2024-09-03

• 🪄 AuthUI v2 is ready. New signup login page design is applied to all projects.
• 🔧 Users' "identities" are available in the oidc.jwt.pre_create blocking hook event. Identity data can be included in the JWT access token.
• 🐞 Misc bug fixes

2024-08-15.0

• 🐞 Fix the error on redirection after login when the login page is accessed directly.
• 🐞 Misc bug fixes

2024-07-29.0

• 🔏 Account Deletion is now supported in SDKs, use "deleteAccount()" method to trigger the account deletion page directly without going to the /settings page.
• ✅ Improve usability of AuthUI under no-script environment. The authentication process can be completed without any JavaScript.
• ✨ "Issue Access Tokens in JWTs" are default enabled for SPA and native applications.
• 🗓️ Changed date format in the Portal to use the month names instead of numbers to avoid confusion.
• 🧑‍💼 New Account Management API: Manual Linking for OAuth is supported. Similar to Auth Flow API, it helps you build the account management page. Call these 2 new endpoints to link an OAuth identity to an authenticated user.
  • POST /api/v1/account/identification
  • POST /api/v1/account/identification/oauth
  • (Pending documentation, see spec here)
• 🔗 Auto Account Linking for Login IDs: When signup using a username/email/phone number, and this ID conflicts with an existing user who used OAuth connection to sign up before, the account can be linked.
• 🛡️ Behind the scene: Support DPoP protocol to bind the sessions to the device. Update to the latest SDK to use the new protocol. See: OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)
• 🔐 Pre-authenticated URLs are supported in the backend. (Pending documentation, see spec here)
• 🐞 Misc bug fixes

2024-07-12.0

• ✨ New "Branding" section & new "Language" settings in the portal
• 🐞 Fixed OTP display on iOS in autofill
• 🛡️ Block free plan users to customize the SMS/Email template to prevent spamming
• 🛡️ Misc security improvements

2024-06-13.0

• 🐞 Removed an extra full stop in English SMS verification template
• 🧑‍💼 Admin can now create Email OTP/SMS OTP/Password 2FA Authenticator for an end-user in the Portal or with Admin API.
• 🛡️ Misc security improvements

2024-05-31.0

• ㊙️ In Import API, you can now mark passwords as expired and force the user to create a new password in their next login
• 🔗 Auto Account Linking: When login using a social/enterprise connection, and the email address conflicts with an existing user, the account can be linked.
  • e.g. a user signed up with user@example.com and password before and later login with their Google account of the same address, they can link it to the account and log in with both password and Google in the future.
• 🆔 Provide separate options to disallow users to add, edit, or remove their identities (email/phone/username).
• 🔐 Login with Passkey without entering email/phone/username in hybrid signup/login flow
• 🌐 Added support for Simplified Chinese and fixed Portuguese and Spanish translations
• ⏰ Added session expired dialog in the portal
• 🍪 Moved cookie preference option in the portal to the top-right menu
• 🏰 Other misc UX & security fixes

2024-04-29.1

• 🔐 New Feature: Authflow selection in different applications.
  • e.g. some applications can only be logged in with ADFS, and other applications must go through 2FA when logged in.
• 🌐 New supported languages in AuthUI, enable them in the Localization settings!
  • Vietnamese 🇻🇳, Thai 🇹🇭, Malay 🇲🇾, Indonesian 🇮🇩, Filipino (Tagalog) 🇵🇭, Korean 🇰🇷, Japanese 🇯🇵, Spanish 🇪🇸/🌎, French 🇫🇷, Portuguese 🇵🇹/🇧🇷, German 🇩🇪, Italian 🇮🇹, Polish 🇵🇱, Dutch 🇳🇱, Greek 🇬🇷
• 🍪 Users can now control Cookie preferences in the Portal
• 💬 Login with WeChat in the new AuthUI and Authflow
• ✨ Application names are shown instead of Client IDs in user management session listing
  -🛡️ Enforce minimum 43-character length for code verifier in OAuth PKCE flow
• 🏰 Other misc security fixes

2024-04-05.0

• Use "Roles and Groups" to manage the application access right of a user
• Import User API: A new API for batch import users into Authgear. Best for migrating from legacy systems
  • New endpoint: POST /_api/admin/users/import
  • See user guide at: https://docs.authgear.com/how-to-guide/user-management/import-users-using-user-import-api
• Password Expiry: Force change password after X days upon login. (It's disabled by default because it’s not a recommended password policy)
• Webkit WebView in SDK (aka Embedded Webview). Use the new configuration in the SDK to open the AuthUI in an embedded webview to achieve a more native-looking experience. See the guide at: https://docs.authgear.com/how-to-guide/mobile-apps/using-webview-to-open-the-authgear-ui

2024-03-04.0

• 🪄 Use Authentication Flow API to make a custom signup-login flow and implement your own UI
• 🔢 Introducing Test Mode for OTP,
  • You can now send a fixed OTP to a specific target on SMS or Email address
  • The OTP can also be suppressed, so the target will not actually receive the OTP
• 😍 New AuthUI v2, a complete facelift for the default login UI
• 🌟 Combined Signup-login flow. Once AuthUI v2 is enabled in your project, you can enable the combined signup-login flow. User will signup if not registered before, and login if they did, all done automatically.

2024-01-31.0

2024-01-31.0