16 March 2021 (v2.48)
We have refactored the Verify passwordless endpoint and simplified its implementation.
You only need a
verification_code and an
opaque token to finish the flow after a user receives their code.
|The old parameters are still supported to guarantee a smooth transition. Our SDKs will be updated shortly to support the new flow.|
|For more information, check out One-Time Passwords.|
We have improved the suspension check mechanism. A suspension status is only checked after a login attempt with the correct password. This helps to avoid disclosing any information about an account’s status.
|For more information, check out User Suspension.|
Following our previous developments, we’ve improved our API security control by implementing scopes on routes allowing JSON Web Key deletion. You now have to request the
manage:clients scope in order to perform these actions.
|For more information on JWKS specifics routes, check out the JWKS API operations.|