Skip to content

v1.4.0
Compare
Choose a tag to compare
@silverhand-bot silverhand-bot released this 23 May 15:06
· 2991 commits to master since this release
v1.4.0
This tag was signed with the committer’s verified signature.
silverhand-bot
GPG key ID: 8743812EA5D7B09A
Verified
Learn about vigilant mode.
4f1e29a
This commit was signed with the committer’s verified signature.
gao-sun Gao Sun
GPG key ID: 13EBE123E4773688
Verified
Learn about vigilant mode.

This version brings us one step closer to resolving issue #3344. We are actively working on a backward-compatible solution for authorization.

Below are some articles that demonstrate how to use Logto as an OAuth or OIDC Identity Provider:

Feature updates

Introducing the "Always issue Refresh Token" configuration for web apps

The "Always issue Refresh Token" toggle

Turning on this toggle ensures that Refresh Tokens are always issued, regardless of whether prompt=consent was included in the authorization request or if offline_access was specified in the scope.

Patch updates

  • Improved compatibility by parsing requests with application/json content-type for /oidc APIs.
  • Automated synchronization of trusted social email and phone information for newly registered users, irrespective of the sign-up identifier configuration.
    • For example: Previously, if the "email" was not set as a sign-up identifier (meaning a valid email connector had to be configured and enabled) and Google sign-in was added, the emails from new users would not be synchronized.
    • Starting from v1.4.0, this requirement has been removed, as "social sign-in only" scenarios are not uncommon in real-world cases.
Assets 3
Loading