationSchema),
+    resolver: yupResolver(googleProviderValidationSchema),
   });
 
   useEffect(() => {
@@ -63,10 +82,11 @@ export default function GoogleProviderSettings() {
       form.reset({
         clientId: clientId || '',
         clientSecret: clientSecret || '',
+        audience: audience || '',
         enabled: enabled || false,
       });
     }
-  }, [loading, clientId, clientSecret, enabled, form]);
+  }, [loading, clientId, clientSecret, audience, enabled, form]);
 
   if (loading) {
     return (
@@ -82,7 +102,7 @@ export default function GoogleProviderSettings() {
     throw error;
   }
 
-  const { formState, watch } = form;
+  const { formState, watch, register } = form;
   const authEnabled = watch('enabled');
 
   async function handleSubmit(formValues: BaseProviderSettingsFormValues) {
@@ -148,11 +168,44 @@ export default function GoogleProviderSettings() {
           switchId="enabled"
           showSwitch
           className={twMerge(
-            'grid-flow-rows grid grid-cols-2 grid-rows-2 gap-x-3 gap-y-4 px-4 py-2',
+            'grid-flow-rows grid grid-cols-2 grid-rows-3 gap-x-3 gap-y-4 px-4 py-2',
             !authEnabled && 'hidden',
           )}
         >
-          <BaseProviderSettings providerName="google" />
+          <Input
+            {...register('clientId')}
+            id="google-clientId"
+            label="Client ID"
+            placeholder="Enter your Client ID"
+            className="col-span-1"
+            fullWidth
+            hideEmptyHelperText
+            error={!!formState.errors?.clientId}
+            helperText={formState.errors?.clientId?.message}
+          />
+          <Input
+            {...register('clientSecret')}
+            id="google-clientSecret"
+            label="Client Secret"
+            placeholder="Enter your Client Secret"
+            className="col-span-1"
+            fullWidth
+            hideEmptyHelperText
+            error={!!formState.errors?.clientSecret}
+            helperText={formState.errors?.clientSecret?.message}
+          />
+          <Input
+            {...register('audience')}
+            name="audience"
+            id="audience"
+            label="Audience (optional)"
+            placeholder="Enter Audience"
+            className="col-span-2"
+            fullWidth
+            hideEmptyHelperText
+            error={!!formState.errors?.audience}
+            helperText={formState.errors?.audience?.message}
+          />
           <Input
             name="redirectUrl"
             id="google-redirectUrl"

dashboard/src/features/orgs/projects/authentication/users/components/EditUserPasswordForm/EditUserPasswordForm.tsx

@@ -3,10 +3,10 @@ import { Form } from '@/components/form/Form';
 import { Alert } from '@/components/ui/v2/Alert';
 import { Button } from '@/components/ui/v2/Button';
 import { Input } from '@/components/ui/v2/Input';
-import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
-import { useRemoteApplicationGQLClient } from '@/hooks/useRemoteApplicationGQLClient';
+import { useRemoteApplicationGQLClient } from '@/features/orgs/hooks/useRemoteApplicationGQLClient';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
+import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
 import type { DialogFormProps } from '@/types/common';
-import { execPromiseWithErrorToast } from '@/utils/execPromiseWithErrorToast';
 import type { RemoteAppGetUsersQuery } from '@/utils/__generated__/graphql';
 import {
   useGetSignInMethodsQuery,
@@ -38,10 +38,10 @@ export default function EditUserPasswordForm({
     client: remoteProjectGQLClient,
   });
   const { closeDialog } = useDialog();
-  const { currentProject } = useCurrentWorkspaceAndProject();
+  const { project } = useProject();
   const { data } = useGetSignInMethodsQuery({
-    variables: { appId: currentProject?.id },
-    skip: !currentProject?.id,
+    variables: { appId: project?.id },
+    skip: !project?.id,
   });
 
   const passwordMinLength =

dashboard/src/features/orgs/projects/common/components/ApplicationPaused/ApplicationPaused.tsx

@@ -1,17 +1,11 @@
 import { Container } from '@/components/layout/Container';
 import { Modal } from '@/components/ui/v1/Modal';
-import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
-import { Box } from '@/components/ui/v2/Box';
 import { Button } from '@/components/ui/v2/Button';
-import { Text } from '@/components/ui/v2/Text';
 import { TransferProjectDialog } from '@/features/orgs/components/common/TransferProjectDialog';
 import { ApplicationInfo } from '@/features/orgs/projects/common/components/ApplicationInfo';
-import { ApplicationLockedReason } from '@/features/orgs/projects/common/components/ApplicationLockedReason';
-import { ApplicationPausedReason } from '@/features/orgs/projects/common/components/ApplicationPausedReason';
-import { ApplicationPausedSymbol } from '@/features/orgs/projects/common/components/ApplicationPausedSymbol';
+import { ApplicationPausedBanner } from '@/features/orgs/projects/common/components/ApplicationPausedBanner';
 import { RemoveApplicationModal } from '@/features/orgs/projects/common/components/RemoveApplicationModal';
 import { StagingMetadata } from '@/features/orgs/projects/common/components/StagingMetadata';
-import { useAppPausedReason } from '@/features/orgs/projects/common/hooks/useAppPausedReason';
 import { useIsCurrentUserOwner } from '@/features/orgs/projects/common/hooks/useIsCurrentUserOwner';
 import { useCurrentOrg } from '@/features/orgs/projects/hooks/useCurrentOrg';
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
@@ -19,46 +13,19 @@ import {
   GetAllWorkspacesAndProjectsDocument,
   useUnpauseApplicationMutation,
 } from '@/generated/graphql';
-import { execPromiseWithErrorToast } from '@/utils/execPromiseWithErrorToast';
 import { useState } from 'react';
 
 export default function ApplicationPaused() {
   const { org } = useCurrentOrg();
-  const { project, refetch: refetchProject } = useProject();
+  const { project } = useProject();
   const isOwner = useIsCurrentUserOwner();
   const [transferProjectDialogOpen, setTransferProjectDialogOpen] =
     useState(false);
 
   const [showDeletingModal, setShowDeletingModal] = useState(false);
-  const [unpauseApplication, { loading: changingApplicationStateLoading }] =
-    useUnpauseApplicationMutation({
-      refetchQueries: [{ query: GetAllWorkspacesAndProjectsDocument }],
-    });
-
-  const { isLocked, lockedReason, freeAndLiveProjectsNumberExceeded, loading } =
-    useAppPausedReason();
-
-  async function handleTriggerUnpausing() {
-    await execPromiseWithErrorToast(
-      async () => {
-        await unpauseApplication({ variables: { appId: project.id } });
-        await new Promise((resolve) => {
-          setTimeout(resolve, 1000);
-        });
-        await refetchProject();
-      },
-      {
-        loadingMessage: 'Starting the project...',
-        successMessage: 'The project has been started successfully.',
-        errorMessage:
-          'An error occurred while waking up the project. Please try again.',
-      },
-    );
-  }
-
-  if (loading) {
-    return <ActivityIndicator label="Loading user data..." delay={1000} />;
-  }
+  useUnpauseApplicationMutation({
+    refetchQueries: [{ query: GetAllWorkspacesAndProjectsDocument }],
+  });
 
   return (
     <>
@@ -77,65 +44,38 @@ export default function ApplicationPaused() {
       </Modal>
 
       <Container className="mx-auto grid max-w-lg grid-flow-row gap-6 text-center">
-        <div className="mx-auto flex w-centImage flex-col text-center">
-          <ApplicationPausedSymbol isLocked={isLocked} />
-        </div>
-
-        <Box className="grid grid-flow-row gap-6">
-          <Text variant="h3" component="h1">
-            {project.name} is {isLocked ? 'locked' : 'paused'}
-          </Text>
-          {isLocked ? (
-            <ApplicationLockedReason reason={lockedReason} />
-          ) : (
+        <div className="mx-auto flex w-full max-w-xs flex-col gap-4">
+          <ApplicationPausedBanner
+            alertClassName="items-center"
+            textContainerClassName="items-center text-center"
+          />
+          {org && (
             <>
-              <ApplicationPausedReason
-                freeAndLiveProjectsNumberExceeded={
-                  freeAndLiveProjectsNumberExceeded
-                }
-              />
-              <div className="grid grid-flow-row gap-4">
-                {org && (
-                  <>
-                    <Button
-                      className="mx-auto w-full max-w-xs"
-                      onClick={() => setTransferProjectDialogOpen(true)}
-                    >
-                      Transfer
-                    </Button>
-                    <TransferProjectDialog
-                      open={transferProjectDialogOpen}
-                      setOpen={setTransferProjectDialogOpen}
-                    />
-                  </>
-                )}
-                <Button
-                  variant="borderless"
-                  className="mx-auto w-full max-w-xs"
-                  loading={changingApplicationStateLoading}
-                  disabled={
-                    changingApplicationStateLoading ||
-                    freeAndLiveProjectsNumberExceeded
-                  }
-                  onClick={handleTriggerUnpausing}
-                >
-                  Wake Up
-                </Button>
+              <Button
+                className="w-full"
+                onClick={() => setTransferProjectDialogOpen(true)}
+              >
+                Transfer
+              </Button>
 
-                {isOwner && (
-                  <Button
-                    color="error"
-                    variant="outlined"
-                    className="mx-auto w-full max-w-xs"
-                    onClick={() => setShowDeletingModal(true)}
-                  >
-                    Delete Project
-                  </Button>
-                )}
-              </div>
+              <TransferProjectDialog
+                open={transferProjectDialogOpen}
+                setOpen={setTransferProjectDialogOpen}
+              />
             </>
           )}
-        </Box>
+
+          {isOwner && (
+            <Button
+              color="error"
+              variant="outlined"
+              className="mx-auto w-full max-w-xs"
+              onClick={() => setShowDeletingModal(true)}
+            >
+              Delete Project
+            </Button>
+          )}
+        </div>
 
         <StagingMetadata>
           <ApplicationInfo />

dashboard/src/features/orgs/projects/common/components/ApplicationPausedBanner/ApplicationPausedBanner.tsx

@@ -0,0 +1,111 @@
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { Alert } from '@/components/ui/v2/Alert';
+import { Button } from '@/components/ui/v3/button';
+import { useAppPausedReason } from '@/features/orgs/projects/common/hooks/useAppPausedReason';
+import { useAppState } from '@/features/orgs/projects/common/hooks/useAppState';
+import { useCurrentOrg } from '@/features/orgs/projects/hooks/useCurrentOrg';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
+import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
+import { cn } from '@/lib/utils';
+import { ApplicationStatus } from '@/types/application';
+import { useUnpauseApplicationMutation } from '@/utils/__generated__/graphql';
+import Image from 'next/image';
+import { useCallback } from 'react';
+
+export default function ApplicationPausedBanner({
+  alertClassName,
+  textContainerClassName,
+  wakeUpButtonClassName,
+}: {
+  alertClassName?: string;
+  textContainerClassName?: string;
+  wakeUpButtonClassName?: string;
+}) {
+  const { org } = useCurrentOrg();
+  const { state } = useAppState();
+  const { freeAndLiveProjectsNumberExceeded } = useAppPausedReason();
+  const { project, refetch: refetchProject } = useProject();
+
+  const [unpauseApplication, { loading: changingApplicationStateLoading }] =
+    useUnpauseApplicationMutation({
+      variables: {
+        appId: project?.id,
+      },
+    });
+
+  const handleTriggerUnpausing = useCallback(async () => {
+    await execPromiseWithErrorToast(
+      async () => {
+        await unpauseApplication({ variables: { appId: project.id } });
+        await new Promise((resolve) => {
+          setTimeout(resolve, 1000);
+        });
+        await refetchProject();
+      },
+      {
+        loadingMessage: 'Starting the project...',
+        successMessage: 'The project has been started successfully.',
+        errorMessage:
+          'An error occurred while waking up the project. Please try again.',
+      },
+    );
+  }, [unpauseApplication, project?.id, refetchProject]);
+
+  return (
+    <Alert
+      severity="warning"
+      className={cn(
+        'flex w-full flex-col items-start justify-between gap-4 p-4',
+        alertClassName,
+      )}
+    >
+      <Image
+        src="/assets/PausedApp.svg"
+        className="mt-1"
+        alt="Closed Eye"
+        width={52}
+        height={40}
+      />
+
+      <div
+        className={cn(
+          'flex h-full w-full flex-col gap-2',
+          textContainerClassName,
+        )}
+      >
+        <p className="w-full">
+          Project <b>{project?.name}</b> is paused.
+        </p>
+        <p className="w-full">
+          Wake up your project to make it accessible again. Once reactivated,
+          all features will be fully functional. Go to settings to manage your
+          project.
+        </p>
+        {org?.plan?.isFree && (
+          <p>
+            Projects under your Personal Organization will stop responding to
+            API calls after 7 days of inactivity, so consider transferring the
+            project to a <b>Pro Organization</b> to avoid auto-sleep.
+          </p>
+        )}
+        {freeAndLiveProjectsNumberExceeded && (
+          <p>
+            Additionally, only 1 free project can be active at any given time,
+            so please pause your current active free project before unpausing
+            another.
+          </p>
+        )}
+      </div>
+      {state === ApplicationStatus.Paused && (
+        <Button
+          variant="outline"
+          className={cn('w-full', wakeUpButtonClassName)}
+          disabled={changingApplicationStateLoading}
+          onClick={handleTriggerUnpausing}
+        >
+          {changingApplicationStateLoading ? <ActivityIndicator /> : 'Wake up'}
+        </Button>
+      )}
+    </Alert>
+  );
+}

dashboard/src/features/orgs/projects/common/components/ApplicationPausedBanner/index.ts

@@ -0,0 +1 @@
+export { default as ApplicationPausedBanner } from './ApplicationPausedBanner';

dashboard/src/features/orgs/projects/common/components/ApplicationPausedReason/ApplicationPausedReason.tsx

@@ -1,36 +0,0 @@
-import { Alert } from '@/components/ui/v2/Alert';
-import { useCurrentOrg } from '@/features/orgs/projects/hooks/useCurrentOrg';
-
-interface ApplicationPausedReasonProps {
-  freeAndLiveProjectsNumberExceeded?: boolean;
-}
-
-export default function ApplicationPausedReason({
-  freeAndLiveProjectsNumberExceeded,
-}: ApplicationPausedReasonProps) {
-  const { org } = useCurrentOrg();
-
-  return (
-    <Alert
-      severity="warning"
-      className="flex flex-col w-full max-w-xs gap-4 p-6 mx-auto text-left"
-    >
-      {org?.plan?.isFree ? (
-        <p>
-          Projects under your Personal Organization will stop responding to API
-          calls after 7 days of inactivity, so consider transferring the project
-          to a <b>Pro Organization</b> to avoid auto-sleep.
-        </p>
-      ) : (
-        <p className="text-center">Your project is Paused.</p>
-      )}
-      {freeAndLiveProjectsNumberExceeded && (
-        <p className="text-center">
-          Additionally, only 1 free project can be active at any given time, so
-          please pause your current active free project before unpausing
-          another.
-        </p>
-      )}
-    </Alert>
-  );
-}

dashboard/src/features/orgs/projects/common/components/ApplicationPausedReason/index.ts

@@ -1 +0,0 @@
-export { default as ApplicationPausedReason } from './ApplicationPausedReason';

dashboard/src/features/orgs/projects/common/components/StagingMetadata/StagingMetadata.tsx

@@ -48,7 +48,7 @@ export default function StagingMetadata({
 }: PropsWithChildren<unknown>) {
   return (
     isDevOrStaging() && (
-      <div className="mx-auto mt-10 max-w-sm">
+      <div className="mx-auto max-w-sm">
         <Box className="mx-auto grid grid-flow-row justify-items-center rounded-md border p-5 text-center">
           <Status status={StatusEnum.Deploying}>Internal info</Status>
           {children}

dashboard/src/features/orgs/projects/common/hooks/useAppPausedReason/useAppPausedReason.ts

@@ -25,7 +25,7 @@ export default function useAppPausedReason(): {
   });
 
   const { data: isLockedData } = useGetProjectIsLockedQuery({
-    variables: { appId: project.id },
+    variables: { appId: project?.id },
     skip: !project,
   });
 

dashboard/src/features/orgs/projects/database/settings/components/DatabaseMigrateDisabledError/DatabaseMigrateDisabledError.tsx

