02 June 2021 (v2.53)

Release highlight

Our Consents Module has evolved and now supports versioning of any consent. You can now save newer versions of an existing consent, allowing you to easily identify if your customers have accepted the latest version. This feature is part of a general compliance with GDPR.

We aim to help you log and store detailed consent information such as:

What consents a customer has consented to
Consent version ID
Consent title and description in the user’s language

We have also added the archive feature on consents, allowing you to disable a consent from future acceptance, while preserving the right of rejecting it if customers had previously accepted.

For more information you can check our complete guide on Consents.

Security

Identity Fraud Protection

Our Identity Fraud Protection (IFP) Module can now automatically suspend all accounts that have been compromised by malicious IPs.

For more, check out the Identity Fraud Protection page. If the feature is not activated on your account and you’re interested in using it please contact your professional service or CSM contact.

Authentication

We have improved the behaviour of the signup with the passwordless flow. If the email or the phone_number is not yet present in your account, the user account will only be created when the flow is finished and the first login is completed.

For more information, check out One-Time Passwords.

Fixes

Item Fixed

Item	Fixed
All refresh tokens of the same grant (`client_id`) were revoked once a refresh token was redeemed.	✓
If the `login_url` parameter was set to an empty value in the client configuration, the /oauth/authorize endpoint incorrectly redirected to this value instead of the `redirect_uri` when the user was not logged in.	✓
Calls to the /api/v2/users/suspend endpoint responded with a timeout when trying to suspend some accounts.	✓
The import file encryption configuration was not allowing the password field to be pre-filled with the existing password.	✓
The import file encryption configuration was not accepting the `PBKFD2` iterations parameter into accounts properly.	✓
Importing large files into S3 resulted in a timeout.	✓

All refresh tokens of the same grant (client_id) were revoked once a refresh token was redeemed.

✓

If the login_url parameter was set to an empty value in the client configuration, the /oauth/authorize endpoint incorrectly redirected to this value instead of the redirect_uri when the user was not logged in.

✓

Calls to the /api/v2/users/suspend endpoint responded with a timeout when trying to suspend some accounts.

✓

The import file encryption configuration was not allowing the password field to be pre-filled with the existing password.

✓

The import file encryption configuration was not accepting the PBKFD2 iterations parameter into accounts properly.

✓

Importing large files into S3 resulted in a timeout.

✓

02 June 2021 (v2.53)

Security

Identity Fraud Protection

Authentication

Signup with the passwordless flow

Fixes