Release/1.53.0 (#3252)

* Webhook Event Log (#3197)

* add webhookEventLogConfiguration to system config
* document webhook_event_log_viewer role
* doc for retrieving webhook event log APIs
* document webhook event log admin UI

* Document new login intent TTL (#3129)

* add doc for new loginIntent TTL
* add doc for fusionauth.li cookie

* add release notes for SSO Zone changes

* adjust known issue comment

* java 21 note (#3250)

* java 21 note

* wording

* oops

* Added additional release notes.

* correct since version for loginIntentTimeToLiveInSeconds

* Added login lambda doc

* 1. Fix Known Issues to follow the existing format.
2. Add missing Docker image removal.
3. Move new lambda function from Changed to New.
4. Move new action buttons from Changed to Enhancements. Changed should be reserved for things that will potentially affect integrations.
5. Normalize "Update dependencies." and "Update 3rd party dependencies."
6. Expand upon the potential impact to the connection pool changes.
7. Correct formatting in release notes for 1.50.0.
8. Use the correct form of BreadCrumbs.

* 1. We don't serialize `null` values in a JSON response, so we should not document `null`, instead we should indicate when a field will be omitted from the response.
2. Be more consistent with the definition of the Id.
3. Delete dead imports (EventTypes and InlineField) in _webhook-attempt-log-response-body-base.mdx.

* 1. Remove duplicate assignment copy.
2. Don't mention the LoginLambdaValidationContext, this is an internal object.
3. context is read only.
4. Mention when identityProvider is found in the context.
5. Fix broken link to error doc.
6. Don't use fully qualified URLS to docs, use relative links.
7. Remove trailing comma on JSON example
7. Discuss localization.

* Remove SCIM, this was actually updated last release.
#3248

* Various copy and formatting edits.

* - Add tenant.lambdaConfiguration.loginValidationId to Tenant API
- Rename LambdaTypeApi -> LambdaTypeAPI
- Describe the behavior differences in optional messages for themes in 1.53.0.

* Add new lambda field to the tenants overview.

* document since version for webhook_event_log_viewer role

* Update astro/src/content/docs/extend/code/lambdas/login-validation.mdx

Co-authored-by: Dan Moore <[email protected]>

* Fix formatting for DeprecatedSince to work in APIField and inline usages.

* Small wording changes.

* - Fix formatting with RemovedSince, AvailableSince, BeforeVersion and DeprecatedSince
- Remove old system config reference
- Remove dead imports

* Add Known Issues.

* Added 1.53.1 release notes.

* Shrink images

---------

Co-authored-by: Spencer Witt <[email protected]>
Co-authored-by: Lyle Schemmerling <[email protected]>
Co-authored-by: Lyle Schemmerling <[email protected]>
Co-authored-by: Andy Pai <[email protected]>
Co-authored-by: Daniel DeGroff <[email protected]>
Co-authored-by: Dan Moore <[email protected]>
Co-authored-by: andrewpai <[email protected]>

astro/src/components/api/APIField.astro

@@ -27,7 +27,7 @@ const { name, description, type, required, optional, since, defaults, deprecated
     { description && <span class="px-3">{description}</span> }
     { required && <span class="px-[6px] py-1 rounded-md text-orange-500 border-orange-500 border-2 dark:font-semibold font-bold uppercase text-xs dark:text-[10px]">required</span> }
     { defaults && <span class="pt-1 dark:text-gray-400 text-gray-500 text-sm justify-center">Defaults to {defaults}</span> }
-    { since && <AvailableSince since={since} /> }
+    { since && <AvailableSince since={since} inline={true} /> }
     { deprecated && <span class="text-red-700 text-sm">DEPRECATED</span> }
     { readonly && <ReadOnly /> }
   </div>

astro/src/components/api/AvailableSince.astro

@@ -1,12 +1,18 @@
 ---
 interface Props {
-  since: string;
+  inline: boolean,
+  since: string
 }
 
