Customizable MFA prompt policy
You can now customize the MFA prompt policy in the Console.
First, choose if you want to enable Require MFA:
- Enable: Users will be prompted to set up MFA during the sign-in process, which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
- Disable: Users can skip the MFA setup process during the sign-up or sign-in flow.
If you choose to Disable, you can continue to choose the MFA setup prompt:
- Do not ask users to set up MFA.
- Ask users to set up MFA during registration (skippable, one-time prompt). The same prompt as the previous policy (UserControlled)
- Ask users to set up MFA on their next sign-in attempt after registration (skippable, one-time prompt).
Relaxed redirect URI restrictions
We have been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
This update relaxes restrictions on redirect URIs to allow the following:
- A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like
https://example.com/. - Native schemes without a period (
.). For example,myapp://callbackis now allowed.
When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
We hope this change will make it easier for you to integrate Logto with your applications.
New connectors
- 3fa2b79 Added Xiaomi social connector (credit @u0x01 ).
- 3004ae9 Added YunPian SMS connector (credit @u0x01 ).
Bug fixes
- 2178589 Fixed the CLI command for fetching official connectors by updating the npm registry API integration.
Contributors
u0x01