0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

release: version packages (#6811)

This commit is contained in:
silverhand-bot 2024-11-22 17:04:11 +08:00 committed by GitHub
parent f563517c68
commit 2856f9ee28
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
35 changed files with 386 additions and 148 deletions

View file

@ -1,16 +0,0 @@
---
"@logto/console": minor
"@logto/core": minor
"@logto/phrases": minor
---
add `trustUnverifiedEmail` setting for the Microsoft EntraID OIDC SSO connector
Since we launched the **EntraID OIDC SSO connector** we have received several feedbacks that their customer's email address can not be populated to Logto's user profile when signing up through the EntraID OIDC SSO connector.
This is because Logto only syncs verified email addresses, meaning the `email_verified` claim must be `true` in the user info response from the OIDC provider.
However, based on Microsoft's documentation, since the user's email address in manually managed by the organization, they are not verified guaranteed. This means that the `email_verified` claim will not be included in their user info response.
To address this issue, we have added a new `trustUnverifiedEmail` exclusively for the Microsoft EntraID OIDC SSO connector. When this setting is enabled, Logto will trust the email address provided by the Microsoft EntraID OIDC SSO connector even if the `email_verified` claim is not included in the user info response. This will allow users to sign up and log in to Logto using their email address without any issues. Please note this may introduce a security risk as the email address is not verified by the OIDC provider. You should only enable this setting if you trust the email address provided by the Microsoft EntraID OIDC SSO connector.
You can configure this setting in the **EntraID OIDC SSO connector** settings page in the Logto console or through the management API.

View file

@ -1,15 +0,0 @@
---
"@logto/console": minor
"@logto/core": minor
"@logto/experience": minor
"@logto/experience-legacy": minor
"@logto/phrases": minor
"@logto/phrases-experience": minor
"@logto/schemas": minor
---
display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.

View file

@ -1,35 +0,0 @@
---
'@logto/core': minor
'@logto/integration-tests': minor
'@logto/phrases': minor
'@logto/schemas': minor
'@logto/connector-kit': minor
---
add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities

View file

@ -1,12 +0,0 @@
---
"@logto/console": minor
"@logto/core": minor
"@logto/phrases": minor
"@logto/schemas": minor
---
add unknown session redirect url in the sign-in experience settings
In certain cases, Logto may be unable to properly identify a users authentication session when they land on the sign-in page. This can happen if the session has expired, if the user bookmarks the sign-in URL for future access, or if they directly share the sign-in link. By default, an "unknown session" 404 error is displayed.
To improve user experience, we have added a new `unknownSessionRedirectUrl` field in the sign-in experience settings.You can configure this field to redirect users to a custom URL when an unknown session is detected. This will help users to easily navigate to your client application or website and reinitiate the authentication process automatically.

View file

@ -1,5 +1,15 @@
# Change Log
## 1.22.0
### Patch Changes
- Updated dependencies [640425414]
- Updated dependencies [7ebef18e3]
- Updated dependencies [640425414]
- @logto/schemas@1.22.0
- @logto/connector-kit@4.1.0
## 1.21.0
### Patch Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/cli",
"version": "1.21.0",
"version": "1.22.0",
"description": "Logto CLI.",
"author": "Silverhand Inc. <contact@silverhand.io>",
"homepage": "https://github.com/logto-io/logto#readme",
@ -42,9 +42,9 @@
"url": "https://github.com/logto-io/logto/issues"
},
"dependencies": {
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/schemas": "workspace:1.21.0",
"@logto/schemas": "workspace:1.22.0",
"@logto/shared": "workspace:^3.1.2",
"@silverhand/essentials": "^2.9.1",
"@silverhand/slonik": "31.0.0-beta.2",

