Releases: puzed/darkauth
Release list
v1.26.0
DarkAuth v1.26.0 improves branding system architecture by exposing reusable UI components and refactoring the admin panel to eliminate duplication.
✨ Features
🎨 Shared Branding Surfaces
- Exposed reusable branding preview surfaces from user-ui through new
exports.tsentries - Added
AuthorizePageFramecomponent for consistent authorization page framing with branding support - Components now properly apply semantic branding tokens to authorization, dashboard, profile, and security settings
🔄 Admin UI Component Reuse
- Admin panel now reuses user-ui components for branding previews
- Eliminated duplicate branding preview CSS and implementation across packages
🛠 Improvements
📦 Architecture & Code Quality
- Reduced code duplication between admin-ui and user-ui branding systems
- Improved component abstraction with dedicated exports for branding preview surfaces
- Refactored branding preview system for better maintainability and separation of concerns
🧪 Tests
🧪 Test Coverage
- Added
BrandingPreviewShared.test.jsfor shared branding preview component testing - Updated admin-ui package test infrastructure with new test script
- Enhanced branding preview test suite in test-suite package
Docker
docker pull ghcr.io/puzed/darkauth:v1.26.0
v1.25.1
DarkAuth v1.25.1 brings enhanced branding capabilities, improved OAuth flexibility for organization-less clients, and important security and infrastructure improvements.
✨ Features
🎨 Branding & Customization
- Added semantic branding tokens system for consistent theming across admin and user interfaces
- Improved branding preview controls in the admin UI for better customization workflow
- Extended branding package integration throughout the platform
🔐 Authentication & OAuth
- Added support for organization-less OAuth clients with flexible configuration
- Implemented RP-initiated logout (endSession()) in the JavaScript client library
- Configured per-client organization selection settings for enhanced OAuth flexibility
🛠 Improvements
📱 User Experience
- Fixed organization picker visibility for organization-less clients
- Preserved scope input focus in admin UI for improved form interaction
- Enhanced client configuration flexibility
🐳 Infrastructure & DevOps
- Included branding package in Docker runtime image for complete feature support
- Optimized pnpm installation in Docker image build process
- Declared deploy upload dependency in CI configuration for reliable deployments
🐛 Fixes
🔒 Security & Dependencies
- Resolved Dependabot security alerts to maintain dependency safety
- Fixed CodeQL code scanning alerts for improved code quality
- Updated dependencies to latest secure versions
🔧 Technical Stability
- Fixed scope input focus preservation in admin form interactions
- Corrected organization picker rendering for orgless client configurations
- Resolved Docker build issues with pnpm scope targeting
Docker
docker pull ghcr.io/puzed/darkauth:v1.25.1
v1.25.0
This release introduces semantic branding tokens as a foundation for consistent theming across all user-facing surfaces, adds support for organization-less OAuth clients, and includes important security and infrastructure improvements.
✨ Features
🎨 Semantic Branding System
- Implemented comprehensive semantic CSS variables for all user-facing branding (--da-color-brand, --da-color-action, --da-color-danger, etc.) replacing direct color overrides
- Added branding preview controls in admin UI to configure and test semantic colors with live contrast checking
- Applied semantic tokens across authorization flows, admin UI, and user UI surfaces
🏢 Organization Selection Flexibility
- Added support for OAuth clients without organization requirement, allowing single-org deployments to skip organization selection flows
- Implemented configuration option to hide organization picker when only one org exists, reducing friction in non-multi-tenant contexts
🚪 Client-Initiated Logout
- Added
endSession()method to darkauth-client SDK enabling relying-party-initiated logout flows compliant with OpenID Connect specifications
🛠 Improvements
🎯 UI/UX Enhancements
- Redesigned organization selector styling to remove awkward radio button outlines and improve visual hierarchy of selected rows
- Enhanced branding preview for authorize flow with real branded header shell rendering
- Improved admin scope input focus preservation across re-renders
🔐 Federation & Security
- Hardened federation discovery boundaries to prevent configuration oversharing between federated instances
- Strengthened auth token handling security practices throughout SDK and API
📦 Infrastructure
- Fixed pnpm installation in Docker image build process for more reliable container deployments
🐛 Fixes
🔧 Security & Stability
- Resolved multiple Dependabot security alerts across workspace dependencies
- Fixed edge cases in semantic token application during theme transitions
- Corrected federation metadata validation logic
📝 Documentation
📖 SDK & Integration Guides
- Updated darkauth-client documentation to reflect new
endSession()capability for logout flows - Added configuration examples for organization-less client setups and branding customization
Docker
docker pull ghcr.io/puzed/darkauth:v1.25.0
v1.24.0
This release introduces support for organization-less OAuth clients, enabling clients to operate without requiring organization selection in the authentication flow.
✨ Features
🔐 Orgless OAuth Support
- Added support for OAuth clients to operate without requiring organization selection
- Implemented per-client organization selection configuration in admin interface
- Extended API authorization and token endpoints to handle orgless client flows
⚙️ Admin Interface
- Added organization selection configuration controls to client editor
- Integrated new settings with admin API service
🎨 User Experience
- Hid organization picker for clients configured as orgless
- Conditionally render organization selection based on client configuration
🐛 Fixes
👁️ UI Components
- Fixed organization picker visibility to respect client orgless configuration
Docker
docker pull ghcr.io/puzed/darkauth:v1.24.0
v1.23.1
This patch release addresses a UI focus issue and improves Docker build reliability.
