Safewhere Identify 5.6 Release Notes
New features and improvements
OAuth/OIDC 2.0
ID token contains the user claims
Currently, the users' claims are added to the Access Token and the UserInfo's response. However, in some cases, our customer wants the user claims to be in the ID token instead. You can now use a new option to control whether the user's claims should be put in Access token or the ID token. You can refer to User claims placement setting for more details.
SameSite cookie
Microsoft pushed out updates for .NET which are supposed to deal with recent changes in the SameSite specification made by Google and Chrome. The changes prevent the browser from sending the Identify cookies which are used in the POST-based-redirect manner along with cross-site requests. Those cookies must use SameSite=None to ensure that all login flows work properly. In addition, we implemented browser agent sniffing which makes our solution work for old browsers that don't support the None option correctly. You can find more information about our solution here.
Bug fixes
Identify Runtime
Fixed: The 'given_name', 'family_name', 'website', 'gender', and 'birthdate' claims are missing from the Userinfo response although the access token contains the "profile" scope.
Safewhere Admin
Fixed: Unable to reset user passwords on the Locked user list.