18 January 2022 (v2.65)

ReachFive v2.65 focuses primarily on improving our User import module and various Security improvements such as with our Audit Logs which now automatically detect security-related updates.

Integration

User import module

When a user is created via an import file, the created_at and updated_at fields are now automatically set to the profile creation date if they are not already present in the file.

For more details, check out Import user profiles.


Security

Audit logs

We have improved our Audit log module to immediately detect an update in the security section (rate limits, SSO, password policy).

For more information, check out our Audit logs page.

Hide profile existence

In order to mitigate the impact of attacks, we have added a new Hide profile existence option that allows you to send a succesful response after a password reset even if the profile isn’t present in our database.

hide profile existence

For more information, check out our Hide profile existence page.

Mask job credentials

Credentials are now hidden in the Get job executions from a job definition endpoint response.

Code and authentication token reuse

All user tokens on the concerned client_id are now invalidated if there is an attempt to reuse an authentication token or a code that has been already consumed.


Authentication

Force user login

The prompt and max_age parameters can now be used on the /oauth/authorize endpoint and all the session management methods to force a user to login even if he has a valid SSO session.

For more information, check out the /authorize endpoint or one of the SDK Core methods parameters list.


Fixes

Item Fixed

opt-out consents weren’t automatically accepted after a signup with a social provider.

It was possible to modify the suspension_status field with an import.

The User updated at parameter filter equals (=) option didn’t respond correctly on export jobs.

The error_message_key has been added in the start MFA credential registration endpoint.