From 27f3387741cea85d9606f634903e24acc60e3681 Mon Sep 17 00:00:00 2001
From: Zai Shi <zaishi00@outlook.com>
Date: Sun, 29 Sep 2024 21:45:15 +0200
Subject: [PATCH 1/6] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bc2034b9c..9257bcd93 100644
--- a/README.md
+++ b/README.md
@@ -110,8 +110,8 @@ pnpm install
 pnpm run build
 
 # reset & start the dependencies (DB, Inbucket, etc.) as Docker containers, seeding the DB with the Prisma schema
-pnpm run restart-deps
-# pnpm run start-deps
+pnpm run start-deps
+# pnpm run restart-deps
 # pnpm run stop-deps
 
 # Start the dev server

From 23a1f95a891dc3169ef5d296b565e2c88fe5aa57 Mon Sep 17 00:00:00 2001
From: Zai Shi <zaishi00@outlook.com>
Date: Mon, 30 Sep 2024 15:01:30 -0700
Subject: [PATCH 2/6] fixed maybeFullPage layout

---
 .../src/components-page/forgot-password.tsx   | 27 ++++---
 .../src/components-page/password-reset.tsx    | 76 ++++++++++---------
 2 files changed, 58 insertions(+), 45 deletions(-)

diff --git a/packages/stack/src/components-page/forgot-password.tsx b/packages/stack/src/components-page/forgot-password.tsx
index 314559cbd..4cf1ac976 100644
--- a/packages/stack/src/components-page/forgot-password.tsx
+++ b/packages/stack/src/components-page/forgot-password.tsx
@@ -3,7 +3,7 @@
 import { yupResolver } from "@hookform/resolvers/yup";
 import { yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { runAsynchronouslyWithAlert } from "@stackframe/stack-shared/dist/utils/promises";
-import { Button, Input, Label, StyledLink, Typography } from "@stackframe/stack-ui";
+import { Button, Input, Label, StyledLink, Typography, cn } from "@stackframe/stack-ui";
 import { useState } from "react";
 import { useForm } from "react-hook-form";
 import * as yup from "yup";
@@ -76,16 +76,23 @@ export function ForgotPassword(props: { fullPage?: boolean }) {
 
   return (
     <MaybeFullPage fullPage={!!props.fullPage}>
-      <div className="text-center mb-6 stack-scope" style={{ width: '380px', padding: props.fullPage ? '1rem' : 0 }}>
-        <Typography type='h2'>{t("Reset Your Password")}</Typography>
-        <Typography>
-          {t("Don't need to reset?")}{" "}
-          <StyledLink href={stackApp.urls['signUp']}>
-            {t("Sign in")}
-          </StyledLink>
-        </Typography>
+      <div className={cn(
+        "stack-scope w-[380px]",
+        props.fullPage ? "p-4" : "p-0"
+      )}>
+        <div className="text-center">
+          <Typography type='h2'>{t("Reset Your Password")}</Typography>
+          <Typography>
+            {t("Don't need to reset?")}{" "}
+            <StyledLink href={stackApp.urls['signUp']}>
+              {t("Sign in")}
+            </StyledLink>
+          </Typography>
+        </div>
+        <div className="mt-6">
+          <ForgotPasswordForm onSent={() => setSent(true)} />
+        </div>
       </div>
-      <ForgotPasswordForm onSent={() => setSent(true)} />
     </MaybeFullPage>
   );
 };
diff --git a/packages/stack/src/components-page/password-reset.tsx b/packages/stack/src/components-page/password-reset.tsx
index 5641ccf26..24c1494c5 100644
--- a/packages/stack/src/components-page/password-reset.tsx
+++ b/packages/stack/src/components-page/password-reset.tsx
@@ -6,7 +6,7 @@ import { getPasswordError } from "@stackframe/stack-shared/dist/helpers/password
 import { yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { cacheFunction } from "@stackframe/stack-shared/dist/utils/caches";
 import { runAsynchronouslyWithAlert } from "@stackframe/stack-shared/dist/utils/promises";
-import { Button, Label, PasswordInput, Typography } from "@stackframe/stack-ui";
+import { Button, Label, PasswordInput, Typography, cn } from "@stackframe/stack-ui";
 import React, { useState } from "react";
 import { useForm } from "react-hook-form";
 import * as yup from "yup";
@@ -74,43 +74,49 @@ export default function PasswordResetForm(props: {
     );
   }
 
+
   return (
     <MaybeFullPage fullPage={!!props.fullPage}>
-      <div className="text-center mb-6" style={{ width: '380px', padding: props.fullPage ? '1rem' : 0 }}>
-        <Typography type='h2'>{t("Reset Your Password")}</Typography>
+      <div className={cn(
+        "flex flex-col items-stretch w-[380px]",
+        props.fullPage ? "p-4" : "p-0"
+      )}>
+        <div className="text-center mb-6">
+          <Typography type='h2'>{t("Reset Your Password")}</Typography>
+        </div>
+
+        <form
+          className="flex flex-col items-stretch"
+          onSubmit={e => runAsynchronouslyWithAlert(handleSubmit(onSubmit)(e))}
+          noValidate
+        >
+          <Label htmlFor="password" className="mb-1">{t("New Password")}</Label>
+          <PasswordInput
+            id="password"
+            {...register('password')}
+            onChange={() => {
+              clearErrors('password');
+              clearErrors('passwordRepeat');
+            }}
+          />
+          <FormWarningText text={errors.password?.message?.toString()} />
+
+          <Label htmlFor="repeat-password" className="mt-4 mb-1">{t("Repeat New Password")}</Label>
+          <PasswordInput
+            id="repeat-password"
+            {...register('passwordRepeat')}
+            onChange={() => {
+              clearErrors('password');
+              clearErrors('passwordRepeat');
+            }}
+          />
+          <FormWarningText text={errors.passwordRepeat?.message?.toString()} />
+
+          <Button type="submit" className="mt-6" loading={loading}>
+            {t("Reset Password")}
+          </Button>
+        </form>
       </div>
-
-      <form
-        style={{ display: 'flex', flexDirection: 'column', alignItems: 'stretch' }}
-        onSubmit={e => runAsynchronouslyWithAlert(handleSubmit(onSubmit)(e))}
-        noValidate
-      >
-        <Label htmlFor="password" className="mb-1">{t("New Password")}</Label>
-        <PasswordInput
-          id="password"
-          {...register('password')}
-          onChange={() => {
-            clearErrors('password');
-            clearErrors('passwordRepeat');
-          }}
-        />
-        <FormWarningText text={errors.password?.message?.toString()} />
-
-        <Label htmlFor="repeat-password" className="mt-4 mb-1">{t("Repeat New Password")}</Label>
-        <PasswordInput
-          id="repeat-password"
-          {...register('passwordRepeat')}
-          onChange={() => {
-            clearErrors('password');
-            clearErrors('passwordRepeat');
-          }}
-        />
-        <FormWarningText text={errors.passwordRepeat?.message?.toString()} />
-
-        <Button type="submit" className="mt-6" loading={loading}>
-          {t("Reset Password")}
-        </Button>
-      </form>
     </MaybeFullPage>
   );
 }

From 584b5e4faf18eb3992e902188ece869fa70c922a Mon Sep 17 00:00:00 2001
From: Zai Shi <zaishi00@outlook.com>
Date: Mon, 30 Sep 2024 15:11:51 -0700
Subject: [PATCH 3/6] fixed current user docs

---
 docs/fern/docs/pages/sdk/current-user.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/fern/docs/pages/sdk/current-user.mdx b/docs/fern/docs/pages/sdk/current-user.mdx
index d3c898497..9c51abbed 100644
--- a/docs/fern/docs/pages/sdk/current-user.mdx
+++ b/docs/fern/docs/pages/sdk/current-user.mdx
@@ -1,5 +1,5 @@
 ---
-slug: sdk/user
+slug: sdk/current-user
 ---
 
 ## `CurrentUser` and `CurrentServerUser`

From ce46c16e6de21b7e6e75a959e338f0ae062d0685 Mon Sep 17 00:00:00 2001
From: Konstantin Wohlwend <n2d4xc@gmail.com>
Date: Mon, 30 Sep 2024 20:05:45 -0700
Subject: [PATCH 4/6] chore: update package versions

---
 apps/backend/CHANGELOG.md                    |  8 ++++++++
 apps/backend/package.json                    |  2 +-
 apps/dashboard/CHANGELOG.md                  | 10 ++++++++++
 apps/dashboard/package.json                  |  2 +-
 apps/e2e/CHANGELOG.md                        |  7 +++++++
 apps/e2e/package.json                        |  2 +-
 apps/oauth-mock-server/CHANGELOG.md          |  6 ++++++
 apps/oauth-mock-server/package.json          |  2 +-
 docs/CHANGELOG.md                            |  6 ++++++
 docs/package.json                            |  2 +-
 examples/cjs-test/CHANGELOG.md               |  7 +++++++
 examples/cjs-test/package.json               |  2 +-
 examples/demo/CHANGELOG.md                   |  9 +++++++++
 examples/demo/package.json                   |  2 +-
 examples/docs-examples/CHANGELOG.md          |  9 +++++++++
 examples/docs-examples/package.json          |  2 +-
 examples/e-commerce/CHANGELOG.md             |  7 +++++++
 examples/e-commerce/package.json             |  2 +-
 examples/express-proxied-server/CHANGELOG.md |  2 ++
 examples/express-proxied-server/package.json |  2 +-
 examples/middleware/CHANGELOG.md             |  7 +++++++
 examples/middleware/package.json             |  2 +-
 examples/partial-prerendering/CHANGELOG.md   |  7 +++++++
 examples/partial-prerendering/package.json   |  2 +-
 examples/supabase/CHANGELOG.md               |  7 +++++++
 examples/supabase/package.json               |  2 +-
 packages/init-stack/CHANGELOG.md             |  2 ++
 packages/init-stack/package.json             |  2 +-
 packages/stack-emails/CHANGELOG.md           |  7 +++++++
 packages/stack-emails/package.json           |  2 +-
 packages/stack-proxy/CHANGELOG.md            |  7 +++++++
 packages/stack-proxy/package.json            |  2 +-
 packages/stack-sc/CHANGELOG.md               |  2 ++
 packages/stack-sc/package.json               |  2 +-
 packages/stack-shared/CHANGELOG.md           |  6 ++++++
 packages/stack-shared/package.json           |  2 +-
 packages/stack-ui/CHANGELOG.md               |  6 ++++++
 packages/stack-ui/package.json               |  2 +-
 packages/stack/CHANGELOG.md                  |  9 +++++++++
 packages/stack/package.json                  |  2 +-
 40 files changed, 151 insertions(+), 20 deletions(-)

diff --git a/apps/backend/CHANGELOG.md b/apps/backend/CHANGELOG.md
index 5fc999301..b26572cbe 100644
--- a/apps/backend/CHANGELOG.md
+++ b/apps/backend/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @stackframe/stack-backend
 
