Skip to content

Releases: logto-io/logto

v1.0.0-beta.16

30 Nov 09:40
v1.0.0-beta.16
66fbb43
Compare
Choose a tag to compare

1.0.0-beta.16 (2022-11-30)

Note
This release is a hot-fix based on v1.0.0-beta.14.

Bug fix

Unblock the "Continue" flow for some end-users (fixes #2555)

Users could get stuck during sign-in when email or phone is the sign-up identifier (required), but they don't have one in Logto.

Connectors

If you enabled email or SMS connector, please add the "Continue" template to make sure "Forgot password" works.

Please upgrade connectors as well to get the latest connector template for "Continue" flow configuration. Or you can go to the connectors repo to read the latest README.

Feel free to jump into our Discord server if you meet any issues.

v1.0.0-beta.14

16 Nov 11:37
v1.0.0-beta.14
df9fc56
Compare
Choose a tag to compare

1.0.0-beta.14 (2022-11-16)

Bug fix

🙇 Fix an issue that the CLI cannot find database alteration scripts but Logto is failed to start.

Before restarting Logto, use npx @logto/cli db alt deploy to deploy the latest database alterations.

Cause

We just changed our publish to changesets and it didn't run the version script during version bumping. See #2461 for details.

v1.0.0-beta.13

15 Nov 05:52
v1.0.0-beta.13
2303a78
Compare
Choose a tag to compare

1.0.0-beta.13 (2022-11-15)

Note
If you are experience some database alteration issue when upgrading to this version, please directly upgrade to v1.0.0-beta.14.

💥 Breaking change 💥

Now Logto uses the case-insensitive strategy for matching emails. Note we still store them in raw values for better email deliveries, thus it will affect the existing emails that have the identical lowercased address.

Feel free to contact us if this issue blocks the upgrade.

Sign-in Experience v2

We are thrilled to announce the release of the newest version of the Sign-in Experience, which includes more ways to sign-in and sign-up, as well as a framework that is easier to understand and more flexible to configure in the Admin Console.

When compared to Sign-in Experience v1, this version’s capability was expanded so that it could support a greater variety of flexible use cases. For example, now users can sign up with email verification code and sign in with email and password.

Besides, the forgot password flow will automatically appear when conditions meet.

We hope that this will be able to assist developers in delivering a successful sign-in flow, which will also be appreciated by the end users.

image

CLI

Rotate your private or secret key

We add a new command db config rotate <key> to support key rotation via CLI.

When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.

Run logto db config rotate help for detailed usage.

Trim the private or secret key you don't need

If you want to trim one or more out-dated private or secret key(s) from the config, use the command db config trim <key>. It will remove the last item (private or secret key) in the array.

You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.

If you want to remove multiple keys at once, just append a number to the command. E.g. logto db config trim oidc.cookieKeys 3.

Run logto db config trim help for detailed usage.

I18n

Thanks @lukashass for adding German language.

Add user suspend API endpoint

Use PATCH /api/users/:userId/is-suspended to update a user's suspended state, once a user is suspended, all refresh tokens belong to this user will be revoked.

Suspended users will get an error toast when trying to sign in.

Contributors

@ihsanguldur @alexgaribay @abellion @djyde

v1.0.0-beta.12

19 Oct 08:40
v1.0.0-beta.12
c0fb598
Compare
Choose a tag to compare

1.0.0-beta.12 (2022-10-19)

We’re super excited to announce some new capabilities in this release that will make Logto more accessible to developers and users all around the world. Get a taste of them and tell us what you think!

Migrate from previous versions

Here, we debut the new CLI and switch OIDC configurations from using environment variables to the database. Updating the Logto core necessitates the following two procedures:

  1. Execute npx @logto/cli db alteration deploy 1.0.0-beta.12 to finish updating the database schema.
  2. Migrate the OIDC configurations by following Migrate configs from env.

Note
For Docker image users: now DB_URL_DEFAULT has been changed to DB_URL.

Sign-in Experience i18n

Manage languages

The warm reception Logto has received since its initial release in July has resulted in numerous language contributions from the community. This motivates us to localize and tailor the sign-in process even more.

Now, we're ecstatic to announce that Logto Sign-in Experience has full support for i18n, which means your products can reach a wider global audience and offer more personalized and contextualized options for all users.

  • We have 6 predefined languages to choose from, all of which were created by our international community and can be modified to your liking.
  • Support for up to 113 language tags, allowing you to use your own translation in order to reach the vast majority of countries worldwide.

The admin console already includes this functionality. The "Language" section of the Sign-in Experience tab is where you'll be able to rapidly set up and manage your keys and custom values.

CLI: Exclusively for Logto

Terminal with Logto CLI

Combating with complicated commands? That's not how we roll. So we're bringing some friendly little things to keep the elegance going even in the command line.

If you're trying to install Logto on your machine, skip the long, scary install command. It now reads:

npm init @logto

And you are all set. Check out Using CLI for a detailed explanation of how to use Logto CLI.

Contributors

Thank you! 💗

v1.0.0-beta.10

28 Sep 14:48
v1.0.0-beta.10
11381af
Compare
Choose a tag to compare

1.0.0-beta.10 (2022-09-28)

Machine to Machine apps

Are you trying to access Logto Management API in a backend service? Or programmatically access other API Resources in an OAuth 2.0 manner? Then the Machine to Machine apps are your friend, and we’re happy to announce this feature is available now!

