28 KiB
Change Log
1.6.0
Minor Changes
-
ecbecd8e4
: various application improvements- Show OpenID Provider configuration endpoint in Console
- Configure "Rotate Refresh Token" in Console
- Configure "Refresh Token TTL" in Console
Patch Changes
- Updated dependencies [
e9c2c9a6d
] - Updated dependencies [
ecbecd8e4
]- @logto/core-kit@2.0.1
- @logto/phrases@1.4.1
1.5.0
Minor Changes
-
2cab3787c
: Add cloudflare configurations to system -
73666f8fa
: Provide new features for webhooksFeatures
- Manage webhooks via the Admin Console
- Securing webhooks by validating signature
- Allow to enable/disable a webhook
- Track recent execution status of a webhook
- Support multi-events for a webhook
Updates
- schemas: add
name
,events
,signingKey
, andenabled
fields to thehook
schema - core: change the
user-agent
value fromLogto (https://logto.io)
toLogto (https://logto.io/)
in the webhook request headers - core: deprecate
event
field in all hook-related APIs, useevents
instead - core: deprecate
retries
field in theHookConfig
for all hook-related APIs, now it will fallback to3
if not specified and will be removed in the future - core: add new APIs for webhook management
GET /api/hooks/:id/recent-logs
to retrieve recent execution logs(24h) of a webhookPOST /api/hooks/:id/test
to test a webhookPATCH /api/hooks/:id/signing-key
to regenerate the signing key of a webhook
- core: support query webhook execution stats(24h) via
GET /api/hooks/:id
andGET /api/hooks/:id
by specifyingincludeExecutionStats
query parameter - console: support webhook management
-
268dc50e7
: Support setting default API Resource from Console and API- New API Resources will not be treated as default.
- Added
PATCH /resources/:id/is-default
to settingisDefault
for an API Resource.- Only one default API Resource is allowed per tenant. Setting one API default will reset all others.
-
fa0dbafe8
: Add custom domain support
Patch Changes
497d5b526
: Support updating sign-in identifiers in user details form- Admin can now update user sign-in identifiers (username, email, phone number) in the user details form in user management.
- Other trivial improvements and fixes, e.g. input field placeholder, error handling, etc.
- Updated dependencies [
268dc50e7
] - Updated dependencies [
fa0dbafe8
] - Updated dependencies [
497d5b526
]- @logto/phrases@1.4.0
1.4.0
Minor Changes
-
5d6720805
: add configalwaysIssueRefreshToken
for web apps to unblock OAuth integrations that are not strictly conform OpenID Connect.when it's enabled, Refresh Tokens will be always issued regardless if
prompt=consent
was present in the authorization request.
Patch Changes
- Updated dependencies [
5d6720805
]- @logto/phrases@1.3.0
1.3.1
1.3.0
Patch Changes
-
beb6ebad5
: ## Add min length 1 type guard for all string typed db schema fieldsUpdate the
@logto/schemas
zod guard generation method to include a min length of 1 for all the required string typed db fields.
1.2.3
1.2.2
1.2.1
1.2.0
Patch Changes
457cb2822
: Adding social connectors will now mark the related get-started action item as completed.- Updated dependencies [
ae6a54993
] - Updated dependencies [
206fba2b5
] - Updated dependencies [
4945b0be2
] - Updated dependencies [
c5eb3a2ba
] - Updated dependencies [
5553425fc
] - Updated dependencies [
30033421c
]- @logto/phrases@1.2.0
- @logto/phrases-ui@1.2.0
- @logto/shared@2.0.0
- @logto/core-kit@2.0.0
- @logto/connector-kit@1.1.1
1.1.0
Patch Changes
- Updated dependencies [
f9ca7cc49
] - Updated dependencies [
37714d153
] - Updated dependencies [
f3d60a516
] - Updated dependencies [
5c50957a9
] - Updated dependencies [
e9e8a6e11
]- @logto/phrases@1.1.0
- @logto/phrases-ui@1.1.0
1.0.7
Patch Changes
5b4da1e3d
: force bump to fix npm publishment
1.0.1
Patch Changes
621b09ba1
: force version bump
1.0.0
Major Changes
-
c12717412
: Decouple users and admins💥 BREAKING CHANGES 💥
Logto was using a single port to serve both normal users and admins, as well as the web console. While we continuously maintain a high level of security, it’ll still be great to decouple these components into two separate parts to keep data isolated and provide a flexible infrastructure.
From this version, Logto now listens to two ports by default, one for normal users (
3001
), and one for admins (3002
).- Nothing changed for normal users. No adaption is needed.
