What's New:
- 💬 New WhatsApp OTP! The OTP is now delivered to the user directly, instead of requiring the user to initiate the conversation.
- ✉️ Login by Email Login Links (aka magic link)
- 🔑 Support more than 1 Admin API keys per project to facilitate key rotation
- 👤 Email / Phone / Username Login ID identity can be edited in the portal.
- 👁️ Admin API mutations and portal actions are now logged and can be viewed in the Audit Log tab
- 🔍 Support filtering audit logs by user ID
- 🤫 Support "Require alphabetic character" in password policy
- 🔒 Revamp rate limits to allow more granular controls
- 🔗 New non-blocking events
identity.{email,phone}.{verified,unverified} - ✏️ More message templates can be edited on portal
- 🌐 OIDC Client Applications are now "First party confidential client". They are always trusted so consent screen is skipped.
Other minor changes:
- When you sign a JWT to access the Admin API, you can include
audit_contextin the JWT. It will be stored in the audit log. - Newly created authenticators are no longer marked as verified initially.
- Remove undocumented feature: welcome message
Bug fixes
- Ensure the origin of Authgear is also a CORS allowed origins.
- Authenticator is updated along with identity. For example, if you update a Email Login ID which is used for Email OTP. The authenticator is updated too.