Logto
In progress
🔰
Captcha support
Add reCAPTCHA / Cloudflare Turnstile / hCaptcha for bot protection.
18
🪄
Magic link
One-time token for organization member invitation, user invitation, password recovering, etc.
2
♻️
Customize sign-in lockout policy
Customize the policy to provisionally lock accounts after multiple failed sing-ins to prevent brute force access.
0
Planned
✍️
Profile fulfillment
Collect mandatory and optional profile fields during user registration.
35
🎨
Account center elements
A set of framework-agnostic web components that can interact with Account API.
24
🔐
Passkey as a first authentication factor
Then no password is required for sign-in.
24
✨
Multiple custom domains
Support multiple custom domains and render different sign-in experience brandings according to the domain.
20
🚫
Block disposable email registration
Reject any sign-up attempts using a disposable email address to prevent spam and improve user quality.
18
🛡️
Adaptive MFA
Trigger MFA according to the current risk level, e.g. a new device.
15
🎩
Dev to Pro plan production tenant
Duplicate dev tenant configurations (connectors, roles, resources, etc.) to a new production tenant.
13
🔢
Authentication policy
Customize policies to control authentication, such as username rules, IP blacklist / whitelist, verification code expiration, etc.
12
🔗
Redirect URI wildcards
Support for wildcard patterns in redirect URIs to improve authentication for dynamic environments like preview deployments.
8
🧰
Typed library for Management API
Provide typed libraries for services (e.g., Node.js) to use Logto Management API.
2
🧓
Friendly "continue" prompt
Simplify wording when no matching account is found during sign-in experience.
2
☁️
Allow concurrent Google Workspace and social login
Option to allow both Google Workspace and Google social logins for the same account.
1
✉️
Registration from forgot password
Directly register via forgot password instead of prompting for another round of verification.
1
🔏
Unverified SSO email verification
Allow verification code flow for SSO-provided unverified emails.
1
🚀
Account APIs for MFA
Allow end users to update, delete, and verify MFA via Account APIs.
1
🎛️
Session management
Managing user sessions with multi-device session tracking, session controls, etc.
0
Backlog
🔌
API authentication
Authenticate users via API. No redirect needed.
21
🖨️
Support device flow
Support RFC 8628: OAuth 2.0 Device Authorization Grant.
14
🛰️
Sign-in experience elements
A set of framework-agnostic web components that can interact with Experience API.
11
📄
RBAC as code
Allow to use code-based configuration to provision role-based access control, for example, a YAML file.
10
🚀
Logto Management API key
6
🌺
Organization portal
An out-of-the-box solution that allows org admins to manage identities, organization profiles, and set up enterprise SSO themselves.
6
⛵
Attribute-based access control (ABAC)
4
🚀
SCIM API
System for cross-domain identity management APIs.
2
🖲️
Support CIBA flow
Support Client Initiated Backchannel Authentication (CIBA) Flow.
1
🧟♀️
Restrict user sign-ins to a specific app within a multi-app product
Block users at the login stage if they come from a specific app. This will essentially enable app-level authentication (beyond just branding).
0
🫧
RFC 9396: OAuth 2.0 Rich Authorization Requests
Implement RFC 9396 and provide some useful feature around it.
0
Powered by Productlane
Powered by Productlane
