Logto product updates

🎉 Introducing our August release: Collect user profile at signup, PBKDF2 legacy password support, Thai localization, and a new HTTP SMS connector!

Charles

Developer

8/29/2025less than a minute read

Stop wasting weeks on user auth

Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.

Get started

logto-changelog-2025-08-28

Collect user profile at registration

You can now collect user profile information on the last step of the end-user registration flow.

This lets you extend the basic sign-up form with built-in or custom fields so you can immediately capture attributes you need (e.g. name, gender, birthdate, address, custom preferences) before the new user finishes onboarding.

How to enable

Go to Console > Sign-in Experience > Collect user profile.
Add fields:
- Use built-in basics (Name, Gender, Birthdate, Address, …), or
- Create custom fields (choose type, label, validation rules, required, etc.).
Drag & drop to reorder; the order matches the rendered form.
Preview or test by signing up a new user (e.g. in the demo app). A "Tell us about yourself" step appears.
Registration completes only after all required fields are filled.

Refer to the documentation for more details.

PBKDF2 support for legacy password verification

We added PBKDF2 (Password-Based Key Derivation Function 2) support to legacy password verification. This improves compatibility when migrating users whose passwords were originally hashed using PBKDF2. (Credit @karerckor)

Example payload for a migrated user:

Arguments inside the PBKDF2 tuple:

salt: user-defined salt value
iterations: number of iterations (e.g. 1000)
keylen: derived key length (e.g. 20)
digest: hash algorithm (e.g. sha512)
@: placeholder for the input password

Refer to the documentation for more details.

New HTTP SMS connector

A new generic HTTP SMS connector is introduced (@logto/connector-http-sms). It allows sending SMS messages via any provider that exposes an HTTP-based API by configuring request method, URL, headers, body mapping, and success criteria. (Credit @michakfromparis)

Use it when a dedicated built-in SMS connector is not yet available for your provider.

Thai language support

Added Thai translations for both Logto Console and the sign-in experience. This improves localization coverage for Thai-speaking users.

Security updates and vulnerability fixes

New Contributors

@karerckor made their first contribution in https://github.com/logto-io/logto/pull/7585
@michakfromparis made their first contribution in https://github.com/logto-io/logto/pull/7510
@hussamelvani made their first contribution in https://github.com/logto-io/logto/pull/7721

Collect user profile at registration#

How to enable#

PBKDF2 support for legacy password verification#

New HTTP SMS connector#

Thai language support#

Security updates and vulnerability fixes#

New Contributors#