Directus 11.14 makes custom authentication simpler by exposing core accountability utilities alongside a tutorial for third-party JWT validation, bulk file and folder downloads, a new Header interface for a cleaner end-user experience within collections, and our AI Chat beta. Let's get into it.
Breaking Changes
Removed sidebar states from app store: If you're using extensions that reference sidebar states from @directus/stores, you'll need to update your code. The sidebar state management has been refactored as part of the new resizable sidebars feature.
AI Chat Sidebar (Beta)
Building on the MCP support we shipped in v11.13, there's now an AI chat sidebar built directly into the Data Studio. Both sidebars are also resizable now, so you can adjust your workspace to fit how you actually work.
This feature is currently in beta. We're actively looking for feedback on how it fits into your workflow, what's working, and what isn't.
Drop your thoughts in the community forum to help shape where this goes next.
Bulk File and Folder Downloads
This one's been popular on the request list. You can now select multiple files in the File Library and download them all at once as a ZIP. Even better, you can download entire folder trees with the nested structure preserved.
If you've ever had to click through dozens of files one by one, or write a script just to grab a batch of assets, you know why this matters. Select what you need, click download, done.
The feature works through both the Data Studio interface and the API, so you can build it into your own tooling if needed.
Header Interface: Organize Your Forms
Complex collections with lots of fields can get unwieldy. The new Header interface gives you a way to add visual structure to your forms without creating actual field groups.
Think of it as section titles for your data entry experience. Drop a Header field between groups of related fields, give it a label, and suddenly your 30-field form becomes scannable. It's a presentation-only interface, so it doesn't affect your data model or API responses.
The Header field also does contextual help (inline or as a modal) and gives you the ability to add custom external links or execute flows.
You'll find it under the Presentation category when adding new fields. Simple, but it makes a real difference when you're staring at a wall of inputs.
External JWT Validation: Integrate With Your Existing IAM Infrastructure
Static tokens work well when you're managing authentication within Directus itself.
But as you scale, managing authentication across dozens of services becomes complex and requires an enterprise-grade IAM architecture. Each service has its own credentials. Onboarding and offboarding users means touching multiple systems. And your compliance auditors want a single source of truth for who can access what.
If you're a DevOps or platform engineer dealing with this at scale, or a security team trying to maintain compliance standards, or a VP watching engineering resources drain into manual token management and rickety workarounds, this one's for you.
Directus has now made it easier than ever to validate third-party JWTs from providers like Okta and Auth0 by exposing core accountability utilities and a reference tutorial for guidance.
This lets you accept short-lived, signed tokens from external identity providers like Okta or Auth0, and have Directus integrate with your existing IAM setup instead of sitting outside it.
What this enables
Services authenticate the same way they authenticate with everything else in your stack.
Directus reads standard claims from the token (subject, issuer) plus any custom claims your organization defines. When a new service gets provisioned with a token, Directus can automatically create a corresponding service account. And everything those service accounts do gets logged in your audit trail.
Scope-based permission mapping
Here's where it gets interesting. Your JWTs already contain scopes that mean something to your organization. Those scopes can map directly to Directus roles and permissions.
Say you have a scope structured like company.api.customers.profiles.read. That structure has meaning:
company.api.customersidentifies the service,profilesis the resource, andreadindicates read-only access.
Directus can read that scope and create a user with the appropriate permissions.
The key here is flexibility. Every organization structures scopes differently. You write the mapping logic that says "when you see scope X, assign Directus role Y." The custom extension approach gives you full control over how your scope format translates into Directus permissions.
A real example
One of our enterprise customers routes all API traffic through Kong, with Okta handling authentication.
They're onboarding 50+ services, with permission changes happening monthly as services evolve. Their requirements: no static tokens, programmatic credential rotation, full auditability of service interactions, and compliance with their existing enterprise security patterns.
With JWT validation, services authenticate with Okta, flow through Kong, and Directus can now validate the token and uses its contents to determine who's calling and what they can do. No manual token rotation across dozens of services. No building and maintaining custom workarounds. The pattern just works with their existing setup.
The bottom line: However you're using Directus, you can integrate it with your existing compliance, security, and IAM infrastructure through JWT token support. Authenticate services the way you authenticate everything else.
Check out the full tutorial at directus.io/docs/tutorials/extensions/validating-third-party-jwts-in-directus.
Other Improvements
- Number input enhancements: Added support for float intervals and min/max warnings, giving you more control over numeric field validation.
- Resizable sidebars: Both the left navigation and right detail sidebars can now be resized by dragging.
- Bug fixes: Fixed input focus ring disappearing on hover, display template issues for relations inside translations on new items, revision label accuracy, missing accountability for file uploads when TUS is enabled, and redirect validation.
Check out the full release notes on GitHub for more.
Directus v11.14 is Available Now
Update your instances to get external JWT validation support, bulk downloads, the new Header interface, and all the other improvements.
As always, we recommend backing up your database before upgrading.