Logto product update: Logto as IdP, Protected App, and a lot of new guides
Logto as an identity provider
From now, you can use Logto as an third-party OpenID Connect identity provider by creating an OIDC third party app during the application creating process.
This enables you to configure the permissions that the app requests and the branding for each third party app. When users sign in via this app, it will prompt for user consent:
This feature is useful for multiple scenarios, such as integrating third party services with Logto for in-house identity management, providing an open platform for developers creating third party apps, etc. See 🌐 Logto as an Identity Provider (IdP) to learn more.
Protected App
The Protected App is designed to eliminate the complexity of SDK integrations by separating the authentication layer from your application. With two input fields, you can create a secure and ultra fast authentication experience for your users.
This process is visualized in the following flowchart:
One of the best parts of Protected App is that it uses the same OpenID Connect protocol as other Logto applications. Under the hood, it is treated as a "traditional web" application, so it can seamlessly transit to a regular Logto application when needed. See 🔐 Protected App for more information.
Protected App will be open sourced soon.
Application guides
We've added a lot of new guides for different frameworks and libraries:
Please check them out and let us know if you have any feedback or suggestions!
Other improvements
- Upgrade TypeScript to 5.3.3.
- Use Node v20 LTS.
Work in progress
We are working on the following features:
- Customizable access token claims (JWT)
- API resource for organizations
- Use Logto as a SAML identity provider