Changelog
This changelog covers all notable changes to SpartanAuth and the Login Widget, grouped by date.
June 17, 2026
Section titled “June 17, 2026”- Security: Added stronger origin protections to enhance security.
June 16, 2026
Section titled “June 16, 2026”- Dashboard: Bulk user import now supports drag-and-drop file upload
- Dashboard: Clear guidance added to the bulk import form explaining exactly when an invite email will be sent to imported users
- Added a script for generating changelogs automatically
June 13, 2026
Section titled “June 13, 2026”- Auth: Users are now automatically marked as verified after a successful social login
June 11, 2026
Section titled “June 11, 2026”- Dashboard: Client secret input fields no longer use the browser’s password type, improving copy/paste usability
- Docs: Added PostHog analytics to the documentation site
- Login Widget v1.2.1: Updated vulnerable dependencies
- Login Widget v1.2.0: Social login options are now available on the invite screen
June 3, 2026
Section titled “June 3, 2026”- Login Widget v1.1.1: Added ability to hide social login buttons per sector
- Login Widget v1.1.0: Added frosted glass loading overlay during authentication
- Login page: Social login buttons are now hidden for non-default sectors
June 5, 2026
Section titled “June 5, 2026”- Docs: Pinned all documentation site dependency versions for reproducible builds
May 31, 2026
Section titled “May 31, 2026”- Docs: Published full API Reference with descriptions for every endpoint
- Docs: Aligned branding across the documentation site
May 30, 2026
Section titled “May 30, 2026”- Documentation site launched at docs.spartanauth.com
- Dashboard: Added links to documentation throughout the interface
May 29, 2026
Section titled “May 29, 2026”- Dashboard: Added sector selection flow to login
- Login Widget v1.0.3: Fixed a compatibility issue with LastPass
May 26, 2026
Section titled “May 26, 2026”- Login Widget v1.0.2: The invite widget has been merged into the login widget — the standalone invite widget is now deprecated
- Login Widget v1.0.2: Added loading state while handling OAuth callbacks
May 24, 2026
Section titled “May 24, 2026”- Dashboard: Protected views now require authentication before they can be accessed
- Dashboard: Various frontend usability improvements
May 20, 2026
Section titled “May 20, 2026”- Login Widget v1.0.1: Buttons are now disabled during loading states to prevent double-submissions
- Auth: Added structured logging for all authentication flows
- Comms: Fixed email error messages to include the sector ID for easier debugging
May 18, 2026
Section titled “May 18, 2026”- Dashboard: Sector admins can now edit their sector’s information directly
- Dashboard: Added AI coding skills integration
- Login Widget: MFA enrollment is now supported from within the login flow
May 17, 2026
Section titled “May 17, 2026”- Login Widget v1.0.0: Initial stable release
- Auth: GitHub social login added
- Auth: Fixed an edge case with the default redirect URI
May 16, 2026
Section titled “May 16, 2026”- Auth: Google and Apple social login support added (OAuth 2.0 / OIDC)
- Dashboard: Social provider configuration UI added
March 11, 2026
Section titled “March 11, 2026”- Login Widget: Added password reset flow
- Login Widget: Per-sector passkey (WebAuthn) support
February 25, 2026
Section titled “February 25, 2026”- Login Widget: OTP (one-time password) login flow added with styled dropdown selector
February 15, 2026
Section titled “February 15, 2026”- Login Widget: Invite acceptance and resend invite flows added
May 31, 2025
Section titled “May 31, 2025”- Dashboard: User list view rebuilt to match the visual design; users can now be created directly from the list
April 27, 2025
Section titled “April 27, 2025”- Dashboard: Full sector management UI — create, edit, delete, filter, and paginate sectors
- Dashboard: Sector management moved to its own dedicated page with a loading animation
April 24, 2025
Section titled “April 24, 2025”- Dashboard: List sectors endpoint wired up full-stack
- Dashboard: Prevent deletion of the default sector
April 26, 2025
Section titled “April 26, 2025”- Dashboard: Added a reminder prompt when deleting a sector to also remove its users
April 20–21, 2025
Section titled “April 20–21, 2025”- Dashboard: Initial login page and dashboard UI setup
- Dashboard: Style improvements and z-index fixes on the login page
April 7, 2025
Section titled “April 7, 2025”- Tokens: Added expiration enforcement for all issued tokens
- Docs: Added LibSQL migration path documentation and session management thoughts
October 18, 2024
Section titled “October 18, 2024”- Datastores: Switched to the libsql dual driver for improved LibSQL support
September 24, 2024
Section titled “September 24, 2024”- Auth: Added WebAuthn key removal endpoint
- Auth: OTP secrets are now cleaned up when an OTP authenticator is removed
September 18, 2024
Section titled “September 18, 2024”- Auth: Added cleanup routines for expired OTP records and timing attack mitigations
- Datastores: OTP storage fully working with LibSQL
September 5, 2024
Section titled “September 5, 2024”- Auth: WebAuthn listing endpoint added
- Datastores: WebAuthn fully working with LibSQL
September 2–3, 2024
Section titled “September 2–3, 2024”- Datastores: Full LibSQL implementation complete for all data operations
August 10, 2024
Section titled “August 10, 2024”- Security: Added self sign-up configuration to sector security settings; groundwork for audit logging
February 8, 2024
Section titled “February 8, 2024”- Auth: Improved user creation flow with better validation and password handling
February 7, 2024
Section titled “February 7, 2024”- Comms: Custom email and SMS templates now supported for OTP messages
- Dashboard: Sector security settings management (get and update)
February 2, 2024
Section titled “February 2, 2024”- API: Added
GetProfileendpoint - API: Added OTP endpoints; added checks for whether self sign-up is allowed
January 16–19, 2024
Section titled “January 16–19, 2024”- Auth: OTP challenge flow fully implemented (begin and verify)
December 3, 2023
Section titled “December 3, 2023”- Auth: Refactored challenge interface; removed legacy HOTP/TOTP endpoints
November 19, 2023
Section titled “November 19, 2023”- Auth: Email service integrated with sector configuration; refactored communication package
November 5, 2023
Section titled “November 5, 2023”- Comms: Email functionality fully implemented; SMS service stub added for future use
October 26–27, 2023
Section titled “October 26–27, 2023”- API: Full sector CRUD (create, read, update, delete)
- API: User profile create, update, and soft-delete operations
November 2022
Section titled “November 2022”- Auth: WebAuthn (passkey) login working end-to-end
September 2022
Section titled “September 2022”- Auth: WebAuthn registration working end-to-end
August 2022
Section titled “August 2022”- Auth: Switched WebAuthn to HTTP handlers for a simpler architecture
June 2022
Section titled “June 2022”- Auth: JWT generation and validation working; CORS support added for frontend apps
- Auth: WebAuthn profile management
May 2022
Section titled “May 2022”- Foundation: Sectors model established; initial installation logic on first boot
- Auth: Token generation and validation; auth middleware added
April 2022
Section titled “April 2022”- Foundation: gRPC handlers and challenge service scaffolded
December 2021
Section titled “December 2021”- Foundation: Security settings storage and service
November 2021
Section titled “November 2021”- Foundation: Multi-database support (PostgreSQL, MariaDB, LibSQL); password hashing; profile management; initial gRPC server