Table of Contents
This minor update introduces changes for Authlete 3.0. This new version was made available on June 11th (Wed).
Implemented single sign-on across native mobile apps, which includes the following API changes :
nativeSsoRequested response parameter to the /auth/authorization APIsessionId request parameter to the auth/authorization/issue APIsessionId, deviceSecret, deviceSecretHash response parameters to the auth/token API/nativesso APInative_sso_supported metadata to the /service/configuration APInativeSsoSupported property to the /service/create APInativeSsoSupported property to the /service/update API/nativesso/logout APINew activity log events have also been added as necessary.
Added the ability to define ID token duration at client level. Of all non-zero positive numbers the smallest one will be used as the duration for the ID token.
Added index to access_token table in order to reduce response time when querying the API for the list of clients a subject has granted access to.
Added Native SSO Supported switch to service settings.
Added a new step to the flow to clearly separate recovery codes from the authenticator registration step.
Fixed an issue where SMTP configuration properties would not be correctly initialized before caching.
As part of this effort, we have also blacklisted a series of unsecure passwords such as admin, password, etc …
N/A
Fixed an issue where service update API did not return updated trust anchors in the response when no trust anchors had been owned by the service.
Fixed an issue where the accumulation of request_uri when using Pushed Authorization Requests (PAR) would result in 400 errors during client updates.
N/A