2024-06-13.0

• 🐞 Removed an extra full stop in English SMS verification template
• 🧑‍💼 Admin can now create Email OTP/SMS OTP/Password 2FA Authenticator for an end-user in the Portal or with Admin API.
• 🛡️ Misc security improvements

2024-05-31.0

• ㊙️ In Import API, you can now mark passwords as expired and force the user to create a new password in their next login
• 🔗 Auto Account Linking: When login using a social/enterprise connection, and the email address conflicts with an existing user, the account can be linked.
  • e.g. a user signed up with user@example.com and password before and later login with their Google account of the same address, they can link it to the account and log in with both password and Google in the future.
• 🆔 Provide separate options to disallow users to add, edit, or remove their identities (email/phone/username).
• 🔐 Login with Passkey without entering email/phone/username in hybrid signup/login flow
• 🌐 Added support for Simplified Chinese and fixed Portuguese and Spanish translations
• ⏰ Added session expired dialog in the portal
• 🍪 Moved cookie preference option in the portal to the top-right menu
• 🏰 Other misc UX & security fixes

2024-04-29.1

• 🔐 New Feature: Authflow selection in different applications.
  • e.g. some applications can only be logged in with ADFS, and other applications must go through 2FA when logged in.
• 🌐 New supported languages in AuthUI, enable them in the Localization settings!
  • Vietnamese 🇻🇳, Thai 🇹🇭, Malay 🇲🇾, Indonesian 🇮🇩, Filipino (Tagalog) 🇵🇭, Korean 🇰🇷, Japanese 🇯🇵, Spanish 🇪🇸/🌎, French 🇫🇷, Portuguese 🇵🇹/🇧🇷, German 🇩🇪, Italian 🇮🇹, Polish 🇵🇱, Dutch 🇳🇱, Greek 🇬🇷
• 🍪 Users can now control Cookie preferences in the Portal
• 💬 Login with WeChat in the new AuthUI and Authflow
• ✨ Application names are shown instead of Client IDs in user management session listing
  -🛡️ Enforce minimum 43-character length for code verifier in OAuth PKCE flow
• 🏰 Other misc security fixes

2024-04-05.0

• Use "Roles and Groups" to manage the application access right of a user
• Import User API: A new API for batch import users into Authgear. Best for migrating from legacy systems
  • New endpoint: POST /_api/admin/users/import
  • See user guide at: https://docs.authgear.com/how-to-guide/user-management/import-users-using-user-import-api
• Password Expiry: Force change password after X days upon login. (It's disabled by default because it’s not a recommended password policy)
• Webkit WebView in SDK (aka Embedded Webview). Use the new configuration in the SDK to open the AuthUI in an embedded webview to achieve a more native-looking experience. See the guide at: https://docs.authgear.com/how-to-guide/mobile-apps/using-webview-to-open-the-authgear-ui

2024-03-04.0

• 🪄 Use Authentication Flow API to make a custom signup-login flow and implement your own UI
• 🔢 Introducing Test Mode for OTP,
  • You can now send a fixed OTP to a specific target on SMS or Email address
  • The OTP can also be suppressed, so the target will not actually receive the OTP
• 😍 New AuthUI v2, a complete facelift for the default login UI
• 🌟 Combined Signup-login flow. Once AuthUI v2 is enabled in your project, you can enable the combined signup-login flow. User will signup if not registered before, and login if they did, all done automatically.

2024-01-31.0

2024-01-31.0

2023-12-11.0

Deploy e7a2763ac8fc4020ea8686c6d8223ed615d74355 to production

2023-08-30.0

• For tenant using non-custom domains, i.e. using the shared domain, the signup/login page must be initiated by OAuth. Direct access to the endpoint will no longer show the signup/login box.
• Show invalid project if the app-id in [app-id].[free domains] does not exist.
• Default signup/login pages of new created projects will show Authgear logo on the top, which can be replaced by the users.

Release 2023-08-14.0

• Fixed Signup rate limit was not working
• Default project count and SMS quota restriction for anti-spam measure

Release 2023-08-08.0

• 💬 Removed hostnames from the default SMS OTP template