0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-20 21:32:31 -05:00
logto/packages/phrases/CHANGELOG.md
2023-11-14 19:57:42 +08:00

31 KiB
Raw Blame History

Change Log

1.7.0

Minor Changes

  • 6727f629d: feature: introduce multi-factor authentication

    We're excited to announce that Logto now supports multi-factor authentication (MFA) for your sign-in experience. Navigate to the "Multi-factor auth" tab to configure how you want to secure your users' accounts.

    In this release, we introduce the following MFA methods:

    • Authenticator app OTP: users can add any authenticator app that supports the TOTP standard, such as Google Authenticator, Duo, etc.
    • WebAuthn (Passkey): users can use the standard WebAuthn protocol to register a hardware security key, such as biometric keys, Yubikey, etc.
    • Backup codesusers can generate a set of backup codes to use when they don't have access to other MFA methods.

    For a smooth transition, we also support to configure the MFA policy to require MFA for sign-in experience, or to allow users to opt-in to MFA.

1.6.0

Minor Changes

  • 87df417d1: feat: support HTTP for webhook requests

1.5.0

Minor Changes

  • e8b0b1d02: feature: password policy

    Summary

    This feature enables custom password policy for users. Now it is possible to guard with the following rules when a user is creating a new password:

    • Minimum length (default: 8)
    • Minimum character types (default: 1)
    • If the password has been pwned (default: true)
    • If the password is exactly the same as or made up of the restricted phrases:
      • Repetitive or sequential characters (default: true)
      • User information (default: true)
      • Custom words (default: [])

    If you are an existing Logto Cloud user or upgrading from a previous version, to ensure a smooth experience, we'll keep the original policy as much as possible:

    The original password policy requires a minimum length of 8 and at least 2 character types (letters, numbers, and symbols).

    Note in the new policy implementation, it is not possible to combine lower and upper case letters into one character type. So the original password policy will be translated into the following:

    • Minimum length: 8
    • Minimum character types: 2
    • Pwned: false
    • Repetitive or sequential characters: false
    • User information: false
    • Custom words: []

    If you want to change the policy, you can do it:

    • Logto Console -> Sign-in experience -> Password policy.
    • Update passwordPolicy property in the sign-in experience via Management API.

    Side effects

    • All new users will be affected by the new policy immediately.
    • Existing users will not be affected by the new policy until they change their password.
    • We removed password restrictions when adding or updating a user via Management API.

1.4.1

Patch Changes

  • ecbecd8e4: various application improvements

    • Show OpenID Provider configuration endpoint in Console
    • Configure "Rotate Refresh Token" in Console
    • Configure "Refresh Token TTL" in Console

1.4.0

Minor Changes

  • 268dc50e7: Support setting default API Resource from Console and API

    • New API Resources will not be treated as default.
    • Added PATCH /resources/:id/is-default to setting isDefault for an API Resource.
      • Only one default API Resource is allowed per tenant. Setting one API default will reset all others.
  • fa0dbafe8: Add custom domain support

  • 497d5b526: Support updating sign-in identifiers in user details form

    • Admin can now update user sign-in identifiers (username, email, phone number) in the user details form in user management.
    • Other trivial improvements and fixes, e.g. input field placeholder, error handling, etc.

1.3.0

Minor Changes

  • 5d6720805: add config alwaysIssueRefreshToken for web apps to unblock OAuth integrations that are not strictly conform OpenID Connect.

    when it's enabled, Refresh Tokens will be always issued regardless if prompt=consent was present in the authorization request.

1.2.0

Minor Changes

1.1.0

Minor Changes

Patch Changes

1.0.0

Major Changes

Minor Changes

  • 343b1090f: ### Add dynamic favicon and html title

    • Add the favicon field in the sign-in-experience branding settings. Users would be able to upload their own favicon. Use local logto icon as a fallback

    • Set different html title for different pages.

      • sign-in
      • register
      • forgot-password
      • logto
  • c12717412: ## Creating your social connector with ease

    Were excited to announce that Logto now supports standard protocols (SAML, OIDC, and OAuth2.0) for creating social connectors to integrate external identity providers. Each protocol can create multiple social connectors, giving you more control over your access needs.

    To simplify the process of configuring social connectors, were replacing code-edit with simple forms. SAML already supports form configuration, with other connectors coming soon. This means you dont need to compare documents or worry about code format.

  • 68f2d56a2: Add German language

  • 343b1090f: Allow admin tenant admin to create tenants without limitation

  • 343b1090f: ### Add privacy policy url

    In addition to the terms of service url, we also provide a privacy policy url field in the sign-in-experience settings. To better support the end-users' privacy declaration needs.

