Haventec Authenticate changelog

Release versions are synchronized with Haventec Console versions changelog

Release 1.2.46 (30/04/2019)

  • Logs with JSON format if specified at the container env variable (LOGS_FORMAT=JSON)
  • Audit deleted devices due to 90 days of inactivity
  • Network resilience - The number of allowed retries to log in with the same authKey is now configurable per application
  • Option to forbid add new devices for a specific user
  • nonce parameter supports now an UUID with the character "-"
  • Device name with "," is now allowed
  • Reset the number of failed attempts after resetting the PIN successfully
  • Security updates

Release 1.2.45 (10/04/2019)

  • Security updates
  • Log improvements

Release 1.2.44 (02/04/2019)

  • Add network resilience for authentication

Release 1.2.43 (14/03/2019)

  • Auditing updates
  • Deletes inactive devices after 90 days of inactivity
  • Limit Customer Support users privileges
  • Option to set the JVM Options of the docker container
  • Security updates

Release 1.2.42 (28/02/2019)

  • Auditing updates
  • Security updates
  • Performance updates

Release 1.2.41 (06/02/2019)

  • Device activation tokens can now be sent encrypted to your application
  • Rename '/jwt/refresh/' endpoint to '/jwt/renew'
  • Remove deprecated '/integration/lap' endpoints
  • Auditing updates
  • Security updates
  • Minor bug fixes

Release 1.2.40 (17/01/2019)

  • Minor bug fixes

Release 1.2.39 (15/01/2019)

  • New API to generate a OTP direct from Authenticate

Release 1.2.38 (09/01/2019)

  • New API to refresh a session token
  • Security updates
  • Minor bug fixes

Release 1.2.37 (03/12/2018)

  • Validate OpenID client_secret field

Release 1.2.36 (29/11/2018)

  • Addition of APP_USER application user role to enable stronger privileges
  • Minor bug fixes

Release 1.2.35 (27/11/2018)

  • Minor bug fixes

Release 1.2.34 (21/11/2018)

  • Log improvements
  • Security updates

Release 1.2.33 (01/11/2018)

  • Email parameter is not required when adding a user
  • Audit logging is now asynchronous
  • Minor bug fixes

Release 1.2.32 (18/10/2018)

  • The TTL of the user OTP is now configurable per application
  • Supports single use device
  • Release disclaimer: This release blocks the Audits table at start up due to a DB schema change and that impacts some use-cases. In order to avoid this issue please upgrade first to the Release build-1.2.31.1 and then to Release build-1.2.32

Release 1.2.31 (09/10/2018)

  • Enable the "iss" parameter for Open ID applications to be modified
  • Enable the redirect URL for Open ID applications to be modified
  • Open ID parameters redirect_uri and state no longer mandatory
  • Pagination of Applications List

Release 1.2.30 (24/09/2018)

  • Audit records for Self-Service Add User and Device
  • 5 Minute lock for first-time failure of PIN authentication sequence
  • OpenID /authorize relays all valid OpenID parameters
  • Security updates
  • Minor bug fixes and improvements

Release 1.2.29 (13/09/2018)

  • Enable updating a user using an external IAM to authenticate
  • Logging improvements
  • Minor bug fixes

Release 1.2.28 (04/09/2018)

  • User list pagination
  • Org users paged audit list
  • Minor bug fixes

Release 1.2.27 (22/08/2018)

  • Allow a user to delete their current device

Release 1.2.26 (14/08/2018)

  • Improves logs
  • Security updates

Release 1.2.25 (03/08/2018)

  • Search application users by username, email, or mobile
  • Adds a JWT protected API to reset PIN of a user's device and send the token to an external URI configured per application
  • Minor bug fixes

Release 1.2.24 (19/07/2018)

  • Adds a new frontend look, with drill-downs and a breadcrumb trail for improved navigation
  • Minor bug fixes
  • Security updates

Release 1.2.23 (13/07/2018)

  • Adds Application Audit
  • Security updates

Release 1.2.22 (28/06/2018)

  • Adds a new user type: Support. They can only see users and edit their details
  • Adds functionality to generate a one time PIN for a specific user
  • Security updates

Release 1.2.21 (04/06/2018)

  • Supports the OpenID parameter "nonce"
  • Security updates

Release 1.2.20

  • Adds the claim “preferred_username” to the JWT of OpenID applications
  • Sets the issuer claim "iss" to "https://api.haventec.com" to the JWT of new OpenID applications
  • Adds an OpenID API to retrieve the public JSON Web Key set (JWKS)
  • Security updates

Release 1.2.19

  • Adds new attributes "username", "email", and "phone_number" to OpenID Claim
  • Adds the Sanctum service option for new Applications
  • Improves the navigation UI for Root admins and Organisation admins
  • Improves the SMTP configuration page UX
  • Updates the Root and Organisation admin dashboards
  • Publishes the Haventec Authenticate Error codes in doc.haventec.com

Release 1.2.18

  • Organisation admin can view organisational details
  • Adds expiration time for added devices/reset pin on devices
  • Improved Console error messages
  • Updates OpenID Connect authorisation code TTL

Release 1.2.17

  • Allow admin set TTL for token expiry per application
  • Add a setup wizard for on premise installations

Release 1.2.16

  • View list of organisations
  • Edit device information
  • Allow admin set TTL for activation token per application

Release 1.2.15

  • Username are now case insensitive
  • Update to API documents
  • Delete application
  • Delete user device
  • Security updates

Release 1.2.14

  • UX improvements
  • Fixed API bug: /self-service/user mobileNumber returned as null

Release 1.2.13

Release 1.2.12

  • LDAP integration

Release 1.2.11

  • UX improvements

Release 1.2.10

  • Logging updates
  • Monitoring updates

Release 1.2.9

  • Base release to support Haventec Sanctum

Release 1.2.8

  • UI improvements
  • Device fingerprinting
  • Add user

Release 1.2.7

  • OpenID connect provider

Release 1.2.6

  • View user devices
  • Lock and unlock user devices

Release 1.2.5

  • UI improvements
  • URL API versioning improvements

Release 1.2.4

Release 1.2.3