2025.10.13 - My Access

AWS-PARIS AWS-DUBLIN S3NS

This release introduces updates across OAuth2 endpoints, authentication flows, new authentication pages, and configuration management. It includes protocol compliance adjustments, extended logging and validation, UI and translation fixes, as well as technical and security updates.

OAuth2

• Introspect endpoint now returns the exp parameter in seconds instead of milliseconds (RFC 7519 compliance).

• Introspect endpoint now returns the value of the user attribute configured as subject in sub parameter.

• OAuth2 Device Flow pages available in new authentication pages.

Authentication and RBA

• Added support for push mobile authentication as a second factor in authentication mechanisms.

• Added error message when push notification cannot be sent due to backend communication issue.

• Creation or deletion of an authentication mechanism is now automatically reflected in the RBA Risk Correction.

• Fixed authentication means display order.

New Authentication Pages and Translations

• Improved radio buttons and call-to-action buttons.

• Added translation keys for OTP quota messages.

• Added missing translation key on mobile authentication page with generated OTP.

• Supported single quotes in translations.

• Fixed CSS issues on Logout and Authentication Failed pages.

• Fixed typo in WebAuthn default French translation.

• Fixed PasswordLoginFormBeforeButton fragment position.

• Fixed duplicated fragment display.

Memority Portal

• Added federation error logs for bad request parameters.

• Skipped redirect choice page when user has a login task and tries to access the Memority portal.

• Fixed audit event when creating a federation.

Other Improvements

• Minor technical and security upgrades