v4.0.0

Tinyauth v4.0.0

It's been quite a long time, but I am thrilled to announce Tinyauth v4.0.0! It took some time, but it's was definitely worth the wait. The code-base has been significantly revamped with clean code, maintainability and extensibility in mind. Additionally a lot of new features have been added including support for multiple OAuth providers! The release has been extensively tested by the amazing users over in the Discord community and should have no issues (huge thanks to @Rycochet for helping review the code).

Warning

This is a breaking release, please follow the migration guide in the
documentation.

Note

This release includes a small heartbeat to help me get some insights on the user-base of Tinyauth. Only your version will be collected. Read more about it in the telemetry reference.

New Features

• SQLite database for storing sessions
• Warning in UI when current domain doesn't match configured one
• Trusted proxies configuration option (TRUSTED_PROXIES/--trusted-proxies)
• File server allowing you to serve static assets like the background image (RESOURCES_DIR/--resources-dir)
• Dash substitute for slash in IP labels allowing for CIDR usage in Kubernetes
• Ensure app URL is not in the public suffix list to avoid cookie issues
• Multiple OAuth providers
• Helm chart for Kubernetes deployments
• Health check command

Improvements

• App labels reworked to allow for cleaner ACL configuration
• Improved OAuth auto redirect flow for a more seamless redirection
• Continue screen refactored to a redirect handler removing the need to click extra buttons
• Autofocus TOTP form
• Set page title using APP_TITLE environment variable
• Add cache in the frontend for faster load times

Fixes

• Disable indexing in the login screen preventing it from appearing in search engines
• Do not allow authentication if Tinyauth fails to get the labels

Technical

• A large part of the code base has been rewritten aiming for cleaner, readable and maintainable code
• Reworked file structure for a better development experience
• Bump dependencies
• Update translations

If you face any issues please do let me know so I can fix them as soon as possible.

v4.0.0-rc.1

refactor: don't add tinyauth suffix to title

v4.0.0-beta.3

fix: do not allow request if docker labels check fail

v4.0.0-beta.2

chore(deps): bump the minor-patch group across 1 directory with 10 up…

v4.0.0-beta.1

New Crowdin updates (#278)

* New translations en.json (French)

* New translations en.json (Russian)

* New translations en.json (Chinese Simplified)

* New translations en.json (Ukrainian)

* New translations en.json (Chinese Simplified)

* New translations en.json (Swedish)

* New translations en.json (Swedish)

* New translations en.json (Russian)

* New translations en.json (Czech)

* New translations en.json (German)

* New translations en.json (German)

* New translations en.json (Romanian)

* New translations en.json (French)

* New translations en.json (Spanish)

* New translations en.json (Afrikaans)

* New translations en.json (Arabic)

* New translations en.json (Catalan)

* New translations en.json (Czech)

* New translations en.json (Danish)

* New translations en.json (German)

* New translations en.json (Greek)

* New translations en.json (Finnish)

* New translations en.json (Hebrew)

* New translations en.json (Hungarian)

* New translations en.json (Italian)

* New translations en.json (Japanese)

* New translations en.json (Korean)

* New translations en.json (Dutch)

* New translations en.json (Norwegian)

* New translations en.json (Polish)

* New translations en.json (Portuguese)

* New translations en.json (Russian)

* New translations en.json (Serbian (Cyrillic))

* New translations en.json (Swedish)

* New translations en.json (Turkish)

* New translations en.json (Ukrainian)

* New translations en.json (Chinese Simplified)

* New translations en.json (Chinese Traditional)

* New translations en.json (English)

* New translations en.json (Vietnamese)

* New translations en.json (Portuguese, Brazilian)

* New translations en.json (Romanian)

* New translations en.json (French)

* New translations en.json (Spanish)

* New translations en.json (Afrikaans)

* New translations en.json (Arabic)

* New translations en.json (Catalan)

* New translations en.json (Czech)

* New translations en.json (Danish)

* New translations en.json (German)

* New translations en.json (Greek)

* New translations en.json (Finnish)

* New translations en.json (Hebrew)

* New translations en.json (Hungarian)

* New translations en.json (Italian)

* New translations en.json (Japanese)

* New translations en.json (Korean)

* New translations en.json (Dutch)

* New translations en.json (Norwegian)

* New translations en.json (Polish)

* New translations en.json (Portuguese)

* New translations en.json (Russian)

* New translations en.json (Serbian (Cyrillic))

* New translations en.json (Swedish)

* New translations en.json (Turkish)

* New translations en.json (Ukrainian)

* New translations en.json (Chinese Simplified)

* New translations en.json (Chinese Traditional)

* New translations en.json (English)

* New translations en.json (Vietnamese)

* New translations en.json (Portuguese, Brazilian)

* New translations en.json (French)

* New translations en.json (Romanian)

* New translations en.json (French)

* New translations en.json (Spanish)

* New translations en.json (Afrikaans)

* New translations en.json (Arabic)

* New translations en.json (Catalan)

* New translations en.json (Czech)

* New translations en.json (Danish)

* New translations en.json (German)

