## [23.0.0] - 2025-07-21

### Breaking changes

-   The `getConsentRequest`, `acceptConsentRequest`, `rejectConsentRequest`, `acceptLoginRequest`, `rejectLoginRequest` and `introspectToken` can now possibly return an `ErrorOAuth2`.
-   The `/oauth/introspect` can now possibly return an `ErrorAuth2`.
-   Removed default defaultMaxAge from all built-in claims/validators. You can optionally set them when adding the validators. This should help with unexpected API calls during session verification.
-   Added register credential endpoint for the WebAuthn recipe

### Refactors/Internal changes

-   Refactors querier to use dynamic request body and response body types inference.
-   Refactor internal network calls made with querier to use the new dynamic types.
-   The `User` class now has a `fromApi` function to normalize the user object returned from the API.
-   Added experimental support for plugins. Please note that the experimental nature of this feature means that we might break the interface in non-major version updates.
-   Refactor the AccountLinking recipe to be automatically initialized on SuperTokens init instead during the first call
-   Upgrade typedoc and the reference docs
-   Add a method for verifying if a recipe is initialized or not