1.0.0-beta.13 (2022-11-15)
Note
If you are experience some database alteration issue when upgrading to this version, please directly upgrade to v1.0.0-beta.14.
💥 Breaking change 💥
Now Logto uses the case-insensitive strategy for matching emails. Note we still store them in raw values for better email deliveries, thus it will affect the existing emails that have the identical lowercased address.
Feel free to contact us if this issue blocks the upgrade.
Sign-in Experience v2
We are thrilled to announce the release of the newest version of the Sign-in Experience, which includes more ways to sign-in and sign-up, as well as a framework that is easier to understand and more flexible to configure in the Admin Console.
When compared to Sign-in Experience v1, this version’s capability was expanded so that it could support a greater variety of flexible use cases. For example, now users can sign up with email verification code and sign in with email and password.
Besides, the forgot password flow will automatically appear when conditions meet.
We hope that this will be able to assist developers in delivering a successful sign-in flow, which will also be appreciated by the end users.
CLI
Rotate your private or secret key
We add a new command db config rotate <key> to support key rotation via CLI.
When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.
Run logto db config rotate help for detailed usage.
Trim the private or secret key you don't need
If you want to trim one or more out-dated private or secret key(s) from the config, use the command db config trim <key>. It will remove the last item (private or secret key) in the array.
You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.
If you want to remove multiple keys at once, just append a number to the command. E.g. logto db config trim oidc.cookieKeys 3.
Run logto db config trim help for detailed usage.
I18n
Thanks @lukashass for adding German language.
Add user suspend API endpoint
Use PATCH /api/users/:userId/is-suspended to update a user's suspended state, once a user is suspended, all refresh tokens belong to this user will be revoked.
Suspended users will get an error toast when trying to sign in.