Logto Cloud now passes all SOC 2 checks from the compliance automation platform. We've scheduled a SOC 2 Type I audit and are working towards a SOC 2 Type II audit.
JWT access tokens can now be customized with additional claims using custom JavaScript code snippets. This feature is useful when you need to include custom data in the token for compatibility with other systems.
To use this feature, navigate to the "Custom JWT" tab in the Console. Both user and machine-to-machine (M2M) tokens can be customized.
Before deploying the changes, you can use the "Run test" button to see how the token will look with the custom claims.
See 🎫 Custom JWT claims for more information.
In Logto Cloud, every custom JWT code run is in an isolated serverless environment. This ensures the custom code does not interfere with the rest of the Logto services and users.
In the open-source version, the code for custom JWT will run in the same environment as the rest of the Logto code. Be careful when adding custom code to the JWT, as it can introduce security vulnerabilities.
You can now assign permissions (scopes) from the API resources to organization roles. Like other permissions in the organization template, these permissions are organization-level, meaning that they only apply to a specific organization.
https://shopping.api/.
read
and write
.admin
and user
.admin
role has both read
and write
scopes; the user
role has only the read
scope.admin
role in the organization foo
, and the user
role in the organization bar
.When Alice tries to exchange an organization token for the https://shopping.api/
resource, she will receive a token with scopes based on which organization she is requesting the token for.
For the foo
organization, Alice will receive a token with both read
and write
scopes. For the bar
organization, she will receive a token with only the read
scope.
See 🏢 Organizations (Multi-tenancy) for a comprehensive introduction to organizations.
Organizational API resources can also be used when configuring permissions for third-party apps. User will be prompted to select an organization when configuring permissions for a third-party app.
Now you can save additional data associated with the organization with the organization-level customData
field by:
customData
field when using organization Management APIs.Added Hugging Face connector.
GitHub connector now has the user:email
as part of default scope to fetch GitHub account's private email address list.
Removed the plus sign in front of the phone number in the feishu connector (#5801). Credit @kamto7.
client_secret_basic
and client_secret_jwt
client authentication methods for the token endpoint.resource
parameter as some libraries do not support array of resources.GET /api/organizations/:id/users/:userId/scopes
).zh-cn
phrases in OIDC consent page (#5606). Credit @the-pawn-2017.Источник: dev.to
Наш сайт является информационным посредником. Сообщить о нарушении авторских прав.