Skip to main content

January 2025

ยท 2 min read

Our first releases for the year provide Composer improvements to support managing contracts and remote issuance processes, enhanced OIDC Provider capabilities with custom authentication UI, and improvements to credential authentication configuration.

v2025.1.0โ€‹

๐Ÿš€ What's newโ€‹

Enhancementsโ€‹

  • Support top level OpenID email scope+claim in OIDC provider via presented credential claim
  • Switch off OIDC provider browser session (SSO across apps with varied credential auth requirements does not make sense)
  • Add copy button for OIDC well-known endpoint and auth client ID
  • Improve async issuance OTP throttling within 2 minute window

v2025.0.0โ€‹

๐Ÿš€ What's newโ€‹

Enhancementsโ€‹

  • Add application role 'Contract admin' for automating contract creation from client applications
  • Add support for filtering contracts via:
    • 'isPublic' flag
    • 'published' status
  • Rename first two bulk remote issuance CSV columns to clearly reflect corresponding identity attributes; add CSV column mapping definition table to remote issuance guide (docs); link to docs from Composer CSV preview UI
  • Display pending remote issuances for identities, contracts and users
  • Use regional 'from' numbers for SMS (initially supporting US and AU regions)
  • OIDC provider: Display authentication client background image and colour; add client branding/customisation guidelines to authentication guide (docs)
  • OIDC provider: Switch from unpkg to jsdelivr for improved reliability of JS client loading
  • Show release version tags in Composer and Concierge user menus
  • Add monitoring for Verified ID service and MS Graph service integrations
  • Enable app insights client telemetry from Concierge UI

๐Ÿ› ๏ธ Notable fixesโ€‹

  • Composer menu toggle icon was sometimes misaligned
  • OIDC clients: Resetting client form showed validation errors on optional fields
  • OIDC provider: Access token claims were lost after token refresh
  • OIDC provider: Login UI content security policy was too restrictive on (production) instances with dev-tools disabled
  • Package vulnerability patching