Releases: logto-io/logto
v1.0.0-beta.16
1.0.0-beta.16 (2022-11-30)
Note
This release is a hot-fix based on v1.0.0-beta.14.
Bug fix
Unblock the "Continue" flow for some end-users (fixes #2555)
Users could get stuck during sign-in when email or phone is the sign-up identifier (required), but they don't have one in Logto.
Connectors
If you enabled email or SMS connector, please add the "Continue" template to make sure "Forgot password" works.
Please upgrade connectors as well to get the latest connector template for "Continue" flow configuration. Or you can go to the connectors repo to read the latest README.
Feel free to jump into our Discord server if you meet any issues.
v1.0.0-beta.14
1.0.0-beta.14 (2022-11-16)
Bug fix
🙇 Fix an issue that the CLI cannot find database alteration scripts but Logto is failed to start.
Before restarting Logto, use npx @logto/cli db alt deploy
to deploy the latest database alterations.
Cause
We just changed our publish to changesets and it didn't run the version
script during version bumping. See #2461 for details.
v1.0.0-beta.13
1.0.0-beta.13 (2022-11-15)
Note
If you are experience some database alteration issue when upgrading to this version, please directly upgrade to v1.0.0-beta.14.
💥 Breaking change 💥
Now Logto uses the case-insensitive strategy for matching emails. Note we still store them in raw values for better email deliveries, thus it will affect the existing emails that have the identical lowercased address.
Feel free to contact us if this issue blocks the upgrade.
Sign-in Experience v2
We are thrilled to announce the release of the newest version of the Sign-in Experience, which includes more ways to sign-in and sign-up, as well as a framework that is easier to understand and more flexible to configure in the Admin Console.
When compared to Sign-in Experience v1, this version’s capability was expanded so that it could support a greater variety of flexible use cases. For example, now users can sign up with email verification code and sign in with email and password.
Besides, the forgot password flow will automatically appear when conditions meet.
We hope that this will be able to assist developers in delivering a successful sign-in flow, which will also be appreciated by the end users.
CLI
Rotate your private or secret key
We add a new command db config rotate <key>
to support key rotation via CLI.
When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.
Run logto db config rotate help
for detailed usage.
Trim the private or secret key you don't need
If you want to trim one or more out-dated private or secret key(s) from the config, use the command db config trim <key>
. It will remove the last item (private or secret key) in the array.
You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.
If you want to remove multiple keys at once, just append a number to the command. E.g. logto db config trim oidc.cookieKeys 3
.
Run logto db config trim help
for detailed usage.
I18n
Thanks @lukashass for adding German language.
Add user suspend API endpoint
Use PATCH /api/users/:userId/is-suspended
to update a user's suspended state, once a user is suspended, all refresh tokens belong to this user will be revoked.
Suspended users will get an error toast when trying to sign in.
Contributors
v1.0.0-beta.12
1.0.0-beta.12 (2022-10-19)
We’re super excited to announce some new capabilities in this release that will make Logto more accessible to developers and users all around the world. Get a taste of them and tell us what you think!
Migrate from previous versions
Here, we debut the new CLI and switch OIDC configurations from using environment variables to the database. Updating the Logto core necessitates the following two procedures:
- Execute
npx @logto/cli db alteration deploy 1.0.0-beta.12
to finish updating the database schema. - Migrate the OIDC configurations by following Migrate configs from env.
Note
For Docker image users: nowDB_URL_DEFAULT
has been changed toDB_URL
.
Sign-in Experience i18n
The warm reception Logto has received since its initial release in July has resulted in numerous language contributions from the community. This motivates us to localize and tailor the sign-in process even more.
Now, we're ecstatic to announce that Logto Sign-in Experience has full support for i18n, which means your products can reach a wider global audience and offer more personalized and contextualized options for all users.
- We have 6 predefined languages to choose from, all of which were created by our international community and can be modified to your liking.
- Support for up to 113 language tags, allowing you to use your own translation in order to reach the vast majority of countries worldwide.
The admin console already includes this functionality. The "Language" section of the Sign-in Experience tab is where you'll be able to rapidly set up and manage your keys and custom values.
CLI: Exclusively for Logto
Combating with complicated commands? That's not how we roll. So we're bringing some friendly little things to keep the elegance going even in the command line.
If you're trying to install Logto on your machine, skip the long, scary install command. It now reads:
npm init @logto
And you are all set. Check out Using CLI for a detailed explanation of how to use Logto CLI.
Contributors
- @julian-hartl contribute to Flutter SDK
- @akoenig implement Remix SDK
- @Olyno init the CLI project #1885
- @b4s36t4 init the fix of redirect URI validation #1874
- @FlurryNight add tooltip vertical align support #2032
- @lukashass use icon svg files with parcel svg transformer #2047
Thank you! 💗
v1.0.0-beta.10
1.0.0-beta.10 (2022-09-28)
Machine to Machine apps
Are you trying to access Logto Management API in a backend service? Or programmatically access other API Resources in an OAuth 2.0 manner? Then the Machine to Machine apps are your friend, and we’re happy to announce this feature is available now!
Click “Create Application” in the Applications tab of Admin Console, and you’ll see the new “Machine to Machine” app type. We also wrote a detailed integration guide to make the process painless.
Automatic database alteration
Maintaining database schemas is hard, but there’s no reason to make the job yours. Starting from this version, Logto will check if the database schemas are up-to-date during initializing and guide you to start an automatic alteration without shutting down the database.
