v1.0.0-beta.14

1.0.0-beta.14 (2022-11-16)

Bug fix

🙇 Fix an issue that the CLI cannot find database alteration scripts but Logto is failed to start.

Before restarting Logto, use npx @logto/cli db alt deploy to deploy the latest database alterations.

Cause

We just changed our publish to changesets and it didn't run the version script during version bumping. See #2461 for details.

v1.0.0-beta.13

1.0.0-beta.13 (2022-11-15)

Note
If you are experience some database alteration issue when upgrading to this version, please directly upgrade to v1.0.0-beta.14.

💥 Breaking change 💥

Now Logto uses the case-insensitive strategy for matching emails. Note we still store them in raw values for better email deliveries, thus it will affect the existing emails that have the identical lowercased address.

Feel free to contact us if this issue blocks the upgrade.

Sign-in Experience v2

We are thrilled to announce the release of the newest version of the Sign-in Experience, which includes more ways to sign-in and sign-up, as well as a framework that is easier to understand and more flexible to configure in the Admin Console.

When compared to Sign-in Experience v1, this version’s capability was expanded so that it could support a greater variety of flexible use cases. For example, now users can sign up with email verification code and sign in with email and password.

Besides, the forgot password flow will automatically appear when conditions meet.

We hope that this will be able to assist developers in delivering a successful sign-in flow, which will also be appreciated by the end users.

CLI

Rotate your private or secret key

We add a new command db config rotate <key> to support key rotation via CLI.

When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.

Run logto db config rotate help for detailed usage.

Trim the private or secret key you don't need

If you want to trim one or more out-dated private or secret key(s) from the config, use the command db config trim <key>. It will remove the last item (private or secret key) in the array.

You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.

If you want to remove multiple keys at once, just append a number to the command. E.g. logto db config trim oidc.cookieKeys 3.

Run logto db config trim help for detailed usage.

I18n

Thanks @lukashass for adding German language.

Add user suspend API endpoint

Use PATCH /api/users/:userId/is-suspended to update a user's suspended state, once a user is suspended, all refresh tokens belong to this user will be revoked.

Suspended users will get an error toast when trying to sign in.

Contributors

@ihsanguldur @alexgaribay @abellion @djyde

v1.0.0-beta.12

1.0.0-beta.12 (2022-10-19)

We’re super excited to announce some new capabilities in this release that will make Logto more accessible to developers and users all around the world. Get a taste of them and tell us what you think!

Migrate from previous versions

Here, we debut the new CLI and switch OIDC configurations from using environment variables to the database. Updating the Logto core necessitates the following two procedures:

1. Execute npx @logto/cli db alteration deploy 1.0.0-beta.12 to finish updating the database schema.
2. Migrate the OIDC configurations by following Migrate configs from env.

Note
For Docker image users: now DB_URL_DEFAULT has been changed to DB_URL.

Sign-in Experience i18n

The warm reception Logto has received since its initial release in July has resulted in numerous language contributions from the community. This motivates us to localize and tailor the sign-in process even more.

Now, we're ecstatic to announce that Logto Sign-in Experience has full support for i18n, which means your products can reach a wider global audience and offer more personalized and contextualized options for all users.

• We have 6 predefined languages to choose from, all of which were created by our international community and can be modified to your liking.
• Support for up to 113 language tags, allowing you to use your own translation in order to reach the vast majority of countries worldwide.

The admin console already includes this functionality. The "Language" section of the Sign-in Experience tab is where you'll be able to rapidly set up and manage your keys and custom values.

CLI: Exclusively for Logto

Combating with complicated commands? That's not how we roll. So we're bringing some friendly little things to keep the elegance going even in the command line.

If you're trying to install Logto on your machine, skip the long, scary install command. It now reads:

npm init @logto

And you are all set. Check out Using CLI for a detailed explanation of how to use Logto CLI.