+## 2.6.1
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-emails@2.6.1
+  - @stackframe/stack-shared@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/apps/backend/package.json b/apps/backend/package.json
index cdc977eb1..0189b0810 100644
--- a/apps/backend/package.json
+++ b/apps/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-backend",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "clean": "rimraf .next && rimraf node_modules",
diff --git a/apps/dashboard/CHANGELOG.md b/apps/dashboard/CHANGELOG.md
index 3982e15d8..175b5c139 100644
--- a/apps/dashboard/CHANGELOG.md
+++ b/apps/dashboard/CHANGELOG.md
@@ -1,5 +1,15 @@
 # @stackframe/stack-dashboard
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+  - @stackframe/stack-emails@2.6.1
+  - @stackframe/stack-shared@2.6.1
+  - @stackframe/stack-ui@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/apps/dashboard/package.json b/apps/dashboard/package.json
index 9e3728dc9..6b3dc9a7a 100644
--- a/apps/dashboard/package.json
+++ b/apps/dashboard/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-dashboard",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "clean": "rimraf .next && rimraf node_modules",
diff --git a/apps/e2e/CHANGELOG.md b/apps/e2e/CHANGELOG.md
index 1df0541be..3834e481d 100644
--- a/apps/e2e/CHANGELOG.md
+++ b/apps/e2e/CHANGELOG.md
@@ -1,5 +1,12 @@
 # e2e-tests
 
+## 2.6.1
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-shared@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/apps/e2e/package.json b/apps/e2e/package.json
index 67d064b26..4b4adec6a 100644
--- a/apps/e2e/package.json
+++ b/apps/e2e/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/e2e-tests",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "type": "module",
   "scripts": {
diff --git a/apps/oauth-mock-server/CHANGELOG.md b/apps/oauth-mock-server/CHANGELOG.md
index 54c75f737..2fcd65880 100644
--- a/apps/oauth-mock-server/CHANGELOG.md
+++ b/apps/oauth-mock-server/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @stackframe/oauth-mock-server
 
+## 2.6.1
+
+### Patch Changes
+
+- @stackframe/stack-shared@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/apps/oauth-mock-server/package.json b/apps/oauth-mock-server/package.json
index 524a11b5f..083d8b1e3 100644
--- a/apps/oauth-mock-server/package.json
+++ b/apps/oauth-mock-server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/oauth-mock-server",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "main": "index.js",
   "scripts": {
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 525b9a3b3..97bcc25ce 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @stackframe/docs
 
+## 2.6.1
+
+### Patch Changes
+
+- Bugfixes
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/docs/package.json b/docs/package.json
index d06ed7eaf..82008ac32 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/docs",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "description": "",
   "main": "index.js",
   "private": true,
diff --git a/examples/cjs-test/CHANGELOG.md b/examples/cjs-test/CHANGELOG.md
index 401050769..09e8f5269 100644
--- a/examples/cjs-test/CHANGELOG.md
+++ b/examples/cjs-test/CHANGELOG.md
@@ -1,5 +1,12 @@
 # cjs-test
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/cjs-test/package.json b/examples/cjs-test/package.json
index c487ef862..a5ea709e0 100644
--- a/examples/cjs-test/package.json
+++ b/examples/cjs-test/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/example-cjs-test",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "dev": "next dev --port 8110",
diff --git a/examples/demo/CHANGELOG.md b/examples/demo/CHANGELOG.md
index a09ffef53..133a64461 100644
--- a/examples/demo/CHANGELOG.md
+++ b/examples/demo/CHANGELOG.md
@@ -1,5 +1,14 @@
 # demo-app
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+  - @stackframe/stack-shared@2.6.1
+  - @stackframe/stack-ui@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/demo/package.json b/examples/demo/package.json
index 3172890b8..bd8b28bba 100644
--- a/examples/demo/package.json
+++ b/examples/demo/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/example-demo-app",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "description": "",
   "private": true,
   "scripts": {
diff --git a/examples/docs-examples/CHANGELOG.md b/examples/docs-examples/CHANGELOG.md
index 403b81ffc..f96d9cb81 100644
--- a/examples/docs-examples/CHANGELOG.md
+++ b/examples/docs-examples/CHANGELOG.md
@@ -1,5 +1,14 @@
 # demo-app
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+  - @stackframe/stack-shared@2.6.1
+  - @stackframe/stack-ui@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/docs-examples/package.json b/examples/docs-examples/package.json
index 6fe8fd553..286afdd29 100644
--- a/examples/docs-examples/package.json
+++ b/examples/docs-examples/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/docs-examples",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "description": "",
   "private": true,
   "scripts": {
diff --git a/examples/e-commerce/CHANGELOG.md b/examples/e-commerce/CHANGELOG.md
index 86997b113..39246da0d 100644
--- a/examples/e-commerce/CHANGELOG.md
+++ b/examples/e-commerce/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @stackframe/e-commerce-demo
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/e-commerce/package.json b/examples/e-commerce/package.json
index debda4c4a..3c94599f0 100644
--- a/examples/e-commerce/package.json
+++ b/examples/e-commerce/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/e-commerce-demo",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "dev": "next dev --port 8111",
diff --git a/examples/express-proxied-server/CHANGELOG.md b/examples/express-proxied-server/CHANGELOG.md
index af8a7da4b..276f2a57c 100644
--- a/examples/express-proxied-server/CHANGELOG.md
+++ b/examples/express-proxied-server/CHANGELOG.md
@@ -1,5 +1,7 @@
 # @stackframe/proxied-server-example
 
+## 2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/express-proxied-server/package.json b/examples/express-proxied-server/package.json
index 322235038..780aeae37 100644
--- a/examples/express-proxied-server/package.json
+++ b/examples/express-proxied-server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/proxied-server-example",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "dependencies": {
     "express": "^4.19.2",
diff --git a/examples/middleware/CHANGELOG.md b/examples/middleware/CHANGELOG.md
index 35eb7cb7a..9765fa25f 100644
--- a/examples/middleware/CHANGELOG.md
+++ b/examples/middleware/CHANGELOG.md
@@ -1,5 +1,12 @@
 # middleware-demo
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/middleware/package.json b/examples/middleware/package.json
index 481ee8d4b..4ea9022a9 100644
--- a/examples/middleware/package.json
+++ b/examples/middleware/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/example-middleware-demo",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "dev": "next dev --port 8112",
diff --git a/examples/partial-prerendering/CHANGELOG.md b/examples/partial-prerendering/CHANGELOG.md
index 81683c665..e336a864f 100644
--- a/examples/partial-prerendering/CHANGELOG.md
+++ b/examples/partial-prerendering/CHANGELOG.md
@@ -1,5 +1,12 @@
 # partial-prerendering
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/partial-prerendering/package.json b/examples/partial-prerendering/package.json
index b27c1cb66..4128cc26f 100644
--- a/examples/partial-prerendering/package.json
+++ b/examples/partial-prerendering/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/example-partial-prerendering",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "dev": "next dev --port 8109",
diff --git a/examples/supabase/CHANGELOG.md b/examples/supabase/CHANGELOG.md
index 0f0d3f936..6b8a5fc89 100644
--- a/examples/supabase/CHANGELOG.md
+++ b/examples/supabase/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @stackframe/example-supabase
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/examples/supabase/package.json b/examples/supabase/package.json
index 1f1753a11..d63727b0e 100644
--- a/examples/supabase/package.json
+++ b/examples/supabase/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/example-supabase",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "dev": "next dev",
diff --git a/packages/init-stack/CHANGELOG.md b/packages/init-stack/CHANGELOG.md
index b130e0717..c47c8d54a 100644
--- a/packages/init-stack/CHANGELOG.md
+++ b/packages/init-stack/CHANGELOG.md
@@ -1,5 +1,7 @@
 # @stackframe/init-stack
 
+## 2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/init-stack/package.json b/packages/init-stack/package.json
index c541bce65..fde72183b 100644
--- a/packages/init-stack/package.json
+++ b/packages/init-stack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/init-stack",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "description": "The setup wizard for Stack. https://stack-auth.com",
   "main": "index.mjs",
   "bin": "./index.mjs",
diff --git a/packages/stack-emails/CHANGELOG.md b/packages/stack-emails/CHANGELOG.md
index fbd08a4f0..af61c6380 100644
--- a/packages/stack-emails/CHANGELOG.md
+++ b/packages/stack-emails/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @stackframe/stack-emails
 
+## 2.6.1
+
+### Patch Changes
+
+- @stackframe/stack-shared@2.6.1
+- @stackframe/stack-ui@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack-emails/package.json b/packages/stack-emails/package.json
index 65be8d66e..80c67ec7d 100644
--- a/packages/stack-emails/package.json
+++ b/packages/stack-emails/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-emails",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "private": true,
diff --git a/packages/stack-proxy/CHANGELOG.md b/packages/stack-proxy/CHANGELOG.md
index 05f6f9485..406208218 100644
--- a/packages/stack-proxy/CHANGELOG.md
+++ b/packages/stack-proxy/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @stackframe/stack-proxy
 
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @stackframe/stack@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack-proxy/package.json b/packages/stack-proxy/package.json
index 52f992a80..6f52888dd 100644
--- a/packages/stack-proxy/package.json
+++ b/packages/stack-proxy/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-proxy",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "type": "module",
   "scripts": {
diff --git a/packages/stack-sc/CHANGELOG.md b/packages/stack-sc/CHANGELOG.md
index 83bfe3872..26ad55131 100644
--- a/packages/stack-sc/CHANGELOG.md
+++ b/packages/stack-sc/CHANGELOG.md
@@ -1,5 +1,7 @@
 # @stackframe/stack-sc
 
+## 2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack-sc/package.json b/packages/stack-sc/package.json
index 3777f90e9..2994ff1ad 100644
--- a/packages/stack-sc/package.json
+++ b/packages/stack-sc/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-sc",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "exports": {
     "./force-react-server": {
       "types": "./dist/index.react-server.d.ts",
diff --git a/packages/stack-shared/CHANGELOG.md b/packages/stack-shared/CHANGELOG.md
index dbe0fc40e..836541daa 100644
--- a/packages/stack-shared/CHANGELOG.md
+++ b/packages/stack-shared/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @stackframe/stack-shared
 
+## 2.6.1
+
+### Patch Changes
+
+- @stackframe/stack-sc@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack-shared/package.json b/packages/stack-shared/package.json
index 9ea6dbcf4..13b3588c8 100644
--- a/packages/stack-shared/package.json
+++ b/packages/stack-shared/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "scripts": {
diff --git a/packages/stack-ui/CHANGELOG.md b/packages/stack-ui/CHANGELOG.md
index bdb30d1ef..f674407d5 100644
--- a/packages/stack-ui/CHANGELOG.md
+++ b/packages/stack-ui/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @stackframe/stack-ui
 
