pocket-id-pocket-id-1/CHANGELOG.md

(2025-08-27)

Features

• redesigned sidebar with administrative dropdown (#881) (096d214)

Bug Fixes

• apps showed multiple times if user is in multiple groups (641bbc9)

(2025-08-24)

Bug Fixes

• sqlite migration drops allowed user groups (d6d1a4c)

(2025-08-24)

Features

• support automatic db migration rollbacks (#874) (c114a2e)

Bug Fixes

• don't force uuid for client id in postgres (2ffc6ba)
• ensure SQLite has a writable temporary directory (#876) (1f3550c)
• sort order incorrect for apps when using postgres (d0392d2)

(2025-08-24)

Bug Fixes

• migration clears allowed users groups (5971bfb)
• wrong column type for reauthentication tokens in Postgres (#869) (1283314)

(2025-08-23)

Features

• add option to OIDC client to require re-authentication (#747) (0cb039d)
• allow custom client IDs (#864) (a5efb95)
• display all accessible oidc clients in the dashboard (#832) (3188e92)
• login code font change (#851) (d28bfac)
• signup: add default user groups and claims for new users (#812) (182d809)

Bug Fixes

• authorization can't be revoked (0aab3f3)
• delete webauthn session after login to prevent replay attacks (fe003b9)
• deps: bump rollup from 4.45.3 to 4.46.3 (#845) (b5e6371)
• enable foreign key check for sqlite (#863) (625f235)
• ferated identities can't be cleared (24e2742)
• for one-time access tokens and signup tokens, pass TTLs instead of absolute expiration date (#855) (7ab0fd3)
• ignore client secret if client is public (#836) (7b1f6b8)
• move audit log call before TX is committed (#854) (9339e88)
• non admin users can't revoke oidc client but see edit link (0e44f24)
• oidc client advanced options color (fc0c99a)

(2025-08-10)

Features

• add robots.txt to block indexing (#806) (06e1656)
• add support for code_challenge_methods_supported (#794) (d479817)
• Support OTel and JSON for logs (via log/slog) (#760) (78266e3)
• support reading secret env vars from _FILE (#799) (0a3b1c6)
• user application dashboard (#727) (484c2f6)

Bug Fixes

• admins can not delete or disable their own account (f0c144c)
• authorization animation not working (9ac5d51)
• custom claims input suggestions instantly close after opening (4d59e72)
• delete WebAuthn registration session after use (#783) (c8478d7)
• set input type 'email' for email-based login (#776) (d541c9a)

(2025-07-21)

Bug Fixes

• migration fails on postgres (#762) (35d5f88)

(2025-07-21)

Bug Fixes

• allow passkey names up to 50 characters (b03e91b)
• ensure user inputs are normalized (#724) (7b4ccd1)
• show rename and delete buttons for passkeys without hovering over the row (2952b15)
• use object-contain for images on oidc-client list (d3bc179)
• use user-agent for identifying known device signins (ef1d599)

(2025-07-09)

Bug Fixes

• ensure confirmation dialog shows on top of other components (f103a54)
• login failures on Postgres when IP is null (#737) (e1de593)

(2025-07-06)

Features

• add "key-rotate" command (#709) (8c8fc23)
• add support for OAuth 2.0 Authorization Server Issuer Identification (bf04256)
• distroless container additional variant + healthcheck command (#716) (1a41b05)
• encrypt private keys saved on disk and in database (#682) (5550729)
• enhance language selection message and add translation contribution link (be52660)

Bug Fixes

• actually fix linter issues (#720) (7fe83f8)
• add missing error check in initial user setup (fceb6fa)
• allow profile picture update even if "allow own account edit" enabled (9872608)
• app config forms not updating with latest values (#696) (92c57ad)
• auth fails when client IP is empty on Postgres (#695) (031181a)
• custom claims input suggestions flickering (49f1ab2)
• keep sidebar in settings sticky (e46f60a)
• linter issues (#719) (43f0114)
• show friendly name in user group selection (5c9e504)
• support non UTF-8 LDAP IDs (#714) (8131579)
• token introspection authentication not handled correctly (#704) (aefb308)

(2025-06-27)