For container users
For now, you have to jump into one instance and run npm run alteration deploy
in the Logto project root with ease to upgrade your database schema. We'll provide a standalone CLI soon to make it more smooth.
Where’s the stable release?
It’s not far! After internal discussion, we decided to release the first stable release when several things are complete:
- Sign-in experience v2 (More flexible sign-in configuration, forgot password)
- Role-based access control
Join our Discord Server to stay tuned, and see our Logto Public Roadmap for details.
Contributors
- @pemassi Naver connector logto-io/connectors#6
- @FlurryNight Discord connector logto-io/connectors#11
- @5war00p refactoring button component #1958
- @The1462 fixing officeLocation attribute bug in Azure AD connector logto-io/connectors#19
❤️ Thank you!
Other updates
⚠ BREAKING CHANGES
- core: update user scopes (#1922)
Features
Bug Fixes
- bump react sdk and essentials toolkit to support CJK characters in idToken (2f92b43)
- console: add sandbox attribute to iframe (#1926) (14cb043)
- console: get prefixed router basename in local dev env (ccbe5da)
- console: old value does not flash back on saving form (cdbd8d7)
- console: use fallback language in preview (#1960) (de4c46e)
- core,schemas: move alteration types into schemas src (#2005) (10c1be6)
- core: filter out connector-kit (#1987) (f4cf89f)
- phrases: phrases-ui typo and types (#1948) (2f373db)
- support capital letter "Y" in command line prompt (416f4e8)
- ui: align mobile input outline (#1991) (c9ba198)
v1.0.0-beta.9
1.0.0-beta.9 (2022-09-07)
Highlights
- @FlurryNight add Portuguese translation (f268ecb)
- @pemassi console: press tab to insert 2 spaces in code editor (#1871) (c57228c)
Thank you!
- Built-in Go integration tutorial for Traditional Web apps is ready. Let's go try it!
⚠ DEVELOPER BREAKING CHANGES
- core: load connectors by folder (#1879)
We moved all connectors to a new repo logto-io/connectors for a better experience. Nothing changed if you are not developing connectors.
Bug Fixes
- console,ui: fix locale guard issue in settings page (e200578)
- console: input invalid format content in multitextinput will not crash the app (035be48)
- downgrade to sdk 1.0.0-beta.2 (#1896) (91d1bf8)
- fetch connectors list from npm (#1894) (c6764f9)
- remove --incremental to temporarily fix pnpm dev (4c2308e)
v1.0.0-beta.8
v1.0.0-beta.6
v1.0.0-beta.5
1.0.0-beta.5 (2022-08-19)
⚠ BREAKING CHANGES
- core,console: remove
/me
apis (#1781) (since they are... useless for now)
Highlights
- @Olyno contributed French translation. Thank you! ❤️
- Userinfo Endpoint is now enabled. While we‘re updating our SDKs are docs, you can directly use the opaque access token to fetch the full user data via
GET /oidc/me
. - Support Hasura authentication using webhook. While we're working on the step by step tutorial, you can check out #1790 and #1793 for a sneak peek and try it yourself.
Features
- core: enable userinfo endpoint (#1783) (a6bb2f7)
- core: hasura authn (#1790) (87d3a53)
- core: set user default roles from env (#1793) (4afdf3c)
- phrases: add french language (#1767) (0503b30)
Bug Fixes
- console: show platform icons in connector table (#1792) (31f2439)
- core: fix ac & ui proxy under subpath deployment (#1761) (163c23b)
- deps: update dependency slonik to v30 (#1744) (a9f99db)
Code Refactoring
v1.0.0-beta.4
1.0.0-beta.4 (2022-08-11)
Logto is now available on DockerHub. Use docker pull svhd/logto:prerelease
to pull the image.
⚠ BREAKING CHANGES
- core: use comma separated values as a string array in the env file (#1762)
- core,schemas: add application secret (#1715)
- deps: update react monorepo to v18 (major) (#1731)
Migiration
We are sorry for the manual migration. The automatic migration process is under development, will let you know once it's launched!
- update env
OIDC_COOKIE_KEYS
from JSON array to comma separated value, e.g.OIDC_COOKIE_KEYS=LOGTOSEKRIT2,LOGTOSEKRIT1
- update env key
OIDC_PRIVATE_KEY_PATH
toOIDC_PRIVATE_KEY_PATHS
(if applicable) - update env key
OIDC_PRIVATE_KEY
toOIDC_PRIVATE_KEYS
(if applicable) - add a
secret varchar(64) not null
column inapplications
table (definition)- you'll need manually generate nanoid with alphabet
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
and length21
for each application.
- you'll need manually generate nanoid with alphabet
Features
- console: add app secret to guide (#1735) (380e258)
- console: show app secret (#1723) (01dfeed)
- core: support signing key rotation (#1732) (00bab4c)
- core: use comma separated values as a string array in the env file (#1762) (f6db981)
- schemas: guard string max length (#1737) (cdf210d)
Bug Fixes
- build and types (8b51543)
- deps: update dependency slonik to v29 (#1700) (21a0c8f)
- shared: fix dark color generator (#1719) (3deb98c)
- ui,console,demo-app: update react render method (#1750) (4b972f2)
- ui: add sandbox props to iframe (#1757) (62d2afe)
- ui: connector name should fallback to en (#1718) (3af5b1b)
- ui: extract ReactModal elementApp and fix act warning in ut (#1756) (0270bf1)
- ui: fix ui test (e4629f2)