Skip to content

v1.28.0

Latest
Latest
Compare
Choose a tag to compare
@silverhand-bot silverhand-bot released this 26 May 13:25
· 31 commits to master since this release
v1.28.0
This tag was signed with the committer’s verified signature.
silverhand-bot
GPG key ID: 8743812EA5D7B09A
Verified
Learn about vigilant mode.
ee40818
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

logto-changelog-2025-05-26

Email blocklist policy

We've introduced a comprehensive email blocklist policy system with a dedicated settings page in the Logto console's Security section. This new feature provides granular control over which email addresses can be used for sign-up and account linking.

With this new policy, you can:

  • Customize email restrictions through a flexible blocklist system
  • Prevent sign-ups or account linking with specific email addresses or domains
  • Control email subaddressing (e.g., '[email protected]')

Phone number validation and normalization

We've improved phone number handling to ensure consistent format validation and storage:

  • Added proper handling for phone numbers with leading zeros in national format
    • Normalizes numbers like +61 (0)2 1234 5678 to +61 2 1234 5678
    • Users can sign in with either format (with or without leading zero)
    • Existing accounts can still use their original phone number format
  • Implemented stricter phone number format validation in database
  • Fixed phone number format inconsistencies (GitHub issue #7371, thanks for @mrfrase3)

QQ social connector

We've expanded our social sign-in options by introducing a new QQ social connector specifically designed for web applications, enabling seamless QQ account integration for your users. (Contributed by @yenharvey in #7380)

OIDC connector

We've updated our OIDC connector configuration to make the userinfo_endpoint field optional. The system now intelligently handles user data extraction based on available endpoints, providing a more flexible authentication solution while maintaining OIDC specification compliance.

This update enables:

  • Seamless integration with Azure AD B2C SSO applications
  • Automatic fallback to id_token claims when userinfo_endpoint is unavailable
  • Full compatibility with standard OIDC providers
  • Removal of integration barriers for non-standard OIDC implementations

Improvements

  • Enhanced translation key synchronization to handle empty files during sync process, eliminating manual intervention needs
  • Upgraded to gpt-4.1 as the default translation model for better cost-efficiency
  • Improved CAPTCHA configuration visibility in console with persistent toggle display
  • Updated CAPTCHA settings navigation to /security/captcha

Bug fixes

  • Added missing CAPTCHA box to identifier sign in form

Full Changelog: v1.27.0...v1.28

Contributors

mrfrase3 and yenharvey
Assets 3
Loading