Download Latest Version
logto.tar.gz (106.7 MB)
Get an email when there's a new version of Logto
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| logto.tar.gz | 2023-10-08 | 115.1 MB | |
| README.md | 2023-10-08 | 2.6 kB | |
| Totals: 2 Items | 115.1 MB | 0 | |
New feature: machine-to-machine role-based access control
Role-based access control (RBAC) now extends to machine-to-machine apps. This update allows you to effectively manage permissions for your machine-to-machine apps using the same approach for user authorization.
Note If you have switched on the "Enable admin access" toggle for machine-to-machine apps, it has been retired in favor of a new "Management API access" role; if you haven't enabled it, a new role with Management API permissions is needed to access the Logto Management API. See 🚝 Interact with Management API to learn more.
Starting today, when you create a new role, you can select either a "user role" or a "machine-to-machine app role" by expanding more options. All existing roles have automatically been converted to "user roles".
Constraints
- After creating a role, you cannot modify its type.
- The Logto Management API resource can only be accessed by machine-to-machine application roles.
Management API updates
### Added APIs **Applications** - `POST /applications/:appId/roles` assigns role(s) to the M2M application - `DELETE /applications/:appId/roles/:roleId` deletes the role from the M2M application - `GET /applications/:appId/roles` lists all roles assigned to the M2M application **Roles** - `POST /roles/:roleId/applications` assigns the role to multiple M2M applications - `DELETE /roles/:roleId/applications/:appId` removes the M2M application assigned to the role - `GET /roles/:roleId/applications` lists all M2M applications granted with the role ### Updated APIs **Roles** - `POST /roles` to specify the role type (either `user` or `machine-to-machine` role) **Users** - `POST /users/:userId/roles` to prevent assigning M2M roles to end-usersSupport roles scope for issuing the roles claim in ID tokens
When you include the roles in the scope parameter of the Logto SDK config (or manually append to the OpenID Connect auth request), the ID token will include a roles claim containing an array of the user's roles. This may resolve [#3411].
Security update
If an identifier (username, email, or phone number) experiences five authentication failures within an hour, it will be temporarily blocked from the authentication process for ten minutes.