* release: version packages * chore: update new connectors version number --------- Co-authored-by: Darcy Ye <darcyye@silverhand.io>
15 KiB
Change Log
2.5.2
Patch Changes
-
239b81e31
: loose redirect uri restrictionsLogto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
This update relaxes restrictions on redirect URIs to allow the following:
- A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like
https://example.com
. - Native schemes without a period (
.
). For example,myapp://callback
is now allowed.
When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
We hope this change will make it easier for you to integrate Logto with your applications.
- A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like
2.5.1
Patch Changes
3c993d59c
: add range request handling to url utilities
2.5.0
Minor Changes
-
0c70d65c7
: define newsso_identities
user claim to the userinfo endpoint response- Define a new
sso_identities
user claim that will be used to store the user's SSO identities. The claim will be an array of objects with the following properties:details
: detailed user info returned from the SSO provider.issuer
: the issuer of the SSO provider.identityId
: the user id of the user in the SSO provider.
- The new claims will share the same scope as the social
identities
claim. - When the user
identities
scope is requested, the newsso_identities
claim will be returned along with theidentities
claim in the userinfo endpoint response.
- Define a new
2.4.0
Minor Changes
-
abffb9f95
: full oidc standard claims supportWe have added support for the remaining OpenID Connect standard claims. Now, these claims are accessible in both ID tokens and the response from the
/me
endpoint.Additionally, we adhere to the standard scopes - claims mapping. This means that you can retrieve most of the profile claims using the
profile
scope, and theaddress
claim can be obtained by using theaddress
scope.For all newly introduced claims, we store them in the
user.profile
field.![Note] Unlike other database fields (e.g.
name
), the claims stored in theprofile
field will fall back toundefined
rather thannull
. We refrain from using?? null
here to reduce the size of ID tokens, sinceundefined
fields will be stripped in tokens.
Patch Changes
- @logto/shared@3.1.0
2.3.0
Minor Changes
-
31e60811d
: use Node 20 LTS for engine requirement.Note: We mark it as minor because Logto is shipping with Docker image and it's not a breaking change for users.
Patch Changes
9089dbf84
: upgrade TypeScript to 5.3.3- Updated dependencies [
acb7fd3fe
] - Updated dependencies [
9089dbf84
] - Updated dependencies [
31e60811d
]- @logto/shared@3.1.0
- @logto/language-kit@1.1.0
2.2.1
Patch Changes
-
b4f702a86
: userinfo endpoint will returnorganization_data
claim if organization scope is requestedThe claim includes all organizations that the user is a member of with the following structure:
{ "organization_data": [ { "id": "organization_id", "name": "organization_name", "description": "organization_description" } ] }
2.2.0
Minor Changes
2c340d379
: supportroles
scope for ID token to issueroles
claim
2.1.2
Patch Changes
- Updated dependencies [
18181f892
]- @logto/shared@3.0.0
2.1.1
Patch Changes
6f5a0acad
: fix a bug that prevents user from customizing i18n translations in Sign-in Experience config
2.1.0
Minor Changes
-
e8b0b1d02
: feature: password policySummary
This feature enables custom password policy for users. Now it is possible to guard with the following rules when a user is creating a new password:
- Minimum length (default:
8
) - Minimum character types (default:
1
) - If the password has been pwned (default:
true
) - If the password is exactly the same as or made up of the restricted phrases:
- Repetitive or sequential characters (default:
true
) - User information (default:
true
) - Custom words (default:
[]
)
- Repetitive or sequential characters (default:
If you are an existing Logto Cloud user or upgrading from a previous version, to ensure a smooth experience, we'll keep the original policy as much as possible:
The original password policy requires a minimum length of 8 and at least 2 character types (letters, numbers, and symbols).
Note in the new policy implementation, it is not possible to combine lower and upper case letters into one character type. So the original password policy will be translated into the following:
- Minimum length:
8
- Minimum character types:
2
- Pwned:
false
- Repetitive or sequential characters:
false
- User information:
false
- Custom words:
[]
If you want to change the policy, you can do it:
- Logto Console -> Sign-in experience -> Password policy.
