This changelog includes important updates to PropelAuth. For larger features, we’ll provide links where you can find more details. For any item with the Beta label, if you are interested in testing it out, please email us at


FeatureAdded User Insights, which includes churn and reengagement reports for users and organizations.
FeatureYou can now set alerting when a user impersonation session is started.
ImprovementThe metrics on the homepage now tell you how your numbers compare to the previous month.
ImprovementSAML permissions are now enabled for account owners by default.
ImprovementWe now display expired invitations on the hosted pages, so users can easily see who they might need to reinvite.
BugfixMagic link icons on the login page now match the text color.


ImprovementEmail invite expiration time has been increased to 5 days.
ImprovementImpersonating a user no longer updates their last active at time.
BugfixIt is no longer possible to set a negative number in max users.
BugfixFixed a bug where profile pictures were not always been set correctly during login with SSO.


FeatureWe now send a webhook when a user logs out.
FeaturePost-login redirects have been added to all social login flows.


FeatureEmails can now be configured to send from a custom domain.
FeatureMetrics around sign up and activity numbers are now available on the PropelAuth dashboard.
ImprovementOur migration endpoint now supports PBKDF2 hashes (the default for Django).


FeatureReleased a new version of our Next.js library that supports post-login redirects.


FeatureOur Node and Express libraries have been updated to include clearPassword and inviteUser.
ImprovementAdditional arguments have been added to createOrg, updateOrgMetadata and updateUserMetadata in our Node and Express libraries.
FeatureOur Go library has been updated to include ClearPassword, Disable2FA, ChangeRole. and CreateOrgV2
ImprovementAdditional arguments have been added to updateOrg in our Go library.
FeatureOur Rust library has been updated to include create_access_token, delete_org, and clear_password
ImprovementAdditional arguments have been added to update_org and update_user_metadata in our Rust library.
ImprovementAdded a force refresh option to getUserFromServerSideProps in our Next.js library
ImprovementReduced the cases where Next.js middleware was necessary.
BugfixFixed some issues in our Next.js library around logout


FeatureSettings pages have been added to both users and organizations in the dashboard. These pages include things like changing user emails and updating joining restrictions on organizations.
FeatureOur Python, Django, Flask and FastAPI libraries have been updated to include change_role, delete_org, invite_user.
FeatureWe now support AWS AppSync. You can use your auth URL as an OIDC endpoint and then you can use your Access Tokens to make GraphQL requests.
ImprovementAdditional arguments have been added to create_org, update_org, and update_user_metadata in the Python, Django, Flask and FastAPI libraries.
ImprovementThe limit of permissions per role has increased from 50 to 100.
ImprovementThe Hosted Pages sidebar has been updated to be more specific about which API key pages are being linked to.
ImprovementWe updated our Magic Link/Passwordless functionality to handle cases where the links were being automatically clicked by both email providers and email protection services.
BugfixFixed some issues where redirects weren’t working when multiple tabs were open.


FeatureYou can now add a user to an org during the user creation process in the dashboard.
ImprovementOrg Search in the dashboard now supports org IDs in addition to names.
ImprovementWe’ve increased limits around requests that can be made to us, so customers with large amounts of user properties or permissions will no longer see an error message when saving to the dashboard.


FeatureThe Frontend Integration page on the PropelAuth dashboard can now take in any URL.
FeatureAdded a copy button on the Users table in the PropelAuth dashboard.
FeatureAdded mobile optimization to the recently refreshed hosted pages.
BugfixFixed a bug that caused users to sometimes get redirected incorrectly after confirming their email.


FeatureAdded webhooks for OrgSamlSetup and OrgSamlRemoved


FeatureReleased improved versions of our Account & Org Management pages, as well as new customization options in the Dashboard.


FeatureWe have released support for configurable User Properties. A set of properties is available out of the box, and users on paid plans can create custom properties. For more information, check out the docs.


FeatureMade a few changes to improve email deliverability, including updated email templates.
FeatureAdded PCKE support for OAuth use cases.


ReleaseWe have released official support for applications built with NextJS 13, including both the App Router and the Pages Router For more information, check out our guide
FeatureWe’ve reorganized our documentation, and have added a new How To section, focused on specific needs and scenarios.
FeatureTo the dashboard we’ve added new, more intuitive sections to your projects, and made various user experiences more streamlined and natural.