- For admin users:
- The default Admin Console URL has been changed to
http://localhost:3002/console
. - To change the admin port, set the environment variable
ADMIN_PORT
. For instance,ADMIN_PORT=3456
. - You can specify a custom endpoint for admins by setting the environment variable
ADMIN_ENDPOINT
. For example,ADMIN_ENDPOINT=https://admin.your-domain.com
. - You can now completely disable admin endpoints by setting
ADMIN_DISABLE_LOCALHOST=1
and leavingADMIN_ENDPOINT
unset. - Admin Console and admin user data are not accessible via normal user endpoints, including
localhost
andENDPOINT
from the environment. - Admin Console no longer displays audit logs of admin users. However, these logs still exist in the database, and Logto still inserts admin user logs. There is just no convenient interface to inspect them.
- Due to the data isolation, the numbers on the dashboard may slightly decrease (admins are excluded).
- The default Admin Console URL has been changed to
If you are upgrading from a previous version, simply run the database alteration command as usual, and we'll take care of the rest.
Note
DID YOU KNOW
Under the hood, we use the powerful Postgres feature Row-Level Security to isolate admin and user data.
-
1c9160112
: Packages are now ESM. -
f41fd3f05
: drop settings table and add systems tableBREAKING CHANGES
- core: removed
GET /settings
andPATCH /settings
API - core: added
GET /configs/admin-console
andPATCH /configs/admin-console
API/configs/*
APIs are config/key-specific now. they may have different logic per key
- cli: change valid
logto db config
keys by removingalterationState
and addingadminConsole
since:- OIDC configs and admin console configs are tenant-level configs (the concept of "tenant" can be ignored until we officially announce it)
- alteration state is still a system-wide config
- core: removed
Minor Changes
-
343b1090f: Add demo social connectors for new tenant
-
f41fd3f05
: Replacepasscode
naming convention in the interaction APIs and main flow ui withverificationCode
. -
343b1090f: ### Add dynamic favicon and html title
-
Add the favicon field in the sign-in-experience branding settings. Users would be able to upload their own favicon. Use local logto icon as a fallback
-
Set different html title for different pages.
- sign-in
- register
- forgot-password
- logto
-
-
343b1090f: Allow admin tenant admin to create tenants without limitation
-
343b1090f: ### Add privacy policy url
In addition to the terms of service url, we also provide a privacy policy url field in the sign-in-experience settings. To better support the end-users' privacy declaration needs.
-
343b1090f: Add
sessionNotFoundRedirectUrl
tenant config- User can use this optional config to designate the URL to redirect if session not found in Sign-in Experience.
- Session guard now works for root path as well.
-
343b1090f: remove the branding style config and make the logo URL config optional
-
1c9160112
: ### Features- Enhanced user search params #2639
- Web hooks
Improvements
- Refactored Interaction APIs and Audit logs
-
343b1090f: ### Add custom content sign-in-experience settings to allow insert custom static html content to the logto sign-in pages
- feat: combine with the custom css, give the user the ability to further customize the sign-in pages
-
f41fd3f05
: Replace thesms
naming convention usingphone
cross logto codebase. Including Sign-in Experience types, API paths, API payload and internal variable names.
Patch Changes
-
e63f5f8b0
: Bump connector kit version to fix "Continue" issues on sending email/sms. -
38970fb88
: Fix a Sign-in experience bug that may block some users to sign in. -
343b1090f: Seed data for cloud
- cli!: remove
oidc
option fordatabase seed
command as it's unused - cli: add hidden
--cloud
option fordatabase seed
command to init cloud data - cli, cloud: appending Redirect URIs to Admin Console will deduplicate values before update
- move
UrlSet
andGlobalValues
to@logto/shared
- cli!: remove
-
7fb689b73
: Fix version lifecycle script -
2d45cc3e6
: Update alteration script names after versioning -
Updated dependencies [343b1090f]
-
Updated dependencies [343b1090f]
-
Updated dependencies [
c12717412
] -
Updated dependencies [
68f2d56a2
] -
Updated dependencies [343b1090f]
-
Updated dependencies [343b1090f]
-
Updated dependencies [343b1090f]
-
Updated dependencies [
38970fb88
] -
Updated dependencies [
c12717412
] -
Updated dependencies [343b1090f]
-
Updated dependencies [
c12717412
] -
Updated dependencies [343b1090f]
-
Updated dependencies [343b1090f]
-
Updated dependencies [
1c9160112
] -
Updated dependencies [343b1090f]
-
Updated dependencies [
1c9160112
]- @logto/phrases-ui@1.0.0
- @logto/phrases@1.0.0
- @logto/connector-kit@1.1.0
- @logto/core-kit@1.1.0
1.0.0-rc.1
Major Changes
-
c12717412
: Decouple users and admins💥 BREAKING CHANGES 💥
Logto was using a single port to serve both normal users and admins, as well as the web console. While we continuously maintain a high level of security, it’ll still be great to decouple these components into two separate parts to keep data isolated and provide a flexible infrastructure.