+## 2.6.1
+
+### Patch Changes
+
+- @stackframe/stack-shared@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack-ui/package.json b/packages/stack-ui/package.json
index 8a0cd7c06..5c96cb6eb 100644
--- a/packages/stack-ui/package.json
+++ b/packages/stack-ui/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-ui",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "scripts": {
diff --git a/packages/stack/CHANGELOG.md b/packages/stack/CHANGELOG.md
index f279bc77d..756cc130c 100644
--- a/packages/stack/CHANGELOG.md
+++ b/packages/stack/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @stackframe/stack
 
+## 2.6.1
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.1
+  - @stackframe/stack-shared@2.6.1
+  - @stackframe/stack-ui@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes
diff --git a/packages/stack/package.json b/packages/stack/package.json
index f3f695071..88f838558 100644
--- a/packages/stack/package.json
+++ b/packages/stack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "sideEffects": false,
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

From d0b3d6e620660277faad06a46286c1ad8157e1c2 Mon Sep 17 00:00:00 2001
From: Zai Shi <zaishi00@outlook.com>
Date: Tue, 1 Oct 2024 06:11:00 +0200
Subject: [PATCH 5/6] Fix team creation on the server not automatically adding
 the current user (#266)

* add_current_user => creator_user_id

* added more tests

* added error checks

* removed getIdFromUserIdOrMe

---------

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
---
 .../[provider_id]/access-token/crud.tsx       |  15 +--
 .../app/api/v1/team-member-profiles/crud.tsx  |  28 ++---
 .../src/app/api/v1/team-memberships/crud.tsx  |  19 ++-
 .../src/app/api/v1/team-permissions/crud.tsx  |   6 +-
 apps/backend/src/app/api/v1/teams/crud.tsx    |  33 +++--
 apps/backend/src/app/api/v1/users/crud.tsx    |   6 +-
 apps/backend/src/route-handlers/utils.tsx     |  15 ---
 apps/e2e/tests/backend/backend-helpers.ts     |   3 +-
 .../endpoints/api/v1/team-memberships.test.ts | 119 ++++++++++++++++++
 .../src/interface/clientInterface.ts          |   4 +-
 .../stack-shared/src/interface/crud/teams.ts  |   2 +
 .../src/interface/serverInterface.ts          |   4 +-
 packages/stack-shared/src/schema-fields.ts    |   1 +
 packages/stack/src/lib/stack-app.ts           |  10 +-
 14 files changed, 188 insertions(+), 77 deletions(-)
 delete mode 100644 apps/backend/src/route-handlers/utils.tsx

diff --git a/apps/backend/src/app/api/v1/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx b/apps/backend/src/app/api/v1/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
index e6d131dd2..7b46b80af 100644
--- a/apps/backend/src/app/api/v1/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
+++ b/apps/backend/src/app/api/v1/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
@@ -2,10 +2,9 @@ import { usersCrudHandlers } from "@/app/api/v1/users/crud";
 import { getProvider } from "@/oauth";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { connectedAccountAccessTokenCrud } from "@stackframe/stack-shared/dist/interface/crud/oauth";
-import { yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StackAssertionError, StatusError } from "@stackframe/stack-shared/dist/utils/errors";
 import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
 import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
@@ -14,12 +13,10 @@ import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
 export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>createCrudHandlers(connectedAccountAccessTokenCrud, {
   paramsSchema: yupObject({
     provider_id: yupString().required(),
-    user_id: yupString().required(),
+    user_id: userIdOrMeSchema.required(),
   }),
   async onCreate({ auth, data, params }) {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
-    if (auth.type === 'client' && auth.user?.id !== userId) {
+    if (auth.type === 'client' && auth.user?.id !== params.user_id) {
       throw new StatusError(StatusError.Forbidden, "Client can only access its own connected accounts");
     }
 
@@ -32,7 +29,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
       throw new KnownErrors.OAuthAccessTokenNotAvailableWithSharedOAuthKeys();
     }
 
-    const user = await usersCrudHandlers.adminRead({ project: auth.project, user_id: userId });
+    const user = await usersCrudHandlers.adminRead({ project: auth.project, user_id: params.user_id });
     if (!user.oauth_providers.map(x => x.id).includes(params.provider_id)) {
       throw new KnownErrors.OAuthConnectionNotConnectedToUser();
     }
@@ -44,7 +41,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
         projectId: auth.project.id,
         oAuthProviderConfigId: params.provider_id,
         projectUserOAuthAccount: {
-          projectUserId: userId,
+          projectUserId: params.user_id,
         },
         expiresAt: {
           // is at least 5 minutes in the future
@@ -66,7 +63,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
         projectId: auth.project.id,
         oAuthProviderConfigId: params.provider_id,
         projectUserOAuthAccount: {
-          projectUserId: userId,
+          projectUserId: params.user_id,
         }
       },
     });
diff --git a/apps/backend/src/app/api/v1/team-member-profiles/crud.tsx b/apps/backend/src/app/api/v1/team-member-profiles/crud.tsx
index ab22f437e..9a4bb6a9d 100644
--- a/apps/backend/src/app/api/v1/team-member-profiles/crud.tsx
+++ b/apps/backend/src/app/api/v1/team-member-profiles/crud.tsx
@@ -1,7 +1,6 @@
 import { ensureTeamExist, ensureTeamMembershipExists, ensureUserExist, ensureUserTeamPermissionExists } from "@/lib/request-checks";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { Prisma } from "@prisma/client";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { teamMemberProfilesCrud } from "@stackframe/stack-shared/dist/interface/crud/team-member-profiles";
@@ -33,7 +32,6 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
   }),
   onList: async ({ auth, query }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(query.user_id, auth.user);
       if (auth.type === 'client') {
         // Client can only:
         // - list users in their own team if they have the $read_members permission
@@ -47,7 +45,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
 
         await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: query.team_id, userId: currentUserId });
 
-        if (userId !== currentUserId) {
+        if (query.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: query.team_id,
@@ -61,8 +59,8 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         if (query.team_id) {
           await ensureTeamExist(tx, { projectId: auth.project.id, teamId: query.team_id });
         }
-        if (userId) {
-          await ensureUserExist(tx, { projectId: auth.project.id, userId: userId });
+        if (query.user_id) {
+          await ensureUserExist(tx, { projectId: auth.project.id, userId: query.user_id });
         }
       }
 
@@ -70,7 +68,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         where: {
           projectId: auth.project.id,
           teamId: query.team_id,
-          projectUserId: userId,
+          projectUserId: query.user_id,
         },
         orderBy: {
           createdAt: 'asc',
@@ -88,11 +86,9 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
   },
   onRead: async ({ auth, params }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: params.team_id,
@@ -104,13 +100,13 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         }
       }
 
-      await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: params.team_id, userId: userId });
+      await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: params.team_id, userId: params.user_id });
 
       const db = await tx.teamMember.findUnique({
         where: {
           projectId_projectUserId_teamId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
             teamId: params.team_id,
           },
         },
@@ -119,7 +115,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
 
       if (!db) {
         // This should never happen because of the check above
-        throw new KnownErrors.TeamMembershipNotFound(params.team_id, userId);
+        throw new KnownErrors.TeamMembershipNotFound(params.team_id, params.user_id);
       }
 
       return prismaToCrud(db, await getUserLastActiveAtMillis(db.projectUser.projectUserId, db.projectUser.createdAt));
@@ -127,11 +123,9 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
   },
   onUpdate: async ({ auth, data, params }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           throw new StatusError(StatusError.Forbidden, 'Cannot update another user\'s profile');
         }
       }
@@ -139,14 +133,14 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
       await ensureTeamMembershipExists(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
       });
 
       const db = await tx.teamMember.update({
         where: {
           projectId_projectUserId_teamId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
             teamId: params.team_id,
           },
         },
diff --git a/apps/backend/src/app/api/v1/team-memberships/crud.tsx b/apps/backend/src/app/api/v1/team-memberships/crud.tsx
index 03f6e26f3..60b4dc829 100644
--- a/apps/backend/src/app/api/v1/team-memberships/crud.tsx
+++ b/apps/backend/src/app/api/v1/team-memberships/crud.tsx
@@ -2,7 +2,6 @@ import { ensureTeamExist, ensureTeamMembershipExists, ensureTeamMembershipDoesNo
 import { isTeamSystemPermission, teamSystemPermissionStringToDBType } from "@/lib/permissions";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { teamMembershipsCrud } from "@stackframe/stack-shared/dist/interface/crud/team-memberships";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { throwErr } from "@stackframe/stack-shared/dist/utils/errors";
@@ -57,8 +56,6 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
     user_id: userIdOrMeSchema.required(),
   }),
   onCreate: async ({ auth, params }) => {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
     await prismaClient.$transaction(async (tx) => {
       await ensureTeamExist(tx, {
         projectId: auth.project.id,
@@ -68,14 +65,14 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await ensureTeamMembershipDoesNotExist(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id
       });
 
       const user = await tx.projectUser.findUnique({
         where: {
           projectId_projectUserId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
           },
         },
       });
@@ -87,14 +84,14 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await addUserToTeam(tx, {
         project: auth.project,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
         type: 'member',
       });
     });
 
     const data = {
       team_id: params.team_id,
-      user_id: userId,
+      user_id: params.user_id,
     };
 
     await sendTeamMembershipCreatedWebhook({
@@ -105,15 +102,13 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
     return data;
   },
   onDelete: async ({ auth, params }) => {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
     await prismaClient.$transaction(async (tx) => {
       // Users are always allowed to remove themselves from a team
       // Only users with the $remove_members permission can remove other users
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
 
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: params.team_id,
@@ -128,7 +123,7 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await ensureTeamMembershipExists(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
       });
 
       await tx.teamMember.delete({
@@ -146,7 +141,7 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       projectId: auth.project.id,
       data: {
         team_id: params.team_id,
-        user_id: userId,
+        user_id: params.user_id,
       },
     });
   },
diff --git a/apps/backend/src/app/api/v1/team-permissions/crud.tsx b/apps/backend/src/app/api/v1/team-permissions/crud.tsx
index 078a6b7a9..a433b2b89 100644
--- a/apps/backend/src/app/api/v1/team-permissions/crud.tsx
+++ b/apps/backend/src/app/api/v1/team-permissions/crud.tsx
@@ -2,7 +2,6 @@ import { grantTeamPermission, listUserTeamPermissions, revokeTeamPermission } fr
 import { ensureTeamMembershipExists, ensureUserTeamPermissionExists } from "@/lib/request-checks";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { teamPermissionsCrud } from '@stackframe/stack-shared/dist/interface/crud/team-permissions';
 import { teamPermissionDefinitionIdSchema, userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
@@ -53,11 +52,10 @@ export const teamPermissionsCrudHandlers = createLazyProxy(() => createCrudHandl
     });
   },
   async onList({ auth, query }) {
-    const userId = getIdFromUserIdOrMe(query.user_id, auth.user);
     if (auth.type === 'client') {
       const currentUserId = auth.user?.id || throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
 
