Release Notes

Version 1.15 (Jul-2025)

New: Added Russian translation (thanks to Tsvetov Vitaliy)
Improved: LoginApp endpoints are not being displayed anymore in Sphinx server Swagger document. Request #25494.
Fixed: TSphinxLogin.Login method was not being able to launch web browser for user to login, in iOS devices with latest iOS 18. Ticket #25378.
Fixed: RedocOptions property now available in TSphinxServer component. Ticket #25397.

New: Support for the 64-bit IDE.
Improved: Password reset workflow does not require a confirmed e-mail anymore. Ticket #24616.

New: Login app now automatically provides the QR Code to enable an authenticator app (e.g., Google Authenticator or similar). This can be achieved by setting two-factor authenticaction required by using TLoginOptions.RequireTwoFactor or IUserManager.SetTwoFactorRequired
New: Property TLoginOptions.RequireTwoFactor requires users to enable two factor authentication, and present them a way to configure authenticator upon password login.
New: Support for new web designer in TMS Web Core. Web Core packages are now provided and can now be used to install Sphinx components for new TMS Web Core web designer.
Improved: Better error message in user registration form when user name is invalid. Sphinx now indicates the offending invalid character. Request #24019.
Fixed: Memory issues when using Sphinx context (after calling TSphinxServer.CreateContext), in the specific situation where the context was using the TObjectManager from the request context. It was causing Access Violation errors. Ticket 24273#.
Fixed: TSphinxServer.CreateContext works better when called from XData services that are not in Sphinx model. Ticket #23803.

Fixed: Reset password code was not being sent from the login app after user clicked "Send password reset code". User had to click "Resend code" to receive a code.

Improved: TSphinxLogin published the Client property which can be used to configure the underlying THttpClient object used in HTTP connections. Ticket #23416.
Improved: Plus signs (+) in query strings are now decoded as spaces, for example scope=openid+email is understood as scope=openid email.
Fixed: Sphinx simple demo failing to create sample users in an empty database.

New: Two-Factor Authentication (2FA) is now implemented, enhancing application security. This feature requires users to provide a second form of authentication, such as a time-based one-time password (TOTP) from an authenticator app, in addition to their password. Developers can now enable 2FA for existing user accounts, manage authenticator keys, and verify tokens to safeguard against unauthorized access. To utilize 2FA, retrieve the ISphinxContext, enable TwoFactorEnabled for the user, and generate the authenticator key. Refer to the updated documentation for integration details.
Fixed: Language JSON files for the login web app were not being included in distribution (regression). Ticket #23173
Fixed: When choosing "forgot password" from login page, the password reset code was being generated twice.
Fixed: Do not use manager of the context if it does not belong to the Sphinx model. Ticket #22921.

New: TLoginOptions.ForbidSelfRegistration property prevents or allows new users to create a new account by themselves. Request #19339.
New: Developers can now choose which information can be used to perform a login (e-mail, phone number, username) by setting additional properties in TLoginOptions class. Request #19741.
New: Added new methods and events in several classes to fully support phone number confirmation (token generation, confirmation with token). Request #19069.
New: Full documentation page for login web application explaining how to customize and configure it.
Improved: Registration (sign-up) page now automatically asks for username and phone number fields, in addition to e-mail, if they are configured as required in TUserOptions. Ticket #21929.
Fixed: Option TLoginOptions.RequireConfirmedEmail was not being applied unless TUserOptions.RequireEmail was true. Now it will apply whenever the email is not empty, regardless if it's required. Same for phone number.
Fixed: Demo web application was not being run from the default TMS Web Core application URL. Ticket #22440.
Fixed: Do not use manager of the context if it does not belong to the Sphinx model. Ticket #22921.
Fixed: Some server-side error messages were not being localized.

New: Added Italian translation. Thanks to Francesco Todini for the contribution.

Fixed: Delphi 12 specific issue: JSON serialization of numbers was serializing integers ending with ".0" due to a change in JSON serialization behavior in Delphi 12. This was also causing "missing iat" error in Sphinx due to wrongly generated JWT.

New: TSphinxClientApp.OnValidateSecret allows for arbitrary client secret validation.
New: TConfigureTokenArgs.Client property provides client information at token configuration time in TSphinxConfig.OnConfigureToken event.
Improved: Support for ARM64 macOS and ARM64 iOS Simulator platforms.
Improved: Login web app now better integrates with browser autocompletion, receiving suggestions for user names, saved password and confirmation codes.
Improved: Sphinx server doesn't require database connection if only client credentials flow is used.
Fixed: TSphinxWebLogin component compatibility with latest TMS Web Core releases. It now disables HandleOAuth property. Ticket #21678.

Fixed: OAuth client was sending scope parameter when processing authorization code response. This was causing issues with some servers rejecting such parameter which is indeed not expected according to OAuth standard.
Fixed: Access Violation when the well-known URL for OpenID Connect server fails to load.

New: Added French translation (thanks to Sylvain - Ticket #19301.
New: Added Belgian Dutch translation (thanks to Smet Filip - Ticket #19442.
Improved: TSphinxLogin now doesn't cause desktop client application to ask for firewall permissions.
Improved: Some TSphinxLogin messages are now translatable ("application authorized succcesfully", for example).
Improved: Swedish translation updated.
Fixed: Refresh token was not being retrieved when using TSphinxLogin component.
Fixed: Client secrets of clients created directly in the TSphinxConfig component were not being used. Ticket #19861.

New: Localization of UI and server messages is now available. Language JSON files were added to distribution, making it easier for users to localize Sphinx login app UI and server messages.**
New: Demo application updated to show API usage: A new multitenant API Server was added. This shows how to use Sphinx to also authorize the backend API used by the application (web or desktop).
New: Demo application updated to show use of login page in form-embedded browser: The demo uses TEdgeBrowser component, check unit Forms.Main in project VclClient.dproj. Enable the directive USE_EDGEBROWSER to show the login page embedded in a form.
New: Swedish translation of Sphinx messages and UI available (thanks to Åke Pettersson).
New: Brazilian Portuguese translation of Sphinx messages and UI available.
Improved: Design-time components were greyed out in component palette if current platform was different than Win32.
Improved: User email is now being sanitized and saved as lowercase in database.