Releases: authgear/authgear-server
Releases ยท authgear/authgear-server
2025-01-06.0
- ๐ท๏ธ New Simplier Pricing plans! All features are available in all plans, start building for free!
- See upcoming write-up and website updates for more details
- ๐ Elastic Search is no longer a compulsory requirement. Support using PostgreSQL instead of ElasticSearch
- ๐ช Redesigned "Endpoint Direct Access" settings page
- ๐ฆ Fixed Login with Passkey in Firefox
- ๐ Removed NFT/Ethereum login
- ๐ Misc bug fixes
2024-11-18.0
- ๐ฆธ Use Authgear as SAML IDP is now available in the portal:
- See Doc to learn how to enable SSO in SAML-compatible applications: https://docs.authgear.com/how-to-guide/single-sign-on/single-sign-on-with-saml
- ๐ UX-Improvement: Logo height is controlled by a slider in "Branding" settings
- ๐ Fix a bug where users may get stuck in the Captcha dialog during login
- ๐ Other Misc Bug fixes
2024-09-03
- ๐ช AuthUI v2 is ready. New signup login page design is applied to all projects.
- ๐ง Users' "identities" are available in the
oidc.jwt.pre_createblocking hook event. Identity data can be included in the JWT access token. - ๐ Misc bug fixes
2024-08-15.0
- ๐ Fix the error on redirection after login when the login page is accessed directly.
- ๐ Misc bug fixes
2024-07-29.0
- ๐ Account Deletion is now supported in SDKs, use "deleteAccount()" method to trigger the account deletion page directly without going to the
/settingspage. - โ Improve usability of AuthUI under no-script environment. The authentication process can be completed without any JavaScript.
- โจ "Issue Access Tokens in JWTs" are default enabled for SPA and native applications.
- ๐๏ธ Changed date format in the Portal to use the month names instead of numbers to avoid confusion.
- ๐งโ๐ผ New Account Management API: Manual Linking for OAuth is supported. Similar to Auth Flow API, it helps you build the account management page. Call these 2 new endpoints to link an OAuth identity to an authenticated user.
- POST /api/v1/account/identification
- POST /api/v1/account/identification/oauth
- (Pending documentation, see spec here)
- ๐ Auto Account Linking for Login IDs: When signup using a username/email/phone number, and this ID conflicts with an existing user who used OAuth connection to sign up before, the account can be linked.
- ๐ก๏ธ Behind the scene: Support DPoP protocol to bind the sessions to the device. Update to the latest SDK to use the new protocol. See: OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)
- ๐ Pre-authenticated URLs are supported in the backend. (Pending documentation, see spec here)
- ๐ Misc bug fixes
2024-07-12.0
- โจ New "Branding" section & new "Language" settings in the portal
- ๐ Fixed OTP display on iOS in autofill
- ๐ก๏ธ Block free plan users to customize the SMS/Email template to prevent spamming
- ๐ก๏ธ Misc security improvements
2024-06-13.0
- ๐ Removed an extra full stop in English SMS verification template
- ๐งโ๐ผ Admin can now create Email OTP/SMS OTP/Password 2FA Authenticator for an end-user in the Portal or with Admin API.
- ๐ก๏ธ Misc security improvements
2024-05-31.0
- ใ๏ธ In Import API, you can now mark passwords as expired and force the user to create a new password in their next login
- ๐ Auto Account Linking: When login using a social/enterprise connection, and the email address conflicts with an existing user, the account can be linked.
- e.g. a user signed up with [email protected] and password before and later login with their Google account of the same address, they can link it to the account and log in with both password and Google in the future.
- ๐ Provide separate options to disallow users to add, edit, or remove their identities (email/phone/username).
- ๐ Login with Passkey without entering email/phone/username in hybrid signup/login flow
- ๐ Added support for Simplified Chinese and fixed Portuguese and Spanish translations
- โฐ Added session expired dialog in the portal
- ๐ช Moved cookie preference option in the portal to the top-right menu
- ๐ฐ Other misc UX & security fixes
2024-04-29.1
- ๐ New Feature: Authflow selection in different applications.
- e.g. some applications can only be logged in with ADFS, and other applications must go through 2FA when logged in.
- ๐ New supported languages in AuthUI, enable them in the Localization settings!
- Vietnamese ๐ป๐ณ, Thai ๐น๐ญ, Malay ๐ฒ๐พ, Indonesian ๐ฎ๐ฉ, Filipino (Tagalog) ๐ต๐ญ, Korean ๐ฐ๐ท, Japanese ๐ฏ๐ต, Spanish ๐ช๐ธ/๐, French ๐ซ๐ท, Portuguese ๐ต๐น/๐ง๐ท, German ๐ฉ๐ช, Italian ๐ฎ๐น, Polish ๐ต๐ฑ, Dutch ๐ณ๐ฑ, Greek ๐ฌ๐ท
- ๐ช Users can now control Cookie preferences in the Portal
- ๐ฌ Login with WeChat in the new AuthUI and Authflow
- โจ Application names are shown instead of Client IDs in user management session listing๏ปฟ
๏ปฟ-๐ก๏ธ Enforce minimum 43-character length for code verifier in OAuth PKCE flow - ๐ฐ Other misc security fixes
2024-04-05.0
- Use "Roles and Groups" to manage the application access right of a user
- Import User API: A new API for batch import users into Authgear. Best for migrating from legacy systems
- New endpoint: POST /_api/admin/users/import
- See user guide at: https://docs.authgear.com/how-to-guide/user-management/import-users-using-user-import-api
- Password Expiry: Force change password after X days upon login. (It's disabled by default because itโs not a recommended password policy)
- Webkit WebView in SDK (aka Embedded Webview). Use the new configuration in the SDK to open the AuthUI in an embedded webview to achieve a more native-looking experience. See the guide at: https://docs.authgear.com/how-to-guide/mobile-apps/using-webview-to-open-the-authgear-ui