-const { since }: Props = Astro.props;
+const { inline, since }: Props = Astro.props;
 
 if (!since) {
   throw new Error("No since field");
 }
+
+let classList = 'text-green-500 text-sm italic';
+if (inline) {
+  classList = 'pl-3 ' + classList;
+}
 ---
-<span class="px-3 text-green-500 text-sm italic">Available since {since}</span>
+<span class={classList}>Available since {since}</span>

astro/src/components/api/BeforeVersion.astro

@@ -0,0 +1,18 @@
+---
+interface Props {
+  version: string;
+}
+
+const { version }: Props = Astro.props;
+if (!version) {
+  throw new Error("No version field");
+}
+const hasContent = Astro.slots.has("default");
+---
+{ version && <span class="text-green-500 text-sm italic">Before version {version}</span>
+<>
+  {hasContent &&
+    <div class="prose-p:mt-1"><slot></slot></div>
+  }
+</>
+}

astro/src/components/api/DeprecatedSince.astro

@@ -1,8 +1,20 @@
 ---
 interface Props {
-  since: string;
+  inline: boolean,
+  since: string
 }
 
-const { since }: Props = Astro.props;
+const { inline, since }: Props = Astro.props;
+const hasContent = Astro.slots.has("default");
+let classList = 'text-red-700 italic';
+if (inline) {
+  classList = 'pl-3 ' + classList;
+}
 ---
-{ since && <span class="pl-3 text-red-700 italic">Deprecated since {since}</span> }
+{ since && <span class={classList}>Deprecated since {since}</span>
+<>
+  {hasContent &&
+    <div class="prose-p:mt-1"><slot></slot></div>
+  }
+</>
+}

astro/src/components/api/RemovedSince.astro

@@ -1,8 +1,20 @@
 ---
 interface Props {
-  since: string;
+  inline: boolean,
+  since: string
 }
 
-const { since }: Props = Astro.props;
+const { inline, since }: Props = Astro.props;
+const hasContent = Astro.slots.has("default");
+let classList = 'text-red-700 italic';
+if (inline) {
+  classList = 'pl-3 ' + classList;
+}
 ---
-{ since && <span class="pl-3 text-red-700 italic">Removed in {since}</span> }
+{ since && <span class={classList}>Removed in {since}</span>
+<>
+{hasContent &&
+  <div class="prose-p:mt-1"><slot></slot></div>
+}
+</>
+}

astro/src/content/docs/_shared/_access-token-claims.mdx

@@ -28,14 +28,16 @@ import RemovedSince from 'src/components/api/RemovedSince.astro';
   <APIField name="email" type="String">
     The email address of the User whose claims are represented by this JWT.
 
-    <RemovedSince since="1.50.0" />
+    <RemovedSince since="1.50.0">
     In version `1.50.0` and later this claim is not returned when the <InlineField>oauthConfiguration.scopeHandlingPolicy</InlineField> value of the Application is `Strict`.
-  </APIField>
+    </RemovedSince>
+</APIField>
   <APIField name="email_verified" type="Boolean">
     The OpenId Connect claim indicating if the User's email has been verified.
 
-    <RemovedSince since="1.50.0" />
+    <RemovedSince since="1.50.0">
     In version `1.50.0` and later this claim is not returned when the <InlineField>oauthConfiguration.scopeHandlingPolicy</InlineField> value of the Application is `Strict`.
+    </RemovedSince>
   </APIField>
   <APIField name="exp" type="Long">
     The expiration instant of the JWT, expressed as UNIX time which is the number of seconds since Epoch. This registered claim is defined by
@@ -56,8 +58,9 @@ import RemovedSince from 'src/components/api/RemovedSince.astro';
   <APIField name="preferred_username" type="String" since="1.5.0">
     The username of the User whose claims are represented by this JWT.
 
-    <RemovedSince since="1.50.0" />
+    <RemovedSince since="1.50.0">
     In version `1.50.0` and later this claim is not returned when the <InlineField>oauthConfiguration.scopeHandlingPolicy</InlineField> value of the Application is `Strict`.
+    </RemovedSince>
   </APIField>
   <APIField name="roles" type="Array<String>">
     The roles assigned to the User in the authenticated Application. This claim is only present if the User has a registration to the Application.

