tag:github.com,2008:https://github.com/logto-io/logto/releases 2025-01-23T05:51:59Z tag:github.com,2008:Repository/378310716/v1.23.1 2025-01-23T08:14:49Z <h2>Support custom endpoint and addressing style for S3</h2> <p>Add support for configurable S3 endpoint and addressing style (path-style/virtual-hosted)<br> to improve compatibility with S3-compatible storage services.</p> <ul> <li>Add forcePathStyle option to control URL addressing style</li> <li>Fix custom endpoint support implementation</li> <li>Improve URL generation logic for different configurations</li> </ul> <h2>Bug fixes</h2> <h3>Fix the broken image on Logto console sign-in page</h3> <p>Remove the image element's <code>cross-origin="anonymous"</code> attribute.</p> <p>Some public image resources may not have the proper cross-origin headers configured, those images may fail to load when the <code>cross-origin="anonymous" attribute is present.</code><br> Since sign-in page image elements are only used for display purposes, Logto does not need to access the image data, so the <code>cross-origin="anonymous"</code> attribute is not necessary.To make the image elements more compatible with public image resources, remove the attribute from the image elements.</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/experience@1.11.1 2025-01-23T05:52:00Z <p>@logto/experience@1.11.1</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/core@1.23.1 2025-01-23T05:51:58Z <p>@logto/core@1.23.1</p> silverhand-bot tag:github.com,2008:Repository/378310716/v1.23.0 2025-01-02T08:01:10Z <p><a target="_blank" rel="noopener noreferrer" href="https://private-user-images.githubusercontent.com/10806653/399644058-b35196c7-3a33-4e22-bcbb-543a195201f6.jpg?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3Mzc5MTIyNzMsIm5iZiI6MTczNzkxMTk3MywicGF0aCI6Ii8xMDgwNjY1My8zOTk2NDQwNTgtYjM1MTk2YzctM2EzMy00ZTIyLWJjYmItNTQzYTE5NTIwMWY2LmpwZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNTAxMjYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjUwMTI2VDE3MTkzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTIyNTFmZTY0MTk0NzM4OTk3MWYyNzM1ZDI4Yjk2ZGQxZDJlNGVlYTI5Mzg1M2NhMTY0NjBmY2E4NGNlMGE4NzAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.JnGWRdRcK5esOi3PWpqMKSaTPSkWcIEe9h2nuDGi10I"><img src="https://private-user-images.githubusercontent.com/10806653/399644058-b35196c7-3a33-4e22-bcbb-543a195201f6.jpg?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3Mzc5MTIyNzMsIm5iZiI6MTczNzkxMTk3MywicGF0aCI6Ii8xMDgwNjY1My8zOTk2NDQwNTgtYjM1MTk2YzctM2EzMy00ZTIyLWJjYmItNTQzYTE5NTIwMWY2LmpwZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNTAxMjYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjUwMTI2VDE3MTkzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTIyNTFmZTY0MTk0NzM4OTk3MWYyNzM1ZDI4Yjk2ZGQxZDJlNGVlYTI5Mzg1M2NhMTY0NjBmY2E4NGNlMGE4NzAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.JnGWRdRcK5esOi3PWpqMKSaTPSkWcIEe9h2nuDGi10I" alt="logto-changelog-2025-01" content-type-secured-asset="image/jpeg" style="max-width: 100%;"></a></p> <h2>Customizable MFA prompt policy</h2> <p>You can now customize the MFA prompt policy in the Console.</p> <p>First, choose if you want to enable <strong>Require MFA</strong>:</p> <ul> <li><strong>Enable</strong>: Users will be prompted to set up MFA during the sign-in process, which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.</li> <li><strong>Disable</strong>: Users can skip the MFA setup process during the sign-up or sign-in flow.</li> </ul> <p>If you choose to <strong>Disable</strong>, you can continue to choose the MFA setup prompt:</p> <ul> <li>Do not ask users to set up MFA.</li> <li>Ask users to set up MFA during registration (skippable, one-time prompt). <strong>The same prompt as the previous policy (UserControlled)</strong></li> <li>Ask users to set up MFA on their next sign-in attempt after registration (skippable, one-time prompt).</li> </ul> <h2>Relaxed redirect URI restrictions</h2> <p>We have been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.</p> <p>This update relaxes restrictions on redirect URIs to allow the following:</p> <ul> <li>A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like <code>https://example.com/</code>.</li> <li>Native schemes without a period (<code>.</code>). For example, <code>myapp://callback</code> is now allowed.</li> </ul> <p>When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.</p> <p>We hope this change will make it easier for you to integrate Logto with your applications.</p> <h2>New connectors</h2> <ul> <li><a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/logto-io/logto/commit/3fa2b796e6db282d509d6e352bf91dc9efd0b63e/hovercard" href="https://github.com/logto-io/logto/commit/3fa2b796e6db282d509d6e352bf91dc9efd0b63e"><tt>3fa2b79</tt></a> Added Xiaomi social connector (credit <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/u0x01/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/u0x01">@u0x01</a> ).</li> <li><a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/logto-io/logto/commit/3004ae9a63bef90328bc525c19f185d7ac3839d5/hovercard" href="https://github.com/logto-io/logto/commit/3004ae9a63bef90328bc525c19f185d7ac3839d5"><tt>3004ae9</tt></a> Added YunPian SMS connector (credit <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/u0x01/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/u0x01">@u0x01</a> ).</li> </ul> <h2>Bug fixes</h2> <ul> <li><a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/logto-io/logto/commit/2178589507992c13289c1f5ff941feed6b4599f0/hovercard" href="https://github.com/logto-io/logto/commit/2178589507992c13289c1f5ff941feed6b4599f0"><tt>2178589</tt></a> Fixed the CLI command for fetching official connectors by updating the npm registry API integration.</li> </ul> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/tunnel@0.2.3 2025-01-02T04:11:52Z <p>@logto/tunnel@0.2.3</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/phrases@1.16.0 2025-01-02T04:11:52Z <p>@logto/phrases@1.16.0</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/integration-tests@1.11.0 2025-01-02T04:11:51Z <p>@logto/integration-tests@1.11.0</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/experience-legacy@1.11.0 2025-01-02T04:11:51Z <p>@logto/experience-legacy@1.11.0</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/experience@1.11.0 2025-01-02T04:11:51Z <p>@logto/experience@1.11.0</p> silverhand-bot tag:github.com,2008:Repository/378310716/@logto/core-kit@2.5.2 2025-01-02T04:11:52Z <p>@logto/core-kit@2.5.2</p> silverhand-bot