Skip to content

Releases: thunder-id/thunderid

ThunderID v0.48.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 06:42

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.47.0...v0.48.0

License

Licenses this source under the Ap...

Read more

ThunderID v0.47.0

Choose a tag to compare

@github-actions github-actions released this 06 Jul 09:43

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.46.0...v0.47.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.46.0

Choose a tag to compare

@github-actions github-actions released this 24 Jun 15:10

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

  • Block SPA creation with native flow execution by @Malith-19 in #3389
  • Add OpenID4VCI and verifiable credentials management support by @thiva-k in #3474

✨ Improvements

🐛 Bug Fixes

  • Return specific error for attribute conflicts during user provisioning by @kavix in #3317
  • Fix console import summary not listing all resource types by @KD23243 in #3390
  • Resolve favicon by OS color scheme and Vite base URL by @KD23243 in #3411
  • Reconcile custom sign-in flow selection with method toggles in app creation by @KD23243 in #3466
  • Hide Guide tab when no guide exists for selected template variant by @KD23243 in #3472
  • Fix stale in-memory graph cache issue in multi-node deployments by @NutharaNR in #3471

New Contributors

Full Changelog: v0.45.0...v0.46.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.45.0

Choose a tag to compare

@github-actions github-actions released this 19 Jun 18:44

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

Full Changelog: v0.44.0...v0.45.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.44.0

Choose a tag to compare

@github-actions github-actions released this 12 Jun 18:28

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.43.0...v0.44.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.43.0

Choose a tag to compare

@github-actions github-actions released this 09 Jun 17:23
487a353

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.42.0...v0.43.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.42.0

Choose a tag to compare

@github-actions github-actions released this 04 Jun 18:51

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

  • Implement OpenID4VP to support ThunderID as VC verifier by @thiva-k in #3097

✨ Improvements

🐛 Bug Fixes

  • Redirect to application URL after sign-up instead of bare sign-in page by @Dilusha-Madushan in #3101
  • Preserve target attribute on anchors in RichTextAdapter by @Sithumli in #2576
  • Fix authorization denied when loading declarative applications and agents on startup by @rajithacharith in #3114

New Contributors

Full Changelog: v0.41.0...v0.42.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.41.0

Choose a tag to compare

@github-actions github-actions released this 29 May 12:30

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows. It works across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.40.0...v0.41.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.40.0

Choose a tag to compare

@github-actions github-actions released this 21 May 16:27

ThunderID

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Getting Started

Get started by exploring how ThunderID can be used to secure:

To learn more about overall requirements, solution patterns of these scenarios, refer to the Use Cases section.

Visit Get ThunderID to learn more about installation methods.

What's Changed

⚠️ Breaking Changes

🚀 Features

✨ Improvements

🐛 Bug Fixes

New Contributors

Full Changelog: v0.39.0...v0.40.0

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.


(c) Copyright 2026 WSO2 LLC.

ThunderID v0.39.0

Choose a tag to compare

@github-actions github-actions released this 17 May 06:15

ThunderID ⚡

Identity Management Suite

License
GitHub last commit
GitHub issues
codecov.io
GitHub Release

ThunderID is a lightweight, open-source Identity and Access Management (IAM) engine built to secure access for humans, AI agents, and machines.

Designed for the agentic era, ThunderID provides a developer-first IAM platform and supporting tools for securing applications, APIs, services, and agent-driven workflows across traditional and decentralized identity ecosystems, with post-quantum-ready security built in from the start.

Core design goals of ThunderID include:

  • Agent-native identity: Manage AI agents as first-class identities with delegated authority, consent-aware access, traceability, and support for issuing verifiable credentials to agents. ThunderID also aims to expose IAM capabilities through interfaces that agents can use safely and programmatically.
  • Decentralized identity: Bridge the adoption gap for relying parties by making it practical for service providers to consume, verify, and trust decentralized identity in real-world applications, including DIDs, verifiable credentials, digital wallets, trust registries, and issuer-verifier-holder interaction models.
  • Cloud-native IAM: Provide a lightweight, containerized identity product that can run across on-premises and cloud environments, with declarative identity flows, policies, and configuration suitable for automation, versioning, and GitOps practices.
  • Post-quantum-safe security: Build on a crypto-agile foundation where algorithms, key types, signing methods, and token protection mechanisms can evolve over time, including support for post-quantum-safe algorithms and hybrid transition approaches across key management, credential issuance, assertions, and secure service-to-service communication.