From this version, Logto now listens to two ports by default, one for normal users (
3001
), and one for admins (3002
).- Nothing changed for normal users. No adaption is needed.
- For admin users:
- The default Admin Console URL has been changed to
http://localhost:3002/console
. - To change the admin port, set the environment variable
ADMIN_PORT
. For instance,ADMIN_PORT=3456
. - You can specify a custom endpoint for admins by setting the environment variable
ADMIN_ENDPOINT
. For example,ADMIN_ENDPOINT=https://admin.your-domain.com
. - You can now completely disable admin endpoints by setting
ADMIN_DISABLE_LOCALHOST=1
and leavingADMIN_ENDPOINT
unset. - Admin Console and admin user data are not accessible via normal user endpoints, including
localhost
andENDPOINT
from the environment. - Admin Console no longer displays audit logs of admin users. However, these logs still exist in the database, and Logto still inserts admin user logs. There is just no convenient interface to inspect them.
- Due to the data isolation, the numbers on the dashboard may slightly decrease (admins are excluded).
- The default Admin Console URL has been changed to
If you are upgrading from a previous version, simply run the database alteration command as usual, and we'll take care of the rest.
Note
DID YOU KNOW
Under the hood, we use the powerful Postgres feature Row-Level Security to isolate admin and user data.
Patch Changes
- Updated dependencies [
c12717412
] - Updated dependencies [
c12717412
] - Updated dependencies [
c12717412
]- @logto/phrases@1.0.0-rc.1
- @logto/phrases-ui@1.0.0-rc.1
1.0.0-rc.0
Major Changes
-
f41fd3f0
: drop settings table and add systems tableBREAKING CHANGES
- core: removed
GET /settings
andPATCH /settings
API - core: added
GET /configs/admin-console
andPATCH /configs/admin-console
API/configs/*
APIs are config/key-specific now. they may have different logic per key
- cli: change valid
logto db config
keys by removingalterationState
and addingadminConsole
since:- OIDC configs and admin console configs are tenant-level configs (the concept of "tenant" can be ignored until we officially announce it)
- alteration state is still a system-wide config
- core: removed
Minor Changes
f41fd3f0
: Replacepasscode
naming convention in the interaction APIs and main flow ui withverificationCode
.f41fd3f0
: Replace thesms
naming convention usingphone
cross logto codebase. Including Sign-in Experience types, API paths, API payload and internal variable names.
1.0.0-beta.18
Patch Changes
df9e98dc
: Fix version lifecycle script
1.0.0-beta.17
Major Changes
1c916011
: Packages are now ESM.
Minor Changes
-
1c916011
: ### Features- Enhanced user search params #2639
- Web hooks
Improvements
- Refactored Interaction APIs and Audit logs
Patch Changes
- Updated dependencies [
1c916011
] - Updated dependencies [
1c916011
]- @logto/phrases@1.0.0-beta.17
- @logto/phrases-ui@1.0.0-beta.17
1.0.0-beta.16
Patch Changes
38970fb8
: Fix a Sign-in experience bug that may block some users to sign in.- Updated dependencies [
38970fb8
]- @logto/phrases@1.0.0-beta.16
1.0.0-beta.15
Patch Changes
- Bump connector kit version to fix "Continue" issues on sending email/sms.
1.0.0-beta.14
Patch Changes
2d45cc3e
: Update alteration script names after versioning
1.0.0-beta.13
Patch Changes
- Updated dependencies [
68f2d56a
]- @logto/phrases@1.0.0-beta.13
- @logto/phrases-ui@1.0.0-beta.13
All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.
