authgear-server releases

Highlights

Fraud Protection in the Portal (alpha). A new Fraud Protection screen lets you block abuse on signup and login flows without writing code. This is an alpha release behind a feature flag, enabled for selected projects only.

Site Admin Portal. A new site-wide admin view for monitoring usage and managing projects across your Authgear deployment.

Other changes

• AuthUI translation overrides for the account selector and magic-link verification pages can now reference {AppName} and {ClientName}.
• Email alerts when a project hits its SMS usage limit.
• The Portal's Add User screen now uses the standard country-code phone input.
• Fixed: OTP form double-submitting on fast typing in Safari.
• Fixed: stale Admin API documentation link in the Portal.

Highlights

• Usage alerts for project owners. Set soft limits on your Authgear usage and get alerted before you hit a hard cap. When a threshold is crossed, Authgear emails the project owner and fires a usage.alert.triggered webhook. Catch runaway SMS, email, or MAU costs before they become billing surprises.
• Authflow session-scoped cooldowns. Cooldowns on OTP retries used to reset when users changed the target phone number or email mid-flow. Now the cooldown sticks to the whole authflow session. Closes a real abuse vector.
• Non-ASCII sender names in custom SMTP. Custom SMTP now accepts sender names in Chinese, Japanese, and other non-Latin scripts.
• Smaller portal improvements. Clearer social login setup flow. The Endpoint field now shows up for OIDC and SAML app types, not just OAuth.