❗️

High-Risk Update: Login Claims Changes & Redirect Fixes

This update includes adjustments to login claims, potentially impacting some users' login experiences, and addresses Back to App redirection issues from the Profile Page. Please report any issues immediately to ensure platform stability.

🌟

Highlights

This release delivers key updates to enhance security, usability, and foundational support for new features, including:

• Notable Bug Fixes: Resolved issues across Progressive Profile, account activation, OTP delivery, and profile management to ensure smoother user interactions. Fixes include accurate email verification code delivery, consistent error messages, improved screen redirection, and ensuring OTPs are properly delivered during login flows.
• Security & Fraud Prevention Enhancements: Introduced a new backend validation to prevent SMS delivery to high-risk numbers, reducing potential risks and reinforcing compliance.
• Additional Platform Enhancements: Launched an Authentication Journey Editor for a no-code experience in journey customization and environment-based testing. Added ID token claims to improve transaction checks and included authentication method flexibility, laying the groundwork for expanded security features across applications. Improved flexibility for applications when defining user session policy.

The following changes are included in this release of the Next Identity platform.

New Features

Unify

⭐ Authentication Journey Editor with Changes Propagation

We’ve launched a new Authentication Journey Editor in the Next Identity console, giving your application managers more control over their authentication flow. This update allows customization of key authentication steps and settings, ensuring flexibility and security across environments.

• Customizable steps: Add or remove steps like Progressive Profile, Biometric Auth, and User Verification.
• Flexible authentication methods: Adjust methods, including 2FA, to fit your application’s needs.
• Environment-based testing: Validate and test changes in each environment before going live.
• Seamless propagation: Effortlessly roll out updates across all environments for consistent user experience.

For more information, explore the Authentication Journey and Propagation guides.

Enhancements

Connect

• Backend Updates for Enhanced IDP-Agnostic Capability: Continued migrating account-related endpoints to further improve compatibility with future IDP integrations and enhance IDP agnostic capability.

Unify

• Session-Only Cookies for Enhanced Privacy: Applications now can leverage on more flexibility when defining user session policy.
• Fraud Prevention for Mobile Registrations: Introduced backend validation to block SMS delivery to high-risk numbers and restrict suspicious mobile registrations.
• Authentication Method and Security Level Claims in ID Token: Added AMR and ACR claims to ID tokens, enabling applications to identify the authentication method and security level achieved, supporting additional transaction checks as needed. Learn more about the Token API.

Bug Fixes

Unify

• Password Update Failure: Resolved an issue causing a 502 error when users attempted to change their password in the Next Identity console.
• Profile Update Authorization Issue: Addressed a vulnerability allowing user profile updates using a bearer token intended for a different user.
• Missing Email Verification Code on Change Email Page: Fixed an issue where users did not receive a verification code when updating their email.
• Incorrect Link Display on Auth App Screen: Resolved an issue where an incorrect link appeared after entering a wrong code, ensuring "Try Another Verification Method" remains consistent.
• Account Activation Screen Text Errors: Corrected missing user name and updated title from "Account Activated" to "Congratulations" for consistency across activation screens.
• Progressive Profile Bug Fixes: Resolved issues on the Progressive Profile screen, including phone numbers defaulting to the UK country code (+44) instead of the selected country, and updated the error message to display "Mobile number is already in use" when an existing number is entered.
• Back to App Redirection Issue: Fixed the issue where the "Back to App" button did not redirect to the correct URI specified on the personal details page.
• Alert Text Color Configuration Ignored: Resolved an issue where alert text color did not display as configured.