Features

• improve initial admin creation workflow (287314f)
• redact sensitive app config variables if set with env variable (ba61cdb)
• self-service user signup (#672) (dcd1ae9)

Bug Fixes

• double double full stops for certain error messages (d070b9a)
• error page flickering after sign out (1a77bd9)
• improve accent color picker disabled state (d976bf5)
• less noisy logging for certain GET requests (#681) (043f82a)
• margin of user sign up description (052ac00)
• remove duplicate request logging (#678) (988c425)
• users can't be updated by admin if self account editing is disabled (29cb551)

(2025-06-22)

Bug Fixes

• app not starting if UI config is disabled and Postgres is used (7d36bda)

(2025-06-19)

Features

• allow setting unix socket mode (#661) (7677a3d)
• auto-focus on the login buttons (#647) (d679530)
• configurable local ipv6 ranges for audit log (#657) (d548523)
• location filter for global audit log (#662) (ac5a121)
• ui accent colors (#643) (883877a)
• use icon instead of text on application image update hover state (215531d)

Bug Fixes

• allow images with uppercase file extension (1bcb50e)
• center oidc client images if they are smaller than the box (946c534)
• explicitly cache images to prevent unexpected behavior (2e5d268)
• reduce duration of animations on login and signin page (#648) (d770448)
• use inline style for dynamic background image URL instead of Tailwind class (bef77ac)

(2025-06-09)

Bug Fixes

• change timestamp of client_credentials.sql migration (2935236)

(2025-06-09)

Features

• add API endpoint for user authorized clients (d217083)
• add unix socket support (#615) (035b2c0)
• allow introspection and device code endpoints to use Federated Client Credentials (#640) (b62b61f)
• JWT bearer assertions for client authentication (#566) (05bfe00)
• new color theme for the UI (97f7326)
• oidc client data preview (#624) (c111b79)

Bug Fixes

• don't load app config and user on every route change (bdcef60)
• misleading text for disable animations option (657a51f)
• OIDC client image can't be deleted (61b62d4)
• UI config overridden by env variables don't apply on first start (5e9096e)
• use full width for audit log filters (575b2f7)

(2025-06-03)

Features

• auto detect callback url (#583) (20d3f78)

Bug Fixes

• allow users to update their locale even when own account update disabled (6c00aaa)
• clear default app config variables from database (decf8ec)
• don't use TOFU for logout callback URLs (#588) (256f74d)
• fallback to primary language if no translation available for specific country (2440379)
• improve spacing on auth screens (04fcf11)
• page scrolls up on form submisssion (31ad904)
• run jobs at interval instead of specific time (#585) (6d6dc66)
• show LAN for auditlog location for internal networks (b874681)
• small fixes in analytics_job (#582) (3d402fc)
• whitelist authorization header for CORS (b9489b5)

(2025-05-28)

Features

• add daily heartbeat request for counting Pocket ID instances (#578) (e0ec607)
• require user verification for passkey sign in (68e4b67)
• show allowed group count on oidc client list (#567) (38d7ee4)

Bug Fixes

• run user group count inside a transaction (f03b80f)
• use ldapAttributeUserUsername for finding group members (#565) (f66e8e8)

(2025-05-24)

⚠ BREAKING CHANGES

• serve the static frontend trough the backend (#520)
• remove old DB env variables, and jwk migrations logic (#529)

Features

• improve buttons styling (c37386f)

Bug Fixes

• add back month and year selection for date picker (6c35570)
• animation speed set to max of 300ms (c726c16)
• authorize page doesn't load (c3a03db)
• custom logo not correctly loaded if UI configuration is disabled (bf710ae)
• ldap tests (4dc0b2f)
• remove curly bracket from user group URL (5fa15f6)
• remove nested button in user group list (f57c8d3)
• show correct app name on sign out page (131f470)
• trim whitespaces from string inputs (059073d)
• use pointer cursor for menu items (f820fc8)
• use same color as title for description in alert (e19b33f)

Code Refactoring

• remove old DB env variables, and jwk migrations logic (#529) (f115425)
• serve the static frontend trough the backend (#520) (f8a7467)

(2025-05-08)

Features

• add support for TZ environment variable (5e2e947)