ReleaseWe have released API Key Authentication! For more information, checkout our quickstart guide
FeatureAdded new endpoints to enable and disable organization creation for specific users.
FeatureAdded the ability to set maximum user limits in specific organizations.
BugfixNo longer sending two “Org Created” webhooks in some cases when orgs were created.
BugfixSmall fixes to the dashboard to improve the overall experience.


ReleaseWe have released our Go Backend library! Find out more here
BetaCurrently we are running a beta program for customers interested in SSR support. For more information, please contact us at
FeatureAdded more flexibility to our frontend integration location URLs.


FeatureWe have released support for User Impersonation! Find out more here


ReleaseNew look to the dashboard with several user experience improvements.
FeatureWe now provide another isolated development environment in the PropelAuth dashboard: Staging.
FeatureAdded new front end configuration options to the dashboard.
FeatureWe added the ability to name your API keys in the PropelAuth dashboard, as well as making them “ReadOnly”
FeatureYou now have the ability to search for organizations by name in the dashboard.


FeatureNew “metadata” fields have been added to the user and organization objects where you can assign JSON objects of customizable data.
FeatureWe now provide access to email, name, and username on the JWT. Previously, to access this data you would need to make another external request to us.
BetaAdded user_id and org_id query options for API Authentication. Previously you would have to sort through all results at once.
ReleaseRecently underwent our annual penetration testing via 3rd party, and we passed. Find more here.
FeatureRedirectToSignup and RedirectToLogin now take in props for postSignupRedirectUrl and postLoginRedirectUrl


Bugfix“Create Org” and “Join Org” now on the same page as separated functions. Previously, if you disabled the ability for users to create organizations, the “join org” functionality would be hidden as well. Users can now join organizations regardless of their ability to create one.
BugfixChanged the “disable public signups” option so that invited users can still create an account even if the feature is turned on. Previously this feature was blocking some users who were invited and choose to join through SSO, but this has been fixed.
BugfixFixed Microsoft login issue. For users that didn’t have their first name or last name set in their Microsoft account, signing in with Microsoft was failing. This only affected users who enabled the “collect name on signup” feature. We’ve resolved this issue, and users can now sign in seamlessly with their Microsoft account, and if we cannot pull their first and last name from Microsoft, we prompt the user to provide it afterwards
BugfixIncreased the acceptance time for confirmation emails to 5 days (previously it was only 2)
BugfixMade small styling fixes to our component library and hosted pages to improve the overall look and feel of the platform


FeatureAdded an API to create access tokens for testing purposes. Previously, you would need to use our frontend libraries to get tokens, and the tokens were all short-lived. Now you can make an API call to get an access token for a specified user, with a custom expiration.
FeatureAdded refreshAuthInfo to @propelauth/react so you can force refresh the auth information
FeatureImproved useAuthInfo so that you can now destructure without needing to check loading first
FeatureAdded new redirect function redirectToSetupSAMLPage
FeatureFor each redirect function (e.g. redirectToLoginPage), we now also provide a getter function to get the underlying URL (e.g. getLoginPageURL). This allows for more flexible usage.
BugfixFixed issue with fetch_org in the Rust crate where it’s return type was incorrect
BugfixUpdating your email no longer sends a confirmation if you had “email confirmation not required” in that environment


ReleaseReleased support for Chrome Extensions alongside Plasmo
BetaBeta support for API authentication. You can generate API keys for your customers tied to either your users, your organizations, or both.
BugfixFixed issue with propelauth-py which made it fail to build on some OS’s
BugfixFixed issue with Google login where it wasn’t always updating the user object with their name


BetaBeta release for our Component Library!
ReleaseUpdated our example apps section with new examples and forkable git repos
FeatureUpdated our libraries with a new optional boolean field askUserToUpdatePasswordOnLogin in all three of: createUser, migrateUser, and updatePassword. This forces the user to set/update their password.
FeatureYou can now disable password authentication in the dashboard.
FeatureAdded options for you to specify how long your users remain logged in and whether it’s based on inactivity or just a fixed amount of time
FeatureAdded deeper organization configuration options, like requiring all users to be in at least one org.


ReleaseAdded backend support for Cloudflare Workers
FeatureAdded support for Ngrok as a replacement for localhost in the test environment
FeatureAdded organization settings in the hosted pages, enabling your users to toggle domain allow/denylists
BugfixFixed a few styling issues in the hosted pages


ReleaseAdded backend support for Rust with support for Axum and Actix.
FeatureAdded APIs to make it easier to programmatically manage your users (managing/deleting orgs, updating user metadata, etc.)
FeatureAdded a new webhook on user login.
BugfixCleaned up the workflow around verifying a domain. You can now verify ownership via a TXT record on a special subdomain, instead of using the root domain.
BetaUser login duration can be configured now. You can either specify an absolute amount of time the user is logged in, or a period of inactivity, after which they will be logged out.


