v1.23.1

This patch release addresses a UI focus issue and improves Docker build reliability.

🛠 Improvements

📦 Docker Build

• Fixed pnpm installation in Docker image build to ensure proper workspace dependencies

🐛 Fixes

🎯 Admin Interface

• Preserved scope input focus state during admin panel interactions

Docker

docker pull ghcr.io/puzed/darkauth:v1.23.1

v1.23.0

This release adds RP-initiated logout capabilities to the DarkAuth client, enabling compliant OpenID Connect session termination.

✨ Features

🔐 Session Management

• Added endSession() method to DarkAuth client for RP-initiated logout
• Clears local session state and initiates OpenID Connect end_session_endpoint flow
• Supports configurable endpoint resolution via endSessionEndpoint config or fallback to <issuer>/api/logout
• Properly includes OIDC logout parameters: id_token_hint, post_logout_redirect_uri, client_id, and state

🧪 Tests

🔍 Client Testing

• Comprehensive unit tests for endSession() functionality with 150+ lines of coverage
• Tests validate endpoint resolution, parameter handling, and redirect behavior

📝 Documentation

📖 Updated Resources

• New documentation guide for OIDC RP-initiated logout flow
• Updated DarkAuth client README with endSession() usage examples and integration patterns

Docker

docker pull ghcr.io/puzed/darkauth:v1.23.0

v1.22.2

This patch release addresses security hardening and CI/CD improvements.

🔐 Security

🛡️ Federation & Auth Token Handling

• Hardened federation discovery boundaries to prevent potential authorization bypass
• Strengthened auth token handling to improve session security
• Rejected unsafe SVG uploads for branding assets to prevent injection attacks

🔄 Token Storage

• Prefer localStorage token over memory in token mode for better persistence

🛠 Improvements

📦 Workspace & Tooling

• Switched workspace to pnpm for improved dependency management and faster installs
• Stabilized admin screenshot selects in CI/CD pipeline
• Repaired pnpm demo checks to ensure demo app builds correctly

🐳 Infrastructure

• Fixed Dockerfile to resolve deployment issues

🚀 CI/CD & Release

⚙️ Workflow Hardening

• Declared deploy upload dependency to prevent missing build artifacts
• Restricted workflow token permissions to follow principle of least privilege
• Declared pnpm test dependencies to ensure consistent test environment

📝 Documentation

📚 Post-Logout & Configuration

• Updated pnpm usage references across documentation
• Documented OIDC RP-initiated logout functionality

Docker

docker pull ghcr.io/puzed/darkauth:v1.22.2

v1.22.1

This release adds OIDC RP-initiated logout support and enhances organization switching capabilities with improved token handling and consent flows.

✨ Features

🔐 OIDC Logout

• Added OIDC RP-initiated logout end_session_endpoint
• Added RP-initiated logout confirmation and signed-out views

🏢 Organization Switching

• Added organization switching via access-token flow in SDK
• Added silent organization switching for seamless session transitions
• Added account organization switcher in user interface

📧 Account Management

• Added support for manual email verification in admin interface

🛠 Improvements

🏢 Organization Administration

• Refined organization admin flows in admin UI
• Aligned organization switching examples in SDK documentation

🐛 Fixes

🔐 Session & Token Management

• Preferred localStorage token over memory in token mode for client reliability
• Fixed organization switching with app token authentication
• Skipped repeat organization switch consent prompts
• Fixed SDK session refresh CORS support

🔒 Security & Access Control

• Enforced organization administrator role guard to prevent unauthorized admin removal
• Restricted organization switching to authorized access tokens

🌐 Network

• Fixed CORS configuration issues

🧪 Tests

📋 Coverage Expansion

• Covered RP-initiated logout end_session_endpoint functionality

📝 Documentation

🔐 OIDC & Logout

• Documented OIDC RP-initiated logout implementation
• Documented post-logout redirect URI allowlist configuration

🏢 Organization Management

• Documented app token organization switching path and patterns

Docker

docker pull ghcr.io/puzed/darkauth:v1.22.1

v1.22.0

This release adds OIDC RP-initiated logout support and improves organization switching with app tokens.

✨ Features

🔐 OIDC Logout

• Added OIDC RP-initiated logout end_session_endpoint for standardized logout flows
• Implemented logout confirmation view in user interface with signed-out confirmation screen

🏢 Organization Management

• Enabled organization switching via access-token flow for app-based integrations
• Added support for app access tokens in organization switch APIs

🛠 Improvements

📋 Redirect URI Management

• Documented post-logout redirect URI allowlist configuration for OIDC logout flows
• Enhanced logout flow documentation for admin interface

🧪 Tests

✅ API Coverage

• Added comprehensive test coverage for RP-initiated logout end_session_endpoint

📝 Documentation

📚 OIDC Configuration

• Documented OIDC RP-initiated logout implementation and usage
• Added examples for organization switching with app tokens

Docker

docker pull ghcr.io/puzed/darkauth:v1.22.0

v1.21.0

v1.21.0 introduces app token organization switching capabilities and strengthens security controls around organization management APIs.