@@ -1,8 +1,19 @@
 import { Alert } from '@/components/ui/v2/Alert';
 import { XIcon } from '@/components/ui/v2/icons/XIcon';
 import { Text } from '@/components/ui/v2/Text';
+import { useAppState } from '@/features/orgs/projects/common/hooks/useAppState';
+import { ApplicationStatus } from '@/types/application';
 
 export default function DatabaseMigrateWarning() {
+  const { state } = useAppState();
+
+  if (
+    state === ApplicationStatus.Paused ||
+    state === ApplicationStatus.Pausing
+  ) {
+    return null;
+  }
+
   return (
     <Alert severity="error" className="flex flex-col gap-3 text-left">
       <Text

dashboard/src/features/orgs/projects/database/settings/components/DatabaseServiceVersionSettings/DatabaseServiceVersionSettings.tsx

@@ -316,7 +316,7 @@ export default function DatabaseServiceVersionSettings() {
                 size="medium"
                 className="self-center"
                 onClick={openLatestUpgradeLogsModal}
-                startIcon={<RepeatIcon className="w-4 h-4" />}
+                startIcon={<RepeatIcon className="h-4 w-4" />}
               >
                 View latest upgrade logs
               </Button>

dashboard/src/features/orgs/projects/environmentVariables/settings/components/SystemEnvironmentVariableSettings/SystemEnvironmentVariableSettings.tsx

@@ -1,5 +1,4 @@
 import { useDialog } from '@/components/common/DialogProvider';
-import { useUI } from '@/components/common/UIProvider';
 import { SettingsContainer } from '@/components/layout/SettingsContainer';
 import { InlineCode } from '@/components/presentational/InlineCode';
 import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
@@ -34,7 +33,6 @@ export default function SystemEnvironmentVariableSettings() {
   const { project } = useProject();
   const isPlatform = useIsPlatform();
   const { openDialog } = useDialog();
-  const { maintenanceActive } = useUI();
   const localMimirClient = useLocalMimirClient();
   const [showAdminSecret, setShowAdminSecret] = useState(false);
   const [showWebhookSecret, setShowWebhookSecret] = useState(false);
@@ -74,8 +72,8 @@ export default function SystemEnvironmentVariableSettings() {
           <span>Auth JWT Secret</span>
 
           <Text variant="subtitle1" component="span">
-            This is the key used for generating JWTs. It&apos;s HMAC-SHA-based
-            and the same as configured in Hasura.
+            This is the key used for generating JWTs. It&apos;s the same as
+            configured in Hasura.
           </Text>
         </span>
       ),
@@ -85,22 +83,6 @@ export default function SystemEnvironmentVariableSettings() {
     });
   }
 
-  function showEditJwtSecretModal() {
-    openDialog({
-      title: (
-        <span className="grid grid-flow-row">
-          <span>Edit JWT Secret</span>
-
-          <Text variant="subtitle1" component="span">
-            You can add your custom JWT secret here. Hasura will use it to
-            validate the identity of your users.
-          </Text>
-        </span>
-      ),
-      component: <EditJwtSecretForm jwtSecret={stringifiedJwtSecrets} />,
-    });
-  }
-
   const systemEnvironmentVariables = [
     { key: 'NHOST_SUBDOMAIN', value: project.subdomain },
     { key: 'NHOST_REGION', value: project.region.name },
@@ -131,7 +113,7 @@ export default function SystemEnvironmentVariableSettings() {
       className="mb-2.5 mt-2 px-0"
       slotProps={{ submitButton: { className: 'hidden' } }}
     >
-      <Box className="grid grid-cols-3 gap-2 px-4 py-3 border-b-1">
+      <Box className="grid grid-cols-3 gap-2 border-b-1 px-4 py-3">
         <Text className="font-medium">Variable Name</Text>
         <Text className="font-medium lg:col-span-2">Value</Text>
       </Box>
@@ -140,7 +122,7 @@ export default function SystemEnvironmentVariableSettings() {
         <ListItem.Root className="grid grid-cols-2 gap-2 px-4 lg:grid-cols-3">
           <ListItem.Text>NHOST_ADMIN_SECRET</ListItem.Text>
 
-          <div className="grid items-center justify-start grid-flow-col gap-2 lg:col-span-2">
+          <div className="grid grid-flow-col items-center justify-start gap-2 lg:col-span-2">
             <Text className="truncate" color="secondary">
               {showAdminSecret ? (
                 <InlineCode className="!text-sm font-medium">
@@ -160,9 +142,9 @@ export default function SystemEnvironmentVariableSettings() {
               onClick={() => setShowAdminSecret((show) => !show)}
             >
               {showAdminSecret ? (
-                <EyeOffIcon className="w-5 h-5" />
+                <EyeOffIcon className="h-5 w-5" />
               ) : (
-                <EyeIcon className="w-5 h-5" />
+                <EyeIcon className="h-5 w-5" />
               )}
             </IconButton>
           </div>
@@ -173,7 +155,7 @@ export default function SystemEnvironmentVariableSettings() {
         <ListItem.Root className="grid grid-cols-2 gap-2 px-4 lg:grid-cols-3">
           <ListItem.Text>NHOST_WEBHOOK_SECRET</ListItem.Text>
 
-          <div className="grid items-center justify-start grid-flow-col gap-2 lg:col-span-2">
+          <div className="grid grid-flow-col items-center justify-start gap-2 lg:col-span-2">
             <Text className="truncate" color="secondary">
               {showWebhookSecret ? (
                 <InlineCode className="!text-sm font-medium">
@@ -195,9 +177,9 @@ export default function SystemEnvironmentVariableSettings() {
               onClick={() => setShowWebhookSecret((show) => !show)}
             >
               {showWebhookSecret ? (
-                <EyeOffIcon className="w-5 h-5" />
+                <EyeOffIcon className="h-5 w-5" />
               ) : (
-                <EyeIcon className="w-5 h-5" />
+                <EyeIcon className="h-5 w-5" />
               )}
             </IconButton>
           </div>
@@ -223,7 +205,7 @@ export default function SystemEnvironmentVariableSettings() {
 
         <Divider component="li" className="!mb-2.5 !mt-4" />
 
-        <ListItem.Root className="grid justify-start grid-cols-2 px-4 lg:grid-cols-3">
+        <ListItem.Root className="grid grid-cols-2 justify-start px-4 lg:grid-cols-3">
           <ListItem.Text>NHOST_JWT_SECRET</ListItem.Text>
 
           <div className="grid grid-flow-row items-center justify-center gap-1.5 text-center md:grid-flow-col lg:col-span-2 lg:justify-start lg:text-left">
@@ -234,17 +216,6 @@ export default function SystemEnvironmentVariableSettings() {
             >
               Show JWT Secret
             </Button>
-
-            <Text component="span">or</Text>
-
-            <Button
-              variant="borderless"
-              onClick={showEditJwtSecretModal}
-              size="small"
-              disabled={maintenanceActive}
-            >
-              Edit JWT Secret
-            </Button>
           </div>
         </ListItem.Root>
       </List>

dashboard/src/features/orgs/projects/hasura/settings/gql/getJWTSecrets.gql

@@ -0,0 +1,28 @@
+query GetJWTSecrets($appId: uuid!) {
+  config(appID: $appId, resolve: false) {
+    id: __typename
+    __typename
+    hasura {
+      jwtSecrets {
+        type
+        key
+        signingKey
+        kid
+        jwk_url
+        allowed_skew
+        audience
+        claims_format
+        claims_map {
+          claim
+          default
+          path
+          value
+        }
+        claims_namespace
+        claims_namespace_path
+        header
+        issuer
+      }
+    }
+  }
+}

dashboard/src/features/orgs/projects/jwt/settings/components/AsymmetricKeyFormSection/AsymmetricKeyFormSection.tsx

@@ -0,0 +1,91 @@
+import { Input } from '@/components/ui/v2/Input';
+import { useFormContext } from 'react-hook-form';
+
+import { Box } from '@/components/ui/v2/Box';
+import { Option } from '@/components/ui/v2/Option';
+import { type JWTSettingsFormValues } from '@/features/orgs/projects/jwt/settings/types';
+
+import { Select } from '@/components/ui/v2/Select';
+import { ASYMMETRIC_ALGORITHMS } from '@/features/orgs/projects/jwt/settings/utils/constants';
+
+export default function AsymmetricKeyFormSection() {
+  const {
+    register,
+    formState: { errors },
+    watch,
+    setValue,
+  } = useFormContext<JWTSettingsFormValues>();
+
+  const type = watch('type');
+
+  return (
+    <Box className="grid grid-cols-5 gap-4">
+      <Select
+        id="type"
+        className="col-span-5 lg:col-span-1"
+        placeholder="RS256"
+        hideEmptyHelperText
+        variant="normal"
+        defaultValue={ASYMMETRIC_ALGORITHMS[0]}
+        error={!!errors.type}
+        helperText={errors?.type?.message}
+        label="Hashing algorithm"
+        value={type}
+        onChange={(_event, value) =>
+          setValue('type', value as string, { shouldDirty: true })
+        }
+      >
+        {ASYMMETRIC_ALGORITHMS.map((algorithm) => (
+          <Option key={algorithm} value={algorithm}>
+            {algorithm}
+          </Option>
+        ))}
+      </Select>
+      <Input
+        {...register('kid')}
+        name="kid"
+        id="kid"
+        label="Key ID"
+        placeholder="Enter unique key ID"
+        className="col-span-5 lg:col-span-3"
+        fullWidth
+        hideEmptyHelperText
+        error={!!errors?.kid}
+        helperText={errors?.kid?.message}
+      />
+
+      <Input
+        {...register('key')}
+        name="key"
+        id="key"
+        label="Public Key"
+        placeholder="-----BEGIN PUBLIC KEY-----"
+        className="col-span-5 lg:col-span-4"
+        fullWidth
+        hideEmptyHelperText
+        error={!!errors?.key}
+        helperText={errors?.key?.message}
+        multiline
+        inputProps={{
+          className: 'resize-y min-h-[130px]',
+        }}
+      />
+      <Input
+        {...register('signingKey')}
+        name="signingKey"
+        id="signingKey"
+        label="Signing key"
+        placeholder="-----BEGIN PRIVATE KEY-----"
+        className="col-span-5 lg:col-span-4"
+        fullWidth
+        hideEmptyHelperText
+        error={!!errors?.signingKey}
+        helperText={errors?.signingKey?.message}
+        multiline
+        inputProps={{
+          className: 'resize-y min-h-[130px]',
+        }}
+      />
+    </Box>
+  );
+}

dashboard/src/features/orgs/projects/jwt/settings/components/AsymmetricKeyFormSection/index.ts

@@ -0,0 +1 @@
+export { default as AsymmetricKeyFormSection } from './AsymmetricKeyFormSection';

dashboard/src/features/orgs/projects/jwt/settings/components/ExternalSigningField/ExternalSigningField.tsx

@@ -0,0 +1,92 @@
+import { ASYMMETRIC_ALGORITHMS } from '@/features/orgs/projects/jwt/settings/utils/constants';
+import { useFormContext } from 'react-hook-form';
+
+import { Input } from '@/components/ui/v2/Input';
+import { Option } from '@/components/ui/v2/Option';
+import { Select } from '@/components/ui/v2/Select';
+import type {
+  ExternalSigningType,
+  JWTSettingsFormValues,
+} from '@/features/orgs/projects/jwt/settings/types';
+
+interface ExternalSigningFieldProps {
+  externalSigningType: ExternalSigningType;
+}
+
+export default function ExternalSigningField({
+  externalSigningType,
+}: ExternalSigningFieldProps) {
+  const {
+    register,
+    formState: { errors },
+    setValue,
+    watch,
+  } = useFormContext<JWTSettingsFormValues>();
+
+  const type = watch('type');
+
+  if (externalSigningType === 'jwk-endpoint') {
+    return (
+      <Input
+        {...register('jwkUrl')}
+        name="jwkUrl"
+        id="jwkUrl"
+        placeholder="https://acme.com/jwks.json"
+        className="col-span-5 lg:col-span-4"
+        label="JWK URL"
+        fullWidth
+        hideEmptyHelperText
+        error={!!errors?.jwkUrl}
+        helperText={errors?.jwkUrl?.message}
+      />
+    );
+  }
+
+  if (externalSigningType === 'public-key') {
+    return (
+      <>
+        <Select
+          id="type"
+          className="col-span-5 lg:col-span-1"
+          placeholder="RS256"
+          hideEmptyHelperText
+          variant="normal"
+          defaultValue={ASYMMETRIC_ALGORITHMS[0]}
+          error={!!errors.type}
+          helperText={errors?.type?.message}
+          label="Hashing algorithm"
+          value={type}
+          onChange={(_event, value) =>
+            setValue('type', value as string, { shouldDirty: true })
+          }
+        >
+          {ASYMMETRIC_ALGORITHMS.map((algorithm) => (
+            <Option key={algorithm} value={algorithm}>
+              {algorithm}
+            </Option>
+          ))}
+        </Select>
+        <div className="lg:col-span-4" />
+
+        <Input
+          {...register('key')}
+          name="key"
+          id="key"
+          placeholder="-----BEGIN PUBLIC KEY-----"
+          className="col-span-5 lg:col-span-4"
+          label="Public Key"
+          fullWidth
+          multiline
+          hideEmptyHelperText
+          error={!!errors?.key}
+          helperText={errors?.key?.message}
+          inputProps={{
+            className: 'resize-y min-h-[130px]',
+          }}
+        />
+      </>
+    );
+  }
+
+  return null;
+}

dashboard/src/features/orgs/projects/jwt/settings/components/ExternalSigningField/index.ts

@@ -0,0 +1 @@
+export { default as ExternalSigningField } from './ExternalSigningField';

dashboard/src/features/orgs/projects/jwt/settings/components/ExternalSigningFormSection/ExternalSigningFormSection.tsx

@@ -0,0 +1,50 @@
+import { Label } from '@/components/ui/v3/label';
+import { RadioGroup, RadioGroupItem } from '@/components/ui/v3/radio-group';
+
+import { Alert } from '@/components/ui/v2/Alert';
+import { Box } from '@/components/ui/v2/Box';
+import { Text } from '@/components/ui/v2/Text';
+
+import { ExternalSigningField } from '@/features/orgs/projects/jwt/settings/components/ExternalSigningField';
+import type { ExternalSigningType } from '@/features/orgs/projects/jwt/settings/types';
+
+interface ExternalSigningFormSectionProps {
+  externalSigningType: ExternalSigningType;
+  handleExternalSigningTypeChange: (value: ExternalSigningType) => void;
+}
+
+export default function ExternalSigningFormSection({
+  externalSigningType,
+  handleExternalSigningTypeChange,
+}: ExternalSigningFormSectionProps) {
+  return (
+    <div className="flex flex-col gap-6">
+      <Alert severity="warning">
+        <Text>
+          When using external signing the Auth service will be automatically
+          disabled.
+        </Text>
+      </Alert>
+      <Box className="grid grid-cols-5 gap-4">
+        <div className="col-span-5">
+          <RadioGroup
+            defaultValue="jwk-endpoint"
+            value={externalSigningType}
+            onValueChange={handleExternalSigningTypeChange}
+            className="flex flex-col gap-4 lg:flex-row"
+          >
+            <div className="flex items-center space-x-2">
+              <RadioGroupItem value="jwk-endpoint" id="jwk-endpoint" />
+              <Label htmlFor="jwk-endpoint">JWK Endpoint</Label>
+            </div>
+            <div className="flex items-center space-x-2">
+              <RadioGroupItem value="public-key" id="public-key" />
+              <Label htmlFor="public-key">Public Key</Label>
+            </div>
+          </RadioGroup>
+        </div>
+        <ExternalSigningField externalSigningType={externalSigningType} />
+      </Box>
+    </div>
+  );
+}

dashboard/src/features/orgs/projects/jwt/settings/components/ExternalSigningFormSection/index.ts

@@ -0,0 +1 @@
+export { default as ExternalSigningFormSection } from './ExternalSigningFormSection';

dashboard/src/features/orgs/projects/jwt/settings/components/JWTSecretField/JWTSecretField.tsx

