Highlights
- Usage alerts for project owners. Set soft limits on your Authgear usage and get alerted before you hit a hard cap. When a threshold is crossed, Authgear emails the project owner and fires a
usage.alert.triggeredwebhook. Catch runaway SMS, email, or MAU costs before they become billing surprises. - Authflow session-scoped cooldowns. Cooldowns on OTP retries used to reset when users changed the target phone number or email mid-flow. Now the cooldown sticks to the whole authflow session. Closes a real abuse vector.
- Non-ASCII sender names in custom SMTP. Custom SMTP now accepts sender names in Chinese, Japanese, and other non-Latin scripts.
- Smaller portal improvements. Clearer social login setup flow. The Endpoint field now shows up for OIDC and SAML app types, not just OAuth.