❗️

High-Risk Update: Enhanced Security and Compliance Measures

This update introduces security and compliance enhancements affecting the /token endpoint, client credential grants, and property management to strengthen our platform. These changes involve API, schema, and flow adjustments. We are actively monitoring the system post-release and have a 15-minute rollback plan ready to address any critical issues swiftly. Your immediate reporting of anomalies is crucial to ensuring platform stability and security.

The following changes are included in this release of the Next Identity platform.

Enhancements

Analyze

• Adoption Over Time Analytics Preparation: Laid the groundwork for a new chart to track the adoption of key features over time, enhancing strategic insights.

Operate

• Account Verification Method Refinement: Increased flexibility in Account Verification Base URLs and methods, offering tailored verification experiences.
• External ID Field Integration for Properties: Added an "External ID" field to improve data organization and facilitate better integration with external systems, enhancing adaptability and user-centric design.
• Settings Management Streamlining: Consolidated settings management, enhancing operational efficiency and reliability. This feature is only available for Next Reason internal users. If you are interested in learning how to customize your client, we have a guide available for you to check out.

Unify

• Enhanced Color Format Placeholders: Improved guidance on color selection inputs with dynamic placeholder text that adapts to the chosen format (HSLA or RGB). Check how you can customize your client with Themes.
• Default Translation Display Optimization: Streamlined initial page load with English (en-US) set as the default language, improving the interface experience for global users. Learn more about Translations on Next Identity.
• Privacy Enhancements for 2FA Verification: Strengthened user privacy during two-step verification by masking sensitive information.
• Enhanced Email Notifications for Password Updates: Updated email notifications for password changes to include clearer instructions and direct actions for security. This update enhances user support and security awareness.
• Optimized Client Data Retrieval: Improved performance in Next Identity Journeys by optimizing the client data retrieval process, ensuring faster response times and a smoother user experience.

General

• Dynamic Pool Limit Configuration: Enabled adjustment of pool limit size for core services to ensure optimal performance and scalability.

Bug Fixes

Analyze

• Verification Label Correction: Updated terminology for Two-step verification for consistency across the Next Identity Console.

Operate

• Redirect URI Saving Mechanism: Improved persistence of Allow redirect URIs in client settings, enhancing configuration reliability. Learn about how to customize your client.
• Redirect URI Validation: Enforced validation for redirect_uri in authorization code requests, aligning with security standards.

Unify

• MFA Selection Persistence: Ensured users are consistently prompted for MFA method selection, enhancing security.
• OpenID Scope Handling: Corrected id_token inclusion in account/token response to comply with OpenID Connect standards.

General

• Log Level Adjustment: Changed logging of invalid_request due to unknown refresh_token from Error to Warning, improving log clarity.