logo

Authlete 3.0 Release Notes - April 2025

Table of Contents

Overview

This minor update introduces changes for Authlete 3.0. This new version was made available on April 10th (Thu).

New Features & Improvements

API response improvements

Implemented feature to return request ID in API response.

Management Console

Audit logs status filter

Added a feature to filter audit log events by status (Success or Failure).

Invitation error message fix

Fixed an issue where error messages would not display correctly when failing to accept an invitation.

Console search UI improvements

Moved consoled search bar to a more noticeable place in the UI.

Organization search fix

Fixed an issue where the search function in the organization dropdown would not return the expected results.

Service search fix

Fixed an issue where the search function in the service and client pages would not return the expected results.

PageHeader cleanup

Removed redundant information from PageHeader component.

JWK Set fix

Updated Placeholder for Authorization Server JWK Set and fixed JSON formatting.

Console crash fix

Fixed an issue where the console would crash whenever a user without a last name would try to log in.

Revoke invitation improvements

Updated console logic to use the newly created revoke API endpoint to revoke sent invitations and log it as separate event in the audit logs.

IdP

Minor bug fixes

  • The incorrect section is highlighted in the UI sidebar
  • The admin dashboard does not return to the login screen when the user is logged out
  • Fixed an issue where the AuditEventInterceptor would throw an NPE error whenever the Spring session is null.
  • Fixed an issue where failed audit events are not logged if the exception is a generic runtime exception.
  • Fixed an issue where the GitHub social login did not work whenever the user has either no first name or last name.
  • Fixed unhandled error whenever the user tries to attach the same domain to multiple OIDC configurations.
  • Fixed an issue where user agents exceeding the 256 characters limit would prevent audit logs to be saved.
  • Fixed an issue where API servers without service would unexpectedly log out the user.
  • Fixed an NPE that would happen whenever the token update response from the server does not contain an action field.

Audit logs update

  • Updated audit logs behavior so that they only return events from current members of the organization.
  • Added audit log events for granting and removing admin privileges from a user.

Admin dashboard improvements

Improved the overall UI for the admin dashboard.

Invitation revoke endpoint

Implemented new API endpoint to revoke user invitations.

Encryption secret behavior improvement

Updated encryption secret behavior so that its initialization is delayed until it is actually needed.

Specs support

N/A

Bug fixes

Audience values validation fix

Fixed an issue where strict validation of audience values in client assertion would not behave as expected.

Audience claim fix

Fixed an issue where specifying the resources parameter in a token creation request would not reflect its value in the aud claim.

StringIndexOutOfBoundException handling fix

Fixed an issue where URI processing would not handle StringIndexOutOfBoundException correctly.

Trust anchors update fix

Fixed an issue where updated trust anchors were not showing in the response from the /service/update API.

Missing PosgreSQL changelog fix

Fixed an issue where DATABASECHANGELOG table would be missing with PostgreSQL.

Redirect URI NPE fix

Fixed an NPE that would happen whenever the redirect URI is not provided in incoming fapi 2 requests.

Service GET endpoint fix

Fixed an issue where the GET /service/get endpoint would not correctly return the list of authorization servers

Other

N/A