chore(deps): update svhd/logto docker tag to v1.34.0

[renovate]

This PR contains the following updates:

Package	Update	Change
svhd/logto	minor	1.33.0 -> 1.34.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

logto-io/logto (svhd/logto)

v1.34.0

Compare Source

Highlights

• Cross-app authentication stability: Authentication callbacks are now isolated per application within the same browser session, eliminating interference caused by shared _interaction cookies.
• New webhook event Identifier.Lockout: A new webhook event Identifier.Lockout is introduced, triggered when a user is locked out after repeated failed sign-in attempts.
• Improved refresh token reliability: Refresh tokens now correctly honor the configured 180-day TTL, resolving an issue where they previously expired after 14 days.

New features & enhancements

Cross-app authentication

Multiple applications can now initiate authentication in the same browser session without affecting each other.

• _interaction cookie now stores a structured mapping { [appId]: [interactionId] }.
• appId is propagated via URL parameters or headers to maintain isolation.
• Includes fallback logic for backward compatibility.

Webhooks

New event: Identifier.Lockout

• Triggered when a user is locked out due to repeated failed sign-in attempts, enhancing security observability and automation.

Bug fixes & stability

Refresh token TTL fix

Addressed an issue where refresh tokens expired after 14 days due to an internal provider grant TTL cap.

• TTL now correctly aligns with the configured 180-day lifespan.
• Supports refresh token validity up to 180 days as intended.

Correct email verification code template selection during multi-step sign-up

Fixed a bug where the system incorrectly switched to MFA binding templates during multi-step sign-up flows.

• Sign-up templates are now selected correctly when email/phone identifiers are part of the ongoing sign-up process.

Case-insensitive SSO connectors domain matching

• SSO connector domains are now normalized to lowercase upon insertion.
• Prevents duplicate domain entries and ensures proper connector lookup.
• Domain matching during sign-in is now robustly case-insensitive.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment