AuthNest Changelog

Track all updates, improvements, and bug fixes

← Back to Documentation

2026

vv1.2.1January 20, 2026by Platform team
Added⚠️ Breaking Change

Improved authentication flow with optimized token handling and fixed a critical bug in the token refresh mechanism.

Detailed Changes

 

Detailed Changes

1. Improved Authentication Flow

  • OAuth 2.0 Optimization: Reduced latency in the OAuth 2.0 authentication flow by 25% through optimized token validation and caching.
  • Multi-Factor Authentication (MFA) Enhancements:
    • Added support for TOTP (Time-Based One-Time Password) and biometric authentication (Face ID/Touch ID).
    • Improved MFA setup workflow for end-users with step-by-step guidance.
  • Session Management:
    • Introduced session timeout customization for admins to align with organizational security policies.
    • Added inactive session detection to automatically log out idle users after a configurable period.

2. Fixed Token Refresh Bug

  • Token Refresh Issue:
    • Resolved a bug where token refresh requests occasionally failed due to race conditions in high-concurrency environments.
    • Ensured seamless token refresh for users during active sessions.
  • Error Handling:
    • Improved error messages for token-related failures to help developers debug issues faster.
    • Added retry logic for transient token refresh failures.

3. New Features

  • Role-Based Access Control (RBAC) Updates:
    • Added fine-grained permissions for API endpoints, allowing admins to restrict access at a granular level.
    • Introduced custom role creation for organizations with unique access requirements.
  • Audit Logs:
    • Enhanced audit logging to track authentication attempts, token refreshes, and permission changes.
    • Added filters to search logs by user, timestamp, or action type.

4. Developer Experience Improvements

  • SDK Updates:
    • Released updated SDKs for JavaScript, Python, and Java with improved documentation and examples.
    • Added TypeScript support for better type safety in frontend applications.
  • API Documentation:
    • Expanded API reference with interactive examples and use-case-specific guides.
    • Added a Postman collection for quick testing of authentication endpoints.

5. Security Enhancements

  • JWT Validation:
    • Strengthened JWT validation to prevent token tampering and replay attacks.
    • Added support for JWT revocation to invalidate compromised tokens instantly.
  • Rate Limiting:
    • Implemented adaptive rate limiting to protect against brute-force attacks on authentication endpoints.

Breaking Changes

  • Deprecated Legacy Endpoints:
    • The following endpoints have been deprecated and will be removed in v2.0.0:
      • /auth/v1/legacy-token (use /auth/v2/token instead)
      • /auth/v1/basic-login (use /auth/v2/login instead)
    • Developers are advised to migrate to the new endpoints to avoid disruptions.

 

vv1.2.0January 19, 2026by SecureDev Labs

Improved authentication flow for social logins and fixed a critical token refresh bug affecting long-lived sessions.

Detailed Changes

Detailed Changes:

  • Enhanced Social Login Integration
    Added support for GitHub and Microsoft as identity providers, alongside existing Google and Facebook options. The new providers are now available in the OAuth configuration dashboard.
  • Fixed Token Refresh Bug Resolved an issue where token refresh requests would occasionally fail for sessions longer than 24 hours, causing users to be logged out unexpectedly. All sessions now refresh correctly.
  • Improved Error Handling Updated error messages for failed login attempts to be more descriptive, helping developers and end-users troubleshoot issues faster. 
  • Performance Optimizations Reduced latency in JWT validation by optimizing the token parsing logic, resulting in faster authentication responses.