17 November 2022 (v2.82)

ReachFive v2.82 is primarily a bug-fixing release. You can see more on that under the fixes section. We also updated a few MFA items and had some other minor improvements.

Multi-factor Authentication

We have improved a couple of items for MFA.

  • To better protect accounts, users must now perform a step-up operation in order to modify an existing phone_number if that phone number is being used as an MFA second factor.

  • Now, when a user updates the phone number on their profile, we automatically update the MFA credential phone_number. This is protected through the step-up requirement detailed above.

See the /update-phone-number endpoint for more on that operation.

For more on MFA in general, see our dedicated Multi-factor Authentication page.

Other improvements

  • The User Origin filter on the ReachFive Console now displays all possibilities based on your user data. Previously when filtering on the ReachFive Console, it only displayed 20 results.

  • We have improved exports so that profiles modified during incremental export job executions are fully exported in the next export job and available in the job report.

    What does this mean exactly?

    Previously with incremental exports, the cutoff time for exporting profiles was taken after the last successful job, meaning that it was possible that some profiles between jobs may have been missed. With this improvement, we ensure they’re not missed and are fully exported in the next job.


Item Fixed

In some cases, the Identity Fraud Protection logs weren’t as verbose as required.

Due to the unpkg failure, Hosted Pages were temporarily down.

In some cases, it was possible to manually add scopes and permissions that weren’t directly applicable to or expected for a client.

In limited circumstances, it was possible for an unauthorized user to access restricted console areas such as Advanced Settings.

Some users with unverified emails were unable to authenticate via Social Login as expected.

In some limited instances, social providers were not removed in the ReachFive Console after a user deleted the configuration.

Some users were unable to refuse archived consents.

The magic-link/ endpoint wasn’t correctly using the fallback redirect uri.

The Force data update from file option on the ReachFive Console for imports was overwriting existing lite profiles in some cases.

The lite-registration/consents endpoint was returning errors when filtering with the phone number as a query parameter.