v1.4: Login with Facebook, IdP-initiated SSO, Email i18n

[FreddyDevelop]

This version contains important improvements and bug fixes. Highlights include:

Facebook SSO

Facebook has been added as pre-configured Social SSO provider.

SAML IdP-initiated SSO

Hanko backend is now able to handle Identity provider initiated login requests. This is a key feature for B2B customers that require their own IdP to handle authentication to apps that use Hanko. Now, those B2B users can access apps that use Hanko via their "App directories" (e.g. Entra, Google Workspace, Okta) and initiate the authentication flow right from there. The existing SAML flow (SP-initiated SSO) can continue to be used. More info about the changes here #2046.

Email i18n

Emails sent by Hanko (e.g. passcodes) are now available in all languages supported by Hanko Elements. When sending emails, the email will use the Hanko Elements locale used in the current browser session if possible.

New webhooks

New webhook event types have been added:

• user.login
• user.password.changed
• user.update.username.create
• user.update.username.update
• user.update.username.delete

Additionally, all webhook events now include the IP address and user agent strings.

Housekeeping

A new cleanup command has been added to remove expired database entries (flows, audit logs, webauthn credential session data).

What's Changed

• chore: add same site attribute to the device trust cookie by @bjoern-m in chore: add same site attribute to the device trust cookie #2006
• feat: always persist sessions server-side, config adjustments by @bjoern-m in feat: always persist sessions server-side, config adjustments #1997
• feat: let quickstart use session validate endpoint by @FreddyDevelop in feat: let quickstart use session validate endpoint #2014
• fix: use lowered id to get third party provider by @FreddyDevelop in fix: use lowered id to get third party provider #2017
• fix: don't use config file when failed to load by @FreddyDevelop in fix: don't use config file when failed to load #2022
• feat: email i18n by @lfleischmann in feat: email i18n #2023
• feat: add facebook provider by @lfleischmann in feat: add facebook provider #2007
• feat: enhance session response by @bjoern-m in feat: enhance session response #2003
• fix: error handling when using zombie passkeys by @bjoern-m in fix: error handling when using zombie passkeys #2034
• fix: webhooks missing triggers and events by @lfleischmann in fix: webhooks missing triggers and events #2026
• feat: add username to session JWT and public session API responses by @lfleischmann in feat: add username to session JWT and public session API responses #2036
• fix: SAML issues by @lfleischmann in fix: SAML issues #2041
• fix: third party loading spinner shown on multiple buttons fixed by @bjoern-m in fix: third party loading spinner shown on multiple buttons fixed #2042
• feat: add cleanup command to remove expired db entries by @bjoern-m in feat: add cleanup command to remove expired db entries #2035
• feat: use exact template names for email.send webhook types by @lfleischmann in feat: use exact template names for email.send webhook types #2037
• fix: reintroduce server-side session config by @FreddyDevelop in fix: reintroduce server-side session config #2043
• feat: new webhook events & user metadata enhancements by @bjoern-m in Feat: New Webhook Events & User Metadata Enhancements #2048
• feat(ee): saml idp initiated sso by @lfleischmann in feat(ee): saml idp initiated sso #2046

Full Changelog: backend/v1.3.0...backend/v1.4.0

---

This discussion was created from the release v1.4: Login with Facebook, IdP-initiated SSO, Email i18n.