-      if (userId !== currentUserId) {
+      if (query.user_id !== currentUserId) {
         throw new StatusError(StatusError.Forbidden, 'Client can only list permissions for their own user. user_id must be either "me" or the ID of the current user');
       }
     }
@@ -68,7 +66,7 @@ export const teamPermissionsCrudHandlers = createLazyProxy(() => createCrudHandl
           project: auth.project,
           teamId: query.team_id,
           permissionId: query.permission_id,
-          userId,
+          userId: query.user_id,
           recursive: query.recursive === 'true',
         }),
         is_paginated: false,
diff --git a/apps/backend/src/app/api/v1/teams/crud.tsx b/apps/backend/src/app/api/v1/teams/crud.tsx
index c22ec1382..90d7d58b3 100644
--- a/apps/backend/src/app/api/v1/teams/crud.tsx
+++ b/apps/backend/src/app/api/v1/teams/crud.tsx
@@ -2,15 +2,14 @@ import { ensureTeamExist, ensureTeamMembershipExists, ensureUserTeamPermissionEx
 import { sendTeamCreatedWebhook, sendTeamDeletedWebhook, sendTeamUpdatedWebhook } from "@/lib/webhooks";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { Prisma } from "@prisma/client";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { teamsCrud } from "@stackframe/stack-shared/dist/interface/crud/teams";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { validateBase64Image } from "@stackframe/stack-shared/dist/utils/base64";
 import { StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
 import { addUserToTeam } from "../team-memberships/crud";
-import { validateBase64Image } from "@stackframe/stack-shared/dist/utils/base64";
 
 
 export function teamPrismaToCrud(prisma: Prisma.TeamGetPayload<{}>) {
@@ -28,12 +27,17 @@ export function teamPrismaToCrud(prisma: Prisma.TeamGetPayload<{}>) {
 export const teamsCrudHandlers = createLazyProxy(() => createCrudHandlers(teamsCrud, {
   querySchema: yupObject({
     user_id: userIdOrMeSchema.optional().meta({ openapiField: { onlyShowInOperations: ['List'], description: 'Filter for the teams that the user is a member of. Can be either `me` or an ID. Must be `me` in the client API', exampleValue: 'me' } }),
-    add_current_user: yupString().oneOf(["true", "false"]).optional().meta({ openapiField: { onlyShowInOperations: ['Create'], description: "If to add the current user to the team. If this is not `true`, the newly created team will have no members. Notice that if you didn't specify `add_current_user=true` on the client side, the user cannot join the team again without re-adding them on the server side.", exampleValue: 'true' } }),
+    /* deprecated, use creator_user_id in the body instead */
+    add_current_user: yupString().oneOf(["true", "false"]).optional().meta({ openapiField: { onlyShowInOperations: ['Create'], hidden: true } }),
   }),
   paramsSchema: yupObject({
     team_id: yupString().uuid().required(),
   }),
   onCreate: async ({ query, auth, data }) => {
+    if (data.creator_user_id && query.add_current_user) {
+      throw new StatusError(StatusError.BadRequest, "Cannot use both creator_user_id and add_current_user. add_current_user is deprecated, please only use creator_user_id in the body.");
+    }
+
     if (auth.type === 'client' && !auth.user) {
       throw new KnownErrors.UserAuthenticationRequired();
     }
@@ -58,15 +62,27 @@ export const teamsCrudHandlers = createLazyProxy(() => createCrudHandlers(teamsC
         },
       });
 
-      if (query.add_current_user === 'true') {
+      let addUserId: string | undefined;
+      if (data.creator_user_id) {
+        if (auth.type === 'client') {
+          const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
+          if (data.creator_user_id !== currentUserId) {
+            throw new StatusError(StatusError.Forbidden, "You cannot add a user to the team as the creator that is not yourself on the client.");
+          }
+        }
+        addUserId = data.creator_user_id;
+      } else if (query.add_current_user === 'true') {
         if (!auth.user) {
           throw new StatusError(StatusError.Unauthorized, "You must be logged in to create a team with the current user as a member.");
         }
+        addUserId = auth.user.id;
+      }
 
+      if (addUserId) {
         await addUserToTeam(tx, {
           project: auth.project,
           teamId: db.teamId,
-          userId: auth.user.id,
+          userId: addUserId,
           type: 'creator',
         });
       }
@@ -188,11 +204,10 @@ export const teamsCrudHandlers = createLazyProxy(() => createCrudHandlers(teamsC
     });
   },
   onList: async ({ query, auth }) => {
-    const userId = getIdFromUserIdOrMe(query.user_id, auth.user);
     if (auth.type === 'client') {
       const currentUserId = auth.user?.id || throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
 
-      if (userId !== currentUserId) {
+      if (query.user_id !== currentUserId) {
         throw new StatusError(StatusError.Forbidden, 'Client can only list teams for their own user. user_id must be either "me" or the ID of the current user');
       }
     }
@@ -200,10 +215,10 @@ export const teamsCrudHandlers = createLazyProxy(() => createCrudHandlers(teamsC
     const db = await prismaClient.team.findMany({
       where: {
         projectId: auth.project.id,
-        ...userId ? {
+        ...query.user_id ? {
           teamMembers: {
             some: {
-              projectUserId: userId,
+              projectUserId: query.user_id,
             },
           },
         } : {},
diff --git a/apps/backend/src/app/api/v1/users/crud.tsx b/apps/backend/src/app/api/v1/users/crud.tsx
index e677e713a..3993c0ad1 100644
--- a/apps/backend/src/app/api/v1/users/crud.tsx
+++ b/apps/backend/src/app/api/v1/users/crud.tsx
@@ -542,10 +542,8 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
             `${data.display_name}'s Team` :
             data.primary_email ?
               `${data.primary_email}'s Team` :
-              "Personal Team"
-        },
-        query: {
-          add_current_user: "true",
+              "Personal Team",
+          creator_user_id: 'me',
         },
         project: auth.project,
         user: result,
diff --git a/apps/backend/src/route-handlers/utils.tsx b/apps/backend/src/route-handlers/utils.tsx
deleted file mode 100644
index 691858163..000000000
--- a/apps/backend/src/route-handlers/utils.tsx
+++ /dev/null
@@ -1,15 +0,0 @@
-import { KnownErrors } from "@stackframe/stack-shared";
-import { UsersCrud } from "@stackframe/stack-shared/dist/interface/crud/users";
-
-export function getIdFromUserIdOrMe(userId: string, user: UsersCrud['Server']['Read'] | undefined): string;
-export function getIdFromUserIdOrMe(userId: string | undefined, user: UsersCrud['Server']['Read'] | undefined): string | undefined;
-export function getIdFromUserIdOrMe(userId: string | undefined, user: UsersCrud['Server']['Read'] | undefined): string | undefined {
-  if (userId === "me") {
-    if (!user) {
-      throw new KnownErrors.CannotGetOwnUserWithoutUser();
-    }
-    return user.id;
-  }
-
-  return userId;
-}
\ No newline at end of file
diff --git a/apps/e2e/tests/backend/backend-helpers.ts b/apps/e2e/tests/backend/backend-helpers.ts
index a35496a6a..e88b4fa3e 100644
--- a/apps/e2e/tests/backend/backend-helpers.ts
+++ b/apps/e2e/tests/backend/backend-helpers.ts
@@ -776,11 +776,12 @@ export namespace Project {
 
 export namespace Team {
   export async function create(options: { accessType?: "client" | "server" } = {}, body?: any) {
-    const response = await niceBackendFetch("/api/v1/teams?add_current_user=true", {
+    const response = await niceBackendFetch("/api/v1/teams", {
       accessType: options.accessType ?? "server",
       method: "POST",
       body: {
         display_name: body?.display_name || 'New Team',
+        creator_user_id: 'me',
         ...body,
       },
     });
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
index e00a187b8..ad7856869 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
@@ -306,3 +306,122 @@ it("removes user from team on the client", async ({ expect }) => {
     }
   `);
 });
+
+it("creates a team and not add the current user as a member on the client", async ({ expect }) => {
+  const { userId } = await Auth.Otp.signIn();
+  const response = await niceBackendFetch("/api/v1/teams", {
+    accessType: "client",
+    method: "POST",
+    body: {
+      display_name: "My Team",
+    },
+  });
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 201,
+      "body": {
+        "client_metadata": null,
+        "client_read_only_metadata": null,
+        "display_name": "My Team",
+        "id": "<stripped UUID>",
+        "profile_image_url": null,
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+
+  const response2 = await niceBackendFetch(`/api/v1/teams?user_id=me`, {
+    accessType: "client",
+    method: "GET",
+  });
+  expect(response2).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "is_paginated": false,
+        "items": [],
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+});
+
+it("creates a team on the server and add a different user as the creator", async ({ expect }) => {
+  const user1Mailbox = createMailbox();
+  backendContext.set({ mailbox: user1Mailbox });
+  const { userId: userId1 } = await Auth.Otp.signIn();
+  backendContext.set({ mailbox: createMailbox() });
+  await Auth.Otp.signIn();
+
+  const response = await niceBackendFetch("/api/v1/teams", {
+    accessType: "server",
+    method: "POST",
+    body: {
+      display_name: "My Team",
+      creator_user_id: userId1,
+    },
+  });
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 201,
+      "body": {
+        "client_metadata": null,
+        "client_read_only_metadata": null,
+        "created_at_millis": <stripped field 'created_at_millis'>,
+        "display_name": "My Team",
+        "id": "<stripped UUID>",
+        "profile_image_url": null,
+        "server_metadata": null,
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+
+  backendContext.set({ mailbox: user1Mailbox });
+  await Auth.Otp.signIn();
+
+  const response2 = await niceBackendFetch(`/api/v1/teams?user_id=me`, {
+    accessType: "client",
+    method: "GET",
+  });
+  expect(response2).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "is_paginated": false,
+        "items": [
+          {
+            "client_metadata": null,
+            "client_read_only_metadata": null,
+            "display_name": "My Team",
+            "id": "<stripped UUID>",
+            "profile_image_url": null,
+          },
+        ],
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+});
+
+it("is not allowed to create a team and add a different user as the creator on the client", async ({ expect }) => {
+  const { userId: userId1 } = await Auth.Otp.signIn();
+  backendContext.set({ mailbox: createMailbox() });
+  await Auth.Otp.signIn();
+
+  const response = await niceBackendFetch("/api/v1/teams", {
+    accessType: "client",
+    method: "POST",
+    body: {
+      display_name: "My Team",
+      creator_user_id: userId1,
+    },
+  });
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 403,
+      "body": "You cannot add a user to the team as the creator that is not yourself on the client.",
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+});
\ No newline at end of file
diff --git a/packages/stack-shared/src/interface/clientInterface.ts b/packages/stack-shared/src/interface/clientInterface.ts
index eba992160..297f908da 100644
--- a/packages/stack-shared/src/interface/clientInterface.ts
+++ b/packages/stack-shared/src/interface/clientInterface.ts
@@ -1072,12 +1072,12 @@ export class StackClientInterface {
     return await response.json();
   }
 
