Changelog

New features, improvements, and updates to the Auth1 platform.

March 2026

Latest
New Rust-powered middleware — 42x faster authentication compared to traditional Node.js implementations
Security Post-quantum webhook signatures using ML-DSA-65 (Dilithium) for tamper-proof delivery verification
New React SDK — @auth1/react with hooks for login, signup, session management, and protected routes
New JavaScript SDK — @auth1/js for vanilla JavaScript and framework-agnostic integration
New Session management API — list, revoke, and manage active sessions per user
New User profile API — read and update user profile data with tenant-scoped access
New OAuth providers — Google, GitHub, and Apple sign-in with automatic account linking
Security PII encryption at rest using AES-256-GCM for Enterprise customers
Improvement Circuit breakers for downstream service calls (SMS, email, OAuth providers) to prevent cascading failures
Improvement Structured JSON logging across all API endpoints for better observability
Improvement Webhook delivery with automatic retries, exponential backoff, and HMAC-SHA256 signature verification

February 2026

Security BotShield integration — automated bot detection for login, signup, and OTP endpoints
Security Multi-tenant isolation hardening — stricter tenant boundary enforcement across all data stores
Security Argon2id password hashing via compiled Rust — replaces bcrypt for stronger resistance to GPU attacks

January 2026

New Initial platform launch with multi-tenant architecture
New SMS OTP authentication via Twilio with AWS SNS failover
New Email OTP authentication via AWS SES
New Magic Links — passwordless email authentication
New Password authentication with secure hashing
New MFA / TOTP — time-based one-time password second factor