@@ -0,0 +1,35 @@
+import { AsymmetricKeyFormSection } from '@/features/orgs/projects/jwt/settings/components/AsymmetricKeyFormSection';
+import { ExternalSigningFormSection } from '@/features/orgs/projects/jwt/settings/components/ExternalSigningFormSection';
+import { SymmetricKeyFormSection } from '@/features/orgs/projects/jwt/settings/components/SymmetricKeyFormSection';
+import type {
+  ExternalSigningType,
+  JWTSecretType,
+} from '@/features/orgs/projects/jwt/settings/types';
+
+interface JWTSecretFieldProps {
+  secretType: JWTSecretType;
+  externalSigningType: ExternalSigningType;
+  handleExternalSigningTypeChange: (value: ExternalSigningType) => void;
+}
+
+export default function JWTSecretField({
+  secretType,
+  externalSigningType,
+  handleExternalSigningTypeChange,
+}: JWTSecretFieldProps) {
+  if (secretType === 'symmetric') {
+    return <SymmetricKeyFormSection />;
+  }
+  if (secretType === 'asymmetric') {
+    return <AsymmetricKeyFormSection />;
+  }
+  if (secretType === 'external') {
+    return (
+      <ExternalSigningFormSection
+        externalSigningType={externalSigningType}
+        handleExternalSigningTypeChange={handleExternalSigningTypeChange}
+      />
+    );
+  }
+  return null;
+}

dashboard/src/features/orgs/projects/jwt/settings/components/JWTSecretField/index.ts

@@ -0,0 +1 @@
+export { default as JWTSecretField } from './JWTSecretField';

dashboard/src/features/orgs/projects/jwt/settings/components/JWTSettings/JWTSettings.tsx

@@ -0,0 +1,412 @@
+import { ApplyLocalSettingsDialog } from '@/components/common/ApplyLocalSettingsDialog';
+import { useDialog } from '@/components/common/DialogProvider';
+import { useUI } from '@/components/common/UIProvider';
+import { Form } from '@/components/form/Form';
+import { SettingsContainer } from '@/components/layout/SettingsContainer';
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import {
+  useGetJwtSecretsQuery,
+  useUpdateConfigMutation,
+  type ConfigConfigUpdateInput,
+} from '@/generated/graphql';
+import { yupResolver } from '@hookform/resolvers/yup';
+import { useEffect, useState } from 'react';
+import { FormProvider, useForm } from 'react-hook-form';
+
+import { Box } from '@/components/ui/v2/Box';
+import { InfoIcon } from '@/components/ui/v2/icons/InfoIcon';
+import { Tooltip } from '@/components/ui/v2/Tooltip';
+import { Label } from '@/components/ui/v3/label';
+import { RadioGroup, RadioGroupItem } from '@/components/ui/v3/radio-group';
+import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
+import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimirClient';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
+import { JWTSecretField } from '@/features/orgs/projects/jwt/settings/components/JWTSecretField';
+import type {
+  ExternalSigningType,
+  JWTSecretType,
+  JWTSettingsFormValues,
+} from '@/features/orgs/projects/jwt/settings/types';
+import { validationSchema } from '@/features/orgs/projects/jwt/settings/types';
+import {
+  ASYMMETRIC_ALGORITHMS,
+  SYMMETRIC_ALGORITHMS,
+} from '@/features/orgs/projects/jwt/settings/utils/constants';
+import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
+import { removeTypename } from '@/utils/helpers';
+
+export default function JWTSettings() {
+  const { project } = useProject();
+  const isPlatform = useIsPlatform();
+  const { openDialog } = useDialog();
+  const { maintenanceActive } = useUI();
+  const localMimirClient = useLocalMimirClient();
+
+  const [updateConfig] = useUpdateConfigMutation({
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const {
+    data: jwtSecretsData,
+    loading: jwtSecretsLoading,
+    error: jwtSecretsError,
+    refetch: refetchJwtSecrets,
+  } = useGetJwtSecretsQuery({
+    variables: { appId: project?.id },
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const {
+    type: jwtType,
+    key: jwtKey,
+    signingKey,
+    kid,
+    jwk_url,
+    ...rest
+  } = jwtSecretsData?.config?.hasura?.jwtSecrets?.[0] || {};
+
+  let initialSignatureType: JWTSecretType = 'symmetric';
+  if (
+    typeof jwtType === 'string' &&
+    SYMMETRIC_ALGORITHMS.includes(
+      jwtType as (typeof SYMMETRIC_ALGORITHMS)[number],
+    )
+  ) {
+    initialSignatureType = 'symmetric';
+  } else if (
+    typeof jwtType === 'string' &&
+    ASYMMETRIC_ALGORITHMS.includes(
+      jwtType as (typeof ASYMMETRIC_ALGORITHMS)[number],
+    ) &&
+    kid
+  ) {
+    initialSignatureType = 'asymmetric';
+  } else {
+    initialSignatureType = 'external';
+  }
+
+  const initialExternalSigningType: ExternalSigningType = jwk_url
+    ? 'jwk-endpoint'
+    : 'public-key';
+
+  const [signatureType, setSignatureType] =
+    useState<JWTSecretType>(initialSignatureType);
+
+  const [externalSigningType, setExternalSigningType] =
+    useState<ExternalSigningType>(initialExternalSigningType);
+
+  const form = useForm<JWTSettingsFormValues>({
+    reValidateMode: 'onSubmit',
+    defaultValues: {
+      type: jwtType || '',
+      key: jwtKey || '',
+      signingKey: signingKey || '',
+      kid: kid || '',
+      jwkUrl: jwk_url || '',
+    },
+    resolver: yupResolver(validationSchema),
+    context: {
+      signatureType,
+      externalSigningType,
+    },
+  });
+
+  useEffect(() => {
+    if (!jwtSecretsLoading && !jwtSecretsError) {
+      form.reset({
+        type: jwtType || '',
+        key: jwtKey || '',
+        signingKey: signingKey || '',
+        kid: kid || '',
+        jwkUrl: jwk_url || '',
+      });
+    }
+  }, [
+    jwtSecretsLoading,
+    jwtSecretsData,
+    jwtType,
+    jwtKey,
+    signingKey,
+    kid,
+    jwk_url,
+    jwtSecretsError,
+    form,
+  ]);
+
+  const { formState, reset, setValue } = form;
+
+  const formValues = form.getValues();
+
+  const handleSignatureTypeChange = (value: JWTSecretType) => {
+    if (value === initialSignatureType) {
+      reset({
+        ...formValues,
+        type: jwtType || '',
+        key: jwtKey || '',
+        signingKey: signingKey || '',
+        kid: kid || '',
+        jwkUrl: jwk_url || '',
+      });
+    } else {
+      const newType =
+        value === 'symmetric'
+          ? SYMMETRIC_ALGORITHMS[0]
+          : ASYMMETRIC_ALGORITHMS[0];
+      reset({
+        ...formValues,
+        type: '',
+        key: '',
+        signingKey: '',
+        kid: '',
+        jwkUrl: '',
+      });
+      setValue('type', newType, { shouldDirty: true });
+    }
+
+    setSignatureType(value);
+  };
+
+  const handleExternalSigningTypeChange = (value: ExternalSigningType) => {
+    if (value === initialExternalSigningType) {
+      reset({
+        ...formValues,
+        type: jwtType || '',
+        key: jwtKey || '',
+        signingKey: signingKey || '',
+        kid: kid || '',
+        jwkUrl: jwk_url || '',
+      });
+    } else {
+      reset({
+        ...formValues,
+        type: '',
+        key: '',
+        signingKey: '',
+        kid: '',
+        jwkUrl: '',
+      });
+      setValue('type', ASYMMETRIC_ALGORITHMS[0], { shouldDirty: true });
+    }
+
+    setExternalSigningType(value);
+  };
+
+  const getFormattedConfig = (
+    values: JWTSettingsFormValues,
+  ): ConfigConfigUpdateInput => {
+    // Remove any __typename property from the values
+    const sanitizedValues = removeTypename(values) as JWTSettingsFormValues;
+    const sanitizedRest = removeTypename(rest);
+
+    let jwtSecret = {};
+    if (signatureType === 'symmetric') {
+      jwtSecret = {
+        type: sanitizedValues.type,
+        key: sanitizedValues.key,
+      };
+    } else if (signatureType === 'asymmetric') {
+      jwtSecret = {
+        type: sanitizedValues.type,
+        key: sanitizedValues.key,
+        signingKey: sanitizedValues.signingKey,
+        kid: sanitizedValues.kid,
+      };
+    } else if (externalSigningType === 'jwk-endpoint') {
+      jwtSecret = {
+        jwk_url: sanitizedValues.jwkUrl,
+      };
+    } else if (externalSigningType === 'public-key') {
+      jwtSecret = {
+        type: sanitizedValues.type,
+        key: sanitizedValues.key,
+      };
+    }
+
+    jwtSecret = {
+      ...sanitizedRest,
+      ...jwtSecret,
+    };
+
+    const config: ConfigConfigUpdateInput = {
+      hasura: {
+        jwtSecrets: [jwtSecret],
+      },
+    };
+
+    return config;
+  };
+
+  const handleJWTSettingsChange = async (values: JWTSettingsFormValues) => {
+    const formattedConfig = getFormattedConfig(values);
+
+    const updateConfigPromise = updateConfig({
+      variables: {
+        appId: project.id,
+        config: formattedConfig,
+      },
+    });
+
+    await execPromiseWithErrorToast(
+      async () => {
+        await updateConfigPromise;
+        form.reset(values);
+        refetchJwtSecrets();
+
+        if (!isPlatform) {
+          openDialog({
+            title: 'Apply your changes',
+            component: <ApplyLocalSettingsDialog />,
+            props: {
+              PaperProps: {
+                className: 'max-w-2xl',
+              },
+            },
+          });
+        }
+      },
+      {
+        loadingMessage: 'JWT settings are being updated...',
+        successMessage: 'JWT settings have been updated successfully.',
+        errorMessage: 'An error occurred while trying to update JWT settings.',
+      },
+    );
+  };
+
+  if (jwtSecretsLoading) {
+    return (
+      <ActivityIndicator
+        delay={1000}
+        label="Loading JWT settings..."
+        className="justify-center"
+      />
+    );
+  }
+
+  if (jwtSecretsError) {
+    throw jwtSecretsError;
+  }
+
+  return (
+    <FormProvider {...form}>
+      <Form onSubmit={handleJWTSettingsChange}>
+        <SettingsContainer
+          title="JSON Web Token Settings"
+          description="Select how JSON Web Tokens (JWTs) are signed and verified."
+          slotProps={{
+            submitButton: {
+              disabled: !formState.isDirty || maintenanceActive,
+              loading: formState.isSubmitting,
+            },
+          }}
+          docsLink="https://docs.nhost.io/guides/auth/jwt"
+          docsTitle="JSON Web Token (JWT) Settings"
+          className="grid grid-flow-row gap-x-4 gap-y-2 px-4"
+        >
+          <Box className="flex flex-col gap-6">
+            <RadioGroup
+              className="flex flex-col gap-4 lg:flex-row"
+              defaultValue="public"
+              value={signatureType}
+              onValueChange={handleSignatureTypeChange}
+            >
+              <div className="flex items-center space-x-2">
+                <RadioGroupItem value="symmetric" id="symmetric" />
+                <Label htmlFor="symmetric" className="flex items-center gap-1">
+                  Symmetric key
+                  <Tooltip
+                    title={
+                      <span>
+                        With symmetric keys your project uses a single for both
+                        signing and verifying JWTs. Refer to{' '}
+                        <a
+                          target="_blank"
+                          rel="noopener noreferrer"
+                          href="https://docs.nhost.io/guides/auth/jwt#symmetric-keys"
+                          className="underline"
+                        >
+                          symmetric keys
+                        </a>{' '}
+                        for more information.
+                      </span>
+                    }
+                  >
+                    <InfoIcon
+                      aria-label="Info"
+                      className="h-4 w-4"
+                      color="primary"
+                    />
+                  </Tooltip>
+                </Label>
+              </div>
+              <div className="flex items-center space-x-2">
+                <RadioGroupItem value="asymmetric" id="asymmetric" />
+                <Label htmlFor="asymmetric" className="flex items-center gap-1">
+                  Asymmetric key
+                  <Tooltip
+                    title={
+                      <span>
+                        With asymmetric keys your project uses a public and
+                        private key pair for signing and verifying JWTs. Refer
+                        to{' '}
+                        <a
+                          target="_blank"
+                          rel="noopener noreferrer"
+                          href="https://docs.nhost.io/guides/auth/jwt#asymmetric-keys"
+                          className="underline"
+                        >
+                          asymmetric keys
+                        </a>{' '}
+                        for more information.
+                      </span>
+                    }
+                  >
+                    <InfoIcon
+                      aria-label="Info"
+                      className="h-4 w-4"
+                      color="primary"
+                    />
+                  </Tooltip>
+                </Label>
+              </div>
+              <div className="flex items-center space-x-2">
+                <RadioGroupItem value="external" id="external" />
+                <Label htmlFor="external" className="flex items-center gap-1">
+                  External signing
+                  <Tooltip
+                    title={
+                      <span>
+                        This will use a third party service&apos;s JWK endpoint
+                        to verify JWT&apos;s. Alternatively you can configure
+                        the public key directly. Refer to{' '}
+                        <a
+                          target="_blank"
+                          rel="noopener noreferrer"
+                          href="https://docs.nhost.io/guides/auth/jwt#external-signing"
+                          className="underline"
+                        >
+                          external signing
+                        </a>{' '}
+                        for more information.
+                      </span>
+                    }
+                  >
+                    <InfoIcon
+                      aria-label="Info"
+                      className="h-4 w-4"
+                      color="primary"
+                    />
+                  </Tooltip>
+                </Label>
+              </div>
+            </RadioGroup>
+            <JWTSecretField
+              secretType={signatureType}
+              externalSigningType={externalSigningType}
+              handleExternalSigningTypeChange={handleExternalSigningTypeChange}
+            />
+          </Box>
+        </SettingsContainer>
+      </Form>
+    </FormProvider>
+  );
+}

dashboard/src/features/orgs/projects/jwt/settings/components/JWTSettings/index.ts

@@ -0,0 +1 @@
+export { default as JWTSettings } from './JWTSettings';

dashboard/src/features/orgs/projects/jwt/settings/components/SymmetricKeyFormSection/SymmetricKeyFormSection.tsx

@@ -0,0 +1,57 @@
+import { Input } from '@/components/ui/v2/Input';
+import { useFormContext } from 'react-hook-form';
+
+import { Box } from '@/components/ui/v2/Box';
+import { Option } from '@/components/ui/v2/Option';
+import { Select } from '@/components/ui/v2/Select';
+import { type JWTSettingsFormValues } from '@/features/orgs/projects/jwt/settings/types';
+import { SYMMETRIC_ALGORITHMS } from '@/features/orgs/projects/jwt/settings/utils/constants';
+
+export default function SymmetricKeyFormSection() {
+  const {
+    register,
+    formState: { errors },
+    watch,
+    setValue,
+  } = useFormContext<JWTSettingsFormValues>();
+
+  const type = watch('type');
+
+  return (
+    <Box className="grid grid-cols-5 gap-4">
+      <Select
+        id="type"
+        className="col-span-5 lg:col-span-1"
+        placeholder="HS256"
+        hideEmptyHelperText
+        variant="normal"
+        defaultValue={SYMMETRIC_ALGORITHMS[0]}
+        error={!!errors.type}
+        helperText={errors?.type?.message}
+        label="Hashing algorithm"
+        value={type}
+        onChange={(_event, value) =>
+          setValue('type', value as string, { shouldDirty: true })
+        }
+      >
+        {SYMMETRIC_ALGORITHMS.map((algorithm) => (
+          <Option key={algorithm} value={algorithm}>
+            {algorithm}
+          </Option>
+        ))}
+      </Select>
+      <Input
+        {...register('key')}
+        name="key"
+        id="key"
+        label="Key"
+        placeholder="Enter symmetric key"
+        className="col-span-5 lg:col-span-3"
+        fullWidth
+        hideEmptyHelperText
+        error={!!errors?.key}
+        helperText={errors?.key?.message}
+      />
+    </Box>
+  );
+}

dashboard/src/features/orgs/projects/jwt/settings/components/SymmetricKeyFormSection/index.ts