1.0.0-beta.12 (2022-10-19)
Bug Fixes
- add tables to schemas files (582f3d6)
- handle versioning when no
next-*.ts
found (#2202) (61336df) - make packages public (e24fd04)
1.0.0-beta.11 (2022-10-19)
Features
- cli:
db alteration deploy
command (a5280a2) - cli:
db seed oidc
command (911117a) - cli: get/set db config key (0eff1e3)
Bug Fixes
- add redirectURI validation on frontend & backend (#1874) (4b0970b)
- alteration script in dev (9ebb3dd)
1.0.0-beta.10 (2022-09-28)
Features
- core,schemas: add phrases schema and GET /custom-phrases/:languageKey route (#1905) (7242aa8)
- core,schemas: migration deploy cli (#1966) (7cc2f4d)
- core,schemas: use timestamp to version migrations (bb4bfd3)
- core: add POST /session/forgot-password/{email,sms}/send-passcode (#1963) (af2600d)
- core: add POST /session/forgot-password/{email,sms}/verify-passcode (#1968) (1ea39f3)
- core: add POST /session/forgot-password/reset (#1972) (acdc86c)
- core: machine to machine apps (cd9c697)
- schemas: add logto configs table (#1940) (577ca48)
Bug Fixes
- bump react sdk and essentials toolkit to support CJK characters in idToken (2f92b43)
- core,schemas: move alteration types into schemas src (#2005) (10c1be6)
1.0.0-beta.9 (2022-09-07)
Note: Version bump only for package @logto/schemas
1.0.0-beta.8 (2022-09-01)
Note: Version bump only for package @logto/schemas
1.0.0-beta.6 (2022-08-30)
Note: Version bump only for package @logto/schemas
1.0.0-beta.5 (2022-08-19)
Note: Version bump only for package @logto/schemas
1.0.0-beta.4 (2022-08-11)
Features
- core,schemas: add application secret (#1715) (543ee04)
- schemas: guard string max length (#1737) (cdf210d)
1.0.0-beta.3 (2022-08-01)
Note: Version bump only for package @logto/schemas
1.0.0-beta.2 (2022-07-25)
Note: Version bump only for package @logto/schemas
1.0.0-beta.1 (2022-07-19)
Features
1.0.0-beta.0 (2022-07-14)
Note: Version bump only for package @logto/schemas
1.0.0-alpha.4 (2022-07-08)
Features
1.0.0-alpha.3 (2022-07-07)
Note: Version bump only for package @logto/schemas
1.0.0-alpha.2 (2022-07-07)
Bug Fixes
1.0.0-alpha.1 (2022-07-05)
Note: Version bump only for package @logto/schemas
1.0.0-alpha.0 (2022-07-04)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.5 (2022-07-03)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.4 (2022-07-03)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.3 (2022-07-03)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.2 (2022-07-02)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.1 (2022-07-02)
Note: Version bump only for package @logto/schemas
0.1.2-alpha.0 (2022-07-02)
Note: Version bump only for package @logto/schemas
0.1.1-alpha.0 (2022-07-01)
Features
- console,ui: generate dark mode color in console (#1231) (f72b21d)
- console: add application column in user management (#728) (a035587)
- console: add column lastSignIn in user management (#679) (a0b4b98)
- console: audit log table (#1000) (fdd12de)
- console: configure cors-allowed-origins (#695) (4a0577a)
- console: dark logo (#860) (664a218)
- console: hide get-started page on clicking 'Hide this' button (7fd42fd)
- console: integrate dark mode settings (a04f818)
- console: log details page (#1064) (0421195)
- console: sie form reorg (#1218) (2c41334)
- console: sign in exp guide (#755) (bafd094)
- console: support persisting get-started progress in settings config (43b2309)
- core,console: social connector targets (#851) (127664a)
- core,schemas: koaLogSession middleware (#767) (4e60446)
- core,schemas: log IP and user agent (#682) (0ecb7e4)
- core,schemas: log token exchange success (#809) (3b048a8)
- core,schemas: save application id that the user first consented (#688) (4521c3c)
- core: add experience configs (#745) (08904b8)
- core: add role table seed (#1145) (837ad52)
- core: add sign-in-mode (#1132) (f640dad)
- core: grantRevokedListener for logging revocation of access and refresh token (#900) (e5196fc)
- core: log error body (#1065) (2ba1121)
- core: log sending passcode with connector id (#824) (82c7138)
- core: update connector db schema (#732) (8e1533a)
- demo-app: implementation (#982) (7f4f4f8)
- demo-app: implementation (3/3) (#1021) (91e2f05)
- demo-app: show notification in main flow (#1038) (90ca76e)
- remove target, platform from connector schema and add id to metadata (#930) (054b0f7)
- schemas: create log indices on application id and user id (#933) (bf6e08c)
- schemas: make users.avatar URL length 2048 (#1141) (3ac01d7)
- update field check rules (#854) (85a407c)
- use user level custom data to save preferences (#1045) (f2b44b4)