Contributors

• @julian-hartl contribute to Flutter SDK
• @akoenig implement Remix SDK
• @Olyno init the CLI project #1885
• @b4s36t4 init the fix of redirect URI validation #1874
• @FlurryNight add tooltip vertical align support #2032
• @lukashass use icon svg files with parcel svg transformer #2047

Thank you! 💗

v1.0.0-beta.10

1.0.0-beta.10 (2022-09-28)

Machine to Machine apps

Are you trying to access Logto Management API in a backend service? Or programmatically access other API Resources in an OAuth 2.0 manner? Then the Machine to Machine apps are your friend, and we’re happy to announce this feature is available now!

Click “Create Application” in the Applications tab of Admin Console, and you’ll see the new “Machine to Machine” app type. We also wrote a detailed integration guide to make the process painless.

Automatic database alteration

Maintaining database schemas is hard, but there’s no reason to make the job yours. Starting from this version, Logto will check if the database schemas are up-to-date during initializing and guide you to start an automatic alteration without shutting down the database.

For container users

For now, you have to jump into one instance and run npm run alteration deploy in the Logto project root with ease to upgrade your database schema. We'll provide a standalone CLI soon to make it more smooth.

Where’s the stable release?

It’s not far! After internal discussion, we decided to release the first stable release when several things are complete:

• Sign-in experience v2 (More flexible sign-in configuration, forgot password)
• Role-based access control

Join our Discord Server to stay tuned, and see our Logto Public Roadmap for details.

Contributors

• @pemassi Naver connector logto-io/connectors#6
• @FlurryNight Discord connector logto-io/connectors#11
• @5war00p refactoring button component #1958
• @The1462 fixing officeLocation attribute bug in Azure AD connector logto-io/connectors#19

❤️ Thank you!

Other updates

⚠ BREAKING CHANGES

• core: update user scopes (#1922)

Features

• core: support base64 format OIDC_PRIVATE_KEYS config in .env file (#1903) (5bdb675)

Bug Fixes

• bump react sdk and essentials toolkit to support CJK characters in idToken (2f92b43)
• console: add sandbox attribute to iframe (#1926) (14cb043)
• console: get prefixed router basename in local dev env (ccbe5da)
• console: old value does not flash back on saving form (cdbd8d7)
• console: use fallback language in preview (#1960) (de4c46e)
• core,schemas: move alteration types into schemas src (#2005) (10c1be6)
• core: filter out connector-kit (#1987) (f4cf89f)
• phrases: phrases-ui typo and types (#1948) (2f373db)
• support capital letter "Y" in command line prompt (416f4e8)
• ui: align mobile input outline (#1991) (c9ba198)

v1.0.0-beta.9

1.0.0-beta.9 (2022-09-07)

Highlights

• @FlurryNight add Portuguese translation (f268ecb)
• @pemassi console: press tab to insert 2 spaces in code editor (#1871) (c57228c)

Thank you!

• Built-in Go integration tutorial for Traditional Web apps is ready. Let's go try it!

⚠ DEVELOPER BREAKING CHANGES

• core: load connectors by folder (#1879)

We moved all connectors to a new repo logto-io/connectors for a better experience. Nothing changed if you are not developing connectors.

Bug Fixes

• console,ui: fix locale guard issue in settings page (e200578)
• console: input invalid format content in multitextinput will not crash the app (035be48)
• downgrade to sdk 1.0.0-beta.2 (#1896) (91d1bf8)
• fetch connectors list from npm (#1894) (c6764f9)
• remove --incremental to temporarily fix pnpm dev (4c2308e)

v1.0.0-beta.8

1.0.0-beta.8 (2022-09-01)

Note: We skipped beta.7 due to some technical issues.

