Last Update: 2023-12-21 09:01:10 -0800


  • Rodauth no longer accidentally confirms an SMS number upon valid authentication by an alternative second factor.

  • Rodauth now automatically expires SMS confirmation codes after 24 hours by default. You can use the sms_confirm_deadline configuration method to adjust the deadline. Previously, if an invalid SMS number was submitted, or the SMS confirm code was never received, it was not possible to continue SMS setup without administrative intervention.

  • Rodauth no longer overwrites existing primary key values when inserting new accounts. This fixes cases such as setting account primary key values to UUIDs before inserting.

  • When submitting a request to a valid endpoint with a missing token, Rodauth now returns an error response instead of a 404 response.