DEV Community

Cover image for Logto v1.0.0-rc.0: User auth with RBAC
Logto profile image gao-sun
gao-sun for Logto

Posted on • Edited on

Logto v1.0.0-rc.0: User auth with RBAC

#showdev #webdev #opensource #node

Logto is an open-source auth solution with comprehensive features and modern dev experience.

Please welcome our first release candidate! Logto is just a few steps away from general availability.

🔒 Role-Based Access Control

We are excited to introduce our latest addition to our product, Role-Based Access Control (RBAC). This powerful feature gives administrators the ability to assign specific roles and permissions to users, ensuring they only have access to the resources and functions they need to do their job.

With RBAC, administrators can:

  • Define permissions across APIs
  • Create custom roles with specific permissions
  • Assign roles to users and manage their roles
  • Easily manage and update permissions
  • Securely validate permissions to protect APIs

Logto takes a major step forward in security and control with easy access management and authorization of sensitive info, ensuring only authorized users have the right to access. This aligns with our vision to provide an open-source identity solution with features for authentication and authorization, and packed with all the features you need.

Note
If you are using Logto SDKs, please upgrade to the latest version to take advantage of RBAC.

Check out our RBAC recipe for a step-by-step guide. Give it a try and let us know what you think!

🏄 Streamlined social sign-in flow

💡 Logto now detects a trusted email (or phone number) from the social account during social sign-in.

  • If the email (or phone number) has been registered: Automatically connect the social identity to the existing user account with a single click.
  • If the email (or phone number) is not registered: Automatically sync the user profile with the social-provided email (or phone number) if and only if it is marked as a required user profile.

🔢 Send and verify verification codes via Management API

The new Management APIs allow you to reuse connectors to dynamically send and verify verification codes for various purposes, such as validating identity before a user updates their profile or performs a dangerous action.

  • Call /api/verification-code to send verification code to a given email or phone
  • Call /api/verification-code/verify to verify the code against a given email or phone

↩️ Rollback database alteration state

In case of any issues with the database, you can now use the logto db alteration rollback [target] command to roll back all database schemas to a previous version, for example logto db alteration rollback v1.0.0-beta.19.

profile
Datadog
 Promoted

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

profile
Sentry
 Promoted

The best way to debug slow web pages cover image

The best way to debug slow web pages

Tools like Page Speed Insights and Google Lighthouse are great for providing advice for front end performance issues. But what these tools can’t do, is evaluate performance across your entire stack of distributed services and applications.

Watch video

Read next

dpc profile image

Daily JavaScript Challenge #JS-90: Generate Collatz Sequence

DPC -

ritvikdubey27 profile image

Most Introductory React Blog Ever

Ritvik Dubey -

varzoeaa profile image

The Art of Database Migrations in Laravel -- Common Mistakes

varzoeaa -

yasserelgammal profile image

Different ways to use where() in Laravel

Yasser Elgammal -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay