v1.3.0 - Nov. 30, 2021

The following changes are included in this release.

Enhancements

Next Identity API

⭐ Added new `/logout` endpoint parameter

The /logout endpoint now includes the all_sessions parameter option. Setting this parameter to true will revoke all user sessions across multiple devices.

Next Identity Journeys

⭐ Implemented a failover for reCAPTCHA feature in Threat Guard

This enhancement improves the reliability of the reCAPTCHA feature.

⭐ Improved rate limiting on `/otp` endpoints

This enhancement blocks mobile number verification requests after the user reaches a pre-configured number of attempts. This protects against brute-force attacks that can let an attacker potentially discover valid OTP codes and compromise user accounts.

Additionally, several other enhancements have been introduced to optimize code and increase overall security.

Bug Fixes

Next Identity Journeys

Respond with a 403 Forbidden when a user attempts to access a screen that requires an active session instead of a 500 Internal Server Error.

Next Identity API

Resolved an issue where an invalid value is returned when calling the /profile API where birthdate is a required attribute

Other

Resolved an issue that was generating a 500 Internal Server Error response when using flows that are missing certain translation strings

Enhancements

Next Identity API

⭐ Added new /logout endpoint parameter

Next Identity Journeys

⭐ Implemented a failover for reCAPTCHA feature in Threat Guard

⭐ Improved rate limiting on /otp endpoints

Bug Fixes

Next Identity Journeys

Next Identity API

Other

⭐ Added new `/logout` endpoint parameter

⭐ Improved rate limiting on `/otp` endpoints