Releases: authgear/authgear-server
Releases · authgear/authgear-server
2024-04-29.1
- 🔐 New Feature: Authflow selection in different applications.
- e.g. some applications can only be logged in with ADFS, and other applications must go through 2FA when logged in.
- 🌐 New supported languages in AuthUI, enable them in the Localization settings!
- Vietnamese 🇻🇳, Thai 🇹🇭, Malay 🇲🇾, Indonesian 🇮🇩, Filipino (Tagalog) 🇵🇭, Korean 🇰🇷, Japanese 🇯🇵, Spanish 🇪🇸/🌎, French 🇫🇷, Portuguese 🇵🇹/🇧🇷, German 🇩🇪, Italian 🇮🇹, Polish 🇵🇱, Dutch 🇳🇱, Greek 🇬🇷
- 🍪 Users can now control Cookie preferences in the Portal
- 💬 Login with WeChat in the new AuthUI and Authflow
- ✨ Application names are shown instead of Client IDs in user management session listing
-🛡️ Enforce minimum 43-character length for code verifier in OAuth PKCE flow - 🏰 Other misc security fixes
2024-04-05.0
- Use "Roles and Groups" to manage the application access right of a user
- Import User API: A new API for batch import users into Authgear. Best for migrating from legacy systems
- New endpoint: POST /_api/admin/users/import
- See user guide at: https://docs.authgear.com/how-to-guide/user-management/import-users-using-user-import-api
- Password Expiry: Force change password after X days upon login. (It's disabled by default because it’s not a recommended password policy)
- Webkit WebView in SDK (aka Embedded Webview). Use the new configuration in the SDK to open the AuthUI in an embedded webview to achieve a more native-looking experience. See the guide at: https://docs.authgear.com/how-to-guide/mobile-apps/using-webview-to-open-the-authgear-ui
2024-03-04.0
- 🪄 Use Authentication Flow API to make a custom signup-login flow and implement your own UI
- 🔢 Introducing Test Mode for OTP,
- You can now send a fixed OTP to a specific target on SMS or Email address
- The OTP can also be suppressed, so the target will not actually receive the OTP
- 😍 New AuthUI v2, a complete facelift for the default login UI
- 🌟 Combined Signup-login flow. Once AuthUI v2 is enabled in your project, you can enable the combined signup-login flow. User will signup if not registered before, and login if they did, all done automatically.
2024-01-31.0
2024-01-31.0
2023-12-11.0
Deploy e7a2763ac8fc4020ea8686c6d8223ed615d74355 to production
2023-08-30.0
- For tenant using non-custom domains, i.e. using the shared domain, the signup/login page must be initiated by OAuth. Direct access to the endpoint will no longer show the signup/login box.
- Show invalid project if the app-id in
[app-id].[free domains]does not exist. - Default signup/login pages of new created projects will show Authgear logo on the top, which can be replaced by the users.
Release 2023-08-14.0
- Fixed Signup rate limit was not working
- Default project count and SMS quota restriction for anti-spam measure
Release 2023-08-08.0
- 💬 Removed hostnames from the default SMS OTP template
Release 2023-08-04.0
- 🐛 Fixed bug: Cannot perform sensitive actions if using social login to login to portal
- 🐞 Fixed bug: Non-blocking event was not delivered to the next webhook endpoint if the previous hook failed. Now the subsequent delivery will not be affected by a previous delivery
- 🐞 Fixed bug: WeChat login connection cannot be disconnect from a user in the Portal
- 🐜 Introduced project.app.updated event for server admin purposes
Release 2023-07-25.0
What's New:
- 🔐 Introduce Account Lockout Policy to safeguard attacks towards a user account from brute-force login attempts
Learn how to use it in this guide: https://docs.authgear.com/security/brute-force-protection