-  async createTeamForCurrentUser(
+  async createClientTeam(
     data: TeamsCrud['Client']['Create'],
     session: InternalSession,
   ): Promise<TeamsCrud['Client']['Read']> {
     const response = await this.sendClientRequest(
-      "/teams?add_current_user=true",
+      "/teams",
       {
         method: "POST",
         headers: {
diff --git a/packages/stack-shared/src/interface/crud/teams.ts b/packages/stack-shared/src/interface/crud/teams.ts
index 602c88b1b..236d6d6b7 100644
--- a/packages/stack-shared/src/interface/crud/teams.ts
+++ b/packages/stack-shared/src/interface/crud/teams.ts
@@ -30,9 +30,11 @@ export const teamsCrudServerUpdateSchema = teamsCrudClientUpdateSchema.concat(yu
 // Create
 export const teamsCrudClientCreateSchema = teamsCrudClientUpdateSchema.concat(yupObject({
   display_name: fieldSchema.teamDisplayNameSchema.required(),
+  creator_user_id: fieldSchema.teamCreatorUserIdSchema.optional(),
 }).required());
 export const teamsCrudServerCreateSchema = teamsCrudServerUpdateSchema.concat(yupObject({
   display_name: fieldSchema.teamDisplayNameSchema.required(),
+  creator_user_id: fieldSchema.teamCreatorUserIdSchema.optional(),
 }).required());
 
 // Delete
diff --git a/packages/stack-shared/src/interface/serverInterface.ts b/packages/stack-shared/src/interface/serverInterface.ts
index bad0ab6fe..461ab436c 100644
--- a/packages/stack-shared/src/interface/serverInterface.ts
+++ b/packages/stack-shared/src/interface/serverInterface.ts
@@ -195,7 +195,7 @@ export class StackServerInterface extends StackClientInterface {
   }
 
   /* when passing a session, the user will be added to the team */
-  async createServerTeam(data: TeamsCrud['Server']['Create'], session?: InternalSession): Promise<TeamsCrud['Server']['Read']> {
+  async createServerTeam(data: TeamsCrud['Server']['Create']): Promise<TeamsCrud['Server']['Read']> {
     const response = await this.sendServerRequest(
       "/teams",
       {
@@ -205,7 +205,7 @@ export class StackServerInterface extends StackClientInterface {
         },
         body: JSON.stringify(data),
       },
-      session || null
+      null
     );
     return await response.json();
   }
diff --git a/packages/stack-shared/src/schema-fields.ts b/packages/stack-shared/src/schema-fields.ts
index fa998a8f1..31cc1c08a 100644
--- a/packages/stack-shared/src/schema-fields.ts
+++ b/packages/stack-shared/src/schema-fields.ts
@@ -315,6 +315,7 @@ export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { descri
 export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
 export const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email of the user to invite.', exampleValue: 'johndoe@example.com' } });
 export const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct an invite link with. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/team-invitations/accept` endpoint.', exampleValue: 'https://example.com/handler/team-invitation' } });
+export const teamCreatorUserIdSchema = userIdOrMeSchema.meta({ openapiField: { description: 'The ID of the creator of the team. If not specified, the user will not be added to the team. Can be either "me" or the ID of the user. Only used on the client side.', exampleValue: 'me' } });
 
 // Team member profiles
 export const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });
diff --git a/packages/stack/src/lib/stack-app.ts b/packages/stack/src/lib/stack-app.ts
index 2fdb46ae9..906c7028d 100644
--- a/packages/stack/src/lib/stack-app.ts
+++ b/packages/stack/src/lib/stack-app.ts
@@ -868,7 +868,10 @@ class _StackClientAppImpl<HasTokenStore extends boolean, ProjectId extends strin
         return useMemo(() => teams.map((crud) => app._clientTeamFromCrud(crud)), [teams]);
       },
       async createTeam(data: TeamCreateOptions) {
-        const crud = await app._interface.createTeamForCurrentUser(teamCreateOptionsToCrud(data), session);
+        const crud = await app._interface.createClientTeam({
+          ...teamCreateOptionsToCrud(data),
+          creator_user_id: 'me',
+        }, session);
         await app._currentUserTeamsCache.refresh([session]);
         return app._clientTeamFromCrud(crud);
       },
@@ -1640,7 +1643,10 @@ class _StackServerAppImpl<HasTokenStore extends boolean, ProjectId extends strin
         return useMemo(() => teams.map((t) => app._serverTeamFromCrud(t)), [teams]);
       },
       createTeam: async (data: ServerTeamCreateOptions) => {
-        const team =  await app._interface.createServerTeam(serverTeamCreateOptionsToCrud(data), app._getSession());
+        const team =  await app._interface.createServerTeam({
+          ...serverTeamCreateOptionsToCrud(data),
+          creator_user_id: crud.id,
+        });
         await app._serverTeamsCache.refresh([undefined]);
         return app._serverTeamFromCrud(team);
       },

From 28c3f57f31ce6bb2314c8f5cd7118063370661cb Mon Sep 17 00:00:00 2001
From: Zai Shi <zaishi00@outlook.com>
Date: Tue, 1 Oct 2024 06:22:12 +0200
Subject: [PATCH 6/6] New contact channels (#287)

* removed contact channels from otp

* fixed types

* fixed bugs

* fixed bug

* fixed bugs

* updated user contact channel

* updated tests

* updated tests

* added unique key to otp and password auth

* removed contact channel from user object
---
 .../migration.sql                             |  64 +++++
 apps/backend/prisma/schema.prisma             |  48 ++--
 apps/backend/prisma/seed.ts                   |   4 +-
 .../v1/auth/otp/send-sign-in-code/route.tsx   |  31 ++-
 .../otp/sign-in/verification-code-handler.tsx |  36 +--
 .../api/v1/auth/password/sign-in/route.tsx    |  33 ++-
 .../src/app/api/v1/internal/projects/crud.tsx |   4 +-
 .../src/app/api/v1/projects/current/crud.tsx  |   5 +-
 apps/backend/src/app/api/v1/users/crud.tsx    | 141 ++--------
 .../endpoints/api/v1/auth/oauth/token.test.ts |  11 -
 .../api/v1/auth/password/sign-in.test.ts      |  34 ++-
 .../api/v1/auth/password/sign-up.test.ts      |  33 ++-
 .../endpoints/api/v1/team-memberships.test.ts |  30 ---
 .../backend/endpoints/api/v1/users.test.ts    | 242 ------------------
 .../src/interface/crud/current-user.ts        |   2 -
 .../stack-shared/src/interface/crud/users.ts  |  46 +---
 16 files changed, 216 insertions(+), 548 deletions(-)
 create mode 100644 apps/backend/prisma/migrations/20240929194058_remove_otp_contact_channel/migration.sql

diff --git a/apps/backend/prisma/migrations/20240929194058_remove_otp_contact_channel/migration.sql b/apps/backend/prisma/migrations/20240929194058_remove_otp_contact_channel/migration.sql
new file mode 100644
index 000000000..0f49bc9d2
--- /dev/null
+++ b/apps/backend/prisma/migrations/20240929194058_remove_otp_contact_channel/migration.sql
@@ -0,0 +1,64 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `contactChannelId` on the `OtpAuthMethod` table. All the data in the column will be lost.
+  - You are about to drop the column `identifier` on the `PasswordAuthMethod` table. All the data in the column will be lost.
+  - A unique constraint covering the columns `[projectId,type,value,usedForAuth]` on the table `ContactChannel` will be added. If there are existing duplicate values, this will fail.
+  - You are about to drop the column `identifierType` on the `PasswordAuthMethod` table. All the data in the column will be lost.
+  - You are about to drop the column `identifierType` on the `PasswordAuthMethodConfig` table. All the data in the column will be lost.
+
+*/
+-- DropForeignKey
+ALTER TABLE "OtpAuthMethod" DROP CONSTRAINT "OtpAuthMethod_projectId_projectUserId_contactChannelId_fkey";
+
+-- DropIndex
+DROP INDEX "OtpAuthMethod_projectId_contactChannelId_key";
+
+-- DropIndex
+DROP INDEX "PasswordAuthMethod_projectId_identifierType_identifier_key";
+
+-- AlterTable
+ALTER TABLE "ContactChannel" ADD COLUMN "usedForAuth" "BooleanTrue";
+
+-- Set the usedForAuth value to "TRUE" if the contact channel is used in `OtpAuthMethod` or the value is the same as the `PasswordAuthMethod` of the same user
+UPDATE "ContactChannel" cc
+SET "usedForAuth" = 'TRUE'
+WHERE EXISTS (
+    SELECT 1
+    FROM "OtpAuthMethod" oam
+    WHERE oam."projectId" = cc."projectId"
+    AND oam."projectUserId" = cc."projectUserId"
+)
+OR EXISTS (
+    SELECT 1
+    FROM "PasswordAuthMethod" pam
+    WHERE pam."projectId" = cc."projectId"
+    AND pam."projectUserId" = cc."projectUserId"
+    AND pam."identifier" = cc."value"
+);
+
+
+-- AlterTable
+ALTER TABLE "OtpAuthMethod" DROP COLUMN "contactChannelId";
+
+-- AlterTable
+ALTER TABLE "PasswordAuthMethod" DROP COLUMN "identifier";
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ContactChannel_projectId_type_value_usedForAuth_key" ON "ContactChannel"("projectId", "type", "value", "usedForAuth");
+
+-- AlterTable
+ALTER TABLE "PasswordAuthMethod" DROP COLUMN "identifierType";
+
+-- AlterTable
+ALTER TABLE "PasswordAuthMethodConfig" DROP COLUMN "identifierType";
+
+-- DropEnum
+DROP TYPE "PasswordAuthMethodIdentifierType";
+
+-- CreateIndex
+CREATE UNIQUE INDEX "OtpAuthMethod_projectId_projectUserId_key" ON "OtpAuthMethod"("projectId", "projectUserId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "PasswordAuthMethod_projectId_projectUserId_key" ON "PasswordAuthMethod"("projectId", "projectUserId");
+
diff --git a/apps/backend/prisma/schema.prisma b/apps/backend/prisma/schema.prisma
index 2597946f0..aa403777c 100644
--- a/apps/backend/prisma/schema.prisma
+++ b/apps/backend/prisma/schema.prisma
@@ -290,20 +290,22 @@ model ContactChannel {
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  type       ContactChannelType
-  isPrimary  BooleanTrue?
-  isVerified Boolean
-  value      String
+  type        ContactChannelType
+  isPrimary   BooleanTrue?
+  usedForAuth BooleanTrue?
+  isVerified  Boolean
+  value       String
 
-  project       Project         @relation(fields: [projectId], references: [id], onDelete: Cascade)
-  projectUser   ProjectUser     @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
-  otpAuthMethod OtpAuthMethod[]
+  project     Project     @relation(fields: [projectId], references: [id], onDelete: Cascade)
+  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
 
   @@id([projectId, projectUserId, id])
   // each user has at most one primary contact channel of each type
   @@unique([projectId, projectUserId, type, isPrimary])
   // value must be unique per user per type
   @@unique([projectId, projectUserId, type, value])
+  // only one contact channel per project with the same value and type can be used for auth
+  @@unique([projectId, type, value, usedForAuth])
 }
 
 model ConnectedAccountConfig {
@@ -379,11 +381,6 @@ model OtpAuthMethodConfig {
   @@id([projectConfigId, authMethodConfigId])
 }
 