@@ -0,0 +1 @@
+export { default as SymmetricKeyFormSection } from './SymmetricKeyFormSection';

dashboard/src/features/orgs/projects/jwt/settings/types/index.ts

@@ -0,0 +1 @@
+export * from './jwtSecrets';

dashboard/src/features/orgs/projects/jwt/settings/types/jwtSecrets.ts

@@ -0,0 +1,61 @@
+import * as Yup from 'yup';
+
+export type JWTSecretType = 'symmetric' | 'asymmetric' | 'external';
+
+export type ExternalSigningType = 'jwk-endpoint' | 'public-key';
+
+export const validationSchema = Yup.object({
+  type: Yup.string()
+    .label('Type')
+    .when(['$signatureType', '$externalSigningType'], {
+      is: (
+        signatureType: JWTSecretType,
+        externalSigningType: ExternalSigningType,
+      ) => {
+        if (signatureType === 'external') {
+          return externalSigningType === 'public-key';
+        }
+        return true;
+      },
+      then: (schema) => schema.required(),
+    }),
+  key: Yup.string()
+    .label('Key')
+    .when(['$signatureType', '$externalSigningType'], {
+      is: (
+        signatureType: JWTSecretType,
+        externalSigningType: ExternalSigningType,
+      ) => {
+        if (signatureType === 'external') {
+          return externalSigningType === 'public-key';
+        }
+        return true;
+      },
+      then: (schema) => schema.required(),
+    }),
+  signingKey: Yup.string()
+    .label('Signing key')
+    .when('$signatureType', {
+      is: (signatureType: JWTSecretType) => signatureType === 'asymmetric',
+      then: (schema) => schema.required(),
+    }),
+  kid: Yup.string()
+    .label('Key ID')
+    .when('$signatureType', {
+      is: (signatureType: JWTSecretType) => signatureType === 'asymmetric',
+      then: (schema) => schema.required(),
+    }),
+  jwkUrl: Yup.string()
+    .label('JWK endpoint URL')
+    .url()
+    .when(['$signatureType', '$externalSigningType'], {
+      is: (
+        signatureType: JWTSecretType,
+        externalSigningType: ExternalSigningType,
+      ) =>
+        signatureType === 'external' && externalSigningType === 'jwk-endpoint',
+      then: (schema) => schema.required(),
+    }),
+});
+
+export type JWTSettingsFormValues = Yup.InferType<typeof validationSchema>;

dashboard/src/features/orgs/projects/jwt/settings/utils/constants/constants.ts

@@ -0,0 +1,4 @@
+// UI will take first value as default SYMMETRIC_ALGORITHMS[0]
+export const SYMMETRIC_ALGORITHMS = ['HS256', 'HS384', 'HS512'] as const;
+
+export const ASYMMETRIC_ALGORITHMS = ['RS256', 'RS384', 'RS512'] as const;

dashboard/src/features/orgs/projects/jwt/settings/utils/constants/index.ts

@@ -0,0 +1 @@
+export * from './constants';

dashboard/src/features/orgs/projects/overview/components/OverviewTopBar/OverviewTopBar.tsx

@@ -1,7 +1,7 @@
 import { useUI } from '@/components/common/UIProvider';
-import { Button } from '@/components/ui/v2/Button';
 import { CogIcon } from '@/components/ui/v2/icons/CogIcon';
 import { Text } from '@/components/ui/v2/Text';
+import { Button } from '@/components/ui/v3/button';
 import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
 import { useCurrentOrg } from '@/features/orgs/projects/hooks/useCurrentOrg';
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
@@ -94,12 +94,13 @@ export default function OverviewTopBar() {
         legacyBehavior
       >
         <Button
-          endIcon={<CogIcon className="h-4 w-4" />}
-          variant="outlined"
+          variant="outline"
+          className="gap-2"
           color="secondary"
           disabled={maintenanceActive}
         >
           Settings
+          <CogIcon className="h-4 w-4" />
         </Button>
       </Link>
     </div>

dashboard/src/gql/app/settings/environmentVariables/getEnvironmentVariables.graphql

@@ -8,9 +8,17 @@ fragment JWTSecret on ConfigJWTSecret {
   issuer
   key
   type
+  signingKey
+  kid
   jwk_url
   header
   claims_namespace_path
+  claims_map {
+    claim
+    default
+    path
+    value
+  }
   claims_namespace
   claims_format
   audience

dashboard/src/gql/app/settings/signInMethods/getSignInMethods.graphql

@@ -16,6 +16,11 @@ query GetSignInMethods($appId: uuid!) {
       id: __typename
       __typename
       method {
+        otp {
+          email {
+            enabled
+          }
+        }
         emailPassword {
           emailVerificationRequired
           hibpEnabled
@@ -40,6 +45,7 @@ query GetSignInMethods($appId: uuid!) {
             keyId
             teamId
             privateKey
+            audience
           }
           bitbucket {
             enabled
@@ -81,6 +87,7 @@ query GetSignInMethods($appId: uuid!) {
             clientId
             clientSecret
             scope
+            audience
           }
           linkedin {
             enabled

dashboard/src/pages/orgs/[orgSlug]/projects/[appSubdomain]/settings/index.tsx

@@ -9,6 +9,7 @@ import { TransferProject } from '@/features/orgs/components/TransferProject';
 import { ProjectLayout } from '@/features/orgs/layout/ProjectLayout';
 import { SettingsLayout } from '@/features/orgs/layout/SettingsLayout';
 import { RemoveApplicationModal } from '@/features/orgs/projects/common/components/RemoveApplicationModal';
+import { useAppState } from '@/features/orgs/projects/common/hooks/useAppState';
 import { useIsCurrentUserOwner } from '@/features/orgs/projects/common/hooks/useIsCurrentUserOwner';
 import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
 import { useOrgs } from '@/features/orgs/projects/hooks/useOrgs';
@@ -17,8 +18,10 @@ import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWith
 import {
   useBillingDeleteAppMutation,
   usePauseApplicationMutation,
+  useUnpauseApplicationMutation,
   useUpdateApplicationMutation,
 } from '@/generated/graphql';
+import { ApplicationStatus } from '@/types/application';
 import { slugifyString } from '@/utils/helpers';
 import { yupResolver } from '@hookform/resolvers/yup';
 import { useRouter } from 'next/router';
@@ -46,12 +49,21 @@ export default function SettingsGeneralPage() {
   const isOwner = useIsCurrentUserOwner();
   const { currentOrg: org } = useOrgs();
   const { project, loading, refetch: refetchProject } = useProject();
+  const { state } = useAppState();
 
   const [updateApp] = useUpdateApplicationMutation();
   const [deleteApplication] = useBillingDeleteAppMutation();
-  const [pauseApplication] = usePauseApplicationMutation({
-    variables: { appId: project?.id },
-  });
+  const [pauseApplication, { loading: pauseApplicationLoading }] =
+    usePauseApplicationMutation({
+      variables: { appId: project?.id },
+    });
+
+  const [unpauseApplication, { loading: unpauseApplicationLoading }] =
+    useUnpauseApplicationMutation({
+      variables: {
+        appId: project?.id,
+      },
+    });
 
   const form = useForm<ProjectNameValidationSchema>({
     mode: 'onSubmit',
@@ -137,6 +149,24 @@ export default function SettingsGeneralPage() {
     );
   }
 
+  async function handleTriggerUnpausing() {
+    await execPromiseWithErrorToast(
+      async () => {
+        await unpauseApplication();
+        await new Promise((resolve) => {
+          setTimeout(resolve, 1000);
+        });
+        await refetchProject();
+      },
+      {
+        loadingMessage: 'Starting the project...',
+        successMessage: 'The project has been started successfully.',
+        errorMessage:
+          'An error occurred while waking up the project. Please try again.',
+      },
+    );
+  }
+
   if (loading) {
     return <ActivityIndicator label="Loading project..." />;
   }
@@ -176,29 +206,53 @@ export default function SettingsGeneralPage() {
         </Form>
       </FormProvider>
 
-      <SettingsContainer
-        title="Pause Project"
-        description="While your project is paused, it will not be accessible. You can wake it up anytime after."
-        submitButtonText="Pause"
-        slotProps={{
-          submitButton: {
-            type: 'button',
-            color: 'primary',
-            variant: 'contained',
-            disabled: maintenanceActive || !isPlatform,
-            onClick: () => {
-              openAlertDialog({
-                title: 'Pause Project?',
-                payload:
-                  'Are you sure you want to pause this project? It will not be accessible until you unpause it.',
-                props: {
-                  onPrimaryAction: handlePauseApplication,
-                },
-              });
+      {state === ApplicationStatus.Paused && (
+        <SettingsContainer
+          title="Wake up Project"
+          description="Wake up your project to make it accessible again. Once reactivated, all features will be fully functional."
+          submitButtonText="Wake up"
+          slotProps={{
+            submitButton: {
+              type: 'button',
+              color: 'primary',
+              variant: 'contained',
+              loading: unpauseApplicationLoading,
+              disabled:
+                maintenanceActive || !isPlatform || unpauseApplicationLoading,
+              onClick: handleTriggerUnpausing,
             },
-          },
-        }}
-      />
+          }}
+        />
+      )}
+
+      {state !== ApplicationStatus.Paused &&
+        state !== ApplicationStatus.Pausing && (
+          <SettingsContainer
+            title="Pause Project"
+            description="While your project is paused, it will not be accessible. You can wake it up anytime after."
+            submitButtonText="Pause"
+            slotProps={{
+              submitButton: {
+                type: 'button',
+                color: 'primary',
+                variant: 'contained',
+                loading: pauseApplicationLoading,
+                disabled:
+                  maintenanceActive || !isPlatform || pauseApplicationLoading,
+                onClick: () => {
+                  openAlertDialog({
+                    title: 'Pause Project?',
+                    payload:
+                      'Are you sure you want to pause this project? It will not be accessible until you unpause it.',
+                    props: {
+                      onPrimaryAction: handlePauseApplication,
+                    },
+                  });
+                },
+              },
+            }}
+          />
+        )}
 
       <TransferProject />
 

dashboard/src/pages/orgs/[orgSlug]/projects/[appSubdomain]/settings/jwt.tsx

@@ -0,0 +1,62 @@
+import { Container } from '@/components/layout/Container';
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { useGetJwtSecretsQuery } from '@/utils/__generated__/graphql';
+import type { ReactElement } from 'react';
+
+import { ProjectLayout } from '@/features/orgs/layout/ProjectLayout';
+import { SettingsLayout } from '@/features/orgs/layout/SettingsLayout';
+import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
+import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimirClient';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
+import { JWTSettings } from '@/features/orgs/projects/jwt/settings/components/JWTSettings';
+
+export default function SettingsJWTPage() {
+  const { project } = useProject();
+  const isPlatform = useIsPlatform();
+  const localMimirClient = useLocalMimirClient();
+
+  const { data, loading, error } = useGetJwtSecretsQuery({
+    variables: { appId: project?.id },
+    fetchPolicy: 'cache-and-network',
+    skip: !project,
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  if (loading || !data) {
+    return (
+      <ActivityIndicator
+        delay={1000}
+        label="Loading JWT settings..."
+        className="justify-center"
+      />
+    );
+  }
+
+  if (error) {
+    throw error;
+  }
+
+  return (
+    <Container
+      className="grid max-w-5xl grid-flow-row gap-y-6 bg-transparent"
+      rootClassName="bg-transparent"
+    >
+      <JWTSettings />
+    </Container>
+  );
+}
+
+SettingsJWTPage.getLayout = function getLayout(page: ReactElement) {
+  return (
+    <ProjectLayout>
+      <SettingsLayout>
+        <Container
+          sx={{ backgroundColor: 'background.default' }}
+          className="max-w-5xl"
+        >
+          {page}
+        </Container>
+      </SettingsLayout>
+    </ProjectLayout>
+  );
+};

dashboard/src/pages/orgs/[orgSlug]/projects/[appSubdomain]/settings/sign-in-methods.tsx

@@ -22,6 +22,7 @@ import type { ReactElement } from 'react';
 
 import { ProjectLayout } from '@/features/orgs/layout/ProjectLayout';
 import { SettingsLayout } from '@/features/orgs/layout/SettingsLayout';
+import { OTPEmailSettings } from '@/features/orgs/projects/authentication/settings/OTPEmailSettings';
 import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
 import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimirClient';
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
@@ -61,6 +62,7 @@ export default function SettingsSignInMethodsPage() {
       <WebAuthnSettings />
       <AnonymousSignInSettings />
       <SMSSettings />
+      <OTPEmailSettings />
       <AppleProviderSettings />
       <AzureADProviderSettings />
       <DiscordProviderSettings />

dashboard/src/utils/__generated__/graphql.ts

@@ -282,6 +282,7 @@ export type ConfigAuthMethod = {
   emailPassword?: Maybe<ConfigAuthMethodEmailPassword>;
   emailPasswordless?: Maybe<ConfigAuthMethodEmailPasswordless>;
   oauth?: Maybe<ConfigAuthMethodOauth>;
+  otp?: Maybe<ConfigAuthMethodOtp>;
   smsPasswordless?: Maybe<ConfigAuthMethodSmsPasswordless>;
   webauthn?: Maybe<ConfigAuthMethodWebauthn>;
 };
@@ -314,6 +315,7 @@ export type ConfigAuthMethodComparisonExp = {
   emailPassword?: InputMaybe<ConfigAuthMethodEmailPasswordComparisonExp>;
   emailPasswordless?: InputMaybe<ConfigAuthMethodEmailPasswordlessComparisonExp>;
   oauth?: InputMaybe<ConfigAuthMethodOauthComparisonExp>;
+  otp?: InputMaybe<ConfigAuthMethodOtpComparisonExp>;
   smsPasswordless?: InputMaybe<ConfigAuthMethodSmsPasswordlessComparisonExp>;
   webauthn?: InputMaybe<ConfigAuthMethodWebauthnComparisonExp>;
 };
@@ -375,6 +377,7 @@ export type ConfigAuthMethodInsertInput = {
   emailPassword?: InputMaybe<ConfigAuthMethodEmailPasswordInsertInput>;
   emailPasswordless?: InputMaybe<ConfigAuthMethodEmailPasswordlessInsertInput>;
   oauth?: InputMaybe<ConfigAuthMethodOauthInsertInput>;
+  otp?: InputMaybe<ConfigAuthMethodOtpInsertInput>;
   smsPasswordless?: InputMaybe<ConfigAuthMethodSmsPasswordlessInsertInput>;
   webauthn?: InputMaybe<ConfigAuthMethodWebauthnInsertInput>;
 };
@@ -400,6 +403,7 @@ export type ConfigAuthMethodOauth = {
 
 export type ConfigAuthMethodOauthApple = {
   __typename?: 'ConfigAuthMethodOauthApple';
+  audience?: Maybe<Scalars['String']>;
   clientId?: Maybe<Scalars['String']>;
   enabled?: Maybe<Scalars['Boolean']>;
   keyId?: Maybe<Scalars['String']>;
@@ -412,6 +416,7 @@ export type ConfigAuthMethodOauthAppleComparisonExp = {
   _and?: InputMaybe<Array<ConfigAuthMethodOauthAppleComparisonExp>>;
   _not?: InputMaybe<ConfigAuthMethodOauthAppleComparisonExp>;
   _or?: InputMaybe<Array<ConfigAuthMethodOauthAppleComparisonExp>>;
+  audience?: InputMaybe<ConfigStringComparisonExp>;
   clientId?: InputMaybe<ConfigStringComparisonExp>;
   enabled?: InputMaybe<ConfigBooleanComparisonExp>;
   keyId?: InputMaybe<ConfigStringComparisonExp>;
@@ -421,6 +426,7 @@ export type ConfigAuthMethodOauthAppleComparisonExp = {
 };
 
 export type ConfigAuthMethodOauthAppleInsertInput = {
+  audience?: InputMaybe<Scalars['String']>;
   clientId?: InputMaybe<Scalars['String']>;
   enabled?: InputMaybe<Scalars['Boolean']>;
   keyId?: InputMaybe<Scalars['String']>;
@@ -430,6 +436,7 @@ export type ConfigAuthMethodOauthAppleInsertInput = {
 };
 
 export type ConfigAuthMethodOauthAppleUpdateInput = {
+  audience?: InputMaybe<Scalars['String']>;
   clientId?: InputMaybe<Scalars['String']>;
   enabled?: InputMaybe<Scalars['Boolean']>;
   keyId?: InputMaybe<Scalars['String']>;
@@ -591,6 +598,46 @@ export type ConfigAuthMethodOauthWorkosUpdateInput = {
   organization?: InputMaybe<Scalars['String']>;
 };
 
