OpenGate IAM/Changelog
Version History

Changelog

All notable changes to OpenGate IAM are documented here. Version numbers follow Semantic Versioning.

v1.0.0

latest

2026-03-01

Initial public release of OpenGate IAM.

Added
  • 11 independent Spring Boot 3 microservices architecture
  • OAuth 2.1 Authorization Code + PKCE flow
  • Spring Authorization Server 1.3 integration
  • Multi-realm tenancy (users, clients, roles per realm)
  • RBAC — fine-grained roles, composite roles, groups
  • MFA — TOTP (Google Authenticator), Email OTP, SMS OTP
  • Redis-backed session management with device tracking
  • Kafka-powered audit event streaming
  • Admin Console (Next.js 14 + TypeScript)
  • Documentation site with Vercel deployment support
  • opengate-spring-boot-starter for easy integration
  • Docker Compose stack for local development
  • Prometheus metrics + OpenTelemetry tracing ready
  • RSA-2048 JWT signing with JWKS endpoint
  • OIDC userinfo endpoint and issuer discovery

v0.9.0

previous

2026-01-15

Beta release — core auth flow and user management.

Added
  • Core auth service with Spring Authorization Server
  • User service with basic CRUD operations
  • Realm service with single-realm support
  • Basic admin console (login + realm view)
  • PostgreSQL + Redis integration
Fixed
  • CORS handling across all service-to-service calls
  • JWT token expiry edge cases
  • Session invalidation on password change

Want to see what's coming next?

View open issues →·Open pull requests →