22 December 2020 (v2.45)

Authentication

OpenID as a Service

Release highlight

You can now use the passwordless Hosted page as part of the OaaS flow.

See OpenID as a service for more details.


Integrations

Core JS SDK

Public clients are now forced to use the PKCE flow for improved security.

UI SDK Widgets

The showAuth widget now supports the return_to_after_email_confirmation and return_to_after_password_reset parameters when using the biometrics authentication.

Hosted Pages

  • We’ve added a back button that is configurable when calling the Hosted Page using the return_to query parameter.

Check out the Hosted Pages documentation for more information.

  • We’ve also added a more secure way to handle the check of the session when not in a SSO context for the Password Editor page.

Check out the Hosted Pages under the Password Editor tab for more information.

Android SDK

The signup method now supports the redirect_url parameter.


Removed features

The loginWithCustomToken function is now deprecated and is no longer supported.

Check out the OpenID as a service page instead if you want to set up a login flow with your partners.


Fixes

We have fixed the following items:

  • Fixed some translations for french language.

  • Fixed a bug where auth options weren’t passed through the last step of the passwordless authentication on the Core SDK.