UniAuth.ID
Product changelog

What's new in UniAuth

A detailed history of every feature, improvement, and fix shipped to the platform. Subscribe to stay up to date.

v2.8.0April 10, 2026

Adaptive consent and enrollment policies

  • NewAdaptive consent flow that adjusts scope requests based on user trust tier
  • NewEnrollment policy engine for step-up authentication requirements
  • ImprovedConsent screen now shows human-readable scope descriptions with data previews
  • FixedConsent revocation no longer leaves orphaned refresh tokens
v2.7.0March 18, 2026

SCIM org-binding and bulk operations

  • NewSCIM provisioning tokens scoped to individual organizations
  • NewBulk user import from JSON with dry-run preview mode
  • ImprovedSCIM group membership sync now handles nested groups
  • ImprovedBulk operations endpoint supports up to 10,000 resources per request
  • FixedSCIM PATCH replace op on multi-valued attributes overwrites correctly
v2.6.0February 22, 2026

Post-quantum session signatures (ML-DSA-44)

  • NewEvery session now carries an ML-DSA-44 (FIPS 204) digital signature
  • NewML-KEM-768 key encapsulation infrastructure for future key rotation
  • ImprovedSession fingerprint verification moved from middleware to touchSession() for accuracy
  • FixedPQC key initialization no longer blocks cold-start instrumentation hook
v2.5.0January 30, 2026

Passkey Conditional UI and social 2FA enforcement

  • NewConditional UI (passkey autofill) support on the login page
  • NewMandatory 2FA on every federated social sign-in (Google, GitHub)
  • ImprovedWebAuthn attestation upgraded to direct mode for enterprise auditing
  • FixedPasskey registration on Safari no longer fails with AbortError on rapid re-attempts
  • FixedSocial login PKCE code_verifier correctly cleared from metadata after exchange
v2.4.0December 15, 2025

Dynamic client registration and DPoP

  • NewRFC 7591 dynamic client registration with admin, authenticated, and open policies
  • NewDPoP proof-of-possession (RFC 9449) for access tokens
  • ImprovedToken exchange (RFC 8693) now supports scope narrowing across client boundaries
  • FixedRefresh token rotation replay detection no longer false-positives on network retries
v2.3.0November 8, 2025

SAML 2.0 IdP with pairwise NameID

  • NewFull SAML 2.0 Identity Provider: SSO, SLO, signed assertions, metadata endpoint
  • NewPairwise subject identifiers for SAML NameID values (same privacy model as OIDC)
  • ImprovedXML parsing hardened against decompression bombs and XXE injection
  • FixedSAML Destination attribute validation now rejects mismatched ACS URLs
v2.2.0October 1, 2025

Tamper-proof audit trail and config export

  • NewHash-chained audit events with actor binding and integrity verification
  • NewFull system config export/import as JSON with dry-run preview
  • ImprovedAudit event categories expanded: auth, admin, oauth, scim, system
  • ImprovedConfig import uses ON CONFLICT upserts for safe merge mode
  • FixedAudit log pagination no longer skips events on exact page boundaries
v2.1.0September 5, 2025

Adaptive threat detection and conditional access

  • NewStatistical login risk scoring across 6 factors with automatic step-up 2FA
  • NewConditional access policies with IP allowlist/blocklist and geo-blocking
  • ImprovedProgressive account lockout now applies equally to password, passkey, and magic-link flows
  • FixedThreat detection baseline no longer resets when user clears activity logs

Stay in the loop

Follow our roadmap to see what's coming next, or get in touch to request a feature.