  • 343b1090f: New feature: User account settings page

    • We have removed the previous settings page and moved it to the account settings page. You can access to the new settings menu by clicking the user avatar in the top right corner.
    • You can directly change the language or theme from the popover menu, and explore more account settings by clicking the "Profile" menu item.
    • You can update your avatar, name and username in the profile page, and also changing your password.
    • [Cloud] Cloud users can also link their email address and social accounts (Google and GitHub at first launch).
  • 343b1090f: remove the branding style config and make the logo URL config optional

  • 343b1090f: Add custom CSS code editor so that users can apply advanced UI customization.

    • Users can check the real time preview of the CSS via SIE preview on the right side.
  • 1c9160112: ### Features

    • Enhanced user search params #2639
    • Web hooks

    Improvements

    • Refactored Interaction APIs and Audit logs

Patch Changes

  • 343b1090f: add deletion confirm for in-used passwordless connectors
  • 38970fb88: Fix a Sign-in experience bug that may block some users to sign in.

1.0.0-rc.1

Minor Changes

  • c12717412: ## Creating your social connector with ease

    Were excited to announce that Logto now supports standard protocols (SAML, OIDC, and OAuth2.0) for creating social connectors to integrate external identity providers. Each protocol can create multiple social connectors, giving you more control over your access needs.

    To simplify the process of configuring social connectors, were replacing code-edit with simple forms. SAML already supports form configuration, with other connectors coming soon. This means you dont need to compare documents or worry about code format.

1.0.0-beta.17

Major Changes

Minor Changes

  • 1c916011: ### Features

    • Enhanced user search params #2639
    • Web hooks

    Improvements

    • Refactored Interaction APIs and Audit logs

1.0.0-beta.16

Patch Changes

  • 38970fb8: Fix a Sign-in experience bug that may block some users to sign in.

1.0.0-beta.13

Minor Changes

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

1.0.0-beta.12 (2022-10-19)

Bug Fixes

1.0.0-beta.11 (2022-10-19)

Features

Bug Fixes

  • deps: update dependency @logto/language-kit to v1.0.0-beta.16 (89e4800)

1.0.0-beta.10 (2022-09-28)

Features

  • console: auto detect language setting (#1941) (49b4303)
  • console: configure M2M app access (#1999) (a75f8fe)
  • core,phrases: add check protected access function (e405ef7)
  • core: add POST /session/forgot-password/reset (#1972) (acdc86c)
  • core: cannot delete custom phrase used as default language in sign-in exp (#1951) (a1aef26)
  • core: machine to machine apps (cd9c697)

Bug Fixes

  • bump react sdk and essentials toolkit to support CJK characters in idToken (2f92b43)

Reverts

  • Revert "feat(console): auto detect language setting (#1941)" (#2004) (ad1d1e3), closes #1941 #2004

1.0.0-beta.9 (2022-09-07)

Features

  • add Portuguese translation (f268ecb)

1.0.0-beta.8 (2022-09-01)

Note: Version bump only for package @logto/phrases

1.0.0-beta.6 (2022-08-30)

Features

  • console: allow to disable create account (#1806) (67305ec)

1.0.0-beta.5 (2022-08-19)

⚠ BREAKING CHANGES

  • core,console: remove /me apis (#1781)

Features

Code Refactoring

1.0.0-beta.4 (2022-08-11)

Features

1.0.0-beta.3 (2022-08-01)

Features

  • console: add Next.js integration guide in admin console (7d3f947)
  • phrases: tr language (#1707) (411a8c2)

1.0.0-beta.2 (2022-07-25)

Bug Fixes

  • console: should parse to json before using zod safeParse (ec674ec)

1.0.0-beta.1 (2022-07-19)

Features

  • console: add a declaration file for react-i18next (#1556) (6ae5e7d)

1.0.0-beta.0 (2022-07-14)

Bug Fixes

  • connector: passwordless connector send test msg with unsaved config (#1539) (0297f6c)
  • console: redirect uri field label should display properly in guide (#1549) (020f294)

1.0.0-alpha.4 (2022-07-08)

Features

  • connector: connector error handler, throw errmsg on general errors (#1458) (7da1de3)
  • console: add placeholder for connector sender test (#1476) (8e85a11)
  • expose zod error (#1474) (81b63f0)

Bug Fixes

  • console: improve error handling in connector details and sender tester (d9ce4a0)

1.0.0-alpha.3 (2022-07-07)

Note: Version bump only for package @logto/phrases

1.0.0-alpha.2 (2022-07-07)

Note: Version bump only for package @logto/phrases

1.0.0-alpha.1 (2022-07-05)

Features

1.0.0-alpha.0 (2022-07-04)

Bug Fixes

0.1.2-alpha.5 (2022-07-03)

Note: Version bump only for package @logto/phrases

0.1.2-alpha.4 (2022-07-03)

Note: Version bump only for package @logto/phrases

0.1.2-alpha.3 (2022-07-03)

Note: Version bump only for package @logto/phrases

0.1.2-alpha.2 (2022-07-02)

Note: Version bump only for package @logto/phrases

0.1.2-alpha.1 (2022-07-02)

