14 September 2020 (v2.40)



  • ReachFive now supports FIDO2 flows on the Android SDK

    • Add a device to your user account

    • Login to your account with the registered device

For more information, please refer to our FIDO2 guide.

User suspension

  • The password_reset parameter is now deprecated and replaced by allow_password_reset on the /api/v2/users/suspend endpoint:

    • If this parameter is set to true the user is temporarily suspended. He will receive a suspension email with a password reset link to unlock his account and he will also be able to unlock it with a password reset.

    • If this parameter is set to false the user is definitely suspended. He will not be able to unlock his account, the only possibility to unlock it is by calling the /api/v2/users/unsuspend endpoint.

  • You can now directly suspend and unsuspend a user on the ReachFive Console:

    manage suspend user from console

    For more information, please read this page.

Authentication without redirection

  • It is now possible to complete an authentication without having to redirect the user with the Core JS SDK.

    A new parameter useWebMessage will leverage the web_message response mode when set to true in order to avoid having to redirect the user-agent to obtain the authorization response.

    The redirection remains active by default on the Core JS SDK.

Removed features

  • The Terms of service are deprecated and are not supported any more, please refer to consents instead.


  • Fixed email templates update, in some cases the update didn’t work because the payload was too large.

  • Fixed ID output in the mobile SDK, the ID wasn’t available in the response.

  • Fixed space trimming in the ReachFive Console