+export type ConfigAuthMethodOtp = {
+  __typename?: 'ConfigAuthMethodOtp';
+  email?: Maybe<ConfigAuthMethodOtpEmail>;
+};
+
+export type ConfigAuthMethodOtpComparisonExp = {
+  _and?: InputMaybe<Array<ConfigAuthMethodOtpComparisonExp>>;
+  _not?: InputMaybe<ConfigAuthMethodOtpComparisonExp>;
+  _or?: InputMaybe<Array<ConfigAuthMethodOtpComparisonExp>>;
+  email?: InputMaybe<ConfigAuthMethodOtpEmailComparisonExp>;
+};
+
+export type ConfigAuthMethodOtpEmail = {
+  __typename?: 'ConfigAuthMethodOtpEmail';
+  enabled?: Maybe<Scalars['Boolean']>;
+};
+
+export type ConfigAuthMethodOtpEmailComparisonExp = {
+  _and?: InputMaybe<Array<ConfigAuthMethodOtpEmailComparisonExp>>;
+  _not?: InputMaybe<ConfigAuthMethodOtpEmailComparisonExp>;
+  _or?: InputMaybe<Array<ConfigAuthMethodOtpEmailComparisonExp>>;
+  enabled?: InputMaybe<ConfigBooleanComparisonExp>;
+};
+
+export type ConfigAuthMethodOtpEmailInsertInput = {
+  enabled?: InputMaybe<Scalars['Boolean']>;
+};
+
+export type ConfigAuthMethodOtpEmailUpdateInput = {
+  enabled?: InputMaybe<Scalars['Boolean']>;
+};
+
+export type ConfigAuthMethodOtpInsertInput = {
+  email?: InputMaybe<ConfigAuthMethodOtpEmailInsertInput>;
+};
+
+export type ConfigAuthMethodOtpUpdateInput = {
+  email?: InputMaybe<ConfigAuthMethodOtpEmailUpdateInput>;
+};
+
 export type ConfigAuthMethodSmsPasswordless = {
   __typename?: 'ConfigAuthMethodSmsPasswordless';
   enabled?: Maybe<Scalars['Boolean']>;
@@ -616,6 +663,7 @@ export type ConfigAuthMethodUpdateInput = {
   emailPassword?: InputMaybe<ConfigAuthMethodEmailPasswordUpdateInput>;
   emailPasswordless?: InputMaybe<ConfigAuthMethodEmailPasswordlessUpdateInput>;
   oauth?: InputMaybe<ConfigAuthMethodOauthUpdateInput>;
+  otp?: InputMaybe<ConfigAuthMethodOtpUpdateInput>;
   smsPasswordless?: InputMaybe<ConfigAuthMethodSmsPasswordlessUpdateInput>;
   webauthn?: InputMaybe<ConfigAuthMethodWebauthnUpdateInput>;
 };
@@ -2085,6 +2133,8 @@ export type ConfigJwtSecret = {
   issuer?: Maybe<Scalars['String']>;
   jwk_url?: Maybe<Scalars['ConfigUrl']>;
   key?: Maybe<Scalars['String']>;
+  kid?: Maybe<Scalars['String']>;
+  signingKey?: Maybe<Scalars['String']>;
   type?: Maybe<Scalars['String']>;
 };
 
@@ -2102,6 +2152,8 @@ export type ConfigJwtSecretComparisonExp = {
   issuer?: InputMaybe<ConfigStringComparisonExp>;
   jwk_url?: InputMaybe<ConfigUrlComparisonExp>;
   key?: InputMaybe<ConfigStringComparisonExp>;
+  kid?: InputMaybe<ConfigStringComparisonExp>;
+  signingKey?: InputMaybe<ConfigStringComparisonExp>;
   type?: InputMaybe<ConfigStringComparisonExp>;
 };
 
@@ -2116,6 +2168,8 @@ export type ConfigJwtSecretInsertInput = {
   issuer?: InputMaybe<Scalars['String']>;
   jwk_url?: InputMaybe<Scalars['ConfigUrl']>;
   key?: InputMaybe<Scalars['String']>;
+  kid?: InputMaybe<Scalars['String']>;
+  signingKey?: InputMaybe<Scalars['String']>;
   type?: InputMaybe<Scalars['String']>;
 };
 
@@ -2130,6 +2184,8 @@ export type ConfigJwtSecretUpdateInput = {
   issuer?: InputMaybe<Scalars['String']>;
   jwk_url?: InputMaybe<Scalars['ConfigUrl']>;
   key?: InputMaybe<Scalars['String']>;
+  kid?: InputMaybe<Scalars['String']>;
+  signingKey?: InputMaybe<Scalars['String']>;
   type?: InputMaybe<Scalars['String']>;
 };
 
@@ -2780,6 +2836,7 @@ export type ConfigStandardOauthProviderUpdateInput = {
 
 export type ConfigStandardOauthProviderWithScope = {
   __typename?: 'ConfigStandardOauthProviderWithScope';
+  audience?: Maybe<Scalars['String']>;
   clientId?: Maybe<Scalars['String']>;
   clientSecret?: Maybe<Scalars['String']>;
   enabled?: Maybe<Scalars['Boolean']>;
@@ -2790,6 +2847,7 @@ export type ConfigStandardOauthProviderWithScopeComparisonExp = {
   _and?: InputMaybe<Array<ConfigStandardOauthProviderWithScopeComparisonExp>>;
   _not?: InputMaybe<ConfigStandardOauthProviderWithScopeComparisonExp>;
   _or?: InputMaybe<Array<ConfigStandardOauthProviderWithScopeComparisonExp>>;
+  audience?: InputMaybe<ConfigStringComparisonExp>;
   clientId?: InputMaybe<ConfigStringComparisonExp>;
   clientSecret?: InputMaybe<ConfigStringComparisonExp>;
   enabled?: InputMaybe<ConfigBooleanComparisonExp>;
@@ -2797,6 +2855,7 @@ export type ConfigStandardOauthProviderWithScopeComparisonExp = {
 };
 
 export type ConfigStandardOauthProviderWithScopeInsertInput = {
+  audience?: InputMaybe<Scalars['String']>;
   clientId?: InputMaybe<Scalars['String']>;
   clientSecret?: InputMaybe<Scalars['String']>;
   enabled?: InputMaybe<Scalars['Boolean']>;
@@ -2804,6 +2863,7 @@ export type ConfigStandardOauthProviderWithScopeInsertInput = {
 };
 
 export type ConfigStandardOauthProviderWithScopeUpdateInput = {
+  audience?: InputMaybe<Scalars['String']>;
   clientId?: InputMaybe<Scalars['String']>;
   clientSecret?: InputMaybe<Scalars['String']>;
   enabled?: InputMaybe<Scalars['Boolean']>;
@@ -27233,6 +27293,13 @@ export type GetBackupPresignedUrlQueryVariables = Exact<{
 
 export type GetBackupPresignedUrlQuery = { __typename?: 'query_root', getBackupPresignedUrl: { __typename?: 'BackupPresignedURL', url: string, expiresAt: any } };
 
+export type GetJwtSecretsQueryVariables = Exact<{
+  appId: Scalars['uuid'];
+}>;
+
+
+export type GetJwtSecretsQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', hasura: { __typename?: 'ConfigHasura', jwtSecrets?: Array<{ __typename?: 'ConfigJWTSecret', type?: string | null, key?: string | null, signingKey?: string | null, kid?: string | null, jwk_url?: any | null, allowed_skew?: any | null, audience?: string | null, claims_format?: string | null, claims_namespace?: string | null, claims_namespace_path?: string | null, header?: string | null, issuer?: string | null, claims_map?: Array<{ __typename?: 'ConfigClaimMap', claim: string, default?: string | null, path?: string | null, value?: string | null }> | null }> | null } } | null };
+
 export type GetObservabilitySettingsQueryVariables = Exact<{
   appId: Scalars['uuid'];
 }>;
@@ -27395,14 +27462,14 @@ export type DnsLookupCnameQuery = { __typename?: 'query_root', dnsLookupCNAME: s
 
 export type EnvironmentVariableFragment = { __typename?: 'ConfigGlobalEnvironmentVariable', name: string, value: string, id: string };
 
-export type JwtSecretFragment = { __typename?: 'ConfigJWTSecret', issuer?: string | null, key?: string | null, type?: string | null, jwk_url?: any | null, header?: string | null, claims_namespace_path?: string | null, claims_namespace?: string | null, claims_format?: string | null, audience?: string | null, allowed_skew?: any | null };
+export type JwtSecretFragment = { __typename?: 'ConfigJWTSecret', issuer?: string | null, key?: string | null, type?: string | null, signingKey?: string | null, kid?: string | null, jwk_url?: any | null, header?: string | null, claims_namespace_path?: string | null, claims_namespace?: string | null, claims_format?: string | null, audience?: string | null, allowed_skew?: any | null, claims_map?: Array<{ __typename?: 'ConfigClaimMap', claim: string, default?: string | null, path?: string | null, value?: string | null }> | null };
 
 export type GetEnvironmentVariablesQueryVariables = Exact<{
   appId: Scalars['uuid'];
 }>;
 
 
-export type GetEnvironmentVariablesQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', global?: { __typename?: 'ConfigGlobal', environment?: Array<{ __typename?: 'ConfigGlobalEnvironmentVariable', name: string, value: string, id: string }> | null } | null, hasura: { __typename?: 'ConfigHasura', adminSecret: string, webhookSecret: string, jwtSecrets?: Array<{ __typename?: 'ConfigJWTSecret', issuer?: string | null, key?: string | null, type?: string | null, jwk_url?: any | null, header?: string | null, claims_namespace_path?: string | null, claims_namespace?: string | null, claims_format?: string | null, audience?: string | null, allowed_skew?: any | null }> | null } } | null };
+export type GetEnvironmentVariablesQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', global?: { __typename?: 'ConfigGlobal', environment?: Array<{ __typename?: 'ConfigGlobalEnvironmentVariable', name: string, value: string, id: string }> | null } | null, hasura: { __typename?: 'ConfigHasura', adminSecret: string, webhookSecret: string, jwtSecrets?: Array<{ __typename?: 'ConfigJWTSecret', issuer?: string | null, key?: string | null, type?: string | null, signingKey?: string | null, kid?: string | null, jwk_url?: any | null, header?: string | null, claims_namespace_path?: string | null, claims_namespace?: string | null, claims_format?: string | null, audience?: string | null, allowed_skew?: any | null, claims_map?: Array<{ __typename?: 'ConfigClaimMap', claim: string, default?: string | null, path?: string | null, value?: string | null }> | null }> | null } } | null };
 
 export type GetConfigRawJsonQueryVariables = Exact<{
   appID: Scalars['uuid'];
@@ -27482,7 +27549,7 @@ export type GetSignInMethodsQueryVariables = Exact<{
 }>;
 
 
-export type GetSignInMethodsQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', provider?: { __typename: 'ConfigProvider', id: 'ConfigProvider', sms?: { __typename?: 'ConfigSms', accountSid: string, authToken: string, messagingServiceId: string, provider?: string | null } | null } | null, auth?: { __typename: 'ConfigAuth', id: 'ConfigAuth', method?: { __typename?: 'ConfigAuthMethod', emailPassword?: { __typename?: 'ConfigAuthMethodEmailPassword', emailVerificationRequired?: boolean | null, hibpEnabled?: boolean | null, passwordMinLength?: any | null } | null, emailPasswordless?: { __typename?: 'ConfigAuthMethodEmailPasswordless', enabled?: boolean | null } | null, smsPasswordless?: { __typename?: 'ConfigAuthMethodSmsPasswordless', enabled?: boolean | null } | null, anonymous?: { __typename?: 'ConfigAuthMethodAnonymous', enabled?: boolean | null } | null, webauthn?: { __typename?: 'ConfigAuthMethodWebauthn', enabled?: boolean | null } | null, oauth?: { __typename?: 'ConfigAuthMethodOauth', apple?: { __typename?: 'ConfigAuthMethodOauthApple', enabled?: boolean | null, clientId?: string | null, keyId?: string | null, teamId?: string | null, privateKey?: string | null } | null, bitbucket?: { __typename?: 'ConfigStandardOauthProvider', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null } | null, gitlab?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, strava?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, discord?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, facebook?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, github?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, google?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, linkedin?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, spotify?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, twitch?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, twitter?: { __typename?: 'ConfigAuthMethodOauthTwitter', enabled?: boolean | null, consumerKey?: string | null, consumerSecret?: string | null } | null, windowslive?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, workos?: { __typename?: 'ConfigAuthMethodOauthWorkos', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, connection?: string | null, organization?: string | null } | null, azuread?: { __typename?: 'ConfigAuthMethodOauthAzuread', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, tenant?: string | null } | null } | null } | null } | null } | null };
+export type GetSignInMethodsQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', provider?: { __typename: 'ConfigProvider', id: 'ConfigProvider', sms?: { __typename?: 'ConfigSms', accountSid: string, authToken: string, messagingServiceId: string, provider?: string | null } | null } | null, auth?: { __typename: 'ConfigAuth', id: 'ConfigAuth', method?: { __typename?: 'ConfigAuthMethod', otp?: { __typename?: 'ConfigAuthMethodOtp', email?: { __typename?: 'ConfigAuthMethodOtpEmail', enabled?: boolean | null } | null } | null, emailPassword?: { __typename?: 'ConfigAuthMethodEmailPassword', emailVerificationRequired?: boolean | null, hibpEnabled?: boolean | null, passwordMinLength?: any | null } | null, emailPasswordless?: { __typename?: 'ConfigAuthMethodEmailPasswordless', enabled?: boolean | null } | null, smsPasswordless?: { __typename?: 'ConfigAuthMethodSmsPasswordless', enabled?: boolean | null } | null, anonymous?: { __typename?: 'ConfigAuthMethodAnonymous', enabled?: boolean | null } | null, webauthn?: { __typename?: 'ConfigAuthMethodWebauthn', enabled?: boolean | null } | null, oauth?: { __typename?: 'ConfigAuthMethodOauth', apple?: { __typename?: 'ConfigAuthMethodOauthApple', enabled?: boolean | null, clientId?: string | null, keyId?: string | null, teamId?: string | null, privateKey?: string | null, audience?: string | null } | null, bitbucket?: { __typename?: 'ConfigStandardOauthProvider', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null } | null, gitlab?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, strava?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, discord?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, facebook?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, github?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, google?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null, audience?: string | null } | null, linkedin?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, spotify?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, twitch?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, twitter?: { __typename?: 'ConfigAuthMethodOauthTwitter', enabled?: boolean | null, consumerKey?: string | null, consumerSecret?: string | null } | null, windowslive?: { __typename?: 'ConfigStandardOauthProviderWithScope', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, scope?: Array<string> | null } | null, workos?: { __typename?: 'ConfigAuthMethodOauthWorkos', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, connection?: string | null, organization?: string | null } | null, azuread?: { __typename?: 'ConfigAuthMethodOauthAzuread', enabled?: boolean | null, clientId?: string | null, clientSecret?: string | null, tenant?: string | null } | null } | null } | null } | null } | null };
 
