Rate this page

API Changelog

6.1.0.0

The OAuth2/OpenID Connect APIs and the Auth API have been removed.

6.0.2.0

OAuth 2 and OpenID Connect APIs

Access tokens

The Broker may now be configured to include custom claims containing user attribute values in JWT access tokens (as restricted by the request scope). These may be used, for example, to provide account information that a third-party resource server can correlate with its local user data.

Access tokens now include the standard iss (issuer) and nbf (not before) claims.

ID tokens

If the Broker is configured to use mapped OpenID Connect claims containing user attribute values, now all ID tokens issued by the Broker will include those claims (as restricted by the request scope). Previously, mapped OpenID Connect claims would only be included in an ID token when using the implicit grant type with a response_type value of id_token.

ID tokens now include the standard jti (JWT ID) and nbf (not before) claims.

Auth API

Any query parameters received by the /oauth/authorize endpoint that are not recognized as OAuth 2/OpenID Connect query parameters are now passed through to the Auth UI. An Auth UI may use these query parameters to implement custom behavior, if desired.

6.0.1.0

This release contains the following backwards-incompatible changes for improved security:

Auth API

Email Delivered Code Authenticator

The messageSubject and messageText fields have been removed from the Email Delivered Code Authenticator; these values are now determined by the server configuration. To indicate that an OTP should be delivered, the auth UI should now set the codeRequested flag.

Telephony Delivered Code Authenticator

The deliverCode field has been removed from the Telephony Delivered Code Authenticator; the message text is now determined by the server configuration. To indicate that an OTP should be delivered, the auth UI should now set the codeRequested flag.

SCIM API

JVM developers using the SCIM 2 SDK are encouraged to update to version 2.1.1.

Validated Email Addresses Sub-resource

The messageSubject and messageText fields have been removed from the Validated Email Addresses Sub-resource; these values are now determined by the server configuration. To indicate that a verification code should be delivered, SCIM clients should now set the codeRequested flag.

Validated Phone Numbers Sub-resource

The deliverCode field has been removed from the Validated Phone Numbers Sub-resource; the message text is now determined by the server configuration. To indicate that a verification code should be delivered, SCIM clients should now set the codeRequested flag.

6.0.0.1

This release includes minor changes to Auth API error handling.

6.0.0.0

This is a major release of the Ping Identity Data Governance Broker, including the following changes: