Skip to content

v1.23.0

Latest
Compare
Choose a tag to compare
@silverhand-bot silverhand-bot released this 02 Jan 06:57
· 30 commits to master since this release
v1.23.0
460ea89

logto-changelog-2025-01

Customizable MFA prompt policy

You can now customize the MFA prompt policy in the Console.

First, choose if you want to enable Require MFA:

  • Enable: Users will be prompted to set up MFA during the sign-in process, which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
  • Disable: Users can skip the MFA setup process during the sign-up or sign-in flow.

If you choose to Disable, you can continue to choose the MFA setup prompt:

  • Do not ask users to set up MFA.
  • Ask users to set up MFA during registration (skippable, one-time prompt). The same prompt as the previous policy (UserControlled)
  • Ask users to set up MFA on their next sign-in attempt after registration (skippable, one-time prompt).

Relaxed redirect URI restrictions

We have been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.

This update relaxes restrictions on redirect URIs to allow the following:

  • A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like https://example.com/.
  • Native schemes without a period (.). For example, myapp://callback is now allowed.

When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.

We hope this change will make it easier for you to integrate Logto with your applications.

New connectors

Bug fixes

  • 2178589 Fixed the CLI command for fetching official connectors by updating the npm registry API integration.