-enum PasswordAuthMethodIdentifierType {
-  EMAIL
-  // USERNAME
-}
-
 model PasswordAuthMethodConfig {
   projectConfigId    String @db.Uuid
   authMethodConfigId String @db.Uuid
@@ -393,8 +390,6 @@ model PasswordAuthMethodConfig {
 
   authMethodConfig AuthMethodConfig @relation(fields: [projectConfigId, authMethodConfigId], references: [projectConfigId, id], onDelete: Cascade)
 
-  identifierType PasswordAuthMethodIdentifierType
-
   @@id([projectConfigId, authMethodConfigId])
 }
 
@@ -498,21 +493,19 @@ model AuthMethod {
 }
 
 model OtpAuthMethod {
-  projectId        String
-  authMethodId     String @db.Uuid
-  contactChannelId String @db.Uuid
-  projectUserId    String @db.Uuid
+  projectId     String
+  authMethodId  String @db.Uuid
+  projectUserId String @db.Uuid
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  contactChannel ContactChannel @relation(fields: [projectId, projectUserId, contactChannelId], references: [projectId, projectUserId, id], onDelete: Cascade)
-  authMethod     AuthMethod     @relation(fields: [projectId, authMethodId], references: [projectId, id], onDelete: Cascade)
-  projectUser    ProjectUser    @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
+  authMethod  AuthMethod  @relation(fields: [projectId, authMethodId], references: [projectId, id], onDelete: Cascade)
+  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
 
   @@id([projectId, authMethodId])
-  // each contact channel can only be used once per project as an otp method
-  @@unique([projectId, contactChannelId])
+  // a user can only have one OTP auth method
+  @@unique([projectId, projectUserId])
 }
 
 model PasswordAuthMethod {
@@ -523,17 +516,14 @@ model PasswordAuthMethod {
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  identifierType PasswordAuthMethodIdentifierType
-  // The identifier is the email or username, depending on the type.
-  identifier     String
-  passwordHash   String
+  passwordHash String
 
   authMethod  AuthMethod  @relation(fields: [projectId, authMethodId], references: [projectId, id], onDelete: Cascade)
   projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
 
   @@id([projectId, authMethodId])
-  // each identifier of each type can only occur once per project
-  @@unique([projectId, identifierType, identifier])
+  // a user can only have one password auth method
+  @@unique([projectId, projectUserId])
 }
 
 // This connects to projectUserOauthAccount, which might be shared between auth method and connected account.
diff --git a/apps/backend/prisma/seed.ts b/apps/backend/prisma/seed.ts
index 86ea5689e..95df930a9 100644
--- a/apps/backend/prisma/seed.ts
+++ b/apps/backend/prisma/seed.ts
@@ -81,9 +81,7 @@ async function seed() {
               },
               {
                 passwordConfig: {
-                  create: {
-                    identifierType: 'EMAIL',
-                  }
+                  create: {}
                 }
               },
               ...(['github', 'spotify', 'google', 'microsoft'] as const).map((id) => ({
diff --git a/apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx b/apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx
index e662138e2..83c6df4c1 100644
--- a/apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx
@@ -39,33 +39,38 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(StatusError.Forbidden, "Magic link is not enabled for this project");
     }
 
-    const authMethods = await prismaClient.otpAuthMethod.findMany({
+    const contactChannel = await prismaClient.contactChannel.findUnique({
       where: {
-        projectId: project.id,
-        contactChannel: {
+        projectId_type_value_usedForAuth: {
+          projectId: project.id,
           type: "EMAIL",
           value: email,
-        },
+          usedForAuth: "TRUE",
+        }
       },
       include: {
-        projectUser: true,
-        contactChannel: true,
+        projectUser: {
+          include: {
+            authMethods: {
+              include: {
+                otpAuthMethod: true,
+              }
+            }
+          }
+        }
       }
     });
 
-    if (authMethods.length > 1) {
-      throw new StackAssertionError("Tried to send OTP sign in code but found multiple auth methods? The uniqueness on the DB schema should prevent this");
-    }
-    const authMethod = authMethods.length === 1 ? authMethods[0] : null;
+    const otpAuthMethod = contactChannel?.projectUser.authMethods.find((m) => m.otpAuthMethod)?.otpAuthMethod;
 
-    const isNewUser = !authMethod;
+    const isNewUser = !otpAuthMethod;
     if (isNewUser && !project.config.sign_up_enabled) {
       throw new KnownErrors.SignUpNotEnabled();
     }
 
     let user;
 
-    if (!authMethod) {
+    if (!otpAuthMethod) {
       // TODO this should be in the same transaction as the read above
       user = await usersCrudHandlers.adminCreate({
         project,
@@ -79,7 +84,7 @@ export const POST = createSmartRouteHandler({
     } else {
       user = await usersCrudHandlers.adminRead({
         project,
-        user_id: authMethod.projectUser.projectUserId,
+        user_id: contactChannel.projectUser.projectUserId,
       });
     }
 
diff --git a/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx b/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
index d62ab4106..63b959f10 100644
--- a/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
+++ b/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
@@ -55,33 +55,39 @@ export const signInVerificationCodeHandler = createVerificationCodeHandler({
     };
   },
   async handler(project, { email }, data) {
-    const authMethods = await prismaClient.otpAuthMethod.findMany({
+    const contactChannel = await prismaClient.contactChannel.findUnique({
       where: {
-        projectId: project.id,
-        contactChannel: {
+        projectId_type_value_usedForAuth: {
+          projectId: project.id,
           type: "EMAIL",
           value: email,
-        },
+          usedForAuth: "TRUE",
+        }
       },
       include: {
-        projectUser: true,
+        projectUser: {
+          include: {
+            authMethods: {
+              include: {
+                otpAuthMethod: true,
+              }
+            }
+          }
+        }
       }
     });
 
-    if (authMethods.length === 0) {
+    const otpAuthMethod = contactChannel?.projectUser.authMethods.find((m) => m.otpAuthMethod)?.otpAuthMethod;
+
+    if (!contactChannel || !otpAuthMethod) {
       throw new StackAssertionError("Tried to use OTP sign in but auth method was not found?");
     }
-    if (authMethods.length > 1) {
-      throw new StackAssertionError("Tried to use OTP sign in but found multiple auth methods? The uniqueness on the DB schema should prevent this");
-    }
-
-    const authMethod = authMethods[0];
 
-    if (authMethod.projectUser.requiresTotpMfa) {
+    if (contactChannel.projectUser.requiresTotpMfa) {
       throw await createMfaRequiredError({
         project,
         isNewUser: data.is_new_user,
-        userId: authMethod.projectUserId,
+        userId: contactChannel.projectUser.projectUserId,
       });
     }
 
@@ -89,7 +95,7 @@ export const signInVerificationCodeHandler = createVerificationCodeHandler({
       where: {
         projectId_projectUserId_type_value: {
           projectId: project.id,
-          projectUserId: authMethod.projectUserId,
+          projectUserId: contactChannel.projectUser.projectUserId,
           type: "EMAIL",
           value: email,
         }
@@ -101,7 +107,7 @@ export const signInVerificationCodeHandler = createVerificationCodeHandler({
 
     const { refreshToken, accessToken } = await createAuthTokens({
       projectId: project.id,
-      projectUserId: authMethod.projectUserId,
+      projectUserId: contactChannel.projectUser.projectUserId,
     });
 
     return {
diff --git a/apps/backend/src/app/api/v1/auth/password/sign-in/route.tsx b/apps/backend/src/app/api/v1/auth/password/sign-in/route.tsx
index 4bda81be8..abb33957f 100644
--- a/apps/backend/src/app/api/v1/auth/password/sign-in/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/password/sign-in/route.tsx
@@ -37,39 +37,50 @@ export const POST = createSmartRouteHandler({
       throw new KnownErrors.PasswordAuthenticationNotEnabled();
     }
 
-    const authMethod = await prismaClient.passwordAuthMethod.findUnique({
+    const contactChannel = await prismaClient.contactChannel.findUnique({
       where: {
-        projectId_identifierType_identifier: {
+        projectId_type_value_usedForAuth: {
           projectId: project.id,
-          identifierType: "EMAIL",
-          identifier: email,
+          type: "EMAIL",
+          value: email,
+          usedForAuth: "TRUE",
         }
       },
       include: {
-        projectUser: true,
+        projectUser: {
+          include: {
+            authMethods: {
+              include: {
+                passwordAuthMethod: true,
+              }
+            }
+          }
+        }
       }
     });
 
+    const passwordAuthMethod = contactChannel?.projectUser.authMethods.find((m) => m.passwordAuthMethod)?.passwordAuthMethod;
+
     // we compare the password even if the authMethod doesn't exist to prevent timing attacks
-    if (!await comparePassword(password, authMethod?.passwordHash || "")) {
+    if (!await comparePassword(password, passwordAuthMethod?.passwordHash || "")) {
       throw new KnownErrors.EmailPasswordMismatch();
     }
 
-    if (!authMethod) {
+    if (!contactChannel || !passwordAuthMethod) {
       throw new StackAssertionError("This should never happen (the comparePassword call should've already caused this to fail)");
     }
 
-    if (authMethod.projectUser.requiresTotpMfa) {
+    if (contactChannel.projectUser.requiresTotpMfa) {
       throw await createMfaRequiredError({
         project,
         isNewUser: false,
-        userId: authMethod.projectUser.projectUserId,
+        userId: contactChannel.projectUser.projectUserId,
       });
     }
 
     const { refreshToken, accessToken } = await createAuthTokens({
       projectId: project.id,
-      projectUserId: authMethod.projectUser.projectUserId,
+      projectUserId: contactChannel.projectUser.projectUserId,
     });
 