View file

@ -1,5 +1,32 @@
# Change Log
## 1.19.0
### Minor Changes
- 640425414: add `trustUnverifiedEmail` setting for the Microsoft EntraID OIDC SSO connector
Since we launched the **EntraID OIDC SSO connector** we have received several feedbacks that their customer's email address can not be populated to Logto's user profile when signing up through the EntraID OIDC SSO connector.
This is because Logto only syncs verified email addresses, meaning the `email_verified` claim must be `true` in the user info response from the OIDC provider.
However, based on Microsoft's documentation, since the user's email address in manually managed by the organization, they are not verified guaranteed. This means that the `email_verified` claim will not be included in their user info response.
To address this issue, we have added a new `trustUnverifiedEmail` exclusively for the Microsoft EntraID OIDC SSO connector. When this setting is enabled, Logto will trust the email address provided by the Microsoft EntraID OIDC SSO connector even if the `email_verified` claim is not included in the user info response. This will allow users to sign up and log in to Logto using their email address without any issues. Please note this may introduce a security risk as the email address is not verified by the OIDC provider. You should only enable this setting if you trust the email address provided by the Microsoft EntraID OIDC SSO connector.
You can configure this setting in the **EntraID OIDC SSO connector** settings page in the Logto console or through the management API.
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
- 640425414: add unknown session redirect url in the sign-in experience settings
In certain cases, Logto may be unable to properly identify a users authentication session when they land on the sign-in page. This can happen if the session has expired, if the user bookmarks the sign-in URL for future access, or if they directly share the sign-in link. By default, an "unknown session" 404 error is displayed.
To improve user experience, we have added a new `unknownSessionRedirectUrl` field in the sign-in experience settings.You can configure this field to redirect users to a custom URL when an unknown session is detected. This will help users to easily navigate to your client application or website and reinitiate the authentication process automatically.
## 1.18.1
### Patch Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/console",
"version": "1.18.1",
"version": "1.19.0",
"description": "> TODO: description",
"author": "Silverhand Inc. <contact@silverhand.io>",
"homepage": "https://github.com/logto-io/logto#readme",
@ -28,13 +28,13 @@
"@fontsource/roboto-mono": "^5.0.0",
"@jest/types": "^29.5.0",
"@logto/cloud": "0.2.5-5e334eb",
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/language-kit": "workspace:^1.1.0",
"@logto/phrases": "workspace:^1.14.1",
"@logto/phrases-experience": "workspace:^1.8.0",
"@logto/phrases": "workspace:^1.15.0",
"@logto/phrases-experience": "workspace:^1.9.0",
"@logto/react": "^3.0.12",
"@logto/schemas": "workspace:^1.21.0",
"@logto/schemas": "workspace:^1.22.0",
"@logto/shared": "workspace:^3.1.2",
"@mdx-js/react": "^3.0.1",
"@mdx-js/rollup": "^3.0.1",

View file

@ -1,5 +1,75 @@
# Change Log
## 1.22.0
### Minor Changes
- 640425414: add `trustUnverifiedEmail` setting for the Microsoft EntraID OIDC SSO connector
Since we launched the **EntraID OIDC SSO connector** we have received several feedbacks that their customer's email address can not be populated to Logto's user profile when signing up through the EntraID OIDC SSO connector.
This is because Logto only syncs verified email addresses, meaning the `email_verified` claim must be `true` in the user info response from the OIDC provider.
However, based on Microsoft's documentation, since the user's email address in manually managed by the organization, they are not verified guaranteed. This means that the `email_verified` claim will not be included in their user info response.
To address this issue, we have added a new `trustUnverifiedEmail` exclusively for the Microsoft EntraID OIDC SSO connector. When this setting is enabled, Logto will trust the email address provided by the Microsoft EntraID OIDC SSO connector even if the `email_verified` claim is not included in the user info response. This will allow users to sign up and log in to Logto using their email address without any issues. Please note this may introduce a security risk as the email address is not verified by the OIDC provider. You should only enable this setting if you trust the email address provided by the Microsoft EntraID OIDC SSO connector.
You can configure this setting in the **EntraID OIDC SSO connector** settings page in the Logto console or through the management API.
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
- 7ebef18e3: add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities
- 640425414: add unknown session redirect url in the sign-in experience settings
In certain cases, Logto may be unable to properly identify a users authentication session when they land on the sign-in page. This can happen if the session has expired, if the user bookmarks the sign-in URL for future access, or if they directly share the sign-in link. By default, an "unknown session" 404 error is displayed.
To improve user experience, we have added a new `unknownSessionRedirectUrl` field in the sign-in experience settings.You can configure this field to redirect users to a custom URL when an unknown session is detected. This will help users to easily navigate to your client application or website and reinitiate the authentication process automatically.
### Patch Changes
- Updated dependencies [640425414]
- Updated dependencies [640425414]
- Updated dependencies [7ebef18e3]
- Updated dependencies [640425414]
- @logto/console@1.19.0
- @logto/phrases@1.15.0
- @logto/experience@1.10.0
- @logto/experience-legacy@1.10.0
- @logto/phrases-experience@1.9.0
- @logto/schemas@1.22.0
- @logto/connector-kit@4.1.0
- @logto/cli@1.22.0
## 1.21.0
### Minor Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/core",
"version": "1.21.0",
"version": "1.22.0",
"description": "The open source identity solution.",
"main": "build/index.js",
"author": "Silverhand Inc. <contact@silverhand.io>",
@ -33,8 +33,8 @@
"@koa/cors": "^5.0.0",
"@logto/affiliate": "^0.1.0",
"@logto/app-insights": "workspace:^2.0.0",
"@logto/cli": "workspace:^1.21.0",
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/cli": "workspace:^1.22.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/console": "workspace:*",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/demo-app": "workspace:*",
@ -42,9 +42,9 @@
"@logto/experience-legacy": "workspace:*",
"@logto/js": "^4.1.4",
"@logto/language-kit": "workspace:^1.1.0",
"@logto/phrases": "workspace:^1.14.1",
"@logto/phrases-experience": "workspace:^1.8.0",
"@logto/schemas": "workspace:^1.21.0",
"@logto/phrases": "workspace:^1.15.0",
"@logto/phrases-experience": "workspace:^1.9.0",
"@logto/schemas": "workspace:^1.22.0",
"@logto/shared": "workspace:^3.1.2",
"@silverhand/essentials": "^2.9.1",
"@silverhand/slonik": "31.0.0-beta.2",

