Aug 31, 2022
v2.6.0 Highlights
Event-based Notifications were added, allow you to build secure event communication between Cloudentity and third parties. For example, such communication could grant the ability to track and present information about the approved transactions or data access requests within an external client portal or provide an audit of transactions in an external CRM system.
Token Exchange has been greatly improved by adding support to the delegation flow specified in OAuth 2.0 Token Exchange RFC8693.
Open Banking standards compliance is ensured by further implementation of FAPI Advanced/RW and Consumer Data Right (CDR) standards.
Major Additions and Changes
[ AUT-3799 ] Cloudentity introduces the Webhooks functionality, allowing you to set up event-based notifications for third parties. For more information, see the documentation.
[ AUT-5818 ] Cloudentity extends the support for Token Exchange. Delegation flow is now supported, as well as the exchange of tokens issued by Cloudentity. Please check the recent blog post and the Token Exchange documentation for more details.
[ AUT-6526 ] Open Banking: response_type=code
and response_mode=query
are now blocked for
FAPI Advanced/RW Workspaces.
[ AUT-6814 ] Moved the CDR metadata refresh endpoint from the System workspace to the CDR
workspace. It is now
accessible under POST /admin/register/metadata
. See API
documentation for details.
[ AUT-6850 ] Added advanced configuration for the workspace, including the following options:
- Configure disallowed response types,
- Block
code
response type when JARM is not used.
From now
on, query
response mode, and single code
response mode are not allowed for FAPI RW/Advaned
workspaces. If this is a breaking change, you can easily change this in the advanced server
configuration (Auth Settings > Advanced).
Minor Enhancements
[ AUT-5318 ] Improved the dialog windows in the admin UI
[ AUT-5765 ] Several improvements to icons in the admin UI
[ AUT-6190 ] Authentication Context attribute table is now searchable in the admin UI
[ AUT-6281 ] CDR compliance: added option to enable / disable ADR validation.
[ AUT-6414 ] Added optional consent ID to accept scope grant API. When building a generic open banking solution, this can be used to associate consent stored in an external system with minted tokens.
[ AUT-6642 ] Improved the refresh token performance by:
- Storing refresh token in SQL asynchronously using batch mode
- Removing refresh tokens from SQL asynchronously using batch mode
- Using Redis as a cache for newly created refresh tokens
- Using Redis as a cache for newly deleted refresh tokens
- Making Redis with redisearch module the only supported deployment option.
[ AUT-6655 ] Enhanced Identity Pool user registration by addeding the ability to verify unverified user addresses using OTPs with the Request Address Verification and Complete Address Verification APIs.
[ AUT-6673 ] Manage themes and templates per tenant in Cloudentity Admin UI
[ AUT-6684 ] Added the ability to configure verify address OTP settings in the admin UI.
[ AUT-6746 ] Exposed a system API to delete users from Identity Pools.
[ AUT-6782 ] Added the ability to select the password hashing mechanism for Identity Pools.
[ AUT-6783 ] Bind/unbind server to theme UI
[ AUT-6886 ] Kong Authorizer now returns headers to Kong in case of a successful policy validation in order to support throttling requests.
[ AUT-6703 ] Allowed for using of a new
certificate during Open Banking Brazil DCRM call. This certificate has to match the value set in the
tls_client_auth_subject_dn
parameter.
Bug Fixes
[ AUT-4801 ] Fixed an issue in Data Lineage - claims with no scopes are now correctly shown for all clients.
[ AUT-6134 ] Fixed error handling for the scenario when the user tries to create a workspace with a non-unique ID.
[ AUT-6680 ] Added correct workspace wizard closing logic. Before - after closing, the user always landed in the workspace directory), now:
-
When wizard has been launched from the workspace directory -> close and go back to the workspace directory.
-
When wizard has been launched from a workspace X:
- If a new workspace is created -> close and go to a new workspace > dashboard
- If the wizard is closed before creating a workspace -> go directly to workspace X
[ AUT-6693 ] Fix for Unsaved changes prompt being showed after delete e.g. Service when there are unsaved changes.
[ AUT-6798 ] When a CDR workspace is created, a client can now use DCR and request standard scopes (previously the common scopes were protected by a block policy).
[ AUT-6799 ] Fixed trust anchor JWKS URI for CDR workspace
[ AUT-6854 ] Added the possibility to configure acp-cd
by adding reference/acp-configuration/
[ AUT-6865 ] Fixed an issue where sub
claim in the exchanged token contained the Client ID for
subject tokens issued using the JWT bearer flow. JWT bearer is a special flow not bound to any IDP,
so the original sub
must be preserved.
[ AUT-6875 ] Fixed a problem with Okta integration which caused duplicated Cloudentity applications to be created on Okta side.
Recommended Database Versions
Database | Version |
---|---|
CockroachDB | 21.2.6 |
Redis | 6.2.7 |