FeatureUsernames now support unicode characters.
FeatureAdded AuthProviderForTest to our React library that’s useful for testing (thanks to mykeels for the suggestion).
FeatureAdded an option for copying user IDs out of the dashboard.
BugfixUpdated copy on the default create org page


ReleaseCustom Roles & Permissions (RBAC) is live! This feature enables you to create custom roles and permissions. We also updated all our libraries to add advanced authorization with these roles and permissions.
FeatureAdded the concept of an active organization (see getActiveOrgFn). For users in multiple organizations, this allows you to set the organization they are operating within and works with the roles and permissions update.
BetaAdded option to disable signups from personal email domains (e.g.,, etc).


FeatureAdded the ability to disable 2FA/MFA for your users either programmatically or through our dashboard
FeatureAdded the ability to customize what you call “Organizations”. This will automatically update all the hosted UIs and user facing error messages.
FeatureWhen logging a user in, you can specify where to redirect the user outside of the default redirect URL.
BugfixYou can now create organizations even if the feature is disabled. This allows for a smoother process of migrating to organizations if you are already live.
BetaAdded more options to the concept of organizations. You can require that your users are in at least one organization, require that users must log in directly to their organization, and more. Reach out if you’d like to try this out.
BetaAdded more granular controls over which domains/subdomains can access authentication information. This includes creating staging environments that can be reached by localhost, having a small set of subdomains that are NOT allowed to check if a user is logged in (for vendors you might not trust), and more.


ReleaseSelf-service SAML is live! This feature allows your customers to log in to your product using their existing identity provider, like Okta, Google, OneLogin, and more.
FeatureAdded support for Azure AD to our list of SAML IDPs, including documentation for your customers
FeatureAdded additional APIs for our backend libraries for enabling/disabling/deleting users. Also handles logging users out remotely.


FeatureAdded new APIs for disabling, enabling, and deleting users. Disabling/Deleting a user will both log them out and prevent them from logging back in.
FeatureAdded option for your users to test their SAML connections before enabling them.
FeatureAdded new APIs for explicitly picking which organizations can login via SAML. This can also be done via the dashboard, or you can enable it globally for all organizations.
Bugfix@propelauth/react library was re-rendering more than it needed to.
ReleaseCreated demo site where you can experiment with different themes without needing to sign up.


ReleaseRelease of our new hosted authentication pages. Includes more customizations, more themes, and more self-service options for your users.
FeatureAdded new APIs for migrating users from an external system.
FeatureAdded new APIs for manually managing organizations and RBAC.
FeatureReleased v1.2.4 of @propelauth/javascript which prevents fetching auth information if we’ve fetched recently.
BetaAdded Okta and JumpCloud support within our SAML beta.


FeatureOur hosted authentication pages can now be embedded in your application via an iframe.
FeatureAdded more options for you to manage your users directly in your dashboard, like resending confirmation emails or manually confirming the email.
FeatureAllow your users to revoke organization invitations and see invitations that expired.
FeatureYou can now search directly for a user by ID (in the dashboard).
BetaAdded self-service wizards for existing IDPs within our SAML beta. This walks your users through the steps of setting up a SAML connection.


FeatureAllow subdomains of your application to also fetch authentication information. In other words, if you set as your application URL, you can now set up additional authenticated applications at any subdomain like
FeatureAdded option to disallow users from creating their own organizations. They can still manage the organization and invite new users, but it allows you to create and setup organizations on their behalf.
BugfixAdded event_type to webhooks to make it easier to distinguish
BugfixAdded additional options to verify your domain name
BetaAdded non-hierarchical roles (RBAC) support to our custom roles beta


ReleaseAdded @propelauth/node library to support serverless use cases or frameworks that don’t accept Express middleware.
FeatureOur backend libraries can now check org membership by name instead of just id, allowing for better subdomain-per-customer support.
FeatureYou can now manage your user’s organizations through our dashboard, instead of just programmatically.
BugfixAllow you to submit logos as SVGs.

And more…

If you have any questions about features or changes before July 15, please reach out at