Enjab Developers
Changelog

Enjab Auth

Version history for Sign in with Enjab Auth. Each entry says what changed in the integration contract and the exact action to adopt it.

Changes to Sign in with Enjab Auth, newest first. The current contract version is 2026.06.08a. To bring a tool up to date, see Update an existing tool or use the combined update prompt on the Changelog overview.

User directory: a tool can read its own users

Enjab Auth · 8 Jun 2026

Changed. New optional per-tool capability. When an Enjab admin enables User directory for a tool (Admin → Tools → your tool → User directory), the tool can read the roster of users who can access it via a new endpoint GET /api/oauth/users. It returns each user's sub, email, name, roles, is_super_admin, and created_at, scoped to the tool's own accessible users, and never passwords. Authenticate server-to-server with HTTP Basic (client_id + client_secret). Off by default; tools that don't need the roster are unaffected.

Apply. Only if your tool needs to list or preview its users. Ask an admin to enable User directory, then call GET /api/oauth/users from your server with your client credentials (see the Next.js reference getDirectory() helper and the endpoint reference). Keep the client secret server-only. Nothing to change if your tool doesn't use it.

Super admin can change a user's email

Enjab Auth · 7 Jun 2026

Changed. A super admin can change any user's email (including their own) from the Enjab Auth admin. The stable user id (sub) never changes, so nothing keyed by sub breaks. Regular users cannot change their own email.

Apply. Key your own records by sub, never by email. Mirror the email from /userinfo on every request (the same place you read name), so an admin email change reflects in your tool immediately.

Stronger accounts: password policy, forced first change, one super admin

Enjab Auth · 7 Jun 2026

Changed. Enjab Auth now enforces account security centrally, none of which your tool implements: a strong password policy (12 to 24 characters, with an uppercase letter, a lowercase letter, a number, a symbol, and never the person's name), a forced password change on first login and after any admin reset (the user cannot continue until they set a new password, before two-factor), mandatory TOTP two-factor, and exactly one super admin per organization. Users can change their own password later from Settings on the hub.

Apply. Nothing in your tool. All of this happens at auth.enjab.ae before a token is ever issued; your tool still just receives the user object.

Disabled accounts are blocked at the door, is_active removed

Enjab Auth · 7 Jun 2026

Changed. A disabled account is now stopped wherever it appears, with a plain "your account is disabled" message: at login (signed out, not let in), on the hub, and on the consent screen. Because a tool can therefore only ever receive an active user, the is_active field is removed from the user object (token response and /userinfo), the EnjabUser type, and the OpenID claims_supported list.

Apply. Delete is_active from your EnjabUser type and any code that read it (it was always true). No other change is needed.

Redirect host locked to the domain, path is editable

Enjab Auth · 7 Jun 2026

Changed. A tool's redirect_uri host is locked to its registered domain; you choose only the path (default /api/auth/callback). Changing a tool's domain in admin severs the old domain: it drops the old redirect from the allowlist and revokes that tool's sessions.

Apply. Keep your callback on your registered enjab.ae domain. If an admin changes your tool's domain, update ENJAB_REDIRECT_URI to match and re-authenticate.

Central sign-out revokes every issued token

Enjab Auth · 6 Jun 2026

Changed. Signing out of Enjab Auth itself (the hub) now revokes every access token issued to every tool. Each tool loses access on its next /userinfo check.

Apply. Re-validate every request with getUser() (it calls /userinfo fresh, cache: "no-store"). Never cache the user object beyond the request, or a signed-out person keeps working.

/userinfo re-checks tool access on every call

Enjab Auth · 6 Jun 2026

Changed. /userinfo re-checks that the user still has access to your tool, not just that the account exists. A revoked role or grant returns 401 immediately, the token alone is never enough.

Apply. Read the user fresh on each request and treat a 401 as signed-out (redirect to /authorize). Do not trust a cached user or cookie claims.

Confirmed, per-tool sign-out

Enjab Auth · 6 Jun 2026

Changed. Sign-out is per-tool and confirmed on Enjab Auth. Your "Sign out" button navigates to /api/auth/logout, which sends the user to Enjab Auth's confirm page; confirming clears only your tool's session, never the central session.

Apply. Use the logout route from the Next.js reference. Never call a sign-out or clear the session yourself.

Roles are sent only to role-aware tools

Enjab Auth · 6 Jun 2026

Changed. roles and is_super_admin are included in the user object only if an admin marks your tool role-aware; otherwise the keys are absent.

Apply. Treat access as binary. Do not gate features by role unless your tool is role-aware. See Roles.

Enjab Auth · 6 Jun 2026

Changed. The user object includes the person's name (set in Enjab Auth admin). Enjab Auth shows a greeting and consent screen on the way in.

Apply. Greet the user with user.name. Do not build a consent screen; Enjab Auth owns it.

Drop-in dashboard shell wired to Enjab Auth

Enjab Auth · 6 Jun 2026

Changed. The reference now includes a complete dashboard shell: the Enjab UI sidebar wired to the signed-in user (real name, email, sign out, byline).

Apply. Build your dashboard from the shell. See Dashboard shell.

Redirects restricted to enjab.ae

Enjab Auth · 6 Jun 2026

Changed. Enjab Auth refuses to send a code to any redirect_uri that is not https on a registered enjab.ae domain. This is what stops a random site from harvesting a login.

Apply. Host your tool on an enjab.ae domain and register the exact redirect URI in admin.

Sign in with Enjab Auth published (OAuth2 + RBAC)

Enjab Auth · 6 Jun 2026

Changed. Initial release: OAuth 2.0 authorization-code flow, the token response returns the user profile, /userinfo for fresh reads, and org-level role-based access control.

Apply. Integrate per Sign in with Enjab Auth.

Enjab UI

Version history for the Enjab UI design system. Each entry says what changed and the exact action to adopt it.

On this page

User directory: a tool can read its own usersSuper admin can change a user's emailStronger accounts: password policy, forced first change, one super adminDisabled accounts are blocked at the door, is_active removedRedirect host locked to the domain, path is editableCentral sign-out revokes every issued token/userinfo re-checks tool access on every callConfirmed, per-tool sign-outRoles are sent only to role-aware toolsUser name plus greeting and consent screenDrop-in dashboard shell wired to Enjab AuthRedirects restricted to enjab.aeSign in with Enjab Auth published (OAuth2 + RBAC)