16 March 2021 (v2.48)

Authentication

Simplification of the passwordless flow

We have refactored the Verify passwordless endpoint and simplified its implementation. You only need a verification_code and an opaque token to finish the flow after a user receives their code.

The old parameters are still supported to guarantee a smooth transition. Our SDKs will be updated shortly to support the new flow.

For more information, check out One-Time Passwords.

User suspension

We have improved the suspension check mechanism. A suspension status is only checked after a login attempt with the correct password. This helps to avoid disclosing any information about an account’s status.

For more information, check out User Suspension.

JSON Web Key Set

Following our previous developments, we’ve improved our API security control by implementing scopes on routes allowing JSON Web Key deletion. You now have to request the manage:clients scope in order to perform these actions.

For more information on JWKS specifics routes, check out the JWKS API operations.

Integrations

German and Russian translations

It is now possible to define a German or Russian translation for your consents and custom fields.

Fixes

Item Fixed

Item	Fixed
Android `7.0` users were unable to login.	✓
Some users were unable to verify their email after a signup with a long expiration.	✓

Android 7.0 users were unable to login.

✓

Some users were unable to verify their email after a signup with a long expiration.

✓