v0.24.1

Bump version 0.24.0 → 0.24.1

Bug fixes

• Fix CORS configuration for /api and /.well-known routes that was not working on tenant with a prefix.

Telemetry

To help us improve the project, we've added telemetry features so that we know how many Fief servers are running in the wild.

You can opt-out by setting the environment variable TELEMETRY_ENABLED to False.

Read more about what we collect and how here: https://docs.fief.dev/telemetry

v0.24.0

Bump version 0.23.2 → 0.24.0

New features and improvements

• User account management: users now have access to pages where they can update their profile and passwords
  • It's accessible from the root URL of your tenant, e.g. https://example.fief.dev or https://example.fief.dev/tenant
• Login page now remember the last login method used:
  • If the user authenticated with an email, it'll be pre-filled
  • If the user authenticated with an OAuth Provider, it'll be shown at the top with a small badge
  • You can force this from your app using the login_hint parameter when redirecting to /authorize. [Documentation]

Bug fixes

• Fix #165: bug preventing users from registering when you an optional user field was setup without default (date, datetime, phone number and address)

v0.23.2

Bump version 0.23.1 → 0.23.2

Bug fixes and improvements

• Fix #155: OpenAPI schema of Admin API is now compliant and should be usable with client generators
• Fix #157: clearly show an error when something goes wrong after OAuth Provider callback
• Add ability to delete Users, Clients and Tenants from admin dashboard
• New Admin API endpoints to:
  • GET single objects
  • DELETE User
  • DELETE Client
  • DELETE Tenant

v0.23.1

Bump version 0.23.0 → 0.23.1

Bug fixes

• Ensure worker tasks close the DB connection after finishing.
• Fix bug that caused permissions and role assignation to fail.
• Fix user fields not available in user.created webhook event.

v0.23.0

Bump version 0.22.2 → 0.23.0

New features and improvements

• Webhooks ⚡️ Your app can now be notified about important events happening in your Fief's workspace so you can implement clever workflows! [Documentation]
• Private IP addresses, like 192.168.1.1 are now allowed as Client Redirect URI, even without HTTPS. Thanks @zfei 🎉

Localization

• Chinese (simplified) is now available for authentication pages 🇨🇳 All credits to @zfei 🎉

v0.22.2

Bump version 0.22.1 → 0.22.2

Bug fixes

• Fix a bug preventing listing pages and API from working with SQLite databases.

Improvements

• Chinese (simplified) zh_CN localization added for authentication pages. Thanks @zfei 🚀
• OpenAPI documentation improvements for Admin API.
• Generated JWT now include the kid used to sign/encrypt them.

v0.22.1

Bump version 0.22.0 → 0.22.1

Improvements

• Migrate to SQLAlchemy 2
• Bump FastAPI to 0.92.0 (fix DOS vulnerability)

v0.22.0

Bump version 0.21.0 → 0.22.0

New features and improvements

• Lifetime of access tokens, refresh tokens and authorization codes can now be customized per client. [Documentation]
• Add created_at and updated_at columns in Users table.
• Add HTML titles to admin dashboard pages.
• Bump dependencies

Bug fixes

• Add missing cookies environment variables in Quickstart command generated by CLI
• Fix permissions policy security header
• Fix theme preview not working because of CSRF

v0.21.0

Bump version 0.20.1 → 0.21.0

New features

• UI themes: you can now customize the look and feel of authentication pages.

  • ⚠ If you have a self-hosting instance, make sure to run the following command after upgrading to bootstrap the theme:

  fief workspaces init-themes

• Tenant logos: you can now set your own logo that will appear on authentication pages.

• Locale setting: you can now set manually the locale of the user on authentication pages.

Bug fixes

• Fix #130: locales were being cached between requests, leading in the wrong language displayed

Security

• Critical: last version broke security restrictions access on admin dashboard, leading to potential unauthorized access to the dashboard.
  • If you have a self-hosted instance published on the web, update immediately.
  • Cloud version is already patched, you have nothing to do.
• Add common security headers to HTTP responses.

v0.20.1

Bump version 0.20.0 → 0.20.1

Bug fixes

• Fix roles and permissions select combobox in admin dashboard.