* New translations en.json (Greek)

* New translations en.json (Finnish)

* New translations en.json (Hebrew)

* New translations en.json (Hungarian)

* New translations en.json (Italian)

* New translations en.json (Japanese)

* New translations en.json (Korean)

* New translations en.json (Dutch)

* New translations en.json (Norwegian)

* New translations en.json (Polish)

* New translations en.json (Portuguese)

* New translations en.json (Russian)

* New translations en.json (Serbian (Cyrillic))

* New translations en.json (Swedish)

* New translations en.json (Turkish)

* New translations en.json (Ukrainian)

* New translations en.json (Chinese Simplified)

* New translations en.json (Chinese Traditional)

* New translations en.json (English)

* New translations en.json (Vietnamese)

* New translations en.json (Portuguese, Brazilian)

* New translations en.json (Greek)

* New translations en.json (Polish)

* New translations en.json (Arabic)

* New translations en.json (French)

* New translations en.json (French)

* New translations en.json (Chinese Simplified)

* New translations en.json (Portuguese, Brazilian)

* New translations en.json (Russian)

* New translations en.json (Russian)

v4.0.0-alpha.2

fix: handle 201 status for heartbeat

v4.0.0-alpha.1

What's Changed

• chore(deps-dev): bump @vitejs/plugin-react from 4.6.0 to 4.7.0 in /frontend in the minor-patch group by @dependabot[bot] in #279
• chore(deps): bump oven/bun from 1.2.18-alpine to 1.2.19-alpine by @dependabot[bot] in #283
• chore(deps): bump the minor-patch group across 1 directory with 4 updates by @dependabot[bot] in #284
• chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible by @dependabot[bot] in #292
• chore(deps): bump the minor-patch group across 1 directory with 11 updates by @dependabot[bot] in #291
• chore(deps): bump github.com/cenkalti/backoff/v5 from 5.0.2 to 5.0.3 in the minor-patch group by @dependabot[bot] in #293
• chore(deps): bump the minor-patch group in /frontend with 5 updates by @dependabot[bot] in #294
• chore(deps): bump the minor-patch group in /frontend with 4 updates by @dependabot[bot] in #295
• chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 in the minor-patch group by @dependabot[bot] in #302
• chore(deps): bump the minor-patch group across 1 directory with 9 updates by @dependabot[bot] in #303
• Update whoami router name in docker-compose.example.yml to make it easier to understand by @mswillia in #317
• chore(deps): bump oven/bun from 1.2.19-alpine to 1.2.20-alpine by @dependabot[bot] in #308
• chore(deps-dev): bump @vitejs/plugin-react from 4.7.0 to 5.0.0 in /frontend by @dependabot[bot] in #309
• chore(deps): bump golang from 1.24-alpine3.21 to 1.25-alpine3.21 by @dependabot[bot] in #311
• refactor: rework file structure by @steveiliop56 in #325
• chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #322
• feat: add sqlite database for storing sessions by @steveiliop56 in #326
• refactor: unify labels by @steveiliop56 in #329
• chore(deps): bump oven/bun from 1.2.20-alpine to 1.2.21-alpine by @dependabot[bot] in #327
• chore(deps): bump the minor-patch group across 1 directory with 18 updates by @dependabot[bot] in #328
• feat: invalid domain warning by @steveiliop56 in #332
• refactor: don't export non-needed fields by @steveiliop56 in #336
• feat: header based acls by @steveiliop56 in #337
• revert: "feat: header based acls" by @steveiliop56 in #340
• feat: multiple oauth providers by @steveiliop56 in #355
• chore(deps): bump the minor-patch group across 1 directory with 6 updates by @dependabot[bot] in #351
• chore(deps): bump oven/bun from 1.2.21-alpine to 1.2.22-alpine by @dependabot[bot] in #358
• chore(deps): bump the minor-patch group in /frontend with 21 updates by @dependabot[bot] in #359
• chore(deps): bump gorm.io/gorm from 1.30.5 to 1.31.0 in the minor-patch group by @dependabot[bot] in #360
• chore(deps): bump the minor-patch group across 1 directory with 7 updates by @dependabot[bot] in #362
• feat: version info analytics by @steveiliop56 in #363

New Contributors

• @mswillia made their first contribution in #317

Full Changelog: v3.6.2...v4.0.0-alpha.1

v3.6.2

Tinyauth v3.6.2

This patch includes fixes for #272, #268, #263 and #261. Basically small improvements in the frontend, proxy handler and LDAP.

Improvements

• Try to reconnect to LDAP server if heartbeat fails
• Handle string type for the groups claim in the generic OAuth provider
• Forward basic auth header to protected apps
• Internationalize the required and invalid input errors
• Add auto complete information to auth forms
• Move healthcheck and favicon requests to debug logs

Fixes

• Don't fail app if LDAP fails to start but other user sources are configured

Technical

• Update dependencies
• Update translations

If you encounter any issues please let me know so I can fix them as soon as possible.

v3.6.2-beta.4

chore: format server package

v3.6.2-beta.3

refactor: log parsed user in generic provider