Changelog

What's new

Name: Idenplane
Author: Idenplane

Track every feature, fix, and improvement shipped to Idenplane. Follow along as we build the best open-source IAM server.

v0.3.0

Latest May 2026

Feature SCIM 2.0 — User Provisioning endpoints for enterprise IdP sync

Feature GraphQL Admin API — typed admin surface alongside REST

Feature Continuous Verification — step-up and termination services for in-session risk response

Feature Theme Builder — drag-and-drop branding with server-side live preview rendering

Feature User Self-Registration Portal — complete end-user signup flow

Feature Automated upgrade & migration tooling — version-aware schema migrations

Feature Performance benchmark suite — reproducible AuthMe perf baselines

Feature SMS OTP — phone number fields on MFA

Feature Idenplane brand — adopted 'The Bracket' logo system ([#897])

Feature License: AGPL-3.0 rebrand under the Idenplane name

Performance admin-ui improvements — Vite proxy, query caching, React.memo

Fix close all 14 bug-reproduction vulnerabilities; full E2E green

Fix close IDOR in role removal + harden, no regressions

Fix patch all Dependabot vulnerabilities across SDKs, docs, Java, Go example ([#892])

Fix remove unused vulnerable xmldom direct dependency ([#891])

Fix bump Go example deps to fully-patched versions ([#896])

Fix repair test harness — schema defaults, ESM, throttling, NHI wiring

Fix align functional suites with real API; fix genuine bugs

Fix repair 14 failing spec suites; align mocks/impl, keep security

Fix repair broken init migration and global jest config

Fix env-configurable retry backoff; stop e2e post-teardown flake

v0.2.0

March 2026

Feature 5 new SDKs — native iOS, native Android, Next.js, Vue, and Angular ([#22], [#23])

Feature Visual Authentication Flow Designer — drag-and-drop builder for custom auth flows (Feature 24)

Feature Custom Authentication Flow Engine — runtime engine backing the designer (Feature #20)

Feature Organization & Team Management — B2B multi-tenancy ([#27])

Feature Step-Up Authentication — context-aware reauthentication (Feature #19)

Feature Migration tools — import from Keycloak and Auth0 ([#134])

Feature Risk Assessment — AI-powered adaptive auth & threat detection ([#25])

Feature API versioning — smooth upgrade system (Feature #17)

Feature Non-Human Identity (NHI) — service-account identity management (Feature #18)

Feature WebAuthn / FIDO2 — passwordless authentication

Feature ABAC policy engine — fine-grained authorization (Feature #10)

Feature Plugin & extension system — third-party extensibility (Feature #26)

Feature User impersonation — admin troubleshooting workflow ([#271])

Feature Webhook & event notification system ([#266])

Feature Audit log export & streaming ([#269])

Feature Per-client, per-user, per-IP rate limiting ([#265])

Feature Redis session & cache layer ([#268])

Feature i18n for Login & Account pages ([#270])

Feature Multi-database support — SQLite, MySQL, PostgreSQL

Feature Helm chart — official Kubernetes deployment (Feature #16)

Feature Custom user attributes & registration flows (Feature #15)

Feature CLI v1.0.0 — full management capabilities

Feature SDK v1.0.0 — advanced auth features

Fix SAML XML canonicalization and ACS URL validation

Fix prevent TOTP replay attacks and session fixation

Fix batch — 7 security vulnerabilities

Fix plugin integrity, MFA cross-realm, SAML digest, Docker defaults, IP spoofing

Fix enforce per-realm rate limiting on token endpoint

Fix block default WEBHOOK_ENCRYPTION_SALT in production

Fix WebAuthn step-up ceremony verification + Docker entrypoint hardening

Fix 15 critical bugs across all 7 SDK packages

Fix add 577 @ApiResponse decorators + fix HTTP status codes

v0.1.0

February 2026

Feature OAuth 2.0 / OIDC authorization code, refresh token, device flow, and token introspection endpoints

Feature SAML 2.0 identity provider with SP create/update and signed assertions

Feature Multi-factor authentication — TOTP enrollment and verification flows

Feature Self-registration — public sign-up page with realm-level requireEmailVerification toggle

Feature Admin console for realms, users, clients, client scopes, protocol mappers, and role mappings

Feature JavaScript SDK (authme-sdk v0.2.0) with NestJS/Express server-side integration and 30-test suite

Feature AuthMe CLI for managing the server from the command line

Feature Server-side token revocation on admin logout

Feature add realm-level requireEmailVerification setting

Feature add Register link on login page

Feature add self-registration page for public user sign-up

Fix Fix 4 MFA/2FA bugs found during security audit

Fix Fix token and introspect endpoints returning 201 instead of 200

Fix Fix form action URL in TOTP setup template

Fix Fix removeUserRealmRoles returning 200 instead of 204

Fix Fix login error messages never displayed on failed login

Fix Fix client scope names not displayed on client detail page

Full commit history and pull requests on GitHub

View on GitHub