docs: add changelog for mandatory Link Auth for Composio-managed OAuth

[devin-ai-integration]

Summary

Adds a changelog entry for January 6, 2026 announcing the upcoming mandatory Link auth flow for Composio-managed OAuth connections, with a phased rollout timeline.

Changes

• Added new changelog file fern/pages/src/changelog/01-06-26.md
• Documents the phased rollout timeline:
  • January 06, 2026 - Option to enable Link auth flow available in Project Config
  • February 21, 2026 - Enabled by default for new organizations
  • April 06, 2026 - Enabled for all organizations
• Explains the security benefits and how users can opt-in early via Project Config
• Uses "custom auth" terminology for users with their own OAuth credentials
• Added callout note clarifying this is not a backward breaking change (OAuth flow UX will change for end users)
• Added screenshot showing the Project Config toggle

Type of change

• Documentation

How Has This Been Tested?

Documentation-only change. Verified the file follows the existing changelog format and naming convention.

Test Plan:

• Verified the changelog file follows the existing naming convention (MM-DD-YY.md)
• Confirmed content structure matches other changelog entries in the directory

Screenshots

Checklist

• I have read the Code of Conduct and this PR adheres to it
• I ran linters/tests locally and they passed
• I updated documentation as needed
• I added tests or explain why not applicable - N/A, documentation only
• I added a changeset if this change affects published packages - N/A, documentation only

Human Review Checklist

• Verify the rollout dates are correct (Jan 06, Feb 21, Apr 06 2026)
• Confirm the flag name enableLinkFlowForManagedAuth matches the UI implementation
• Verify "custom auth" is the correct terminology for users with their own OAuth credentials
• Review the callout wording about non-breaking change is accurate
• Verify the screenshot displays correctly and matches current UI

Additional context

Link to Devin run: https://app.devin.ai/sessions/bf3331cf4b9b494abbda4c1007fa600b
Requested by: [email protected] ([email protected])

[devin-ai-integration]

Original prompt from [email protected]

Add changelog  for Jan6 in changelog and in frontend add option in project config to enable is_composio_link_enabled_for_managed_auth

## 🔐 Mandatory Link Auth for Composio-Managed OAuth

### What’s Changing

Starting **February 15, 2026**, all OAuth connections that use **Composio-managed credentials** will automatically use the **Link Auth** flow.

- ✅ **No action required** on your side  
- ✨ A small **UX change** during OAuth to improve platform security  

👉 **No changes** if you use your own `client_id` and `client_secret`.

---

### Why This Change

To align with modern OAuth security best practices, we’re standardizing on Link Auth for all Composio-managed OAuth connections.

Link Auth ensures:

- 🔒 **Secure, token-bound OAuth initiation**
- 🛡️ **Full protection against OAuth account takeover** : This guarantees OAuth connections are created only by the intended user, for the intended project, and within the correct security context.

---

### Enable & Test Early (Optional)

You can opt in before **February 15, 2026** to preview and test the new behavior.

**How to enable:**
1. Go to your **Project Config** page
2. Enable the flag:  
   `enableLinkFlowForManagedAuth`

Once enabled, all new OAuth connections using Composio-managed credentials will follow the Link Auth flow.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
fumadocs	Error		Jan 6, 2026 7:01am

[github-actions]

Preview your docs: https://composio-preview-30648755-cc53-4fc0-aa50-d39b2ecd2030.docs.buildwithfern.com

[himanshu-dixit]

custom auth

[devin-ai-integration]

Updated to use "Link auth flow" and "custom auth" terminology as requested.

[github-actions]

Preview your docs: https://composio-preview-d19779f6-a6d8-49fd-9d24-1c34d6a7cfe3.docs.buildwithfern.com

[github-actions]

Preview your docs: https://composio-preview-af2203a8-9b31-45c8-930c-ef3e8b8bf2fe.docs.buildwithfern.com

[himanshu-dixit]

Devin add this screenshot

[himanshu-dixit]

Add callout that this is not backward breaking change but flow is going to change for end users.

[github-actions]

Preview your docs: https://composio-preview-71ebe3db-fadc-4d53-889b-aac8bf756d61.docs.buildwithfern.com

[devin-ai-integration]

Added the screenshot and a callout note clarifying this is not a backward breaking change but the OAuth flow will change for end users.