     return {
@@ -78,7 +89,7 @@ export const POST = createSmartRouteHandler({
       body: {
         access_token: accessToken,
         refresh_token: refreshToken,
-        user_id: authMethod.projectUser.projectUserId,
+        user_id: contactChannel.projectUser.projectUserId,
       }
     };
   },
diff --git a/apps/backend/src/app/api/v1/internal/projects/crud.tsx b/apps/backend/src/app/api/v1/internal/projects/crud.tsx
index d0798a57d..94810978c 100644
--- a/apps/backend/src/app/api/v1/internal/projects/crud.tsx
+++ b/apps/backend/src/app/api/v1/internal/projects/crud.tsx
@@ -141,9 +141,7 @@ export const internalProjectsCrudHandlers = createLazyProxy(() => createCrudHand
               ...(data.config?.credential_enabled ?? true) ? [{
                 enabled: true,
                 passwordConfig: {
-                  create: {
-                    identifierType: 'EMAIL',
-                  }
+                  create: {}
                 },
               }] : [],
             ]
diff --git a/apps/backend/src/app/api/v1/projects/current/crud.tsx b/apps/backend/src/app/api/v1/projects/current/crud.tsx
index 9b846f929..03bd65f61 100644
--- a/apps/backend/src/app/api/v1/projects/current/crud.tsx
+++ b/apps/backend/src/app/api/v1/projects/current/crud.tsx
@@ -339,7 +339,6 @@ export const projectsCrudHandlers = createLazyProxy(() => createCrudHandlers(pro
       const passwordAuth = await tx.passwordAuthMethodConfig.findFirst({
         where: {
           projectConfigId: oldProject.config.id,
-          identifierType: "EMAIL",
         },
       });
       if (data.config?.credential_enabled !== undefined) {
@@ -349,9 +348,7 @@ export const projectsCrudHandlers = createLazyProxy(() => createCrudHandlers(pro
               projectConfigId: oldProject.config.id,
               enabled: data.config.credential_enabled,
               passwordConfig: {
-                create: {
-                  identifierType: "EMAIL",
-                },
+                create: {},
               },
             },
           });
diff --git a/apps/backend/src/app/api/v1/users/crud.tsx b/apps/backend/src/app/api/v1/users/crud.tsx
index 3993c0ad1..03511e79e 100644
--- a/apps/backend/src/app/api/v1/users/crud.tsx
+++ b/apps/backend/src/app/api/v1/users/crud.tsx
@@ -22,37 +22,14 @@ export const userFullInclude = {
       providerConfig: true,
     },
   },
-  contactChannels: true,
   authMethods: {
     include: {
       passwordAuthMethod: true,
-      oauthAuthMethod: {
-        include: {
-          oauthProviderConfig: {
-            include: {
-              proxiedOAuthConfig: true,
-              standardOAuthConfig: true,
-            },
-          }
-        }
-      },
-      otpAuthMethod: {
-        include: {
-          contactChannel: true,
-        }
-      }
-    }
-  },
-  connectedAccounts: {
-    include: {
-      oauthProviderConfig: {
-        include: {
-          proxiedOAuthConfig: true,
-          standardOAuthConfig: true,
-        },
-      }
+      otpAuthMethod: true,
+      oauthAuthMethod: true,
     }
   },
+  contactChannels: true,
   teamMembers: {
     include: {
       team: true,
@@ -70,8 +47,12 @@ export const contactChannelToCrud = (channel: Prisma.ContactChannelGetPayload<{}
   }
 
   return {
+    id: channel.id,
     type: 'email',
-    email: channel.value,
+    value: channel.value,
+    is_primary: !!channel.isPrimary,
+    is_verified: channel.isVerified,
+    used_for_auth: !!channel.usedForAuth,
   };
 };
 
@@ -105,49 +86,6 @@ export const userPrismaToCrud = (
     throw new StackAssertionError("User cannot have more than one selected team; this should never happen");
   }
 
-  const authMethods: UsersCrud["Admin"]["Read"]["auth_methods"] = prisma.authMethods
-    .sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime())
-    .map((m) => {
-      if ([m.passwordAuthMethod, m.otpAuthMethod, m.oauthAuthMethod].filter(Boolean).length > 1) {
-        throw new StackAssertionError(`AuthMethod ${m.id} violates the union constraint`, m);
-      }
-
-      if (m.passwordAuthMethod) {
-        return {
-          type: 'password',
-          identifier: m.passwordAuthMethod.identifier,
-        };
-      } else if (m.otpAuthMethod) {
-        return {
-          type: 'otp',
-          contact_channel: {
-            type: 'email',
-            email: m.otpAuthMethod.contactChannel.value,
-          },
-        };
-      } else if (m.oauthAuthMethod) {
-        return {
-          type: 'oauth',
-          provider: {
-            ...oauthProviderConfigToCrud(m.oauthAuthMethod.oauthProviderConfig),
-            provider_user_id: m.oauthAuthMethod.providerAccountId,
-          },
-        };
-      } else {
-        throw new StackAssertionError("AuthMethod has no auth methods", m);
-      }
-    });
-
-  const connectedAccounts: UsersCrud["Admin"]["Read"]["connected_accounts"] = prisma.connectedAccounts.map((a) => {
-    return {
-      type: 'oauth',
-      provider: {
-        ...oauthProviderConfigToCrud(a.oauthProviderConfig),
-        provider_user_id: a.providerAccountId,
-      },
-    };
-  });
-
   // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
   const primaryEmailContactChannel = prisma.contactChannels.find((c) => c.type === 'EMAIL' && c.isPrimary);
   const passwordAuth = prisma.authMethods.find((m) => m.passwordAuthMethod);
@@ -171,8 +109,6 @@ export const userPrismaToCrud = (
       account_id: a.providerAccountId,
       email: a.email,
     })),
-    auth_methods: authMethods,
-    connected_accounts: connectedAccounts,
     selected_team_id: selectedTeamMembers[0]?.teamId ?? null,
     selected_team: selectedTeamMembers[0] ? teamPrismaToCrud(selectedTeamMembers[0]?.team) : null,
     last_active_at_millis: lastActiveAtMillis,
@@ -201,30 +137,18 @@ async function checkAuthData(
   }
   if (data.primaryEmailAuthEnabled) {
     if (!data.oldPrimaryEmail || data.oldPrimaryEmail !== data.primaryEmail) {
-      const otpAuth = await tx.otpAuthMethod.findFirst({
+      const otpAuth = await tx.contactChannel.findFirst({
         where: {
           projectId: data.projectId,
-          contactChannel: {
-            type: 'EMAIL',
-            value: data.primaryEmail || throwErr("primary_email_auth_enabled is true but primary_email is not set"),
-          },
+          type: 'EMAIL',
+          value: data.primaryEmail || throwErr("primary_email_auth_enabled is true but primary_email is not set"),
+          usedForAuth: BooleanTrue.TRUE,
         }
       });
 
       if (otpAuth) {
         throw new KnownErrors.UserEmailAlreadyExists();
       }
-
-      const passwordAuth = await tx.passwordAuthMethod.findFirst({
-        where: {
-          projectId: data.projectId,
-          identifier: data.primaryEmail || throwErr("primary_email_auth_enabled is true but primary_email is not set"),
-        }
-      });
-
-      if (passwordAuth) {
-        throw new KnownErrors.UserEmailAlreadyExists();
-      }
     }
   }
 }
@@ -460,7 +384,7 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
       }
 
       if (data.primary_email) {
-        const contactChannel = await tx.contactChannel.create({
+        await tx.contactChannel.create({
           data: {
             projectUserId: newUser.projectUserId,
             projectId: auth.project.id,
@@ -468,6 +392,7 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
             value: data.primary_email || throwErr("primary_email_auth_enabled is true but primary_email is not set"),
             isVerified: data.primary_email_verified ?? false,
             isPrimary: "TRUE",
+            usedForAuth: data.primary_email_auth_enabled ? BooleanTrue.TRUE : null,
           }
         });
 
@@ -484,7 +409,6 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
                 otpAuthMethod: {
                   create: {
                     projectUserId: newUser.projectUserId,
-                    contactChannelId: contactChannel.id,
                   }
                 }
               }
@@ -507,9 +431,7 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
               authMethodConfigId: passwordConfig.authMethodConfigId,
               passwordAuthMethod: {
                 create: {
-                  identifier: data.primary_email || throwErr("password is set but primary_email is not"),
                   passwordHash: await hashPassword(data.password),
-                  identifierType: 'EMAIL',
                   projectUserId: newUser.projectUserId,
                 }
               }
@@ -612,8 +534,8 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
 
       // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
       const primaryEmailContactChannel = oldUser.contactChannels.find((c) => c.type === 'EMAIL' && c.isPrimary);
-      const otpAuth = oldUser.authMethods.find((m) => m.otpAuthMethod && m.otpAuthMethod.contactChannel.id === primaryEmailContactChannel?.id)?.otpAuthMethod;
-      const passwordAuth = oldUser.authMethods.find((m) => m.passwordAuthMethod && m.passwordAuthMethod.identifier === primaryEmailContactChannel?.value)?.passwordAuthMethod;
+      const otpAuth = oldUser.authMethods.find((m) => m.otpAuthMethod)?.otpAuthMethod;
+      const passwordAuth = oldUser.authMethods.find((m) => m.passwordAuthMethod)?.passwordAuthMethod;
 
       await checkAuthData(tx, {
         projectId: auth.project.id,
@@ -627,10 +549,8 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
       // if there is a new primary email
       // - create a new primary email contact channel if it doesn't exist
       // - update the primary email contact channel if it exists
-      // - update the password auth method if it exists
       // if the primary email is null
       // - delete the primary email contact channel if it exists (note that this will also delete the related auth methods)
-      // - delete the password auth method if it exists
       if (data.primary_email !== undefined) {
         if (data.primary_email === null) {
           await tx.contactChannel.delete({
@@ -643,17 +563,6 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
               },
             },
           });
-
-          if (passwordAuth) {
-            await tx.authMethod.delete({
-              where: {
-                projectId_id: {
-                  projectId: auth.project.id,
-                  id: passwordAuth.authMethodId,
-                },
-              },
-            });
-          }
         } else {
           await tx.contactChannel.upsert({
             where: {
@@ -674,22 +583,9 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
             },
             update: {
               value: data.primary_email,
+              usedForAuth: data.primary_email_auth_enabled ? BooleanTrue.TRUE : null,
             }
           });
-
-          if (passwordAuth) {
-            await tx.passwordAuthMethod.update({
-              where: {
-                projectId_authMethodId: {
-                  projectId: auth.project.id,
-                  authMethodId: passwordAuth.authMethodId,
-                },
-              },
-              data: {
-                identifier: data.primary_email,
-              }
-            });
-          }
         }
       }
 
