Logto
In progress
🚫
Security: disposable email/sign-in lockout/hide existence
16
🔰
Captcha support
Add reCAPTCHA / Cloudflare Turnstile / hCaptcha for bot protection.
14
🎩
Dev to Pro plan production tenant
Duplicate dev tenant configurations (connectors, roles, resources, etc.) to a new production tenant.
10
🪄
Magic link
One-time token for organization member invitation, user invitation, password recovering, etc.
2
🗾
Sign-up capability improvement
Multiple sign-up identifiers (e.g., email & username) and other improvements
1
Planned
✍️
Profile fulfillment
Collect mandatory and optional profile fields during user registration.
33
🎨
Account center elements
A set of framework-agnostic web components that can interact with Account API.
24
🔐
Passkey as a first authentication factor
Then no password is required for sign-in.
22
✨
Multiple custom domains
Support multiple custom domains and render different sign-in experience brandings according to the domain.
18
🔢
Authentication policy
Customize policies to control authentication, such as username rules, IP blacklist / whitelist, verification code expiration, etc.
12
🛡️
Adaptive MFA
Trigger MFA according to the current risk level, e.g. a new device.
12
🔗
Redirect URI wildcards
Support for wildcard patterns in redirect URIs to improve authentication for dynamic environments like preview deployments.
3
🧓
Friendly "continue" prompt
Simplify wording when no matching account is found during sign-in experience.
2
☁️
Allow concurrent Google Workspace and social login
Option to allow both Google Workspace and Google social logins for the same account.
1
🧰
Typed library for Management API
Provide typed libraries for services (e.g., Node.js) to use Logto Management API.
1
✉️
Registration from forgot password
Directly register via forgot password instead of prompting for another round of verification.
1
🔏
Unverified SSO email verification
Allow verification code flow for SSO-provided unverified emails.
1
♻️
Verification rate limit reset
Allow to reset sign-in verification lockouts.
0
🎛️
Session management
Managing user sessions with multi-device session tracking, session controls, etc.
0
Backlog
🔌
API authentication
Authenticate users via API. No redirect needed.
21
🖨️
Support device flow
Support RFC 8628: OAuth 2.0 Device Authorization Grant.
13
🛰️
Sign-in experience elements
A set of framework-agnostic web components that can interact with Experience API.
11
📄
RBAC as code
Allow to use code-based configuration to provision role-based access control, for example, a YAML file.
10
🚀
Logto Management API key
6
🌺
Organization portal
An out-of-the-box solution that allows org admins to manage identities, organization profiles, and set up enterprise SSO themselves.
6
⛵
Attribute-based access control (ABAC)
4
🚀
SCIM API
System for cross-domain identity management APIs.
2
🖲️
Support CIBA flow
Support Client Initiated Backchannel Authentication (CIBA) Flow.
1
🧟♀️
Restrict user sign-ins to a specific app within a multi-app product
Block users at the login stage if they come from a specific app. This will essentially enable app-level authentication (beyond just branding).
0
🫧
RFC 9396: OAuth 2.0 Rich Authorization Requests
Implement RFC 9396 and provide some useful feature around it.
0
Submit feedback or ideas
Importance
low
medium
high
Send feedback
Powered by Productlane
Powered by Productlane
Terms
Privacy
