22 December 2020 (v2.45)


OpenID as a Service

Release highlight

You can now use the passwordless Hosted page as part of the OaaS flow.

See OpenID as a service for more details.



Public clients are now forced to use the PKCE flow for improved security.

UI SDK Widgets

The showAuth widget now supports the return_to_after_email_confirmation and return_to_after_password_reset parameters when using the biometrics authentication.

Hosted Pages

  • We’ve added a back button that is configurable when calling the Hosted Page using the return_to query parameter.

Check out the Hosted Pages documentation for more information.
  • We’ve also added a more secure way to handle the check of the session when not in a SSO context for the Password Editor page.

Check out the Hosted Pages under the Password Editor tab for more information.

Android SDK

The signup method now supports the redirect_url parameter.

Removed features

The loginWithCustomToken function is now deprecated and is no longer supported.

Check out the OpenID as a service page instead if you want to set up a login flow with your partners.


We have fixed the following items:

  • Fixed some translations for french language.

  • Fixed a bug where auth options weren’t passed through the last step of the passwordless authentication on the Core SDK.