 export type GetSmtpSettingsQueryVariables = Exact<{
   appId: Scalars['uuid'];
@@ -28318,9 +28385,17 @@ export const JwtSecretFragmentDoc = gql`
   issuer
   key
   type
+  signingKey
+  kid
   jwk_url
   header
   claims_namespace_path
+  claims_map {
+    claim
+    default
+    path
+    value
+  }
   claims_namespace
   claims_format
   audience
@@ -29162,6 +29237,67 @@ export type GetBackupPresignedUrlQueryResult = Apollo.QueryResult<GetBackupPresi
 export function refetchGetBackupPresignedUrlQuery(variables: GetBackupPresignedUrlQueryVariables) {
       return { query: GetBackupPresignedUrlDocument, variables: variables }
     }
+export const GetJwtSecretsDocument = gql`
+    query GetJWTSecrets($appId: uuid!) {
+  config(appID: $appId, resolve: false) {
+    id: __typename
+    __typename
+    hasura {
+      jwtSecrets {
+        type
+        key
+        signingKey
+        kid
+        jwk_url
+        allowed_skew
+        audience
+        claims_format
+        claims_map {
+          claim
+          default
+          path
+          value
+        }
+        claims_namespace
+        claims_namespace_path
+        header
+        issuer
+      }
+    }
+  }
+}
+    `;
+
+/**
+ * __useGetJwtSecretsQuery__
+ *
+ * To run a query within a React component, call `useGetJwtSecretsQuery` and pass it any options that fit your needs.
+ * When your component renders, `useGetJwtSecretsQuery` returns an object from Apollo Client that contains loading, error, and data properties
+ * you can use to render your UI.
+ *
+ * @param baseOptions options that will be passed into the query, supported options are listed on: https://www.apollographql.com/docs/react/api/react-hooks/#options;
+ *
+ * @example
+ * const { data, loading, error } = useGetJwtSecretsQuery({
+ *   variables: {
+ *      appId: // value for 'appId'
+ *   },
+ * });
+ */
+export function useGetJwtSecretsQuery(baseOptions: Apollo.QueryHookOptions<GetJwtSecretsQuery, GetJwtSecretsQueryVariables>) {
+        const options = {...defaultOptions, ...baseOptions}
+        return Apollo.useQuery<GetJwtSecretsQuery, GetJwtSecretsQueryVariables>(GetJwtSecretsDocument, options);
+      }
+export function useGetJwtSecretsLazyQuery(baseOptions?: Apollo.LazyQueryHookOptions<GetJwtSecretsQuery, GetJwtSecretsQueryVariables>) {
+          const options = {...defaultOptions, ...baseOptions}
+          return Apollo.useLazyQuery<GetJwtSecretsQuery, GetJwtSecretsQueryVariables>(GetJwtSecretsDocument, options);
+        }
+export type GetJwtSecretsQueryHookResult = ReturnType<typeof useGetJwtSecretsQuery>;
+export type GetJwtSecretsLazyQueryHookResult = ReturnType<typeof useGetJwtSecretsLazyQuery>;
+export type GetJwtSecretsQueryResult = Apollo.QueryResult<GetJwtSecretsQuery, GetJwtSecretsQueryVariables>;
+export function refetchGetJwtSecretsQuery(variables: GetJwtSecretsQueryVariables) {
+      return { query: GetJwtSecretsDocument, variables: variables }
+    }
 export const GetObservabilitySettingsDocument = gql`
     query GetObservabilitySettings($appId: uuid!) {
   config(appID: $appId, resolve: false) {
@@ -30606,6 +30742,11 @@ export const GetSignInMethodsDocument = gql`
       id: __typename
       __typename
       method {
+        otp {
+          email {
+            enabled
+          }
+        }
         emailPassword {
           emailVerificationRequired
           hibpEnabled
@@ -30630,6 +30771,7 @@ export const GetSignInMethodsDocument = gql`
             keyId
             teamId
             privateKey
+            audience
           }
           bitbucket {
             enabled
@@ -30671,6 +30813,7 @@ export const GetSignInMethodsDocument = gql`
             clientId
             clientSecret
             scope
+            audience
           }
           linkedin {
             enabled

docs/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost/docs
 
+## 2.22.0
+
+### Minor Changes
+
+- 10b0f74: feat: add jwt docs + openapi improvements
+- fe6e8e2: feat: add signin with otp reference docs
+- 8f77914: fix: added pg_repack and an extension overview to database guide
+
 ## 2.21.0
 
 ### Minor Changes

docs/guides/auth/jwt.mdx

@@ -0,0 +1,315 @@
+---
+title: JSON Web Tokens (JWTs)
+description: Configure JSON Web Tokens to your needs
+icon: key
+---
+
+## Introduction
+
+JSON Web Tokens (JWT) are encoded strings designed to securely transmit information between parties in the form of a JSON object. Each JWT consists of three parts: 
+
+- header
+- payload
+- signature
+
+JWTs are commonly used for authentication post-login. The server generates a token containing user claims (like identity and permissions) that subsequent requests can include to prove authorization.
+
+Here's how JWTs typically work in an authentication flow:
+
+1. User logs in with credentials (username/password)
+2. Server validates credentials and generates a signed JWT containing user information and permissions
+3. Server sends the JWT to the client, which stores it (usually in browser storage)
+4. For subsequent requests, the client includes the JWT in the Authorization header
+5. Server verifies the token's signature and grants access based on the encoded permissions
+
+The main advantage is that the server doesn't need to store session information - all necessary data is contained within the token itself, making it ideal for stateless authentication. 
+
+<Info>For more information about JSON Web Tokens, visit [jwt.io](https://jwt.io).</Info>
+
+## JWT Configuration
+
+You can configure your project to use three different kinds of JWTs:
+
+- JWTs signed with symmetric keys
+- JWTs signed with asymmetric keys
+- JWTs signed externally via a third-party service
+
+<Note>
+Currently we default to using symmetric keys for signing JWTs. However, we plan to change this to use asymmetric keys in the near future.
+</Note>
+
+### Symmetric Keys
+
+With symmetric keys, your project uses a single key for both signing and verifying JWTs. This key is stored in the project's configuration and is responsible for signing JWTs. When a client sends a JWT to the server, the server uses the same key to verify the JWT’s signature. If you need to verify JWTs in a different service, the same key can be used for verification. Since the same key is used for both signing and verification, it is crucial to keep it secret, as sharing it with others can compromise the security of your JWTs.
+
+
+Below you can see an example of a symmetric key configuration:
+
+
+<Tabs>
+  <Tab title="nhost.toml">
+```toml
+[[hasura.jwtSecrets]]
+type = 'HS256'
+key = 'f03d5f5a0ed055e3fcbc0a3639405aca0511e6abe6d60e40d1fff610c6248f2a'
+```
+  </Tab>
+  <Tab title="dashboard">
+![Symmetric Key Configuration](/images/guides/auth/jwt/symmetric.png)
+  </Tab>
+</Tabs>
+
+<Note>
+We recommend using a [secret](/platform/secrets) to configure the key.
+</Note>
+
+In addition to `HS256`, you can also use `HS384` and `HS512` for extra security. To quickly generate a key, you can use the following command:
+
+<Tabs>
+  <Tab title="HS256">
+    ```shell
+    openssl rand -base64 32
+    ```
+  </Tab>
+  <Tab title="HS384">
+    ```shell
+    openssl rand -base64 48
+    ```
+  </Tab>
+  <Tab title="HS512">
+    ```shell
+    openssl rand -base64 64
+    ```
+  </Tab>
+</Tabs>
+
+### Asymmetric Keys
+
+With asymmetric keys, your project uses a pair of public and private keys for signing and verifying JWTs. The private key, stored securely in the project's configuration, is used to sign the JWTs. The public key, on the other hand, is made available to clients and is used to verify the JWTs. When a client sends a JWT to the server, the server uses the public key to validate the JWT’s signature. If verification is needed in a different service, the public key can be used without compromising security. Since the public key is only used for verification and the private key for signing, sharing the public key is safe and does not jeopardize the security of your JWTs.
+
+
+Below you can see an example of an asymmetric key configuration:
+
+<Tabs>
+  <Tab title="nhost.toml">
+```toml
+[[hasura.jwtSecrets]]
+type = "RS256"
+kid = "bskhwtelkajsd"
+key = ""
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSFS8Kx9LuiYpIms+NoZ
+(ommited for brevity)
+jwIDAQAB
+-----END PUBLIC KEY-----
+""
+signingKey = ""
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpIVLwrH0u6Jik
+(ommited for brevity)
+s6fJmz3ZeArPI8KFSI3Q2xqm
+-----END PRIVATE KEY-----
+""
+```
+  </Tab>
+  <Tab title="dashboard">
+![Asymmetric Key Configuration](/images/guides/auth/jwt/asymmetric.png)
+  </Tab>
+</Tabs>
+
+In addition to `RS256`, you can also use `RS384` and `RS512` for extra security. To quickly generate a key pair, you can use the following commands:
+
+<Tabs>
+  <Tab title="RS256">
+    ```shell
+    # Generate a private key
+    openssl genpkey -algorithm RSA -out jwt_private.pem -pkeyopt rsa_keygen_bits:2048
+
+    # Generate a public key from the private key
+    openssl rsa -pubout -in jwt_private.pem -out jwt_public.pem
+    ```
+  </Tab>
+  <Tab title="RS384">
+    ```shell
+    # Generate a private key
+    openssl genpkey -algorithm RSA -out jwt_private.pem -pkeyopt rsa_keygen_bits:3072
+
+    # Generate a public key from the private key
+    openssl rsa -pubout -in jwt_private.pem -out jwt_public.pem
+    ```
+  </Tab>
+  <Tab title="RS512">
+    ```shell
+    # Generate a private key
+    openssl genpkey -algorithm RSA -out jwt_private.pem -pkeyopt rsa_keygen_bits:4096
+
+    # Generate a public key from the private key
+    openssl rsa -pubout -in jwt_private.pem -out jwt_public.pem
+    ```
+  </Tab>
+</Tabs>
+
+You can then copy the contents of `jwt_private.pem` into the `signingKey` field and the contents of `jwt_public.pem` into the `key` field.
+
+The `kid` value in your configuration can be any unique string of your choice and must be distinct for each key. It is used to identify the correct key when verifying JWTs through the JWKS endpoint.
+
+### External Signing
+
+If you are using a third party service like Auth0 or Clerk you can configure your project to use their JWK endpoint to verify JWTs. Below you can see an example of an external signing configuration:
+
+<Tabs>
+  <Tab title="nhost.toml">
+
+```toml
+[[hasura.jwtSecrets]]
+jwk_url = "https://mythirdpartyservice.com/jwks.json"
+```
+
+Alternatively, you can configure the public key directly:
+
+```toml
+[[hasura.jwtSecrets]]
+type = "RS256"
+key = ""
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSFS8Kx9LuiYpIms+NoZ
+(ommited for brevity)
+jwIDAQAB
+-----END PUBLIC KEY-----
+""
+```
+  </Tab>
+  <Tab title="dashboard">
+![External signing](/images/guides/auth/jwt/external.png)
+  </Tab>
+</Tabs>
+
+<Note>
+When using external signing the Auth service will be automatically disabled.
+</Note>
+
+## Verify a JWT
+
+
+### Symmetric Keys
+
+To verify a JWT signed with a symmetric key in a serverless function or third party service you can use code similar to the following:
+
+```javascript
+import { Request, Response } from 'express'
+import process from 'process'
+import jwt from 'jsonwebtoken'
+
+const JWT_SECRET = process.env.HASURA_GRAPHQL_JWT_SECRET;
+
+export default (req: Request, res: Response) => {
+    const authHeader = req.headers.authorization;
+
+    if (!authHeader?.startsWith('Bearer ')) {
+        return res.status(401).json({ error: 'Unauthorized: missing header' });
+    }
+
+    const token = authHeader.split(' ')[1];
+
+    const verifyToken = new Promise((resolve, reject) => {
+        const verifyOptions = {
+            algorithms: ['HS256', 'HS384', 'HS512'],
+        };
+
+        jwt.verify(token, JWT_SECRET, verifyOptions, (err, decoded) => {
+            if (err) reject(err);
+            else resolve(decoded);
+        });
+    });
+
+    verifyToken
+        .then((decoded) => {
+            res.status(200).json({
+                token: decoded,
+            });
+        })
+        .catch((err) => {
+            res.status(401).json({ error: `Unauthorized: ${err}` });
+        });
+}
+```
+
+Keep in mind that you need access to the same key that was used to sign the JWT in order to verify it so this mechanism may not be suitable for all use cases.
+
+### Asymmetric Keys
+
+To verify a JWT signed with an asymmetric key you can leverage the JWKS endpoint that is automatically enabled in your project when you configure it to use asymmetric keys. The JWKS endpoint can be found at `https://<subdomain>.auth.<region>.nhost.run/v1/.well-known/jwks.json`. For instance:
+
+```shell
+$ curl -s https://local.auth.local.nhost.run/v1/.well-known/jwks.json | jq
+{
+  "keys": [
+    {
+      "alg": "RS256",
+      "e": "AQAB",
+      "kid": "bskhwtelkajsd",
+      "kty": "RSA",
+      "n": "qSFS8Kx9LuiYpIms-NoZdSIcIgVp3z531bCSq1shx6ZqsKxHyNAjQ9vcYDBcW1gS1q0NFCDWyDLoNyd_lYUDlsc6zjXZAGyjiT1l_Qe9USHjXhT6Yv8SQlVbj8YCYPhYV9g6Bj922gXOmwXpWToHVYK5bjZmq897doksTErKiny6-FlPJvLVp3cpTFuNy6DKkZkIliuZnmf8EMFOVoFuQtNVlDZZZjk9TK9SP-qN1bvFPTdlCxdkA8ws8IkvhFivgfOflLRlzEE4fECEkaC3tZzGzjhPOmV5T8UC8eNz0Ir87nez8_fVyq61ffPkFftfGOjZ4hUfQqn-YW4sH_VTjw",
+      "use": "sig"
+    }
+  ]
+}
+```
+Using the public key from the JWKS endpoint you can verify the JWT in a serverless function using code similar to the following:
+
+```javascript
+import { Request, Response } from 'express'
+import process from 'process'
+import jwt from 'jsonwebtoken'
+import jwksClient from 'jwks-rsa'
+
+const subdomain = process.env.NHOST_SUBDOMAIN;
+const region = process.env.NHOST_REGION;
+
+// Initialize the JWKS client
+const client = jwksClient({
+  jwksUri: `https://${subdomain}.auth.${region}.nhost.run/v1/.well-known/jwks.json`,
+  cache: true,
+  cacheMaxAge: 86400000, // 24 hours cache
+});
+
+export default (req: Request, res: Response) => {
+    const authHeader = req.headers.authorization;
+
+    if (!authHeader?.startsWith('Bearer ')) {
+        return res.status(401).json({ error: 'Unauthorized: missing header' });
+    }
+
+    const token = authHeader.split(' ')[1];
+
+    const verifyToken = new Promise((resolve, reject) => {
+        const verifyOptions = {
+            algorithms: ['RS256', 'RS384', 'RS512'],
+        };
+
+        jwt.verify(token, (header, callback) => {
+            client.getSigningKey(header.kid, (err, key) => {
+                if (err) return callback(err);
+                callback(null, key.getPublicKey());
+            });
+        }, verifyOptions, (err, decoded) => {
+            if (err) reject(err);
+            else resolve(decoded);
+        });
+    });
+
+    verifyToken
+        .then((decoded) => {
+            res.status(200).json({
+                token: decoded,
+            });
+        })
+        .catch((err) => {
+            res.status(401).json({ error: `Unauthorized: ${err}` });
+        });
+}
+```
+
+## Custom Claims
+
+You can attach extra information to your JWTs in the form of custom claims. These claims can be used for authorization purposes in your application. For more details on how to add custom claims to your JWTs and how to use them, see the [Permissions Variables](/guides/api/permissions#permission-variables) documentation.

docs/guides/auth/sign-in-otp.mdx

@@ -0,0 +1,73 @@
+---
+title: Sign In with One-Time Passwords
+sidebarTitle: One-Time Passwords
+description: Learn about One-Time Passwords
+icon: lock-hashtag
+---
+
+One-Time Passwords (OTPs) are temporary codes for single use that can be delivered to users via email. OTPs expire after 5 minutes and can only be used once. OTPs can provide a more secure and convenient alternative to regular passwords.
+
+To use One-Time Passwords, they need to be enabled in the configuration:
+
+<Tabs>
+ <Tab title="nhost.toml">
+ ```toml
+ [auth.method.otp.email]
+ enabled = true
+ ```
+ </Tab>
+ <Tab title="Dashboard">
+ ![sign-in otp](/images/guides/auth/sign-in-otp.png)
+ </Tab>
+</Tabs>
+
+After the functionality has been enabled the flow is as follows:
+
+1. User requests an OTP:
+
+<Tabs>
+  <Tab title="javascript">
+  ```js
+  nhost.auth.signInEmailOTP('user@example.com')
+  ```
+  </Tab>
+
+  <Tab title="react">
+  See [react docs](/reference/react/use-sign-in-email-otp) for details
+  </Tab>
+
+  <Tab title="vue">
+  See [vue docs](/reference/vue/use-sign-in-email-otp) for details
+  </Tab>
+
+  <Tab title="dart">
+  ```dart
+  nhost.auth.signInEmailOTP(email: "user@example.com");
+  ```
+  </Tab>
+</Tabs>
+
+2. User receives an email with the OTP
+3. User enters the OTP
+
+<Tabs>
+  <Tab title="javascript">
+  ```js
+  nhost.auth.verifyEmailOTP('user@example.com', '123456')
+  ```
+  </Tab>
+
+  <Tab title="react">
+  See [react docs](/reference/react/use-sign-in-email-otp) for details
+  </Tab>
+
+  <Tab title="vue">
+  See [vue docs](/reference/vue/use-sign-in-email-otp) for details
+  </Tab>
+
+  <Tab title="dart">
+  ```dart
+  nhost.auth.verifyEmailOTP(email: "user@example.com", otp: "123456");
+  ```
+  </Tab>
+</Tabs>

docs/guides/database/extensions.mdx

@@ -4,6 +4,78 @@ description: List of available extensions with Nhost Postgres.
 icon: grid
 ---
 
