Releases: curveball/a12n-server
Releases · curveball/a12n-server
v0.12.3
v0.12.1
v0.12.0
- Added a
/privilegesendpoint to easily find out what kind of privileges
are used in the system. - The server now has an
adminprivilege, which is required to create new
users or find information about other users. - Users that are not yet marked
activenow show up in the/users
collection, but still can't log in. - The session cookie now uses
SameSite: Lax, which means that users will see
login screens less often.
v0.11.2
- Support for the
/.well-known/change-passwordendpoint, as defined in
RFC8615. - Fixed a bug that could cause the TOTP field to not be rendered, even if it's
required. - Fixed a bug where users weren't getting activated using the "Create user"
form.
v0.11.1
v0.11.0
- Support for a new user type: 'group'. Groups can contain users and will in a
future release allow roles to be created with privileges that can be applied
to entire groups. - TOTP can now be set to 'required', 'optional' and 'disabled' via a server-
wide flag. - OAuth2 access, refresh and authorization code expiry times are now
configurable. - Better design for notifications vs. error messages.
- It's now possible for an admin to create new users via an API or form.
- It's now possible to authenticate with the a12nserver via a Bearer token,
allowing clients to directly call a12nserver APIs. - The OAuth2 login flow now also shows the lost password and registration
links, if they were enabled.
v0.10.2
v0.10.1
v0.10.0
- Added a 'lost password' feature that uses email for validating using
accounts. - The audit log now tracks the 'User agent'.
- Better autocomplete hints on the login and registration form for password
managers.