@@ -743,7 +639,6 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
                   otpAuthMethod: {
                     create: {
                       projectUserId: params.user_id,
-                      contactChannelId: primaryEmailChannel.id,
                     }
                   }
                 }
@@ -821,9 +716,7 @@ export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersC
                 authMethodConfigId: passwordConfig.authMethodConfigId,
                 passwordAuthMethod: {
                   create: {
-                    identifier: primaryEmailChannel.value,
                     passwordHash: await hashPassword(data.password),
-                    identifierType: 'EMAIL',
                     projectUserId: params.user_id,
                   }
                 }
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts
index f50db2a26..ed423f089 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts
@@ -34,20 +34,9 @@ describe("with grant_type === 'authorization_code'", async () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "provider": {
-                "id": "spotify",
-                "provider_user_id": "<stripped UUID>@stack-generated.example.com",
-                "type": "spotify",
-              },
-              "type": "oauth",
-            },
-          ],
           "auth_with_email": false,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
index a212cc688..f52ea9507 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
@@ -18,22 +18,30 @@ it("should allow signing in to existing accounts", async ({ expect }) => {
     }
   `);
   const response = await niceBackendFetch("/api/v1/users/me", { accessType: "client" });
-  expect(response.body.auth_methods).toMatchInlineSnapshot(`
-    [
-      {
-        "contact_channel": {
-          "email": "<stripped UUID>@stack-generated.example.com",
-          "type": "email",
-        },
-        "type": "otp",
-      },
-      {
-        "identifier": "<stripped UUID>@stack-generated.example.com",
-        "type": "password",
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "auth_with_email": true,
+        "client_metadata": null,
+        "client_read_only_metadata": null,
+        "display_name": null,
+        "has_password": true,
+        "id": "<stripped UUID>",
+        "oauth_providers": [],
+        "primary_email": "<stripped UUID>@stack-generated.example.com",
+        "primary_email_verified": false,
+        "profile_image_url": null,
+        "requires_totp_mfa": false,
+        "selected_team": null,
+        "selected_team_id": null,
+        "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
       },
-    ]
+      "headers": Headers { <some fields may have been hidden> },
+    }
   `);
 });
+// TODO: check auth methods
 
 it("should not allow signing in with an e-mail that never signed up", async ({ expect }) => {
   const response = await niceBackendFetch("/api/v1/auth/password/sign-in", {
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-up.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-up.test.ts
index b04c77d1e..a33b70455 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-up.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-up.test.ts
@@ -27,20 +27,27 @@ it("should sign up new users", async ({ expect }) => {
     ]
   `);
   const response = await niceBackendFetch("/api/v1/users/me", { accessType: "client" });
-  expect(response.body.auth_methods).toMatchInlineSnapshot(`
-    [
-      {
-        "contact_channel": {
-          "email": "<stripped UUID>@stack-generated.example.com",
-          "type": "email",
-        },
-        "type": "otp",
-      },
-      {
-        "identifier": "<stripped UUID>@stack-generated.example.com",
-        "type": "password",
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "auth_with_email": true,
+        "client_metadata": null,
+        "client_read_only_metadata": null,
+        "display_name": null,
+        "has_password": true,
+        "id": "<stripped UUID>",
+        "oauth_providers": [],
+        "primary_email": "<stripped UUID>@stack-generated.example.com",
+        "primary_email_verified": false,
+        "profile_image_url": null,
+        "requires_totp_mfa": false,
+        "selected_team": null,
+        "selected_team_id": null,
+        "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
       },
-    ]
+      "headers": Headers { <some fields may have been hidden> },
+    }
   `);
 });
 
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
index ad7856869..f26a43f73 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
@@ -68,19 +68,9 @@ it("creates a team and manage users on the server", async ({ expect }) => {
         "is_paginated": false,
         "items": [
           {
-            "auth_methods": [
-              {
-                "contact_channel": {
-                  "email": "<stripped UUID>@stack-generated.example.com",
-                  "type": "email",
-                },
-                "type": "otp",
-              },
-            ],
             "auth_with_email": true,
             "client_metadata": null,
             "client_read_only_metadata": null,
-            "connected_accounts": [],
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -96,19 +86,9 @@ it("creates a team and manage users on the server", async ({ expect }) => {
             "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
           },
           {
-            "auth_methods": [
-              {
-                "contact_channel": {
-                  "email": "<stripped UUID>@stack-generated.example.com",
-                  "type": "email",
-                },
-                "type": "otp",
-              },
-            ],
             "auth_with_email": true,
             "client_metadata": null,
             "client_read_only_metadata": null,
-            "connected_accounts": [],
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -154,19 +134,9 @@ it("creates a team and manage users on the server", async ({ expect }) => {
         "is_paginated": false,
         "items": [
           {
-            "auth_methods": [
-              {
-                "contact_channel": {
-                  "email": "<stripped UUID>@stack-generated.example.com",
-                  "type": "email",
-                },
-                "type": "otp",
-              },
-            ],
             "auth_with_email": true,
             "client_metadata": null,
             "client_read_only_metadata": null,
-            "connected_accounts": [],
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
index 71986b760..fab2c061f 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
@@ -77,19 +77,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -117,19 +107,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -202,19 +182,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -241,19 +211,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": { "key": "value" },
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -390,19 +350,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -429,19 +379,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -566,19 +506,9 @@ describe("with client access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": { "key": "value" },
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -682,19 +612,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -727,19 +647,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -788,19 +698,9 @@ describe("with server access", () => {
           "is_paginated": false,
           "items": [
             {
-              "auth_methods": [
-                {
-                  "contact_channel": {
-                    "email": "<stripped UUID>@stack-generated.example.com",
-                    "type": "email",
-                  },
-                  "type": "otp",
-                },
-              ],
               "auth_with_email": true,
               "client_metadata": null,
               "client_read_only_metadata": null,
-              "connected_accounts": [],
               "display_name": null,
               "has_password": false,
               "id": "<stripped UUID>",
@@ -838,19 +738,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -881,11 +771,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [],
           "auth_with_email": false,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -920,19 +808,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Dough",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -967,23 +845,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-            {
-              "identifier": "<stripped UUID>@stack-generated.example.com",
-              "type": "password",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": true,
           "id": "<stripped UUID>",
@@ -1063,19 +927,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1128,11 +982,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [],
           "auth_with_email": false,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1164,23 +1016,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-            {
-              "identifier": "<stripped UUID>@stack-generated.example.com",
-              "type": "password",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": true,
           "id": "<stripped UUID>",
@@ -1227,23 +1065,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-            {
-              "identifier": "<stripped UUID>@stack-generated.example.com",
-              "type": "password",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": true,
           "id": "<stripped UUID>",
@@ -1272,11 +1096,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 201,
         "body": {
-          "auth_methods": [],
           "auth_with_email": false,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1329,19 +1151,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1366,19 +1178,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1412,19 +1214,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": "John Doe",
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1458,23 +1250,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-            {
-              "identifier": "<stripped UUID>@stack-generated.example.com",
-              "type": "password",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": true,
           "id": "<stripped UUID>",
@@ -1557,19 +1335,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "<stripped UUID>@stack-generated.example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": { "key": "client value" },
           "client_read_only_metadata": { "key": "client read only value" },
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
@@ -1614,19 +1382,9 @@ describe("with server access", () => {
       NiceResponse {
         "status": 200,
         "body": {
-          "auth_methods": [
-            {
-              "contact_channel": {
-                "email": "new-primary-email@example.com",
-                "type": "email",
-              },
-              "type": "otp",
-            },
-          ],
           "auth_with_email": true,
           "client_metadata": null,
           "client_read_only_metadata": null,
-          "connected_accounts": [],
           "display_name": null,
           "has_password": false,
           "id": "<stripped UUID>",
diff --git a/packages/stack-shared/src/interface/crud/current-user.ts b/packages/stack-shared/src/interface/crud/current-user.ts
index ebe722d58..9675f359b 100644
--- a/packages/stack-shared/src/interface/crud/current-user.ts
+++ b/packages/stack-shared/src/interface/crud/current-user.ts
@@ -26,8 +26,6 @@ const clientReadSchema = usersCrudServerReadSchema.pick([
   "auth_with_email",
   "oauth_providers",
   "selected_team_id",
-  "auth_methods",
-  "connected_accounts",
   "requires_totp_mfa",
 ]).concat(yupObject({
   selected_team: teamsCrudClientReadSchema.nullable().defined(),
diff --git a/packages/stack-shared/src/interface/crud/users.ts b/packages/stack-shared/src/interface/crud/users.ts
index 730434f0f..c4a741da1 100644
--- a/packages/stack-shared/src/interface/crud/users.ts
+++ b/packages/stack-shared/src/interface/crud/users.ts
@@ -27,6 +27,17 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
   profile_image_url: fieldSchema.profileImageUrlSchema.nullable().defined(),
   signed_up_at_millis: fieldSchema.signedUpAtMillisSchema.required(),
   has_password: fieldSchema.yupBoolean().required().meta({ openapiField: { description: 'Whether the user has a password associated with their account', exampleValue: true } }),
+  client_metadata: fieldSchema.userClientMetadataSchema,
+  client_read_only_metadata: fieldSchema.userClientReadOnlyMetadataSchema,
+  server_metadata: fieldSchema.userServerMetadataSchema,
+  last_active_at_millis: fieldSchema.userLastActiveAtMillisSchema.required(),
+
+  oauth_providers: fieldSchema.yupArray(fieldSchema.yupObject({
+    id: fieldSchema.yupString().required(),
+    account_id: fieldSchema.yupString().required(),
+    email: fieldSchema.yupString().nullable(),
+  }).required()).required().meta({ openapiField: { hidden: true, description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
+
   /**
    * @deprecated
    */
@@ -35,41 +46,6 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
    * @deprecated
    */
   requires_totp_mfa: fieldSchema.yupBoolean().required().meta({ openapiField: { hidden: true, description: 'Whether the user is required to use TOTP MFA to sign in', exampleValue: false } }),
-  /**
-   * @deprecated
-   */
-  oauth_providers: fieldSchema.yupArray(fieldSchema.yupObject({
-    id: fieldSchema.yupString().required(),
-    account_id: fieldSchema.yupString().required(),
-    email: fieldSchema.yupString().nullable(),
-  }).required()).required().meta({ openapiField: { hidden: true, description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
-  auth_methods: fieldSchema.yupArray(fieldSchema.yupUnion(
-    fieldSchema.yupObject({
-      type: fieldSchema.yupString().oneOf(['password']).required(),
-      identifier: fieldSchema.yupString().required(),
-    }).required(),
-    fieldSchema.yupObject({
-      type: fieldSchema.yupString().oneOf(['otp']).required(),
-      contact_channel: fieldSchema.yupObject({
-        type: fieldSchema.yupString().oneOf(['email']).required(),
-        email: fieldSchema.yupString().required(),
-      }).required(),
-    }).required(),
-    fieldSchema.yupObject({
-      type: fieldSchema.yupString().oneOf(['oauth']).required(),
-      provider: fieldSchema.userOAuthProviderSchema.required(),
-    }).required(),
-  )).required().meta({ openapiField: { hidden: true, description: 'A list of authentication methods available for this user to sign in with', exampleValue: [ { "contact_channel": { "email": "john.doe@gmail.com", "type": "email", }, "type": "otp", } ] } }),
-  connected_accounts: fieldSchema.yupArray(fieldSchema.yupUnion(
-    fieldSchema.yupObject({
-      type: fieldSchema.yupString().oneOf(['oauth']).required(),
-      provider: fieldSchema.userOAuthProviderSchema.required(),
-    }).required(),
-  )).required().meta({ openapiField: { hidden: true, description: 'A list of connected accounts to this user', exampleValue: [ { "provider": { "provider_user_id": "12345", "type": "google", }, "type": "oauth", } ] } }),
-  client_metadata: fieldSchema.userClientMetadataSchema,
-  client_read_only_metadata: fieldSchema.userClientReadOnlyMetadataSchema,
-  server_metadata: fieldSchema.userServerMetadataSchema,
-  last_active_at_millis: fieldSchema.userLastActiveAtMillisSchema.required(),
 }).required();
 
 export const usersCrudServerCreateSchema = usersCrudServerUpdateSchema.omit(['selected_team_id']).concat(fieldSchema.yupObject({