astro/src/content/docs/_shared/_theme_template_variables.astro

@@ -21,7 +21,7 @@ const makeId = (name) => { return name.toLowerCase().replaceAll(' ', '-') };
   {t.variables && t.variables.sort((a,b) => a.name.toUpperCase().localeCompare(b.name.toUpperCase())).map((tvar) =>
     <APIField name={tvar.name} type={tvar.type} since={tvar.since} deprecated={tvar.deprecated}>
       <span set:html={marked.parse(tvar.description)}></span>
-      {tvar.removed && <><br /><RemovedSince since={tvar.removed} /></>}
+      {tvar.removed && <><br /><RemovedSince since={tvar.removed} inline={true}/></>}
     </APIFIeld>
   )}
 </APIBlock>

astro/src/content/docs/apis/_application-oauth-configuration-response-body.mdx

@@ -126,8 +126,9 @@ import JSON from 'src/components/JSON.astro';
   <APIField name="oauthConfiguration.requireClientAuthentication" type="Boolean" since="1.3.0" deprecated>
     Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
 
-    <DeprecatedSince since="1.28.0" />
-    In version 1.28.0 and beyond, client authentication can be managed via <InlineField>oauthConfiguration.clientAuthenticationPolicy</InlineField>.
+    <DeprecatedSince since="1.28.0">
+     In version 1.28.0 and beyond, client authentication can be managed via <InlineField>oauthConfiguration.clientAuthenticationPolicy</InlineField>.
+    </DeprecatedSince>
   </APIField>
   <APIField name="oauthConfiguration.requireRegistration" type="Boolean" since="1.28.0">
     Determines if the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not affect any other grant, and does not affect the API usage.

astro/src/content/docs/apis/_application-request-body.mdx

@@ -73,7 +73,9 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
 
     When an HMAC algorithm is used such as `HS256`, `HS384` or `HS512`, the OAuth `client_secret` will be used as the signing secret.
 
-    <RemovedSince since="1.6.0" /> In version 1.6.0 and beyond, JWT configuration can be managed in the `[Keys API](/docs/apis/keys)` and Keymaster.
+    <RemovedSince since="1.6.0">
+      In version 1.6.0 and beyond, JWT configuration can be managed in the [Keys API](/docs/apis/keys) and Keymaster.
+    </RemovedSince>
   </APIField>
   <APIField name="application.jwtConfiguration.enabled" type="Boolean" optional>
     Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the Tenant. If this is `false` the signing algorithm configured in the Tenant will be used. If `true` the signing algorithm defined in this application will be used.
@@ -86,14 +88,18 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
 
     Required when `enabled` is set to `true` and `algorithm` is set to an `RSA` or `ECDSA` based value.
 
-    <RemovedSince since="1.6.0" /> In version 1.6.0 and beyond, JWT configuration can be managed in the `[Keys API](/docs/apis/keys)` and Keymaster.
+    <RemovedSince since="1.6.0">
+      In version 1.6.0 and beyond, JWT configuration can be managed in the [Keys API](/docs/apis/keys) and Keymaster.
+    </RemovedSince>
   </APIField>
   <APIField name="application.jwtConfiguration.publicKey" type="String" optional deprecated>
     The public key used when an `RSA` or `ECDSA` signing algorithms has been selected. The public key will be used to verify JWTs signed with the private key. This key is expected to be presented in a PEM encoded format.
 
     Required when `enabled` is set to `true` and `algorithm` is set to an `RSA` or `ECDSA` based value.
 
-    <RemovedSince since="1.6.0" /> In version 1.6.0 and beyond, JWT configuration can be managed in the `[Keys API](/docs/apis/keys)` and Keymaster.
+    <RemovedSince since="1.6.0">
+      In version 1.6.0 and beyond, JWT configuration can be managed in the [Keys API](/docs/apis/keys) and Keymaster.
+    </RemovedSince>
   </APIField>
   <APIField name="application.jwtConfiguration.refreshTokenExpirationPolicy" type="String" optional defaults="Fixed" since="1.17.0">
     The Refresh Token expiration policy.
@@ -120,36 +126,38 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
 
     * `Reusable` - the token does not change after it was issued.
     * `OneTimeUse` - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage.
-  </APIField>  
+  </APIField>
 
   <APIField name="application.jwtConfiguration.secret" type="String" optional deprecated>
     The secret used when an `HMAC` based signing algorithm has been selected. This secret is used to sign and verify JWTs.
 
     Required when `enabled` is set to `true` and `algorithm` is set to an `HMAC` based value.
 
