DEV Community

Cover image for Logto v1.0.0-rc.0: User auth with RBAC
gao-sun for Logto

Posted on • Edited on

Logto v1.0.0-rc.0: User auth with RBAC

Logto is an open-source auth solution with comprehensive features and modern dev experience.


Please welcome our first release candidate! Logto is just a few steps away from general availability.

🔒 Role-Based Access Control

We are excited to introduce our latest addition to our product, Role-Based Access Control (RBAC). This powerful feature gives administrators the ability to assign specific roles and permissions to users, ensuring they only have access to the resources and functions they need to do their job.

With RBAC, administrators can:

  • Define permissions across APIs
  • Create custom roles with specific permissions
  • Assign roles to users and manage their roles
  • Easily manage and update permissions
  • Securely validate permissions to protect APIs

Logto takes a major step forward in security and control with easy access management and authorization of sensitive info, ensuring only authorized users have the right to access. This aligns with our vision to provide an open-source identity solution with features for authentication and authorization, and packed with all the features you need.

Note
If you are using Logto SDKs, please upgrade to the latest version to take advantage of RBAC.

Check out our RBAC recipe for a step-by-step guide. Give it a try and let us know what you think!

🏄 Streamlined social sign-in flow

💡 Logto now detects a trusted email (or phone number) from the social account during social sign-in.

  • If the email (or phone number) has been registered: Automatically connect the social identity to the existing user account with a single click.
  • If the email (or phone number) is not registered: Automatically sync the user profile with the social-provided email (or phone number) if and only if it is marked as a required user profile.

🔢 Send and verify verification codes via Management API

The new Management APIs allow you to reuse connectors to dynamically send and verify verification codes for various purposes, such as validating identity before a user updates their profile or performs a dangerous action.

  • Call /api/verification-code to send verification code to a given email or phone
  • Call /api/verification-code/verify to verify the code against a given email or phone

↩️ Rollback database alteration state

In case of any issues with the database, you can now use the logto db alteration rollback [target] command to roll back all database schemas to a previous version, for example logto db alteration rollback v1.0.0-beta.19.

Top comments (0)