Logto product updates

It's time for a new Logto release! This update brings customizable MFA prompt policies, relaxed redirect URI restrictions for better real-world application support, and new social and SMS connectors contributed by our community.

Yijun

Developer

1/2/2025less than a minute read

Stop wasting weeks on user auth

Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.

Get started

Customizable MFA prompt policy

We're excited to introduce customizable MFA prompt policies in the Console. This new feature offers two main configuration options:

For Require MFA:

When enabled, users must set up MFA during sign-in with no option to skip. Users who fail to set up MFA or delete their settings will be locked out until MFA is configured
When disabled, users can skip the MFA setup during sign-up or sign-in

With Require MFA disabled, you can further customize the MFA setup prompt:

No MFA setup prompts
One-time, skippable prompt during registration (matching the previous UserControlled policy)
One-time, skippable prompt during the first sign-in after registration

Relaxed Redirect URI restrictions

While we've always followed OAuth2.0 and OIDC best practices, we understand the real-world challenges with third-party services and operating systems like Windows. We've now relaxed our redirect URI restrictions to support:

Combined native and HTTP(S) redirect URIs (e.g., https://example.com/ for native apps)
Native schemes without periods (e.g., myapp://callback)

The Logto Console will display clear warnings when these URIs are used. This update maintains backward compatibility with existing applications.

New connectors

Our connector ecosystem continues to grow with two new additions:

Xiaomi social connector (credit: @u0x01)
YunPian SMS connector (credit: @u0x01)

Bug fixes

We've resolved an issue with the CLI command for fetching official connectors by updating the npm registry API integration.

Customizable MFA prompt policy#

Relaxed Redirect URI restrictions#

New connectors#

Bug fixes#

Customizable MFA prompt policy#

Relaxed Redirect URI restrictions#

New connectors#

Bug fixes#

Customizable MFA prompt policy

Relaxed Redirect URI restrictions

New connectors

Bug fixes

Customizable MFA prompt policy

Relaxed Redirect URI restrictions

New connectors

Bug fixes