-    <RemovedSince since="1.5.0" /> In version 1.5.0 and beyond, when selecting an `HMAC` algorithm, the `client_secret` from the OAuth configuration will be used to sign and verify the JWTs.
+    <RemovedSince since="1.5.0">
+      In version 1.5.0 and beyond, when selecting an `HMAC` algorithm, the `client_secret` from the OAuth configuration will be used to sign and verify the JWTs.
+    </RemovedSince>
   </APIField>
   <APIField name="application.jwtConfiguration.timeToLiveInSeconds" type="Integer" optional>
     The length of time in seconds the JWT will live before it is expired and no longer valid.
 
     Required when `enabled` is set to `true`.
   </APIField>
   <APIField name="application.lambdaConfiguration.accessTokenPopulateId" type="UUID" optional since="1.6.0">
-    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
+    The Id of the lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
   </APIField>
   <APIField name="application.lambdaConfiguration.idTokenPopulateId" type="UUID" optional since="1.6.0">
-    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
+    The Id of the lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
   </APIField>
   <APIField name="application.lambdaConfiguration.samlv2PopulateId" type="UUID" optional since="1.6.0">
-    The Id of the Lambda that will be invoked when a SAML response is generated during a SAML authentication request.
+    The Id of the lambda that will be invoked when a SAML response is generated during a SAML authentication request.
   </APIField>
   <APIField name="application.lambdaConfiguration.selfServiceRegistrationValidationId" type="UUID" optional since="1.43.0">
-    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
+    The Id of the lambda that will be used to perform additional validation on registration form steps.
 
     <PremiumEditionBlurbApi feature="custom forms" />
   </APIField>
   <APIField name="application.lambdaConfiguration.userinfoPopulateId" type="UUID" optional since="1.50.0">
-    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
+    The Id of the lambda that will be invoked when a UserInfo response is generated for this application.
   </APIField>
   <APIField name="application.loginConfiguration.allowTokenRefresh" type="Boolean" optional since="1.5.0">
     Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the `generateRefreshTokens` parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the [Refresh API](/docs/apis/jwt#refresh-a-jwt).
@@ -339,8 +347,9 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
   <APIField name="application.oauthConfiguration.requireClientAuthentication" type="Boolean" optional deprecated>
     Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
 
-    <DeprecatedSince since="1.28.0" />
-    In version 1.28.0 and beyond, client authentication can be managed via <InlineField>application.oauthConfiguration.clientAuthenticationPolicy</InlineField>.
+    <DeprecatedSince since="1.28.0">
+      In version 1.28.0 and beyond, client authentication can be managed via <InlineField>application.oauthConfiguration.clientAuthenticationPolicy</InlineField>.
+    </DeprecatedSince>
   </APIField>
   <APIField name="application.oauthConfiguration.requireRegistration" type="Boolean" optional since="1.28.0">
     When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not affect any other grant, and does not affect the API usage.
@@ -531,8 +540,9 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
   <APIField name="application.samlv2Configuration.callbackURL" type="String" optional since="1.6.0" deprecated>
     The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
 
-    <DeprecatedSince since="1.20.0" />
-    In version 1.20.0 and beyond, Callback URLs can be managed via <InlineField>application.samlv2Configuration.authorizedRedirectURLs</InlineField>.
+    <DeprecatedSince since="1.20.0">
+      In version 1.20.0 and beyond, Callback URLs can be managed via <InlineField>application.samlv2Configuration.authorizedRedirectURLs</InlineField>.
+    </DeprecatedSince>
   </APIField>
   <APIField name="application.samlv2Configuration.debug" type="Boolean" optional since="1.6.0">
     Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
@@ -681,7 +691,9 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature
   <APIField name="webhookIds" type="Array<UUID>" optional deprecated>
     An array of Webhook Ids. For Webhooks that are not already configured for All Applications, specifying an Id on this request will indicate the associated Webhook should handle events for this application.
 
-    <RemovedSince since="1.37.0" /> In version 1.37.0 and beyond, Webhooks configuration can be managed in the `[Tenant API](/docs/apis/tenants)`.
+    <RemovedSince since="1.37.0">
+      In version 1.37.0 and beyond, Webhooks configuration can be managed in the [Tenant API](/docs/apis/tenants).
+    </RemovedSince>
   </APIField>
 </APIBlock>