16 May 2024 (v2.112)

ReachFive v2.112 introduces a few improvements and needed bug fixes.

We have delivered a new account recovery process for users with identification keys. We are happy to announce that we have added TikTok to our social provider options. You can now also trigger password reset flows with custom identifiers. To ensure user profile data freshness, you can use the new check_updated_at request body field in certain Management API endpoints.

As always, we made some general improvements and fixed a few items for you.

Release highlight

Recover accounts using identification keys

Users can now recover accounts that use identification keys. Much like the ability to reset a password for those users using traditional credentials, the new API endpoints and templates for account recovery allow users using identification keys to successfully recover their account.

New templates
New endpoints

There is a new Account recovery template for both email and SMS.

You can find this on the ReachFive Console at Settings Emails Templates and Settings SMS Templates.

For more, see Email templates and SMS templates.

Starts account recovery process: /account-recovery endpoint
Resets the passkey options: /webauthn/reset-options endpoint
Resets the passkey /webauthn/reset endpoint

We’ve added a new option to our growing list of social providers, TikTok. ReachFive collects the following user information from TikTok.

open_id
union_id
avatar_url
username

For more details on using this social provider, see TikTok.

Trigger password reset flow with custom identifier

You can now trigger the reset password flow using a custom identifier. Previously, you could only achieve this with an email or phone number.

For more details, see the /forgot-password endpoint in the Identity API.

New `check_updated_at` field for validating user data freshness

We have a new check_updated_at field that you can pass that prevents profile data from being updated if the updated_at value in the payload is older than the updated_at value in the ReachFive user database.

Affected endpoints:

Why is this important? 🤔

You may have several contributing stakeholders in your technical ecosystem that handle use profile data. The updated_at value is critical in knowing how fresh the user data is, and when many stakeholders contribute to that data, you don’t want stale data to remain or accidentally remove the latest data.

Updates user data
Does not update user data

The following scenarios result in the user profile data being updated with the request.

Scenario 1:

check_updated_at is false or null

In this case, it doesn’t matter if the updated_at value is the same age, older, or newer.

Scenario 2:

check_updated_at is true

If the payload’s updated_at value is newer than the database updated_at value, the update proceeds with the newer request data.

check_updated_at is true

If the payload’s updated_at value is older (or the same age as) than the database updated_at value, the update does not occur and you receive an error response.

response

400 Bad Request “Can't update the profile since updated_at value passed is anterior to the current record”

Other improvements

We made some minor cosmetic improvements to the Recent Activity for user profiles on the ReachFive Console.

Fixes

Item	Fixed
It was possible to bring in invalid provider values when importing identities.	✓
The error for failed discoverable login attempts for the WebAuthn signup flow was inconclusive. We improved this error messaging to state explicitly that "Your account is not associated with the provided credentials" when this happens.	✓

Item

Fixed

It was possible to bring in invalid provider values when importing identities.

✓

The error for failed discoverable login attempts for the WebAuthn signup flow was inconclusive. We improved this error messaging to state explicitly that "Your account is not associated with the provided credentials" when this happens.

✓