= Highlights

== Recovery Codes

Recovery Codes as another way to do two-factor authentication is now available as a preview feature.

== OpenID Connect Logout Improvements

Some fixes and improvements were made to make sure that {project_name} is now fully compliant with all the OpenID Connect logout specifications:

* OpenID Connect RP-Initiated Logout 1.0
* OpenID Connect Front-Channel Logout 1.0
* OpenID Connect Back-Channel Logout 1.0
* OpenID Connect Session Management 1.0

For more details, see link:{adminguide_link}#_oidc-logout[{adminguide_name}].

== Step-up authentication

{project_name} now supports Step-up authentication. This feature was added in Keycloak 17 and it was further polished in this version.

For more details, see link:{adminguide_link}#_step-up-flow[{adminguide_name}].

Thanks to https://github.com/CorneliaLahnsteiner[Cornelia Lahnsteiner] and https://github.com/romge[Georg Romstorfer] for the contribution.

== WebAuthn improvements

{project_name} now supports WebAuthn id-less authentication. This feature allows that WebAuthn Security Key will identify the user during authentication as long as the
security key supports Resident Keys. For more details, see link:{adminguide_link}#_webauthn_loginless[{adminguide_name}].
Thanks to https://github.com/vanrar68[Joaquim Fellmann] for the contribution.

There are more WebAuthn improvements and fixes in addition to that.

== Session limits

{project_name} now supports limits on the number of sessions a user can have. Limits can be placed at the realm level or at the client level.
For more details, see link:{adminguide_link}#_user_session_limits[{adminguide_name}].
Thanks to https://github.com/mfdewit[Mauro de Wit] for the contribution.

== Other improvements

* Support for encrypted User Info endpoint response. Thanks to https://github.com/giacomoa[Giacomo Altiero]
* Support for the algorithm RSA-OAEP with A256GCM used for encryption keys. Thanks to https://github.com/fbrissi[Filipe Bojikian Rissi ]