Bug Fixes

• handle CORS correctly for endpoints that SPAs need (#513) (63a0c08)

(2025-05-06)

Features

• add healthz endpoint (#494) (3c87e4e)
• OpenTelemetry tracing and metrics (#262) (#495) (6f54ee5)

Bug Fixes

• correctly set script permissions inside Docker container (c55fef0)

(2025-05-03)

Bug Fixes

• allow LDAP users to update their locale (0b9cbf4)
• last name still showing as required on account form (#492) (cf3fe0b)
• non admin users weren't able to call the end session endpoint (6bd6cef)

(2025-04-28)

Features

• new login code card position for mobile devices (#452) (02cacba)

Bug Fixes

• do not require PKCE for public clients (ce24372)
• hide global audit log switch for non admin users (1efd1d1)
• return correct error message if user isn't authorized (86d2b5f)
• updating scopes of an authorized client fails with Postgres (0a24ab8)

(2025-04-27)

Features

• device authorization endpoint (#270) (22f7d64)
• make family name optional (#476) (630327c)

Bug Fixes

• do not override XDG_DATA_HOME/XDG_CONFIG_HOME if they are already set (#472) (22725d3)
• pass context to methods that were missing it (#487) (4c33793)
• prevent deadlock when trying to delete LDAP users (#471) (270c303)
• rootless Caddy data and configuration (#470) (76b753f)

(2025-04-20)

Features

• add ability to disable API key expiration email (9122e75)
• add ability to send login code via email (#457) (fe1c4b1)
• add description to callback URL inputs (eb689eb)
• send email to user when api key expires within 7 days (#451) (26f01f2)

Bug Fixes

• disable animations not respected on authorize and logout page (e571996)
• hide alternative sign in button if user is already authenticated (4e05b82)
• locale change in dropdown doesn't work on first try (60bad9e)
• remove limit of 20 callback URLs (c37a3e0)

(2025-04-18)

Features

• add gif support for logo and background image (56a8b5d)
• disable/enable users (#437) (c843a60)

Bug Fixes

• add "type" as reserved claim (0111a58)
• callback URL doesn't get rejected if it starts with a different string (f0dce41)
• profile picture empty for users without first or last name (#449) (5a6dfd9)
• user querying fails on global audit log page with Postgres (84f1d5c)

(2025-04-16)

Features

• add qrcode representation of one time link (#424) (#436) (abf17f6)
• disable animations setting toggle (#442) (b45cf68)

Bug Fixes

• define token type as claim for better client compatibility (adf7458)

(2025-04-13)

Features

• global audit log (#320) (b65e693)
• implement token introspection (#405) (7e5d16b)
• modernize ui (#381) (9881a1d)
• onboarding: Added button when you don't have a passkey added. (#426) (72061ba)

Bug Fixes

• add missing rollback for LDAP sync (658a9ca)
• create reusable default profile pictures (#406) (734c681)
• ensure file descriptors are closed + other bugs (#413) (2f76461)
• ensure indexes on audit_logs table (#415) (9e88926)
• ignore profile picture cache after profile picture gets updated (4ba6893)
• improve LDAP error handling (#425) (796bc7e)
• use transactions when operations involve multiple database queries (#392) (ec626ee)
• use UUID for temporary file names (ccc18d7)

Performance Improvements

• run async operations in parallel in server load functions (1762629)

(2025-03-29)

Features

• add support for ECDSA and EdDSA keys (#359) (96876a9)

Bug Fixes

• ldap users aren't deleted if removed from ldap server (7e65827)
• use value receiver for AuditLogData (cbd1bbd)
• use WAL for SQLite by default and set busy_timeout (#388) (519d58d)

(2025-03-25)

Features

• add OIDC refresh_token support (#325) (b8dcda8)

Bug Fixes

• hash the refresh token in the DB (security) (#379) (8c96381)
• skip ldap objects without a valid unique id (#376) (cdfe816)
• stop container if Caddy, the frontend or the backend fails (e6f5019)

(2025-03-20)

Bug Fixes

• wrong base locale causes crash (3120ebf)

(2025-03-20)

Features

• add support for translations (#349) (269b5a3)
• passkeys: name new passkeys based on agguids (#332) (041c565)

(2025-03-18)

Bug Fixes

• kid not added to JWTs (f7e36a4)

(2025-03-18)

Features

• store keys as JWK on disk (#339) (a7c9741)

(2025-03-18)

Features

• profile-picture: allow reset of profile picture (#355) (8f14618)

Bug Fixes

• own avatar not loading (#351) (0423d35)

(2025-03-16)

Bug Fixes

• API keys not working if sqlite is used (8ead0be)
• caching for own profile picture (e45d9e9)
• email logo icon displaying too big (#336) (b483e2e)
• emails are considered as medium spam by rspamd (#337) (39b7f66)
• Fixes and performance improvements in utils package (#331) (348192b)
• remove custom claim key restrictions (9f28503)

(2025-03-13)

Features

• allow setting path where keys are stored (#327) (7b654c6)

Bug Fixes

• docker: missing write permissions on scripts (ec4b41a)

(2025-03-11)

Features

• api key authentication (#291) (62915d8)

Bug Fixes

• alternative login method link on mobile (9ef2ddf)

(2025-03-10)

Features

• add env variable to disable update check (31198fe)

Bug Fixes

• redirection not correctly if signing in with email code (e5ec264)
• typo in account settings (#307) (c822192)

(2025-03-10)

Features

• account: add ability to sign in with login code (#271) (eb1426e)
• increase default item count per page (a9713cf)

Bug Fixes

• add back setup page (6a8dd84)
• add timeout to update check (04efc36)
• make sorting consistent around tables (8e344f1)

(2025-03-06)

Features

• display groups on the account page (#296) (0f14a93)
• enable sd_notify support (#277) (91f254c)

Bug Fixes

• default sorting on tables (#299) (ff34e3b)

(2025-03-03)

Bug Fixes

• support LOGIN authentication method for SMTP (#292) (2d733fc)

(2025-03-03)

Bug Fixes

• profile picture orientation if image is rotated with EXIF (1026ee4)

(2025-03-01)

Bug Fixes

• add groups scope and claim to well known endpoint (4bafee4)
• profile picture of other user can't be updated (#273) (ef25f6b)
• support POST for OIDC userinfo endpoint (1652cc6)

(2025-02-25)

Bug Fixes

• add option to manually select SMTP TLS method (#268) (01a9de0)
• ldap: sync error if LDAP user collides with an existing user (fde951b)

(2025-02-24)

Bug Fixes

• delete profile picture if user gets deleted (9a167d4)
• updating profile picture of other user updates own profile picture (887c5e4)

(2025-02-22)

Bug Fixes

• add validation that PUBLIC_APP_URL can't contain a path (a6ae7ae)
• binary profile picture can't be imported from LDAP (840a672)

(2025-02-19)

Features

• add ability to upload a profile picture (#244) (652ee6a)

Bug Fixes

• app config strings starting with a number are parsed incorrectly (816c198)
• emails do not get rendered correctly in Gmail (dca9e7a)

(2025-02-16)

Features

• add LDAP group membership attribute (#236) (39b46e9)

(2025-02-14)

Features

• add end session endpoint (#232) (7550333)

Bug Fixes

• alignment of OIDC client details (c3980d3)
• layout of OIDC client details page on mobile (3de1301)
• show "Sync Now" and "Test Email" button even if UI config is disabled (4d0fff8)

(2025-02-13)

Features

• add ability to set custom Geolite DB URL (2071d00)

(2025-02-12)

Features

• add ability to override the UI configuration with environment variables (4e85842)
• add warning for only having one passkey configured (#220) (39e403d)
• display source in user and group table (#225) (9ed2adb)

Bug Fixes

• user linking in ldap group sync (#222) (2d78349)

(2025-02-08)

Features

• add custom ldap search filters (#216) (626f87d)
• update host configuration to allow external access (#218) (bea1158)

(2025-02-05)

Features

• add JSON support in custom claims (15cde6a)
• add option to disable Caddy in the Docker container (e864d5d)

(2025-02-04)

Bug Fixes

• don't return error page if version info fetching failed (d06257e)

(2025-02-03)

Features

• allow LDAP users and groups to be deleted if LDAP gets disabled (9ab1787)
• map allowed groups to OIDC clients (#202) (13b02a0)

Bug Fixes

• caddy: trusted_proxies for IPv6 enabled hosts (#189) (37a835b)
• missing user service dependency (61e71ad)
• non LDAP user group can't be updated after update (ecd74b7)
• use cursor pointer on clickable elements (7798580)

(2025-01-27)

Bug Fixes

• smtp hello for tls connections (#180) (781ff7a)

(2025-01-24)

Bug Fixes

• add __HOST prefix to cookies (#175) (164ce6a)
• send hostname derived from PUBLIC_APP_URL with SMTP EHLO command (397544c)
• use OS hostname for SMTP EHLO message (47c39f6)

(2025-01-22)

Features

• display private IP ranges correctly in audit log (#139) (72923bb)

Bug Fixes

• add save changes dialog before sending test email (#165) (d02f475)
• ensure the downloaded GeoLite2 DB is not corrupted & prevent RW race condition (#138) (f7710f2)

(2025-01-20)

Features

• support wildcard callback URLs (8a1db0c)

Bug Fixes

• non LDAP users get created with a empty LDAP ID string (3f02d08)

(2025-01-19)

Bug Fixes

• disable account details inputs if user is imported from LDAP (a8b9d60)

(2025-01-19)

Features

• add LDAP sync (#106) (5101b14)
• allow sign in with email (#100) (06b90ed)
• automatically authorize client if signed in (d5dd118)

Bug Fixes

• always set secure on cookie (#130) (fda08ac)
• don't panic if LDAP sync fails on startup (e284e35)
• improve spacing of checkboxes on application configuration page (090eca2)
• search input not displayed if response hasn't any items (05a98eb)
• session duration ignored in cookie expiration (bc8f454)

(2025-01-13)

Bug Fixes

• audit log table overflow if row data is long (4d337a2)
• optional arguments not working with create-one-time-access-token.sh (8885571)
• remove restrictive validation for group names (be6e25a)

(2025-01-11)

Features

• add sorting for tables (fd69830)

Bug Fixes

• pkce state not correctly reflected in oidc client info (61d18a9)
• send test email to the user that has requested it (a649c4b)

(2025-01-03)

Features

• add PKCE for non public clients (adcf3dd)
• use same table component for OIDC client list as all other lists (2d31fc2)

(2025-01-01)

Features

• add warning if passkeys missing (2d0bd8d)

Bug Fixes

• allow first and last name of user to be between 1 and 50 characters (1ff20ca)
• hash in callback url is incorrectly appended (f6f2736)
• make user validation consistent between pages (333a1a1)
• passkey can't be added if PUBLIC_APP_URL includes a port (0729ce9)

(2024-12-17)

Features

• improve error state design for login page (0716c38)

Bug Fixes

• OIDC client logo gets removed if other properties get updated (789d939)

(2024-12-13)

Bug Fixes

• create-one-time-access-token.sh script not compatible with postgres (34e3519)
• wrong date time datatype used for read operations with Postgres (bad901e)

(2024-12-12)

Features

• add support for Postgres database provider (#79) (9d20a98)

(2024-11-29)

Features

• geolite: add Tailscale IP detection with CGNAT range check (#77) (edce3d3)

(2024-11-28)

Features

• add option to disable TLS for email sending (f9fa2c6)
• allow empty user and password in SMTP configuration (a9f4dad)

Bug Fixes

• email save toast shows two times (f2bfc73)

(2024-11-26)

⚠ BREAKING CHANGES

• add option to specify the Max Mind license key for the Geolite2 db

Features

• add option to specify the Max Mind license key for the Geolite2 db (fcf08a4)

Bug Fixes

• don't try to create a new user if the Docker user is not root (#71) (0e95e9c)

(2024-11-24)

Features

• add health check (058084e)
• improve error message for invalid callback url (f637a89)

(2024-11-21)

Features

• add option to skip TLS certificate check and ability to send test email (653d948)
• add PKCE support (3613ac2)

Bug Fixes

• mobile layout overflow on application configuration page (e784093)

(2024-11-11)

Features

• add audit log event for one time access token sign in (aca2240)

Bug Fixes

• overflow of pagination control on mobile (de45398)
• time displayed incorrectly in audit log (3d3fb4d)

(2024-11-01)

Features

• add list empty indicator (becfc00)

Bug Fixes

• errors in middleware do not abort the request (376d747)
• typo in Self-Account Editing description (5b9f4d7)

(2024-10-31)

Features

• add ability to define expiration of one time link (2ccabf8)

(2024-10-28)

Features

• add option to disable self-account editing (8304065)
• add validation to custom claim input (7bfc3f4)
• custom claims (#53) (c056089)

(2024-10-25)

Features

• add email_verified claim (5565f60)

Bug Fixes

• powered by link text color in light mode (18c5103)

(2024-10-23)

Features

• add script for creating one time access token (a1985ce)
• add version information to footer and update link if new update is available (70ad0b4)

Bug Fixes

• cache version information for 3 hours (29d632c)
• improve text for initial admin account setup (0a07344)
• increase callback url count (f3f0e1d)
• no DTO was returned from exchange one time access token endpoint (824c5cb)

(2024-10-18)

Features

• add environment variable to change the caddy port in Docker (ff06bf0)
• use improve table for users and audit logs (11ed661)

Bug Fixes

• allow copy to clipboard for client secret (29748cc)

(2024-10-11)

Bug Fixes

• add key id to JWK (282ff82)

(2024-10-04)

Features

• add location based on ip to the audit log (025378d)

(2024-10-03)

Bug Fixes

• initials don't get displayed if Gravatar avatar doesn't exist (e095628)

(2024-10-03)

⚠ BREAKING CHANGES

• add ability to set light and dark mode logo

Features

• add ability to set light and dark mode logo (be45eed)

(2024-10-02)

Features

• add copy to clipboard option for OIDC client information (f82020c)
• add gravatar profile picture integration (365734e)
• add user groups (24c948e)

Bug Fixes

• only return user groups if it is explicitly requested (a4a90a1)

(2024-09-26)

Bug Fixes

• add space to "Firstname" and "Lastname" label (#31) (d6a9bb4)
• port environment variables get ignored in caddyfile (3c67765)

(2024-09-19)

Bug Fixes

• updated application name doesn't apply to webauthn credential (924bb14)

(2024-09-16)

Features

• email: improve email templating (#27) (64cf562)

Bug Fixes

• debounce oidc client and user search (9c2848d)

(2024-09-09)

Features

• add audit log with email notification (#26) (9121239)

(2024-09-06)

Features

• add name claim to userinfo endpoint and id token (4e7574a)

Bug Fixes

• limit width of content on large screens (c6f83a5)
• show error message if error occurs while authorizing new client (8038a11)

(2024-09-03)

Features

• add setup details to oidc client details (fd21ce5)
• add support for more username formats (903b0b3)

Bug Fixes

• non pointer passed to create user (e7861df)
• oidc client logo not displayed on authorize page (28ed064)
• typo in hasLogo property of oidc dto (2b9413c)

(2024-08-24)

Bug Fixes

• empty lists don't get returned correctly from the api (97f7fc4)

(2024-08-23)

Features

• add support for multiple callback urls (8166e2e)

Bug Fixes

• db migration for multiple callback urls (552d7cc)

(2024-08-19)

Bug Fixes

• session duration can't be updated (4780548)

(2024-08-19)

Features

• add INTERNAL_BACKEND_URL env variable (0595d73)
• add user info endpoint to support more oidc clients (fdc1921)
• change default logo (9eec7a3)

(2024-08-13)

Bug Fixes

• add missing passkey flags to make icloud passkeys work (cc407e1)
• logo not white in dark mode (5749d05)

(2024-08-13)

Features

• add option to change session duration (475b932)

Bug Fixes

• a non admin user was able to make himself an admin (df0cd38)
• background image not loading (7b44189)
• background image on mobile (4a808c8)
• disable search engine indexing (8395492)

(2024-08-12)

Features

• add rounded corners to logo (bec908f)

Bug Fixes

• one time link not displayed correctly (486771f)

(2024-08-12)