View file

@ -1,5 +1,11 @@
# Change Log
## 1.22.0
### Patch Changes
- @logto/cli@1.22.0
## 1.21.0
### Patch Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/create",
"version": "1.21.0",
"version": "1.22.0",
"author": "Silverhand Inc. <contact@silverhand.io>",
"license": "MPL-2.0",
"type": "module",
@ -15,6 +15,6 @@
"node": "^20.9.0"
},
"dependencies": {
"@logto/cli": "workspace:^1.21.0"
"@logto/cli": "workspace:^1.22.0"
}
}

View file

@ -1,5 +1,15 @@
# Change Log
## 1.10.0
### Minor Changes
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
## 1.9.0
### Minor Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/experience-legacy",
"version": "1.9.0",
"version": "1.10.0",
"license": "MPL-2.0",
"type": "module",
"private": true,
@ -21,12 +21,12 @@
},
"devDependencies": {
"@jest/types": "^29.5.0",
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/language-kit": "workspace:^1.1.0",
"@logto/phrases": "workspace:^1.14.0",
"@logto/phrases-experience": "workspace:^1.8.0",
"@logto/schemas": "workspace:^1.20.0",
"@logto/phrases": "workspace:^1.15.0",
"@logto/phrases-experience": "workspace:^1.9.0",
"@logto/schemas": "workspace:^1.22.0",
"@react-spring/shared": "^9.6.1",
"@react-spring/web": "^9.6.1",
"@silverhand/eslint-config": "6.0.1",

View file

@ -1,5 +1,15 @@
# Change Log
## 1.10.0
### Minor Changes
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
## 1.9.0
### Minor Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/experience",
"version": "1.9.0",
"version": "1.10.0",
"license": "MPL-2.0",
"type": "module",
"private": true,
@ -21,12 +21,12 @@
},
"devDependencies": {
"@jest/types": "^29.5.0",
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/language-kit": "workspace:^1.1.0",
"@logto/phrases": "workspace:^1.14.0",
"@logto/phrases-experience": "workspace:^1.8.0",
"@logto/schemas": "workspace:^1.20.0",
"@logto/phrases": "workspace:^1.15.0",
"@logto/phrases-experience": "workspace:^1.9.0",
"@logto/schemas": "workspace:^1.22.0",
"@react-spring/shared": "^9.6.1",
"@react-spring/web": "^9.6.1",
"@silverhand/eslint-config": "6.0.1",

View file

@ -1,5 +1,37 @@
# Change Log
## 1.10.0
### Minor Changes
- 7ebef18e3: add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities
## 1.9.0
### Minor Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/integration-tests",
"version": "1.9.0",
"version": "1.10.0",
"description": "Integration tests for Logto.",
"author": "Silverhand Inc. <contact@silverhand.io>",
"license": "MPL-2.0",
@ -25,11 +25,11 @@
"@apidevtools/swagger-parser": "^10.1.0",
"@jest/test-sequencer": "^29.5.0",
"@jest/types": "^29.1.2",
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^",
"@logto/js": "^4.1.4",
"@logto/node": "^2.5.4",
"@logto/schemas": "workspace:^1.20.0",
"@logto/schemas": "workspace:^1.22.0",
"@logto/shared": "workspace:^3.1.1",
"@silverhand/eslint-config": "6.0.1",
"@silverhand/essentials": "^2.9.1",

View file

@ -1,5 +1,15 @@
# Change Log
## 1.9.0
### Minor Changes
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
## 1.8.0
### Minor Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/phrases-experience",
"version": "1.8.0",
"version": "1.9.0",
"description": "Logto shared phrases (i18n) for experience.",
"author": "Silverhand Inc. <contact@silverhand.io>",
"homepage": "https://github.com/logto-io/logto#readme",

View file

@ -1,5 +1,60 @@
# Change Log
## 1.15.0
### Minor Changes
- 640425414: add `trustUnverifiedEmail` setting for the Microsoft EntraID OIDC SSO connector
Since we launched the **EntraID OIDC SSO connector** we have received several feedbacks that their customer's email address can not be populated to Logto's user profile when signing up through the EntraID OIDC SSO connector.
This is because Logto only syncs verified email addresses, meaning the `email_verified` claim must be `true` in the user info response from the OIDC provider.
However, based on Microsoft's documentation, since the user's email address in manually managed by the organization, they are not verified guaranteed. This means that the `email_verified` claim will not be included in their user info response.
To address this issue, we have added a new `trustUnverifiedEmail` exclusively for the Microsoft EntraID OIDC SSO connector. When this setting is enabled, Logto will trust the email address provided by the Microsoft EntraID OIDC SSO connector even if the `email_verified` claim is not included in the user info response. This will allow users to sign up and log in to Logto using their email address without any issues. Please note this may introduce a security risk as the email address is not verified by the OIDC provider. You should only enable this setting if you trust the email address provided by the Microsoft EntraID OIDC SSO connector.
You can configure this setting in the **EntraID OIDC SSO connector** settings page in the Logto console or through the management API.
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
- 7ebef18e3: add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities
- 640425414: add unknown session redirect url in the sign-in experience settings
In certain cases, Logto may be unable to properly identify a users authentication session when they land on the sign-in page. This can happen if the session has expired, if the user bookmarks the sign-in URL for future access, or if they directly share the sign-in link. By default, an "unknown session" 404 error is displayed.
To improve user experience, we have added a new `unknownSessionRedirectUrl` field in the sign-in experience settings.You can configure this field to redirect users to a custom URL when an unknown session is detected. This will help users to easily navigate to your client application or website and reinitiate the authentication process automatically.
## 1.14.1
### Patch Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/phrases",
"version": "1.14.1",
"version": "1.15.0",
"description": "Logto shared phrases (i18n).",
"author": "Silverhand Inc. <contact@silverhand.io>",
"homepage": "https://github.com/logto-io/logto#readme",

View file

@ -1,5 +1,59 @@
# Change Log
## 1.22.0
### Minor Changes
- 640425414: display support email and website info on experience error pages.
Added support email and website info to the error pages of the experience app. E.g. when a user tries to access a page that doesn't exist, or when the social session is not found in a social callback page. This will help users to contact support easily when they encounter an error.
You may configure the support email and website info in the sign-in experience settings page in the Logto console or through the management API.
- 7ebef18e3: add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities
- 640425414: add unknown session redirect url in the sign-in experience settings
In certain cases, Logto may be unable to properly identify a users authentication session when they land on the sign-in page. This can happen if the session has expired, if the user bookmarks the sign-in URL for future access, or if they directly share the sign-in link. By default, an "unknown session" 404 error is displayed.
To improve user experience, we have added a new `unknownSessionRedirectUrl` field in the sign-in experience settings.You can configure this field to redirect users to a custom URL when an unknown session is detected. This will help users to easily navigate to your client application or website and reinitiate the authentication process automatically.
### Patch Changes
- Updated dependencies [640425414]
- Updated dependencies [640425414]
- Updated dependencies [7ebef18e3]
- Updated dependencies [640425414]
- @logto/phrases@1.15.0
- @logto/phrases-experience@1.9.0
- @logto/connector-kit@4.1.0
## 1.21.0
### Patch Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/schemas",
"version": "1.21.0",
"version": "1.22.0",
"author": "Silverhand Inc. <contact@silverhand.io>",
"license": "MPL-2.0",
"type": "module",
@ -78,11 +78,11 @@
},
"prettier": "@silverhand/eslint-config/.prettierrc",
"dependencies": {
"@logto/connector-kit": "workspace:^4.0.0",
"@logto/connector-kit": "workspace:^4.1.0",
"@logto/core-kit": "workspace:^2.5.0",
"@logto/language-kit": "workspace:^1.1.0",
"@logto/phrases": "workspace:^1.14.1",
"@logto/phrases-experience": "workspace:^1.8.0",
"@logto/phrases": "workspace:^1.15.0",
"@logto/phrases-experience": "workspace:^1.9.0",
"@logto/shared": "workspace:^3.1.2",
"@withtyped/server": "^0.14.0",
"nanoid": "^5.0.1"