🛠 Improvements
📦 Docker Build
- Fixed pnpm installation in Docker image build to ensure proper workspace dependencies
🐛 Fixes
🎯 Admin Interface
- Preserved scope input focus state during admin panel interactions
Docker
docker pull ghcr.io/puzed/darkauth:v1.23.1
v1.23.0
This release adds RP-initiated logout capabilities to the DarkAuth client, enabling compliant OpenID Connect session termination.
✨ Features
🔐 Session Management
- Added
endSession()method to DarkAuth client for RP-initiated logout - Clears local session state and initiates OpenID Connect end_session_endpoint flow
- Supports configurable endpoint resolution via
endSessionEndpointconfig or fallback to<issuer>/api/logout - Properly includes OIDC logout parameters: id_token_hint, post_logout_redirect_uri, client_id, and state
🧪 Tests
🔍 Client Testing
- Comprehensive unit tests for
endSession()functionality with 150+ lines of coverage - Tests validate endpoint resolution, parameter handling, and redirect behavior
📝 Documentation
📖 Updated Resources
- New documentation guide for OIDC RP-initiated logout flow
- Updated DarkAuth client README with
endSession()usage examples and integration patterns
Docker
docker pull ghcr.io/puzed/darkauth:v1.23.0
v1.22.2
This patch release addresses security hardening and CI/CD improvements.
🔐 Security
🛡️ Federation & Auth Token Handling
- Hardened federation discovery boundaries to prevent potential authorization bypass
- Strengthened auth token handling to improve session security
- Rejected unsafe SVG uploads for branding assets to prevent injection attacks
🔄 Token Storage
- Prefer localStorage token over memory in token mode for better persistence
🛠 Improvements
📦 Workspace & Tooling
- Switched workspace to pnpm for improved dependency management and faster installs
- Stabilized admin screenshot selects in CI/CD pipeline
- Repaired pnpm demo checks to ensure demo app builds correctly
🐳 Infrastructure
- Fixed Dockerfile to resolve deployment issues
🚀 CI/CD & Release
⚙️ Workflow Hardening
- Declared deploy upload dependency to prevent missing build artifacts
- Restricted workflow token permissions to follow principle of least privilege
- Declared pnpm test dependencies to ensure consistent test environment
📝 Documentation
📚 Post-Logout & Configuration
- Updated pnpm usage references across documentation
- Documented OIDC RP-initiated logout functionality
Docker
docker pull ghcr.io/puzed/darkauth:v1.22.2
v1.22.1
This release adds OIDC RP-initiated logout support and enhances organization switching capabilities with improved token handling and consent flows.
✨ Features
🔐 OIDC Logout
- Added OIDC RP-initiated logout end_session_endpoint
- Added RP-initiated logout confirmation and signed-out views
🏢 Organization Switching
- Added organization switching via access-token flow in SDK
- Added silent organization switching for seamless session transitions
- Added account organization switcher in user interface
📧 Account Management
- Added support for manual email verification in admin interface
🛠 Improvements
🏢 Organization Administration
- Refined organization admin flows in admin UI
- Aligned organization switching examples in SDK documentation
🐛 Fixes
🔐 Session & Token Management
- Preferred localStorage token over memory in token mode for client reliability
- Fixed organization switching with app token authentication
- Skipped repeat organization switch consent prompts
- Fixed SDK session refresh CORS support
🔒 Security & Access Control
- Enforced organization administrator role guard to prevent unauthorized admin removal
- Restricted organization switching to authorized access tokens
🌐 Network
- Fixed CORS configuration issues
🧪 Tests
📋 Coverage Expansion
- Covered RP-initiated logout end_session_endpoint functionality
📝 Documentation
🔐 OIDC & Logout
- Documented OIDC RP-initiated logout implementation
- Documented post-logout redirect URI allowlist configuration
🏢 Organization Management
- Documented app token organization switching path and patterns
Docker
docker pull ghcr.io/puzed/darkauth:v1.22.1
v1.22.0
This release adds OIDC RP-initiated logout support and improves organization switching with app tokens.
✨ Features
🔐 OIDC Logout
- Added OIDC RP-initiated logout end_session_endpoint for standardized logout flows
- Implemented logout confirmation view in user interface with signed-out confirmation screen
🏢 Organization Management
- Enabled organization switching via access-token flow for app-based integrations
- Added support for app access tokens in organization switch APIs
🛠 Improvements
📋 Redirect URI Management
- Documented post-logout redirect URI allowlist configuration for OIDC logout flows
- Enhanced logout flow documentation for admin interface
🧪 Tests
✅ API Coverage
- Added comprehensive test coverage for RP-initiated logout end_session_endpoint
📝 Documentation
📚 OIDC Configuration
- Documented OIDC RP-initiated logout implementation and usage
- Added examples for organization switching with app tokens
Docker
docker pull ghcr.io/puzed/darkauth:v1.22.0
v1.21.0
v1.21.0 introduces app token organization switching capabilities and strengthens security controls around organization management APIs.
✨ Features
🔐 Organization Management
- Added support for switching organizations via app access token flow in the SDK, enabling programmatic organization switching without user interaction
🛠 Improvements
📚 Documentation
- Enhanced documentation for app token organization switching flow to guide developers on implementing token-based organization switches
🐛 Fixes
🔑 API Security
- Enforced requirement for app access tokens on organization switch APIs to prevent unauthorized organization switching attempts
Docker
docker pull ghcr.io/puzed/darkauth:v1.21.0