✨ Features

🔐 Organization Management

• Added support for switching organizations via app access token flow in the SDK, enabling programmatic organization switching without user interaction

🛠 Improvements

📚 Documentation

• Enhanced documentation for app token organization switching flow to guide developers on implementing token-based organization switches

🐛 Fixes

🔑 API Security

• Enforced requirement for app access tokens on organization switch APIs to prevent unauthorized organization switching attempts

Docker

docker pull ghcr.io/puzed/darkauth:v1.21.0

v1.20.3

This release introduces comprehensive organization switching capabilities, completes user key management features, and refines the user portal experience.

✨ Features

🏢 Organization Management

• Added silent session organization switching via SDK for seamless tenant transitions
• Implemented app token support for programmatic organization switching
• Added account organization switcher in user portal for manual tenant selection

🔐 Key Management

• Implemented passkey credential management with unlock flows
• Added complete key delivery metadata exposure in client API
• Completed trusted browser unlock flow with WebAuthn integration
• Added self-service key unlock UI with passkey support

📋 Account & Portal

• Implemented self-service account profile updates
• Redesigned user portal navigation with simplified security settings
• Expanded branding portal previews in admin interface
• Added manual email verification support in admin flows

🎨 Branding & Marketing

• Added screenshot gallery to brochureware
• Refined documentation visuals and styling
• Added admin branding asset management

🌐 Standards & Documentation

• Added OAuth metadata endpoints for .well-known compliance
• Launched standalone documentation site
• Aligned SDK examples with organization switching patterns

🛠 Improvements

🔗 Integration Refinements

• Refined organization admin flows in admin interface
• Enhanced organization enterprise schema and session handling
• Improved trusted device approval security hardening

📦 Infrastructure

• Split pull request workflow checks for better CI/CD performance
• Enhanced Playwright browser installation and configuration
• Improved screenshot workflow stabilization with timeout configuration

🐛 Fixes

🏢 Organization Features

• Fixed repeat consent flow during organization switching
• Prevented removal of last organization administrator role
• Enforced organization-aware OTP policy consistently
• Fixed CORS handling for SDK session refresh during org switches
• Allowed authorization during organization switching

🔐 Security & Key Management

• Hardened trusted device approvals process
• Fixed passkey PRF salt decoding in UI
• Included client key scope in client lists
• Honored forced OTP status in UI

🖥️ UI/UX

• Fixed key unlock action layout wrapping
• Showed trusted device unlock request action properly
• Synced DarkAuth favicons across interfaces

🔄 CI/CD & Testing

• Refreshed screenshots with site deployment updates
• Fixed login selector issues in screenshot tests
• Stabilized OTP authentication screenshot flows

🧪 Tests

✅ Coverage

• Covered user key management journeys end-to-end
• Added key management guardrails coverage
• Disambiguated federation preview assertions
• Isolated install token lifecycle state

📸 Infrastructure

• Updated portal screenshot flows for redesigned routes
• Stabilized screenshot CI and documentation flows
• Closed screenshot servers cleanly with proper teardown

📝 Documentation

📚 Specifications

• Completed user key management specification
• Updated trusted device unlock flow documentation
• Covered key management security changes
• Aligned SDK organization switching examples

Docker

docker pull ghcr.io/puzed/darkauth:v1.20.3

v1.20.2

This patch release improves organization switching behavior by skipping repeat consent when switching to an organization the session already covers.

🐛 Fixes

🔄 Organization Switching

• Skipped repeat organization switch consent when session already covers the client and scopes
• Fixed CORS support for session organization endpoint to restrict cross-origin requests

🔐 Authorization Flow

• Removed automatic consent re-prompt when switching to an organization with existing session coverage
• Updated SDK default organization switching mode from "silent" to "authorize" for consistency

Docker

docker pull ghcr.io/puzed/darkauth:v1.20.2

Docker

docker pull ghcr.io/puzed/darkauth:v1.20.2

v1.20.1

DarkAuth v1.20.1 includes a critical fix for session organization endpoint CORS support.

🐛 Fixes

🔐 CORS Configuration

Fixed CORS policy to properly allow the session organization endpoint for registered public single-page application origins.

Docker

docker pull ghcr.io/puzed/darkauth:v1.20.1

v1.20.0

This release improves organization switching behavior and documentation for SDK users.

✨ Features

🔄 Organization Switching

• Added support for silently switching session organization without user interaction

📝 Documentation

📚 SDK Examples

• Aligned organization switching examples to reflect current best practices

Docker

docker pull ghcr.io/puzed/darkauth:v1.20.0