View file

@ -1,5 +1,37 @@
# Change Log
## 4.1.0
### Minor Changes
- 7ebef18e3: add account api
Introduce the new Account API, designed to give end users direct API access without needing to go through the Management API, here is the highlights:
1. Direct access: The Account API empowers end users to directly access and manage their own account profile without requiring the relay of Management API.
2. User profile and identities management: Users can fully manage their profiles and security settings, including the ability to update identity information like email, phone, and password, as well as manage social connections. MFA and SSO support are coming soon.
3. Global access control: Admin has full, global control over access settings, can customize each fields.
4. Seamless authorization: Authorizing is easier than ever! Simply use `client.getAccessToken()` to obtain an opaque access token for OP (Logto), and attach it to the Authorization header as `Bearer <access_token>`.
## Get started
> ![Note]
> Go to the [Logto Docs](https://bump.sh/logto/doc/logto-user-api) to find full API reference.
1. Use `/api/account-center` endpoint to enable the feature, for security reason, it is disabled by default. And set fields permission for each field.
2. Use `client.getAccessToken()` to get the access token.
3. Attach the access token to the Authorization header of your request, and start interacting with the Account API directly from the frontend.
4. You may need to setup `logto-verification-id` header as an additional verification for some requests related to identity verification.
## What you can do with Account API
1. Get user account profile
2. Update basic information including name, avatar, username and other profile information
3. Update password
4. Update primary email
5. Update primary phone
6. Manage social identities
## 4.0.0
### Major Changes

View file

@ -1,6 +1,6 @@
{
"name": "@logto/connector-kit",
"version": "4.0.0",
"version": "4.1.0",
"author": "Silverhand Inc. <contact@silverhand.io>",
"homepage": "https://github.com/logto-io/toolkit#readme",
"repository": {

