• 🔏 Account Deletion is now supported in SDKs, use "deleteAccount()" method to trigger the account deletion page directly without going to the /settings page.
• ✅ Improve usability of AuthUI under no-script environment. The authentication process can be completed without any JavaScript.
• ✨ "Issue Access Tokens in JWTs" are default enabled for SPA and native applications.
• 🗓️ Changed date format in the Portal to use the month names instead of numbers to avoid confusion.
• 🧑‍💼 New Account Management API: Manual Linking for OAuth is supported. Similar to Auth Flow API, it helps you build the account management page. Call these 2 new endpoints to link an OAuth identity to an authenticated user.
  • POST /api/v1/account/identification
  • POST /api/v1/account/identification/oauth
  • (Pending documentation, see spec here)
• 🔗 Auto Account Linking for Login IDs: When signup using a username/email/phone number, and this ID conflicts with an existing user who used OAuth connection to sign up before, the account can be linked.
• 🛡️ Behind the scene: Support DPoP protocol to bind the sessions to the device. Update to the latest SDK to use the new protocol. See: OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)
• 🔐 Pre-authenticated URLs are supported in the backend. (Pending documentation, see spec here)
• 🐞 Misc bug fixes