13 February 2025 (v2.129)

ReachFive v2.129 introduces several improvements and needed bug fixes.

We want to highlight a recent UI SDK release which has exciting updates. In addition to this, you can now import Lite profiles by ID. And finally, there are now more fields available to export with our ReachFive export jobs.

As always, we made some general improvements.

UI SDK updates

We have some exciting updates to our UI SDK including:

A new endpoint to get user password strength
A new field to display the option to trust a device

New endpoint to get user password strength

We have introduced a new endpoint with this release that lets you retrieve the password strength based on your password policy. We did this so that any point of integration needs only to rely on a single way of retrieving this information.

So, whether you use our full API or just our SDKs, you can leverage this method to retrieve password strength.

/password/strength endpoint
Core SDK

You can use the /password/strength endpoint.

POST /password/strength

{
  "client_id": "z6fhT..5uV3i", (1)
  "password": "passwordDeluxe1234000!!!!***##*" (2)
}

1	The ReachFive client ID.
2	The user password.

If using our Core SDK, you can use the getPasswordStrength method.

client
  .getPasswordStrength(clientId,password) (1)
  .then(PasswordStrength => {
    // Display strength of password
  })
  .catch(err => console.error(err))

1	Pass the ReachFive client ID and user password.

New field to display option to trust a device

In our latest UI SDK release (1.32.0), we added a new parameter which allows you to display to users the option to trust a device. This helps build on our Risk-based Authentication flows and is only applicable after the user has validated the second factor step.

This parameter is available on our showAuth method as allowTrustDevice. Setting it to true displays the option and the property defaults to false. To accompany this update, there is a new label which you can customise as needed mfa.stepUp.trustDevice.

For more, see showAuth.

client.showAuth({
    container: 'auth-container',
    auth: {
      redirectUri: 'https://example.com/auth-callback'
    },
    allowForgotPassword: false,
    allowPhoneNumberResetPassword: false,
    allowTrustDevice: true, (1)
    initialScreen: 'login',
    redirectUrl: 'https://example-email-validate.com',
    signupFields: [
      { key: 'given_name', label: 'Given name', required: false },
      { key: 'family_name', label: 'Family name', required: false },
      'email',
      'password',
      'password_confirmation',
      'consents.newsletter',
      'custom_fields.loyalty_card_number'
    ],
...
})

1	Setting `allowTrustDevice` to `true`.

Import Lite profiles by ID

We’ve updated the merge logic for import jobs so that you can update Lite profiles using a ReachFive ID. This is in addition to the existing methods of importing and updating by email, phone number, or external ID as well as the ability to update lite profiles with the lite-update/:id endpoint

For more, see LITE registration and Import job definition respectively.

Exportable fields

With this release, you’re now able to export more fields using an Export job.

The additional fields that can now be exported are:

auth_types (array)
origins (array)
devices (array)
identities (object)

For more, see User Profile.

General improvements

We have improved the error messaging when using the UI SDK to enter a verification code. Instead of a generic message, you’ll receive more meaningful messaging like "Invalid verification code" or "Expired verification code".