English
  • release
  • email blocklist
  • qq connector

Logto product updates

πŸŽ‰ Introducing our May release: Email blocklist policy, improved phone number handling, QQ social connector, and more updates!

Yijun
Yijun
Developer

Stop wasting weeks on user auth
Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.
Get started
Product screenshot

Email blocklist policy

We've introduced a comprehensive email blocklist policy system with a dedicated settings page in the Logto console's Security section. This new feature provides granular control over which email addresses can be used for sign-up and account linking.

With this new policy, you can:

  • Customize email restrictions through a flexible blocklist system
  • Prevent sign-ups or account linking with specific email addresses or domains
  • Control email subaddressing (e.g., '[email protected]')

Refer to documentation for more details.

Phone number validation and normalization

We've improved phone number handling to ensure consistent format validation and storage:

  • Added proper handling for phone numbers with leading zeros in national format
    • Normalizes numbers like +61 (0)2 1234 5678 to +61 2 1234 5678
    • Users can sign in with either format (with or without leading zero)
    • Existing accounts can still use their original phone number format
  • Implemented stricter phone number format validation in database
  • Fixed phone number format inconsistencies (GitHub issue #7371)

QQ social connector

We've expanded our social sign-in options by introducing a new QQ social connector specifically designed for web applications, enabling seamless QQ account integration for your users.

OIDC connector

We've updated our OIDC connector configuration to make the userinfo_endpoint field optional. The system now intelligently handles user data extraction based on available endpoints, providing a more flexible authentication solution while maintaining OIDC specification compliance.

This update enables:

  • Seamless integration with Azure AD B2C SSO applications
  • Automatic fallback to id_token claims when userinfo_endpoint is unavailable
  • Full compatibility with standard OIDC providers
  • Removal of integration barriers for non-standard OIDC implementations

Improvements

  • Enhanced translation key synchronization to handle empty files during sync process, eliminating manual intervention needs
  • Upgraded to gpt-4.1 as the default translation model for better cost-efficiency
  • Improved CAPTCHA configuration visibility in console with persistent toggle display
  • Updated CAPTCHA settings navigation to /security/captcha

Bug fixes

  • Added missing CAPTCHA box to identifier sign in form