2023-12-11.0

Deploy e7a2763ac8fc4020ea8686c6d8223ed615d74355 to production

2023-08-30.0

• For tenant using non-custom domains, i.e. using the shared domain, the signup/login page must be initiated by OAuth. Direct access to the endpoint will no longer show the signup/login box.
• Show invalid project if the app-id in [app-id].[free domains] does not exist.
• Default signup/login pages of new created projects will show Authgear logo on the top, which can be replaced by the users.

Release 2023-08-14.0

• Fixed Signup rate limit was not working
• Default project count and SMS quota restriction for anti-spam measure

Release 2023-08-08.0

• 💬 Removed hostnames from the default SMS OTP template

Release 2023-08-04.0

• 🐛 Fixed bug: Cannot perform sensitive actions if using social login to login to portal
• 🐞 Fixed bug: Non-blocking event was not delivered to the next webhook endpoint if the previous hook failed. Now the subsequent delivery will not be affected by a previous delivery
• 🐞 Fixed bug: WeChat login connection cannot be disconnect from a user in the Portal
• 🐜 Introduced project.app.updated event for server admin purposes

Release 2023-07-25.0

What's New:

• 🔐 Introduce Account Lockout Policy to safeguard attacks towards a user account from brute-force login attempts
  Learn how to use it in this guide: https://docs.authgear.com/security/brute-force-protection

Release 2023-07-05.0

What's New:

• 💬 New WhatsApp OTP! The OTP is now delivered to the user directly, instead of requiring the user to initiate the conversation.
• ✉️ Login by Email Login Links (aka magic link)
• 🔑 Support more than 1 Admin API keys per project to facilitate key rotation
• 👤 Email / Phone / Username Login ID identity can be edited in the portal.
• 👁️ Admin API mutations and portal actions are now logged and can be viewed in the Audit Log tab
• 🔍 Support filtering audit logs by user ID
• 🤫 Support "Require alphabetic character" in password policy
• 🔒 Revamp rate limits to allow more granular controls
• 🔗 New non-blocking events identity.{email,phone}.{verified,unverified}
• ✏️ More message templates can be edited on portal
• 🌐 OIDC Client Applications are now "First party confidential client". They are always trusted so consent screen is skipped.

Other minor changes:

• When you sign a JWT to access the Admin API, you can include audit_context in the JWT. It will be stored in the audit log.
• Newly created authenticators are no longer marked as verified initially.
• Remove undocumented feature: welcome message

Bug fixes

• Ensure the origin of Authgear is also a CORS allowed origins.
• Authenticator is updated along with identity. For example, if you update a Email Login ID which is used for Email OTP. The authenticator is updated too.

Release 2023-01-31.0

• 🧽 User Anonymization: Erase all user information while retaining the user ID only.
• 🔒 Support limiting concurrent session per client ID
• 🔮 Support Custom AuthUI (Enterprise only feature)
• 🔢 OTP UX Improvement: Always generate a new OTP code upon resend regardless of the expiry lifetime of the previous code
• 📥 Use Twilio messaging service to improve deliverability around the world. Fixes cannot get SMS problem for countries that do not support alphanumeric sender (e.g. Canada, US).

2023-01-09.0

• 🤖 Event Hook with TypeScript: Customize behaviors of Authgear by writing script in Authgear

  • This saves you time and resources from deploying a webhook handler
  • Learn more in: https://docs.authgear.com/integrate/events-hooks/denohooks
  • 

• 🔑 Use the JWT Pre-create event hook to modify and add custom payload to the access token

• 📱 Single Sign On (SSO) easily control if apps/websites in the same project shares the session within a device. Login once, logged in all apps.

  • Learn more in https://docs.authgear.com/integrate/single-sign-on

• 🦄 Misc UI fixes

2022-11-14.0

• Fixed a bug where users cannot use Forgot Password if their email addresses contain uppercase characters