Logto
Logto
  • In Progress
  • Planned
  • Backlog
  • Completed

Feature requests

Discover our plans and suggest new improvements.
In Progress
πŸš€

Password reset with magic link

πŸ€

OAuth Client ID Metadata Documents

Planned
πŸš€

SCIM API

πŸš€

Guest mode: Anonymous access

Email allowlist

🀳

MFA: Trusted device

Account API audit logs

πŸ›‘οΈ

Adaptive MFA v2: Context-aware MFA rules

Customizable grant TTL per application

LDAP integration

M2M authentication IP allowlist

πŸ›‘οΈ

Granular Management API scopes for M2M applications

Password force reset policy

Allow setting both plaintext & HTML content for e-mail templates

Support extending refresh token TTL up to 1 year for SPA

Logto CLI

Support user search by custom data

Backlog
🎨

Account center elements

πŸ”Œ

API authentication

πŸ“„

RBAC as code

🌺

Organization portal

πŸ”’

Authentication policy

πŸ–₯️

Single sign-on application dashboard

Custom content blocks in sign-in experience

πŸš€

Logto Management API key

πŸ“ƒ

Support Dynamic Client Registration

⚑

Google One Tap for websites

➑️

Just-in-time user migration

πŸ›„

Custom claims for ID tokens

βŒ›

Unverified email/phone number

πŸ›‘οΈ

Support machine-to-machine access policy

βœ‰οΈ

Registration from forgot password

Country code restrictions for phone input

πŸ”

Unverified SSO email verification

πŸ“š

Support localization parameter in content URLs

Minimum age limit for sign-up

☁️

Allow concurrent Google Workspace and social login

i18n for custom content

πŸ‘οΈ

Customize account existence visibility

πŸ”–

Support Central Authentication Service protocol

Completed
πŸ”

Passkey as a first authentication factor

✍️

Profile fulfillment

πŸ‘€

Out-of-the-box account settings

πŸ›‘οΈ

Adaptive MFA

πŸ”—

Redirect URI wildcards

πŸ–¨οΈ

OAuth 2.0 device flow

πŸ”€

Username policies

✨

Multiple custom domains

πŸ”—

SAML IdP

πŸ§‘β€πŸš€

Account API

🚫

Block disposable email registration

πŸ”°

Captcha support

🎩

Dev to Pro plan production tenant

πŸšͺ

App-level access control

⏲️

Customize session TTL & concurrent grant limits

πŸ”–

Hide Logto branding

πŸͺ

User role change webhook event

πŸš€

Support WebAuthn for mobile SDK

πŸͺ„

Magic link

βœ‹

Prevent search engine indexing

πŸš€

Account API for MFA

🧰

Typed library for Management API

πŸš€

Account API for Passkey

πŸ“Ά

Connectors: Sync unverified email

πŸ—Ύ

Sign-up capability improvement

πŸ”

Add custom data to ID token

πŸ‘€

Account center: security & custom CSS

πŸ›ŽοΈ

Secret vault

🌏

Add `ui_locales` authentication parameter

🎨

Custom CSS per organization

πŸš€

Console UI for Account API

πŸ›°οΈ

Third-party app for SPA & Native

πŸ€–

Call third-party APIs with secret vault

♻️

Customize identifier lockout policy

🍎

Optional sign-up identifiers for social sign-in

IdP-initiated SAML SSO

🧡

WordPress plugin integration