Features

• connector: add kakao connector (#1826) (1f9e820) thanks @pemassi ❤️

v1.0.0-beta.6

1.0.0-beta.6 (2022-08-30)

Features

• console: allow to disable create account (#1806) (67305ec)
• console: express integration guide (#1807) (8e4ef2f)
• core: guard session with sign-in mode (a8a3de3)

Bug Fixes

• console: change step title to sentence case (#1814) (82cd315)

v1.0.0-beta.5

1.0.0-beta.5 (2022-08-19)

⚠ BREAKING CHANGES

• core,console: remove /me apis (#1781) (since they are... useless for now)

Highlights

• @Olyno contributed French translation. Thank you! ❤️
• Userinfo Endpoint is now enabled. While we‘re updating our SDKs are docs, you can directly use the opaque access token to fetch the full user data via GET /oidc/me.
• Support Hasura authentication using webhook. While we're working on the step by step tutorial, you can check out #1790 and #1793 for a sneak peek and try it yourself.

Features

• core: enable userinfo endpoint (#1783) (a6bb2f7)
• core: hasura authn (#1790) (87d3a53)
• core: set user default roles from env (#1793) (4afdf3c)
• phrases: add french language (#1767) (0503b30)

Bug Fixes

• console: show platform icons in connector table (#1792) (31f2439)
• core: fix ac & ui proxy under subpath deployment (#1761) (163c23b)
• deps: update dependency slonik to v30 (#1744) (a9f99db)

Code Refactoring

• core,console: remove /me apis (#1781) (2c6171c)

v1.0.0-beta.4

1.0.0-beta.4 (2022-08-11)

Logto is now available on DockerHub. Use docker pull svhd/logto:prerelease to pull the image.

⚠ BREAKING CHANGES

• core: use comma separated values as a string array in the env file (#1762)
• core,schemas: add application secret (#1715)
• deps: update react monorepo to v18 (major) (#1731)

Migiration

We are sorry for the manual migration. The automatic migration process is under development, will let you know once it's launched!

• update env OIDC_COOKIE_KEYS from JSON array to comma separated value, e.g. OIDC_COOKIE_KEYS=LOGTOSEKRIT2,LOGTOSEKRIT1
• update env key OIDC_PRIVATE_KEY_PATH to OIDC_PRIVATE_KEY_PATHS (if applicable)
• update env key OIDC_PRIVATE_KEY to OIDC_PRIVATE_KEYS (if applicable)
• add a secret varchar(64) not null column in applications table (definition)
  • you'll need manually generate nanoid with alphabet 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz and length 21 for each application.

Features

• console: add app secret to guide (#1735) (380e258)
• console: show app secret (#1723) (01dfeed)
• core: support signing key rotation (#1732) (00bab4c)
• core: use comma separated values as a string array in the env file (#1762) (f6db981)
• schemas: guard string max length (#1737) (cdf210d)

Bug Fixes

• build and types (8b51543)
• deps: update dependency slonik to v29 (#1700) (21a0c8f)
• shared: fix dark color generator (#1719) (3deb98c)
• ui,console,demo-app: update react render method (#1750) (4b972f2)
• ui: add sandbox props to iframe (#1757) (62d2afe)
• ui: connector name should fallback to en (#1718) (3af5b1b)
• ui: extract ReactModal elementApp and fix act warning in ut (#1756) (0270bf1)
• ui: fix ui test (e4629f2)

v1.0.0-beta.3

1.0.0-beta.3 (2022-08-01)

Highlights

• @ufuf contributed AzureAD connector (#1662) and tr-TR translation (#1707)
• @pemassi contributed ko-KR translation (#1677)

Thank you! ❤️

Features

• connector: azure active directory connector added (#1662) (875a828)
• console: add Next.js integration guide in admin console (7d3f947)
• console: checked if sign in method is primary (#1706) (405791f)
• phrases: tr language (#1707) (411a8c2)

Bug Fixes

• console: app error illustration height should not be shrunk (301cc6c)
• console: should not display unsaved changes alert on connector config updated (#1685) (61b65a7)
• test: run integration test serially (#1676) (8394f7b)

Reverts

• Revert "feat(console): checked if sign in method is primary" (#1712) (2229dce), closes #1712 #1706