Click “Create Application” in the Applications tab of Admin Console, and you’ll see the new “Machine to Machine” app type. We also wrote a detailed integration guide to make the process painless.

Machine to Machine poster

Automatic database alteration

Maintaining database schemas is hard, but there’s no reason to make the job yours. Starting from this version, Logto will check if the database schemas are up-to-date during initializing and guide you to start an automatic alteration without shutting down the database.

For container users

For now, you have to jump into one instance and run npm run alteration deploy in the Logto project root with ease to upgrade your database schema. We'll provide a standalone CLI soon to make it more smooth.

Database alteration poster

Where’s the stable release?

It’s not far! After internal discussion, we decided to release the first stable release when several things are complete:

  • Sign-in experience v2 (More flexible sign-in configuration, forgot password)
  • Role-based access control

Join our Discord Server to stay tuned, and see our Logto Public Roadmap for details.

Contributors

❤️ Thank you!

Other updates

⚠ BREAKING CHANGES

  • core: update user scopes (#1922)

Features

  • core: support base64 format OIDC_PRIVATE_KEYS config in .env file (#1903) (5bdb675)

Bug Fixes

  • bump react sdk and essentials toolkit to support CJK characters in idToken (2f92b43)
  • console: add sandbox attribute to iframe (#1926) (14cb043)
  • console: get prefixed router basename in local dev env (ccbe5da)
  • console: old value does not flash back on saving form (cdbd8d7)
  • console: use fallback language in preview (#1960) (de4c46e)
  • core,schemas: move alteration types into schemas src (#2005) (10c1be6)
  • core: filter out connector-kit (#1987) (f4cf89f)
  • phrases: phrases-ui typo and types (#1948) (2f373db)
  • support capital letter "Y" in command line prompt (416f4e8)
  • ui: align mobile input outline (#1991) (c9ba198)

v1.0.0-beta.9

07 Sep 16:37
v1.0.0-beta.9
8335e1f
Compare
Choose a tag to compare

1.0.0-beta.9 (2022-09-07)

Highlights

Thank you!

  • Built-in Go integration tutorial for Traditional Web apps is ready. Let's go try it!

image

⚠ DEVELOPER BREAKING CHANGES

  • core: load connectors by folder (#1879)

We moved all connectors to a new repo logto-io/connectors for a better experience. Nothing changed if you are not developing connectors.

Bug Fixes

  • console,ui: fix locale guard issue in settings page (e200578)
  • console: input invalid format content in multitextinput will not crash the app (035be48)
  • downgrade to sdk 1.0.0-beta.2 (#1896) (91d1bf8)
  • fetch connectors list from npm (#1894) (c6764f9)
  • remove --incremental to temporarily fix pnpm dev (4c2308e)

v1.0.0-beta.8

01 Sep 06:34
v1.0.0-beta.8
301bd23
Compare
Choose a tag to compare

1.0.0-beta.8 (2022-09-01)

Note: We skipped beta.7 due to some technical issues.

Features

v1.0.0-beta.6

30 Aug 06:04
v1.0.0-beta.6
3d92f35
Compare
Choose a tag to compare

1.0.0-beta.6 (2022-08-30)

Features

  • console: allow to disable create account (#1806) (67305ec)
  • console: express integration guide (#1807) (8e4ef2f)
  • core: guard session with sign-in mode (a8a3de3)

Bug Fixes

  • console: change step title to sentence case (#1814) (82cd315)

v1.0.0-beta.5

19 Aug 14:12
v1.0.0-beta.5
a9241c5
Compare
Choose a tag to compare

1.0.0-beta.5 (2022-08-19)

⚠ BREAKING CHANGES

  • core,console: remove /me apis (#1781) (since they are... useless for now)

Highlights

  • @Olyno contributed French translation. Thank you! ❤️
  • Userinfo Endpoint is now enabled. While we‘re updating our SDKs are docs, you can directly use the opaque access token to fetch the full user data via GET /oidc/me.
  • Support Hasura authentication using webhook. While we're working on the step by step tutorial, you can check out #1790 and #1793 for a sneak peek and try it yourself.

Features

Bug Fixes

  • console: show platform icons in connector table (#1792) (31f2439)
  • core: fix ac & ui proxy under subpath deployment (#1761) (163c23b)
  • deps: update dependency slonik to v30 (#1744) (a9f99db)

Code Refactoring

v1.0.0-beta.4

11 Aug 14:09
v1.0.0-beta.4
e42172e
Compare
Choose a tag to compare

1.0.0-beta.4 (2022-08-11)

Logto is now available on DockerHub. Use docker pull svhd/logto:prerelease to pull the image.

⚠ BREAKING CHANGES

  • core: use comma separated values as a string array in the env file (#1762)
  • core,schemas: add application secret (#1715)
  • deps: update react monorepo to v18 (major) (#1731)

Migiration

We are sorry for the manual migration. The automatic migration process is under development, will let you know once it's launched!

  • update env OIDC_COOKIE_KEYS from JSON array to comma separated value, e.g. OIDC_COOKIE_KEYS=LOGTOSEKRIT2,LOGTOSEKRIT1
  • update env key OIDC_PRIVATE_KEY_PATH to OIDC_PRIVATE_KEY_PATHS (if applicable)
  • update env key OIDC_PRIVATE_KEY to OIDC_PRIVATE_KEYS (if applicable)
  • add a secret varchar(64) not null column in applications table (definition)
    • you'll need manually generate nanoid with alphabet 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz and length 21 for each application.

Features

Bug Fixes