Technical Reference
Changelog
All notable changes to the CAS SSO platform are documented here.
v2.1.0
Security Hardening & Webhook Support
March 2026
Added
- + Webhook event system for real-time authentication notifications
- + SDK download page with versioned package management
- + reCAPTCHA v3 integration on login endpoints
- + Account lockout system — 5 failed attempts triggers 30-minute cooldown
- + HMAC-SHA256 request signature verification for all API calls
Improved
- ~ JWT token payload now includes
security_featuresobject - ~ Rate limiting granularity — separate limits per endpoint category
- ~ Documentation site redesigned with modern, professional layout
v2.0.0
Enterprise Release
January 2026
Added
- + Multi-platform SSO with Laravel, .NET, Node.js, Java, Python, JavaScript SDKs
- + Admin dashboard with real-time user monitoring and audit logs
- + User self-service portal for profile management and 2FA setup
- + Client system registration with IP whitelisting
- + PostgreSQL multi-schema database architecture
- + Docker-based deployment with Kubernetes support
Breaking Changes
- ! Token endpoint moved from
/api/tokento/api/sso/token - ! HMAC signature header required on all authenticated endpoints
- ! Client credentials now require
client_usernameandclient_password
v1.5.0
Two-Factor Authentication
October 2025
Added
- + TOTP-based two-factor authentication with QR code setup
- + Backup recovery codes for 2FA
- + Session management with device-level tracking
Improved
- ~ Password hashing upgraded to bcrypt with 12 rounds
- ~ Login audit log now captures user agent and geo-IP data
v1.0.0
Initial Release
August 2025
Added
- + Core SSO authentication via JWT tokens
- + User registration and login
- + Laravel client package
- + Basic admin panel for user management
- + Token generation and validation endpoints