What's Changed

🚀 Features

  • Bring-in JavaScript ecosystem SDKs to ThunderID monorepo by @brionmario in #2735

✨ Improvements

🐛 Bug Fixes

Full Changelog: v0.38.0...v0.39.0

⚡ Quickstart

This Quickstart guide will help you get started with ThunderID quickly. It walks you through downloading and running the product, trying out the sample app, and exploring registering a user, logging in, and using the Client Credentials flow.

Download and Run ThunderID

You can run ThunderID either by downloading the release artifact or using the official Docker image.

Option 1: Run from Release Artifact

Follow these steps to download the 0.39.0 release of ThunderID and run it locally.

  1. Download the distribution from the 0.39.0 release

    OS Architecture Download Link
    macOS ARM64 (Apple Silicon) thunderid-0.39.0-macos-arm64.zip
    macOS x64 (Intel) thunderid-0.39.0-macos-x64.zip
    Linux x64 thunderid-0.39.0-linux-x64.zip
    Linux ARM64 thunderid-0.39.0-linux-arm64.zip
    Windows x64 thunderid-0.39.0-win-x64.zip
  2. Unzip the product

    Unzip the downloaded file using the following command:

    unzip thunderid-0.39.0-<os>-<arch>.zip

    Navigate to the unzipped directory:

    cd thunderid-0.39.0-<os>-<arch>/
  3. Setup the product

    You need to setup the server with the initial configurations and data before starting the server for the first time.

    If you are using a Linux or macOS machine:

    ./setup.sh

    If you are using a Windows machine:

    .\setup.ps1

    Note the id of the sample app indicated with the log line [INFO] Sample App ID: <id>. You'll need it for the sample app configuration.

  4. Start the product

    If you are using a Linux or macOS machine:

    ./start.sh

    If you are using a Windows machine:

    .\start.ps1

    The product will start on https://localhost:8090.

Option 2: Run with Docker Compose

Follow these steps to run ThunderID using Docker Compose.

  1. Download the Docker Compose file

    Download the docker-compose.yml file using the following command:

    curl -o docker-compose.yml https://raw.githubusercontent.com/thunder-id/thunderid/v0.39.0/install/quick-start/docker-compose.yml
  2. Start ThunderID

    Run the following command in the directory where you downloaded the docker-compose.yml file:

    docker compose up

    This will automatically:

    • Initialize the database
    • Run the setup process
    • Start the ThunderID server

    Note the id of the sample app indicated with the log line [INFO] Sample App ID: <id> in the setup logs. You'll need it for the sample app configuration.

    The product will start on https://localhost:8090.

Try Out the Product

Try out the ThunderID Console

Follow these steps to access the ThunderID Console:

  1. Open your browser and navigate to https://localhost:8090/console.

  2. Log in using the admin credentials created during the initial data setup (admin / admin).

Try Out with the Sample App

ThunderID provides two sample applications to help you get started quickly:

  • React Vanilla Sample — Sample React application demonstrating direct API integration without external SDKs. Supports Native Flow API or Standard OAuth/OIDC.
  • React SDK Sample — Sample React application demonstrating SDK-based integration using @asgardeo/react for OAuth 2.0/OIDC authentication.
React Vanilla Sample
  1. Download the sample

    OS Architecture Download Link
    macOS ARM64 (Apple Silicon) sample-app-react-vanilla-0.39.0-macos-arm64.zip
    macOS x64 (Intel) sample-app-react-vanilla-0.39.0-macos-x64.zip
    Linux x64 sample-app-react-vanilla-0.39.0-linux-x64.zip
    Linux ARM64 sample-app-react-vanilla-0.39.0-linux-arm64.zip
    Windows x64 sample-app-react-vanilla-0.39.0-win-x64.zip
  2. Unzip and navigate to the sample app directory

    unzip sample-app-react-vanilla-0.39.0-<os>-<arch>.zip
    cd sample-app-react-vanilla-0.39.0-<os>-<arch>/
  3. Configure the sample

    Open app/runtime.json and set the applicationID to the sample app ID generated during "Setup the product":

    {
        "applicationID": "{your-application-id}"
    }
  4. Start the sample

    ./start.sh

    Open your browser and navigate to https://localhost:3000 to access the sample app.

    📖 Refer to the README.md inside the extracted sample app for detailed configuration options including OAuth redirect-based login.

React SDK Sample
  1. Download the sample

    | OS | Architecture | Download Link |
    |-------|-------------|...

Read more