Note: Version bump only for package @logto/phrases

0.1.1-alpha.0 (2022-07-01)

Features

  • AC: content updates (#1003) (320a00b)
  • ac: implement admin console welcome page (#1139) (b42f4ba)
  • connectors: handle authorization callback parameters in each connector respectively (#1166) (097aade)
  • console,core: hide admin user (#1182) (9194a6e)
  • console,ui: generate dark mode color in console (#1231) (f72b21d)
  • console: add 404 page in admin console (0d047fb)
  • console: add comopnent alert (#706) (60920c2)
  • console: add mobile web tab in preview (#1214) (9b6fd4c)
  • console: add placeholders (#1277) (c26ca08)
  • console: add user dropdown and sign out button (5a09e7d)
  • console: audit log filters (#1004) (a0d562f)
  • console: audit log table (#1000) (fdd12de)
  • console: clear search results (#1199) (a2de467)
  • console: configure cors-allowed-origins (#695) (4a0577a)
  • console: connector detail top card (5288d6d)
  • console: connector groups table (#962) (eb3f0cb)
  • console: connector in use status (#1012) (542d574)
  • console: connector warnings in sign in methods (#710) (cd03130)
  • console: contact us icon and texts (#836) (c3785d8)
  • console: dark logo (#860) (664a218)
  • console: disable existing connectors when adding (#1018) (19380d0)
  • console: form field tooltip (#786) (1c7de47)
  • console: group connectors in add modal (#1029) (fa420c9)
  • console: hide get-started page on clicking 'Hide this' button (7fd42fd)
  • console: implement get started page (9790767)
  • console: implement get-started progress indicator component (ed9387b)
  • console: init dashboard (#1006) (28e09b6)
  • console: input error message (#1050) (458602f)
  • console: integrate dark mode settings (a04f818)
  • console: log details page (#1064) (0421195)
  • console: multi-text-input delete reminder (#752) (04fc5d4)
  • console: reset user password (#1266) (8c46ead)
  • console: sie form reorg (#1218) (2c41334)
  • console: sign in exp guide (#755) (bafd094)
  • console: sign in experience preview (#783) (6ab54c9)
  • console: sign in experience setup others tab (#662) (875a31e)
  • console: sign in experience welcome page (#746) (d815d96)
  • console: sign in methods change alert (#701) (a1ceea0)
  • console: support persisting get-started progress in settings config (43b2309)
  • console: update cn phrases (#1255) (77e1033)
  • console: user connector delete confirmation (#1165) (4905a5d)
  • core,console: change admin user password (#1268) (a4d0a94)
  • core,console: connector platform tabs (#887) (65fb36c)
  • core: align connector error handler middleware with ConnectorErrorCodes (#1063) (1b8190a)
  • core: convert route guards to swagger.json (#1047) (3145c9b)
  • core: update connector db schema (#732) (8e1533a)
  • dashboard: add tooltip to dashboard items (#1089) (9dd73ac)
  • demo-app: implement (part 2) (85a055e)
  • ui: add mobile terms of use iframe modal (#947) (4abcda6)
  • ui: add Notification component (#994) (8530e24)
  • ui: app notification (#999) (f4e380f)
  • ui: display error message on social callback page (#1097) (f3b8678)
  • ui: not found page (#691) (731ff1c)

Bug Fixes

  • lint:report script (#730) (3b17324)
  • console: add code editor field label (#1170) (9aab5ee)
  • console: add hover state to hide guide button (#1328) (323895a)
  • console: add mobile platform preview description (#1032) (6167e5c)
  • console: change application column name (#743) (6148cbd)
  • console: remove dashboard tip time range (#1323) (3aac771)
  • console: remove role edit from user details (#1173) (520f66c)
  • console: remove unused api resource help button (#1217) (e5249e2)
  • console: reset password label (#1300) (628ac46)
  • console: return to user-details page from user-log-details page (#1135) (294c600)
  • console: save changes button on settings page (#1167) (97faade)
  • console: should not append slash in cors allowed uri (#1001) (826f368)
  • console: show enabled platforms in detail tab (#989) (0656b6d)
  • console: ui fixes (#678) (dc976d8)
  • console: update en phrases (#1254) (a907ab4)
  • console: update get-started enable passwordless button text to "Enable" (f7d2e4c)
  • console: upgrade react-sdk 0.1.7 (a814e2c)
  • core: koaAuth should return 403 instead of 401 on non-admin role (ee16eeb)
  • core: remove unavailable social sign in targets on save (#1201) (012562e)
  • core: signing in with a non-existing username should throw invalid credentials (#1239) (53781d6)
  • ui: add i18n formater for zh-CN list (#1009) (ca5c8aa)
  • ui: catch request exceptions with no response body (#790) (48de9c0)
  • ui: fix count down bug (#874) (9c1e9ef)
  • ui: ui design review fix (#697) (15dd1a7)
  • ui: ui refinement (#855) (1661c81)