- Update
passwordPolicy
property in the sign-in experience via Management API.
Side effects
- All new users will be affected by the new policy immediately.
- Existing users will not be affected by the new policy until they change their password.
- We removed password restrictions when adding or updating a user via Management API.
- Minimum length (default:
Patch Changes
- Updated dependencies [
310698b0d
]- @logto/shared@2.0.1
2.0.1
Patch Changes
e9c2c9a6d
: Add new font tokens in core-kit
2.0.0
Major Changes
30033421c
: - connector-kit: addDemoConnector
type and demo connector ids- core-kit: remove nanoid utils, add tenant model utils
- shared: remove models, add database types and universal export
Patch Changes
1.1.0
Minor Changes
- 343b1090f: Allow admin tenant admin to create tenants without limitation
1.0.0
Minor Changes
-
738675a7d
: ## Improvements- Exported seed constants and schemas.
- Add ID generation utilities
buildIdGenerator()
andgenerateStandardId()
.
Patch Changes
- Updated dependencies [
738675a7d
]- @logto/language-kit@1.0.0
1.0.0-beta.30
Minor Changes
-
738675a7
: ## Improvements- Exported seed constants and schemas.
- Add ID generation utilities
buildIdGenerator()
andgenerateStandardId()
.
Patch Changes
- Updated dependencies [
738675a7
]- @logto/language-kit@1.0.0-beta.30
All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.
1.0.0-beta.29 (2022-12-07)
Bug Fixes
1.0.0-beta.28 (2022-12-06)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.26 (2022-11-23)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.25 (2022-11-22)
Bug Fixes
1.0.0-beta.24 (2022-11-22)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.21 (2022-11-11)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.20 (2022-10-21)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.19 (2022-10-19)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.18 (2022-10-12)
Bug Fixes
1.0.0-beta.17 (2022-10-12)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.16 (2022-09-28)
Bug Fixes
1.0.0-beta.15 (2022-09-27)
Features
1.0.0-beta.14 (2022-09-23)
Bug Fixes
1.0.0-beta.13 (2022-09-19)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.12 (2022-09-17)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.11 (2022-09-16)
Note: Version bump only for package @logto/core-kit
1.0.0-beta.10 (2022-09-16)
Features
- initial commit (56a4968)
1.0.0-beta.9 (2022-09-07)
Features
- add Portuguese translation (f268ecb)
Bug Fixes
- console,ui: fix locale guard issue in settings page (e200578)
1.0.0-beta.8 (2022-09-01)
Note: Version bump only for package @logto/shared
1.0.0-beta.6 (2022-08-30)
Note: Version bump only for package @logto/shared
1.0.0-beta.5 (2022-08-19)
Note: Version bump only for package @logto/shared
1.0.0-beta.4 (2022-08-11)
Bug Fixes
1.0.0-beta.3 (2022-08-01)
Features
- console: add Next.js integration guide in admin console (7d3f947)
1.0.0-beta.1 (2022-07-19)
Note: Version bump only for package @logto/shared
1.0.0-beta.0 (2022-07-14)
Note: Version bump only for package @logto/shared
1.0.0-alpha.3 (2022-07-07)
Note: Version bump only for package @logto/shared
0.1.2-alpha.5 (2022-07-03)
Note: Version bump only for package @logto/shared
0.1.2-alpha.1 (2022-07-02)
Note: Version bump only for package @logto/shared
0.1.1-alpha.0 (2022-07-01)
Features
- console,ui: generate dark mode color in console (#1231) (f72b21d)
- console: add details summary component in guides (693c4f0)
- core,shared: get /dashboard/users/active (#953) (1420bb2)
- demo-app: implement (part 2) (85a055e)
- demo-app: implementation (#982) (7f4f4f8)
- demo-app: init (#979) (ad0aa8e)
- shared,phrases-ui: not allow hyphens in username (#1319) (5e81966)
- update field check rules (#854) (85a407c)