22 July 2020 (v2.37)

Authentication

User suspension

  • You can now suspend users by using the new endpoint /api/v2/users/suspend. The suspended users will not be able to login and their previously issued tokens ans sessions will be revoked.

    You can also unsuspend users with this endpoint /api/v2/users/unsuspend

User data management

  • Added the created_at and updated_at fields in the User’s profile view in the ReachFive Console

Custom fields

  • The custom scopes associated with the custom fields are now necessary to be able to update them

    For more information, please read this page.

Integrations

  • Added a new keepLiteProfile parameter for user deletion endpoint to remove provider and local profile information only, more details at DELETE /api/v2/users/{user_id}

  • Added the RS256 algorithm in the token_endpoint_auth_signing_alg_values_supported field of the OpenID well-known configuration

Fixes

  • Fixed an issue where the custom fields were not present in the id_token

  • Fixed a security issue with the PKCE flow, the code_verifier was not mandatory to exchange the authorization code with a token

  • Fixed a bug with the signup verification code on the telephone, the same code was sent after a profile deletion and a new signup

  • Fixed an issue with the lite profile merge after an email verification with the management API

  • Fixed an issue that allowed users to insert blank spaces in input text fields for some configuration pages in the ReachFive Console