+## Overview
+
+In the table below you can find a list of available extensions with Nhost Postgres:
+
+|             name             | version | comment |
+| -----------------------------|---------|--------------------------------------------------------------------------------------------------------------------- |
+| address_standardizer         | 3.5.0   | Used to parse an address into constituent elements. Generally used to support geocoding address normalization step. |
+| address_standardizer_data_us | 3.5.0   | Address Standardizer US dataset example |
+| adminpack                    | 2.1     | administrative functions for PostgreSQL |
+| amcheck                      | 1.3     | functions for verifying relation integrity |
+| autoinc                      | 1.0     | functions for autoincrementing fields |
+| bloom                        | 1.0     | bloom access method - signature file based index |
+| btree_gin                    | 1.3     | support for indexing common datatypes in GIN |
+| btree_gist                   | 1.6     | support for indexing common datatypes in GiST |
+| citext                       | 1.6     | data type for case-insensitive character strings |
+| cube                         | 1.5     | data type for multidimensional cubes |
+| dblink                       | 1.2     | connect to other PostgreSQL databases from within a database |
+| dict_int                     | 1.0     | text search dictionary template for integers |
+| dict_xsyn                    | 1.0     | text search dictionary template for extended synonym processing |
+| earthdistance                | 1.1     | calculate great-circle distances on the surface of the Earth |
+| file_fdw                     | 1.0     | foreign-data wrapper for flat file access |
+| fuzzystrmatch                | 1.1     | determine similarities and distance between strings |
+| hstore                       | 1.8     | data type for storing sets of (key, value) pairs |
+| http                         | 1.6     | HTTP client for PostgreSQL, allows web page retrieval inside the database. |
+| hypopg                       | 1.4.1   | Hypothetical indexes for PostgreSQL |
+| insert_username              | 1.0     | functions for tracking who changed a table |
+| intagg                       | 1.1     | integer aggregator and enumerator (obsolete) |
+| intarray                     | 1.5     | functions, operators, and index support for 1-D arrays of integers |
+| ip4r                         | 2.4     | |
+| isn                          | 1.2     | data types for international product numbering standards |
+| lo                           | 1.1     | Large Object maintenance |
+| ltree                        | 1.2     | data type for hierarchical tree-like structures |
+| moddatetime                  | 1.0     | functions for tracking last modification time |
+| old_snapshot                 | 1.0     | utilities in support of old_snapshot_threshold |
+| pageinspect                  | 1.9     | inspect the contents of database pages at a low level |
+| pg_buffercache               | 1.3     | examine the shared buffer cache |
+| pg_cron                      | 1.6     | Job scheduler for PostgreSQL |
+| pg_freespacemap              | 1.2     | examine the free space map (FSM) |
+| pg_hashids                   | 1.3     | pg_hashids |
+| pg_ivm                       | 1.9     | incremental view maintenance on PostgreSQL |
+| pg_prewarm                   | 1.2     | prewarm relation data |
+| pg_repack                    | 1.5.1   | Reorganize tables in PostgreSQL databases with minimal locks |
+| pg_squeeze                   | 1.7     | A tool to remove unused space from a relation. |
+| pg_stat_statements           | 1.9     | track planning and execution statistics of all SQL statements executed |
+| pg_surgery                   | 1.0     | extension to perform surgery on a damaged relation |
+| pg_trgm                      | 1.6     | text similarity measurement and index searching based on trigrams |
+| pg_visibility                | 1.2     | examine the visibility map (VM) and page-level visibility info |
+| pgcrypto                     | 1.3     | cryptographic functions |
+| pgrowlocks                   | 1.2     | show row-level locking information |
+| pgstattuple                  | 1.5     | show tuple-level statistics |
+| plpgsql                      | 1.0     | PL/pgSQL procedural language |
+| postgis                      | 3.5.0   | PostGIS geometry and geography spatial types and functions |
+| postgis_raster               | 3.5.0   | PostGIS raster types and functions |
+| postgis_tiger_geocoder       | 3.5.0   | PostGIS tiger geocoder and reverse geocoder |
+| postgis_topology             | 3.5.0   | PostGIS topology spatial types and functions |
+| postgres_fdw                 | 1.1     | foreign-data wrapper for remote PostgreSQL servers |
+| refint                       | 1.0     | functions for implementing referential integrity (obsolete) |
+| seg                          | 1.4     | data type for representing line segments or floating-point intervals |
+| sslinfo                      | 1.2     | information about SSL certificates |
+| tablefunc                    | 1.0     | functions that manipulate whole tables, including crosstab |
+| tcn                          | 1.0     | Triggered change notifications |
+| timescaledb                  | 2.17.2  | Enables scalable inserts and complex queries for time-series data (Community Edition) |
+| tsm_system_rows              | 1.0     | TABLESAMPLE method which accepts number of rows as a limit |
+| tsm_system_time              | 1.0     | TABLESAMPLE method which accepts time in milliseconds as a limit |
+| unaccent                     | 1.1     | text search dictionary that removes accents |
+| uuid-ossp                    | 1.1     | generate universally unique identifiers (UUIDs) |
+| vector                       | 0.8.0   | vector data type and ivfflat and hnsw access methods |
+| xml2                         | 1.1     | XPath querying and XSLT |
+
+In addition, you can find more information about some of the extensions below
+
+
 ## hypopg
 
 HypoPG is a PostgreSQL extension adding support for hypothetical indexes.
@@ -205,6 +277,31 @@ DROP EXTENSION pg_ivm;
 
 - [GitHub](https://github.com/sraoss/pg_ivm)
 
+## pg_repack
+
+pg_repack is a PostgreSQL extension which lets you remove bloat from tables and indexes, and optionally restore the physical order of clustered indexes. Unlike CLUSTER and VACUUM FULL it works online, without holding an exclusive lock on the processed tables during processing. pg_repack is efficient to boot, with performance comparable to using CLUSTER directly.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_repack;
+```
+In addition, you may need to configure the WAL level and replication slots. Check the official documentation for details.
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_repack;
+```
+
+### Resources
+
+- [GitHub](https://github.com/cybertec-postgresql/pg_squeeze)
+
 ## pg_squeeze
 
 PostgreSQL extension that removes unused space from a table and optionally sorts tuples according to particular index (as if CLUSTER command was executed concurrently with regular reads / writes). In fact we try to replace pg_repack extension.

docs/guides/database/performance.mdx

@@ -8,7 +8,7 @@ Ensuring a healthy and performant PostgreSQL service is crucial as it directly i
 
 In case your Postgres service is not meeting your performance expectations, you can explore the following options:
 
-1. Consider upgrading your [dedicated compute](/platform/compute) resources to provide more processing power and memory to the Postgres server.
+1. Consider upgrading your [dedicated compute](/platform/compute-resources#dedicated-compute) resources to provide more processing power and memory to the Postgres server.
 
 2. Fine-tune the configuration parameters of Postgres to optimize its performance. Adjust settings such as `shared_buffers`, `work_mem`, and `effective_cache_size` to better align with your workload and server resources.
 
@@ -26,11 +26,11 @@ Before trying anything else, always upgrade to our latest postgres image first.
 
 ## Upgrade to dedicated compute
 
-Increasing CPU and memory is the simplest way to address performance issues. You can read more about compute resources [here](/platform/compute).
+Increasing CPU and memory is the simplest way to address performance issues. You can read more about compute resources [here](/platform/compute-resources#dedicated-compute).
 
 ## Fine-tune configuration parameters
 
-When optimizing your Postgres setup, you can consider adjusting various Postgres settings. You can find a list of these parameters [here](/database/settings). Keep in mind that the optimal values for these parameters will depend on factors such as available resources, workload, and data distribution.
+When optimizing your Postgres setup, you can consider adjusting various Postgres settings. You can find a list of these parameters [here](/guides/database/configuring-postgres). Keep in mind that the optimal values for these parameters will depend on factors such as available resources, workload, and data distribution.
 
 To help you get started, you can use [pgtune](https://pgtune.leopard.in.ua) as a reference tool. Pgtune can generate recommended configuration settings based on your system specifications. By providing information about your system, it can suggest parameter values that may be a good starting point for optimization.
 
@@ -42,9 +42,9 @@ Monitoring slow queries is a highly effective method for tackling performance is
 
 ### pghero
 
-[PgHero](https://github.com/ankane/pghero) is one of such tools you can use to idenfity and address slow queries. You can easily run pghero alongside your postgres with [Nhost Run](/run):
+[PgHero](https://github.com/ankane/pghero) is one of such tools you can use to idenfity and address slow queries. You can easily run pghero alongside your postgres with [Nhost Run](/product/run):
 
-1. First, make sure the extension [pg_stat_statements](/database/extensions#pg_stat_statements) is enabled.
+1. First, make sure the extension [pg_stat_statements](/guides/database/extensions#pg-stat-statements) is enabled.
 
 2. Click on this [one-click install link](https://app.nhost.io:/run-one-click-install?config=eyJuYW1lIjoicGdoZXJvIiwiaW1hZ2UiOnsiaW1hZ2UiOiJkb2NrZXIuaW8vYW5rYW5lL3BnaGVybzpsYXRlc3QifSwiY29tbWFuZCI6W10sInJlc291cmNlcyI6eyJjb21wdXRlIjp7ImNwdSI6MTI1LCJtZW1vcnkiOjI1Nn0sInN0b3JhZ2UiOltdLCJyZXBsaWNhcyI6MX0sImVudmlyb25tZW50IjpbeyJuYW1lIjoiREFUQUJBU0VfVVJMIiwidmFsdWUiOiJwb3N0Z3JlczovL3Bvc3RncmVzOltQQVNTV09SRF1AcG9zdGdyZXMtc2VydmljZTo1NDMyL1tTVUJET01BSU5dP3NzbG1vZGU9ZGlzYWJsZSJ9LHsibmFtZSI6IlBHSEVST19VU0VSTkFNRSIsInZhbHVlIjoiW1VTRVJdIn0seyJuYW1lIjoiUEdIRVJPX1BBU1NXT1JEIiwidmFsdWUiOiJbUEFTU1dPUkRdIn1dLCJwb3J0cyI6W3sicG9ydCI6ODA4MCwidHlwZSI6Imh0dHAiLCJwdWJsaXNoIjp0cnVlfV19)
 
@@ -78,7 +78,7 @@ There are tools you can use to help analyze your workload and detect missing ind
 
 ### pghero
 
-[PgHero](https://github.com/ankane/pghero), in addition to help with slow queries, can also help finding missing and duplicate indexes. See previous section on how to deploy pghero with [Nhost Run](/run).
+[PgHero](https://github.com/ankane/pghero), in addition to help with slow queries, can also help finding missing and duplicate indexes. See previous section on how to deploy pghero with [Nhost Run](/product/run).
 
 ### dexter
 

docs/main.go

@@ -0,0 +1,126 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"slices"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+)
+
+const tpl = `---
+title: "%s"
+openapi: %s %s
+---`
+
+const authReferencePath = "reference/auth"
+
+type OpenAPIMinimal struct {
+	Paths map[string]map[string]any
+}
+
+type Endpoint struct {
+	Method string
+	Path   string
+}
+
+func (e Endpoint) Filepath() string {
+	return authReferencePath + "/" + e.Method + strings.ReplaceAll(e.Path, "/", "-") + ".mdx"
+}
+
+func (e Endpoint) Content() string {
+	return fmt.Sprintf(tpl, e.Path, e.Method, e.Path)
+}
+
+func (e Endpoint) Mintlify() string {
+	return `            "` + strings.Replace(e.Filepath(), ".mdx", "", 1) + `",`
+}
+
+type Endpoints []Endpoint
+
+func (e Endpoints) Sort() {
+	slices.SortFunc(e, func(a, b Endpoint) int {
+		if a.Path == b.Path {
+			return strings.Compare(a.Method, b.Method)
+		}
+		return strings.Compare(a.Path, b.Path)
+	})
+}
+
+func funcReadOpenAPIFile(filepath string) (*OpenAPIMinimal, error) {
+	b, err := os.ReadFile(filepath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read file: %w", err)
+	}
+
+	var oam *OpenAPIMinimal
+	if err := yaml.Unmarshal(b, &oam); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal yaml: %w", err)
+	}
+
+	return oam, nil
+}
+
+func processOAMFiles(oam *OpenAPIMinimal) (Endpoints, error) {
+	endpoints := make(Endpoints, 0, len(oam.Paths)*2)
+
+	for path, methods := range oam.Paths {
+		for method := range methods {
+			e := Endpoint{Method: method, Path: path}
+			endpoints = append(endpoints, e)
+
+			if err := os.WriteFile(e.Filepath(), []byte(e.Content()), 0o644); err != nil {
+				return nil, fmt.Errorf("failed to write file: %w", err)
+			}
+		}
+	}
+
+	return endpoints, nil
+}
+
+func process() error {
+	if err := os.RemoveAll(authReferencePath); err != nil {
+		return fmt.Errorf("failed to remove directory: %w", err)
+	}
+
+	if err := os.Mkdir(authReferencePath, 0o755); err != nil {
+		return fmt.Errorf("failed to create directory: %w", err)
+	}
+
+	oam, err := funcReadOpenAPIFile("reference/openapi-auth.yaml")
+	if err != nil {
+		return fmt.Errorf("failed to read openapi-auth.yaml file: %w", err)
+	}
+
+	endpoints, err := processOAMFiles(oam)
+	if err != nil {
+		return fmt.Errorf("failed to process OAM files: %w", err)
+	}
+
+	oamOld, err := funcReadOpenAPIFile("reference/openapi-auth-old.yaml")
+	if err != nil {
+		return fmt.Errorf("failed to read openapi-auth-old.yaml file: %w", err)
+	}
+
+	endpointsOld, err := processOAMFiles(oamOld)
+	if err != nil {
+		return fmt.Errorf("failed to process OAM files: %w", err)
+	}
+
+	endpoints = append(endpoints, endpointsOld...)
+	endpoints.Sort()
+
+	for _, e := range endpoints {
+		fmt.Println(e.Mintlify())
+	}
+
+	return nil
+}
+
+func main() {
+	if err := process(); err != nil {
+		fmt.Fprintf(os.Stderr, "error: %v\n", err)
+		os.Exit(1)
+	}
+}