View file

@ -95,13 +95,13 @@ importers:
packages/cli:
dependencies:
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^2.5.0
version: link:../toolkit/core-kit
'@logto/schemas':
specifier: workspace:1.21.0
specifier: workspace:1.22.0
version: link:../schemas
'@logto/shared':
specifier: workspace:^3.1.2
@ -2742,7 +2742,7 @@ importers:
specifier: 0.2.5-5e334eb
version: 0.2.5-5e334eb(zod@3.23.8)
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^2.5.0
@ -2751,16 +2751,16 @@ importers:
specifier: workspace:^1.1.0
version: link:../toolkit/language-kit
'@logto/phrases':
specifier: workspace:^1.14.1
specifier: workspace:^1.15.0
version: link:../phrases
'@logto/phrases-experience':
specifier: workspace:^1.8.0
specifier: workspace:^1.9.0
version: link:../phrases-experience
'@logto/react':
specifier: ^3.0.12
version: 3.0.13(react@18.3.1)
'@logto/schemas':
specifier: workspace:^1.21.0
specifier: workspace:^1.22.0
version: link:../schemas
'@logto/shared':
specifier: workspace:^3.1.2
@ -3042,10 +3042,10 @@ importers:
specifier: workspace:^2.0.0
version: link:../app-insights
'@logto/cli':
specifier: workspace:^1.21.0
specifier: workspace:^1.22.0
version: link:../cli
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/console':
specifier: workspace:*
@ -3069,13 +3069,13 @@ importers:
specifier: workspace:^1.1.0
version: link:../toolkit/language-kit
'@logto/phrases':
specifier: workspace:^1.14.1
specifier: workspace:^1.15.0
version: link:../phrases
'@logto/phrases-experience':
specifier: workspace:^1.8.0
specifier: workspace:^1.9.0
version: link:../phrases-experience
'@logto/schemas':
specifier: workspace:^1.21.0
specifier: workspace:^1.22.0
version: link:../schemas
'@logto/shared':
specifier: workspace:^3.1.2
@ -3343,7 +3343,7 @@ importers:
packages/create:
dependencies:
'@logto/cli':
specifier: workspace:^1.21.0
specifier: workspace:^1.22.0
version: link:../cli
packages/demo-app:
@ -3512,7 +3512,7 @@ importers:
specifier: ^29.5.0
version: 29.6.3
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^2.5.0
@ -3521,13 +3521,13 @@ importers:
specifier: workspace:^1.1.0
version: link:../toolkit/language-kit
'@logto/phrases':
specifier: workspace:^1.14.0
specifier: workspace:^1.15.0
version: link:../phrases
'@logto/phrases-experience':
specifier: workspace:^1.8.0
specifier: workspace:^1.9.0
version: link:../phrases-experience
'@logto/schemas':
specifier: workspace:^1.20.0
specifier: workspace:^1.22.0
version: link:../schemas
'@react-spring/shared':
specifier: ^9.6.1
@ -3719,7 +3719,7 @@ importers:
specifier: ^29.5.0
version: 29.6.3
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^2.5.0
@ -3728,13 +3728,13 @@ importers:
specifier: workspace:^1.1.0
version: link:../toolkit/language-kit
'@logto/phrases':
specifier: workspace:^1.14.0
specifier: workspace:^1.15.0
version: link:../phrases
'@logto/phrases-experience':
specifier: workspace:^1.8.0
specifier: workspace:^1.9.0
version: link:../phrases-experience
'@logto/schemas':
specifier: workspace:^1.20.0
specifier: workspace:^1.22.0
version: link:../schemas
'@react-spring/shared':
specifier: ^9.6.1
@ -3936,7 +3936,7 @@ importers:
specifier: ^29.1.2
version: 29.1.2
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^
@ -3948,7 +3948,7 @@ importers:
specifier: ^2.5.4
version: 2.5.4
'@logto/schemas':
specifier: workspace:^1.20.0
specifier: workspace:^1.22.0
version: link:../schemas
'@logto/shared':
specifier: workspace:^3.1.1
@ -4082,7 +4082,7 @@ importers:
packages/schemas:
dependencies:
'@logto/connector-kit':
specifier: workspace:^4.0.0
specifier: workspace:^4.1.0
version: link:../toolkit/connector-kit
'@logto/core-kit':
specifier: workspace:^2.5.0
@ -4091,10 +4091,10 @@ importers:
specifier: workspace:^1.1.0
version: link:../toolkit/language-kit
'@logto/phrases':
specifier: workspace:^1.14.1
specifier: workspace:^1.15.0
version: link:../phrases
'@logto/phrases-experience':
specifier: workspace:^1.8.0
specifier: workspace:^1.9.0
version: link:../phrases-experience
'@logto/shared':
specifier: workspace:^3.1.2
@ -16757,10 +16757,10 @@ snapshots:
eslint-config-prettier: 9.1.0(eslint@8.57.0)
eslint-config-xo: 0.44.0(eslint@8.57.0)
eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
eslint-plugin-consistent-default-export-name: 0.0.15
eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
eslint-plugin-n: 17.2.1(eslint@8.57.0)
eslint-plugin-no-use-extend-native: 0.5.0
eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@ -20154,13 +20154,13 @@ snapshots:
transitivePeerDependencies:
- supports-color
eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0):
dependencies:
debug: 4.3.5
enhanced-resolve: 5.16.0
eslint: 8.57.0
eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
fast-glob: 3.3.2
get-tsconfig: 4.7.3
is-core-module: 2.13.1
@ -20171,14 +20171,14 @@ snapshots:
- eslint-import-resolver-webpack
- supports-color
eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
dependencies:
debug: 3.2.7
optionalDependencies:
'@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
eslint: 8.57.0
eslint-import-resolver-node: 0.3.9
eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
transitivePeerDependencies:
- supports-color
@ -20200,7 +20200,7 @@ snapshots:
eslint: 8.57.0
ignore: 5.3.1
eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
dependencies:
array-includes: 3.1.8
array.prototype.findlastindex: 1.2.5
@ -20210,7 +20210,7 @@ snapshots:
doctrine: 2.1.0
eslint: 8.57.0
eslint-import-resolver-node: 0.3.9
eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
hasown: 2.0.2
is-core-module: 2.13.1
is-glob: 4.0.3