Releases: authgear/authgear-server
Releases · authgear/authgear-server
authgear-once/1.2.0
Deploy 2c0328461b5d to us, hk, hk-b
2026-01-08.0
- ⏳ Added support for configuring an account valid period directly in the Portal.
- 🛡️ Introduced IP blocklist support for faster response to spam and malicious attacks.
- 🔑 Enabled generating Temporary Access Tokens for the Admin API in the Portal to support quick testing.
- ⏸️ Added temporary account blocking (suspension) capability for better user management.
- 📝 Added support for specifying a reason when blocking or deleting a user account.
- 🎨 Supported displaying different logos in AuthUI for different application clients.
- 🐞 Misc bug fixes and stability improvements.
2025-11-26.0
- 🔐 Returned authenticators owned by the user in
UserInfofor easier visibility and integration. - 🆔 Made it easier to copy the Project ID directly from the Portal.
- 🚫 Added the ability to block disposable email domains to improve account quality.
- 📤 Included created_at and account status in user export for better auditing.
- 🌐 Fixed an issue where AuthUI links did not fall back to the default language when unset.
- 🙅♂️ Allowed users with a username to have no password for more flexible authentication flows.
2025-10-31.0
- 🕒 Added support for account valid period in both the Admin API and Import API, giving you more control over account lifecycles.
- 🔓 You can now create users without a password directly from the portal, perfect for passwordless setups.
- 🚫 Reserved project IDs that start with "xx-" (e.g. "us-", "hk-", "ab-") to avoid conflicts with system prefixes.
- 🐛 Miscellaneous bug fixes and improvements to keep things running smoothly.
2025-10-14.0
- 🪪 Added oidc.id_token.pre_create hooks for mutation on ID Tokens. See docs for tutorial: https://docs.authgear.com/integration/add-custom-fields-to-a-jwt-access-token#mutation-on-id-tokens
- 📖 Added "Authentication Blocked" audit log events when a user is blocked from login during the auth flow.
- 🔗 Support WhatsApp Cloud API for phone passwordless logins
2025-08-25.0
- 🔐 Support Machine-to-machine authorization (M2M Token):
- Powered by OAuth 2.0 Client Credentials flow. Register your API Resources and M2M applications to secure service-to-service communications. Get Started: https://docs.authgear.com/get-started/m2m-applications
2025-07-23.0
What's new:
- 🔐 A new set of blocking events is introduced
authentication.pre_initialize,authentication.post_identified,authentication.pre_authenticated:- Allows users to add logic to block users login/signup based on an array of signals, such as email, roles, date/time, GeoIP.
- Beyond simple allow/block, you can also prompt CAPTCHA, trigger 2FA, or rate-limit specific users.
- See common use cases in: https://docs.authgear.com/customization/events-hooks/examples-common-use-cases
- ✨ Support "Do not ask again" in passkey upsell screen
- ✨ Add a cancel button to bot protection dialog
- 🔐 Allow creating passwords in the portal when the user has no password
- ✨ Hide deprecated "Post Login URIs" in application settings
- 🐞 Other misc bug fixes
authgear-once/1.1.0
Tag authgear-once/1.1.0
authgear-once/1.1.0-alpha.1
Tag authgear-once/1.1.0-alpha.1 for testing
authgear-once/1.0.0
Authgear ONCE 1.0.0