docs/mint.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://mintlify.com/schema.json",
   "name": "Documentation",
-  "openapi": ["reference/openapi-auth.yaml", "reference/openapi-storage.yaml"],
+  "openapi": ["reference/openapi-auth.yaml", "reference/openapi-auth-old.yaml", "reference/openapi-storage.yaml"],
   "logo": {
     "dark": "/logo/dark.svg",
     "light": "/logo/light.svg"
@@ -135,6 +135,7 @@
       "pages": [
         "guides/auth/overview",
         "guides/auth/users",
+        "guides/auth/jwt",
         {
           "group": "Social Sign In",
           "icon": "at",
@@ -153,6 +154,7 @@
         },
         "guides/auth/social-connect",
         "guides/auth/sign-in-email-password",
+        "guides/auth/sign-in-otp",
         "guides/auth/sign-in-magic-link",
         "guides/auth/sign-in-phone-number",
         "guides/auth/sign-in-webauthn",
@@ -176,10 +178,7 @@
     },
     {
       "group": "Functions",
-      "pages": [
-          "guides/functions/overview",
-          "guides/functions/runtimes"
-      ]
+      "pages": ["guides/functions/overview", "guides/functions/runtimes"]
     },
     {
       "group": "Run",
@@ -213,76 +212,46 @@
           "group": "Authentication",
           "icon": "users",
           "pages": [
-            {
-              "group": "Email and Password",
-              "icon": "envelope",
-              "pages": [
-                "reference/auth/sign-up-email-and-password",
-                "reference/auth/sign-in-email-and-password"
-              ]
-            },
-            {
-              "group": "Passwordless",
-              "icon": "message-sms",
-              "pages": [
-                "reference/auth/sign-in-email-passwordless",
-                "reference/auth/sign-in-sms-passwordless",
-                "reference/auth/sign-in-sms-passwordless-otp"
-              ]
-            },
-            {
-              "group": "OAuth",
-              "icon": "at",
-              "pages": [
-                "reference/auth/sign-in-oauth-provider",
-                "reference/auth/oauth-callback-url-that-will-be-used-by-the-oauth-provider-to-redirect-to-the-client-application-attention:-all-providers-are-using-a-get-operation-except-apple-and-azure-ad-that-use-post"
-              ]
-            },
-            {
-              "group": "WebAuthn",
-              "icon": "atom",
-              "pages": [
-                "reference/auth/sign-up-using-email-via-fido2-webauthn-authentication",
-                "reference/auth/verfiy-fido2-webauthn-authentication-and-complete-signup",
-                "reference/auth/sign-in-using-email-via-fido2-webauthn-authentication",
-                "reference/auth/verfiy-fido2-webauthn-authentication-using-public-key-cryptography",
-                "reference/auth/elevate-webauthn",
-                "reference/auth/elevate-webauthn-verify"
-              ]
-            },
-            {
-              "group": "Anonymous",
-              "icon": "luchador-mask",
-              "pages": [
-                "reference/auth/sign-in-anonymous",
-                "reference/auth/deanonymize-an-anonymous-user-in-adding-missing-email-or-email+password-depending-on-the-chosen-authentication-method-will-send-a-confirmation-email-if-the-server-is-configured-to-do-so"
-              ]
-            },
-            {
-              "group": "MFA",
-              "icon": "message-sms",
-              "pages": [
-                "reference/auth/generate-a-secret-to-request-the-activation-of-time-based-one-time-password-totp-multi-factor-authentication",
-                "reference/auth/sign-in-totp",
-                "reference/auth/activatedeactivate-multi-factor-authentication"
-              ]
-            },
-            {
-              "group": "User",
-              "icon": "user",
-              "pages": [
-                "reference/auth/change-the-current-users-email",
-                "reference/auth/send-an-email-asking-the-user-to-reset-their-password",
-                "reference/auth/send-an-email-to-verify-the-account",
-                "reference/auth/set-a-new-password",
-                "reference/auth/get-user-information",
-                "reference/auth/refresh-the-oauth-access-tokens-of-a-given-user-you-must-be-an-admin-to-perform-this-operation",
-                "reference/auth/initialize-adding-of-a-new-webauthn-security-key-device-browser",
-                "reference/auth/verfiy-adding-of-a-new-webauth-security-key-device-browser",
-                "reference/auth/create-personal-access-token-pat"
-              ]
-            },
-            "reference/auth/sign-out"
+            "reference/auth/get-.well-known-jwks.json",
+            "reference/auth/post-elevate-webauthn",
+            "reference/auth/post-elevate-webauthn-verify",
+            "reference/auth/get-healthz",
+            "reference/auth/head-healthz",
+            "reference/auth/post-link-idtoken",
+            "reference/auth/get-mfa-totp-generate",
+            "reference/auth/post-pat",
+            "reference/auth/post-signin-anonymous",
+            "reference/auth/post-signin-email-password",
+            "reference/auth/post-signin-idtoken",
+            "reference/auth/post-signin-mfa-totp",
+            "reference/auth/post-signin-otp-email",
+            "reference/auth/post-signin-otp-email-verify",
+            "reference/auth/post-signin-passwordless-email",
+            "reference/auth/post-signin-passwordless-sms",
+            "reference/auth/post-signin-passwordless-sms-otp",
+            "reference/auth/post-signin-pat",
+            "reference/auth/get-signin-provider-{provider}",
+            "reference/auth/get-signin-provider-{provider}-callback",
+            "reference/auth/post-signin-webauthn",
+            "reference/auth/post-signin-webauthn-verify",
+            "reference/auth/post-signout",
+            "reference/auth/post-signup-email-password",
+            "reference/auth/post-signup-webauthn",
+            "reference/auth/post-signup-webauthn-verify",
+            "reference/auth/post-token",
+            "reference/auth/post-token-verify",
+            "reference/auth/get-user",
+            "reference/auth/post-user-deanonymize",
+            "reference/auth/post-user-email-change",
+            "reference/auth/post-user-email-send-verification-email",
+            "reference/auth/post-user-mfa",
+            "reference/auth/post-user-password",
+            "reference/auth/post-user-password-reset",
+            "reference/auth/post-user-provider-tokens",
+            "reference/auth/post-user-webauthn-add",
+            "reference/auth/post-user-webauthn-verify",
+            "reference/auth/get-verify",
+            "reference/auth/get-version"
           ]
         },
         {
@@ -376,7 +345,9 @@
                 "reference/javascript/auth/sign-up",
                 "reference/javascript/auth/add-security-key",
                 "reference/javascript/auth/elevate-email-security-key",
-                "reference/javascript/auth/connect-provider"
+                "reference/javascript/auth/connect-provider",
+                "reference/javascript/auth/sign-in-email-otp",
+                "reference/javascript/auth/verify-email-otp"
               ]
             },
             {
@@ -459,7 +430,8 @@
             "reference/react/use-user-id",
             "reference/react/use-user-is-anonymous",
             "reference/react/use-user-locale",
-            "reference/react/use-user-roles"
+            "reference/react/use-user-roles",
+            "reference/react/use-sign-in-email-otp"
           ]
         },
         {
@@ -506,7 +478,8 @@
             "reference/nextjs/use-user-id",
             "reference/nextjs/use-user-is-anonymous",
             "reference/nextjs/use-user-locale",
-            "reference/nextjs/use-user-roles"
+            "reference/nextjs/use-user-roles",
+            "reference/nextjs/use-sign-in-email-otp"
           ]
         },
         {
@@ -548,7 +521,8 @@
             "reference/vue/use-add-security-key",
             "reference/vue/use-elevate-security-key-email",
             "reference/vue/use-sign-in-email-security-key",
-            "reference/vue/use-sign-up-email-security-key"
+            "reference/vue/use-sign-up-email-security-key",
+            "reference/vue/use-sign-in-email-otp"
           ]
         },
         {

docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/docs",
-  "version": "2.21.0",
+  "version": "2.22.0",
   "private": true,
   "scripts": {
     "start": "mintlify dev"

docs/product/authentication.mdx

@@ -13,13 +13,15 @@ Combined with a powerful **Permission Rules** system, Nhost Auth offers everythi
 <CardGroup cols={4}>
   <Card title="Email and Password" icon="square-1" href="../guides/auth/sign-in-email-password">
   </Card>
-  <Card title="Magic Link" icon="square-2" href="../guides/auth/sign-in-magic-link">
+  <Card title="One-Time Passwords (OTP)" icon="square-2" href="../guides/auth/sign-in-otp">
   </Card>
-  <Card title="Phone Number (SMS)" icon="square-3" href="../guides/auth/sign-in-phone-number">
+  <Card title="Magic Link" icon="square-3" href="../guides/auth/sign-in-magic-link">
   </Card>
-  <Card title="Security Keys (WebAuthn)" icon="square-4" href="../guides/auth/sign-in-webauthn">
+  <Card title="Phone Number (SMS)" icon="square-4" href="../guides/auth/sign-in-phone-number">
   </Card>
-  <Card title="Elevated Permissions" icon="square-5" href="../guides/auth/elevated-permissions">
+  <Card title="Security Keys (WebAuthn)" icon="square-5" href="../guides/auth/sign-in-webauthn">
+  </Card>
+  <Card title="Elevated Permissions" icon="square-6" href="../guides/auth/elevated-permissions">
   </Card>
 </CardGroup>
 

docs/reference/auth/get-.well-known-jwks.json.mdx

@@ -0,0 +1,4 @@
+---
+title: "/.well-known/jwks.json"
+openapi: get /.well-known/jwks.json
+---

docs/reference/auth/get-healthz.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/healthz"
 openapi: get /healthz
 ---

docs/reference/auth/get-mfa-totp-generate.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/mfa/totp/generate"
 openapi: get /mfa/totp/generate
 ---

docs/reference/auth/get-signin-provider-{provider}-callback.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/provider/{provider}/callback"
 openapi: get /signin/provider/{provider}/callback
-sidebarTitle: Sign In Callback
----
+---

docs/reference/auth/get-signin-provider-{provider}.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/provider/{provider}"
 openapi: get /signin/provider/{provider}
-sidebarTitle: Sign In
----
+---

docs/reference/auth/get-user.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user"
 openapi: get /user
 ---

docs/reference/auth/get-verify.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/verify"
 openapi: get /verify
 ---

docs/reference/auth/get-version.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/version"
 openapi: get /version
 ---

docs/reference/auth/head-healthz.mdx

@@ -0,0 +1,4 @@
+---
+title: "/healthz"
+openapi: head /healthz
+---

docs/reference/auth/post-elevate-webauthn-verify.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/elevate/webauthn/verify"
 openapi: post /elevate/webauthn/verify
-sidebarTitle: Elevate Verify
----
+---

docs/reference/auth/post-elevate-webauthn.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/elevate/webauthn"
 openapi: post /elevate/webauthn
-sidebarTitle: Elevate
----
+---

docs/reference/auth/post-link-idtoken.mdx

@@ -0,0 +1,4 @@
+---
+title: "/link/idtoken"
+openapi: post /link/idtoken
+---

docs/reference/auth/post-pat.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/pat"
 openapi: post /pat
 ---

docs/reference/auth/post-signin-anonymous.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/signin/anonymous"
 openapi: post /signin/anonymous
 ---

docs/reference/auth/post-signin-email-password.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/email-password"
 openapi: post /signin/email-password
-sidebarTitle: 'Sign In'
----
+---

docs/reference/auth/post-signin-idtoken.mdx

@@ -0,0 +1,4 @@
+---
+title: "/signin/idtoken"
+openapi: post /signin/idtoken
+---

docs/reference/auth/post-signin-mfa-totp.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/signin/mfa/totp"
 openapi: post /signin/mfa/totp
 ---

docs/reference/auth/post-signin-otp-email-verify.mdx

@@ -0,0 +1,4 @@
+---
+title: "/signin/otp/email/verify"
+openapi: post /signin/otp/email/verify
+---

docs/reference/auth/post-signin-otp-email.mdx

@@ -0,0 +1,4 @@
+---
+title: "/signin/otp/email"
+openapi: post /signin/otp/email
+---

docs/reference/auth/post-signin-passwordless-email.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/passwordless/email"
 openapi: post /signin/passwordless/email
-sidebarTitle: Sign In Email
----
+---

docs/reference/auth/post-signin-passwordless-sms-otp.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/passwordless/sms/otp"
 openapi: post /signin/passwordless/sms/otp
-sidebarTitle: Sign In SMS Verify OTP
----
+---

docs/reference/auth/post-signin-passwordless-sms.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/passwordless/sms"
 openapi: post /signin/passwordless/sms
-sidebarTitle: Sign In SMS
----
+---

docs/reference/auth/post-signin-pat.mdx

@@ -0,0 +1,4 @@
+---
+title: "/signin/pat"
+openapi: post /signin/pat
+---

docs/reference/auth/post-signin-webauthn-verify.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/webauthn/verify"
 openapi: post /signin/webauthn/verify
-sidebarTitle: Sign In Verify
----
+---

docs/reference/auth/post-signin-webauthn.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signin/webauthn"
 openapi: post /signin/webauthn
-sidebarTitle: 'Sign In'
----
+---

docs/reference/auth/post-signout.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/signout"
 openapi: post /signout
 ---

docs/reference/auth/post-signup-email-password.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signup/email-password"
 openapi: post /signup/email-password
-sidebarTitle: Sign Up
----
+---

docs/reference/auth/post-signup-webauthn-verify.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signup/webauthn/verify"
 openapi: post /signup/webauthn/verify
-sidebarTitle: Sign Up Verify
----
+---

docs/reference/auth/post-signup-webauthn.mdx

@@ -1,4 +1,4 @@
 ---
+title: "/signup/webauthn"
 openapi: post /signup/webauthn
-sidebarTitle: Sign Up
----
+---

docs/reference/auth/post-token-verify.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/token/verify"
 openapi: post /token/verify
 ---

docs/reference/auth/post-token.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/token"
 openapi: post /token
 ---

docs/reference/auth/post-user-deanonymize.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/deanonymize"
 openapi: post /user/deanonymize
 ---

docs/reference/auth/post-user-email-change.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/email/change"
 openapi: post /user/email/change
 ---

docs/reference/auth/post-user-email-send-verification-email.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/email/send-verification-email"
 openapi: post /user/email/send-verification-email
 ---

docs/reference/auth/post-user-mfa.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/mfa"
 openapi: post /user/mfa
 ---

docs/reference/auth/post-user-password-reset.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/password/reset"
 openapi: post /user/password/reset
 ---

docs/reference/auth/post-user-password.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/password"
 openapi: post /user/password
 ---

docs/reference/auth/post-user-provider-tokens.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/provider/tokens"
 openapi: post /user/provider/tokens
 ---

docs/reference/auth/post-user-webauthn-add.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/webauthn/add"
 openapi: post /user/webauthn/add
 ---

docs/reference/auth/post-user-webauthn-verify.mdx

@@ -1,3 +1,4 @@
 ---
+title: "/user/webauthn/verify"
 openapi: post /user/webauthn/verify
 ---

docs/reference/javascript/auth/sign-in-email-otp.mdx

@@ -0,0 +1,33 @@
+---
+title: signInEmailOTP()
+sidebarTitle: signInEmailOTP()
+---
+
+Use `nhost.auth.signInEmailOTP` to sign in with an email one-time password (OTP).
+
+```ts
+nhost.auth.signInEmailOTP('user@example.com')
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">email</span>** <span className="optional-status">required</span> <code>string</code>
+
+The email address to send the OTP to
+
+---
+
+**<span className="parameter-name">options</span>** <span className="optional-status">optional</span> [`EmailOTPOptions`](/reference/javascript/auth/types/email-otp-options)
+
+| Property                                                                                         | Type                                       | Required | Notes                                                                                                                                                                                                             |
+| :----------------------------------------------------------------------------------------------- | :----------------------------------------- | :------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| <span className="parameter-name"><span className="light-grey">options.</span>redirectTo</span>   | <code>string</code>                        |          | Redirection path in the client application that will be used in the link in the verification email. For instance, if you want to redirect to `https://myapp.com/success`, the `redirectTo` value is `'/success'`. |
+| <span className="parameter-name"><span className="light-grey">options.</span>metadata</span>     | <code>Record&lt;string, unknown&gt;</code> |          | Custom additional user information stored in the `metadata` column. Can be any JSON object.                                                                                                                       |
+| <span className="parameter-name"><span className="light-grey">options.</span>displayName</span>  | <code>string</code>                        |          | Display name of the user. If not provided, it will use the display name given by the social provider (Oauth) used on registration, or the email address otherwise.                                                |
+| <span className="parameter-name"><span className="light-grey">options.</span>defaultRole</span>  | <code>string</code>                        |          | Default role of the user. Must be part of the default allowed roles defined in Hasura Auth.                                                                                                                       |
+| <span className="parameter-name"><span className="light-grey">options.</span>allowedRoles</span> | <code>Array&lt;string&gt;</code>           |          | Allowed roles of the user. Must be a subset of the default allowed roles defined in Hasura Auth.                                                                                                                  |
+| <span className="parameter-name"><span className="light-grey">options.</span>locale</span>       | <code>string</code>                        |          | Locale of the user, in two digits                                                                                                                                                                                 |
+
+---