All notable changes to this project will be documented in this file.
- Activates e-mail nudges. This includes nudges for the use of a personal e-mail (and not the school or institute e-mail), two warning for account removal (1 month and 1 week in advance), inactivity (to prevent losing access to the account), and a nudge to start using the app.
- UX improvements, including improved texts, show affiliation with new verification, show app nudges less often.
- Improved and fixed names and validated names derivation. Including always ask a user which validated name they want to prefer.
- New API endpoint Invite
- General improvements
- Migration to Java 21
- Updated dependencies
- UX improvements on the inlog screen, the security screen and the delete your eduID screen
- Extend iDIN api with logos of banks
- Prevent (accidential) spaces at the end of a name
- Prevent creating multiple accounts with the same e-mail address, due to cApITaL LeTTEr use.
- General improvements, update dependencies
- Bug fix for backwards compatibility
- Bug fixes and improvements
- Updated the email-eduid-exists endpoint to also includes the eduIDValue, in case the user already exists.
- Fixed a small issue with the ID validation using Signicat services
- Add support for ID validation using Signicat services
- Extend API for remote creation
- Update the wau eduID identifiers for services are stored
- If the app sends only a givenname to /mobile/api/sp/update (old app) update the self-asserted chosenname field
- If the app sends only the chosen name (new app) update the self-asserted chosenname field.
- Is the app sends both the givenname as the chosenname field, produce an error the formal-givenname can't be updated this way
- Make chosenname optional in mobile API
- Fix Tiqr-cookie
- Fix redirect after logout
- Improve Tiqr-cookie security
- escape html in email
- Remove 'Stay signed in'
- Login screen consistency
- Allow multiple accountlinkt for one instituition
- Update translations and app-links
- Update dependencies
- Bugfix for adding affiliations
- Update typo's, image and translations
- Do not allow for POST binding with SSO
- Short time-to-life for registration cookie
- Bugfix for nudge-screen
- Bugfix for chosen name migration
- Replace Spring-SAML with openconext-saml-java
- New flow and screens for account linking
- MDC bugfix for logging
- Update depencencies
- Enable mobile API
- Hide email buttons in mobile view
- Default to magic link for app-authentications
- Remove stay signed in question
- Bugfix for MFA op SSO
- Enable SingleSignOn for MFA authentications
- Bugfix for account-linking update
- Bugfix for removing MFA registrations
- Update image on app-nudge screen
- Bugfix for Attribute Aggregation not storing new eduID identifiers.
- Create an eduID based upon a institution login https://my.domain/myconext/create-from-institution
- Repair account-link expiration timing
- Repair forgot-password links if requested multiple times
- Allow replacement of recovery tokens
- Send an email when logging in from a new location, including geo-location
- Prevent the usage of known disposable email providers
- Allow removing the password
- Fix logging out of account-gui
- Require MFA (app) login by sending an AuthnContextClassref
- Add support for authenticating with a tiqr app.
- Move health and info endpoint to /internal
- Update dependencies
- Migrated to JDK11
- Improve eduPersonAffiliation and eduPersonScopedAffiliation
- Improve usability of the verification code
- Sent the same eduID identifier to institutions belonging to the same organisation
- Register trusted devices, so we can inform users of new logins later
- Add an option to use a non-institution account for validating a name
- Update links to privacy and terms
- Show email of the eduID instead of the linked account, if the account is already linked to an eduid
- Remove spaces from one time verification code
- Update dependencies
- Update dependencies
- Log token deletion
- Use eduID if no UID is present in a token.
- Prevent string manipulation in login-page
- Show to user with which eduID account institutional account is linked
- Log invalid tokens in API requests
- Log usage of deleted token
- Fix problem with diacritics in names
- API for linked accounts info
- Improved lookup of email and eduid in backend
- Verification mail code case insensitive
- Focus on custom checkbox, select with space
- Update translations
- Apply feature toggle OINCNG token
- Update translations
- Handle magic link without magic
- Fix FIDO2 login on Apple devices
- Allow the user to change the email address
- Only allow an institution account to be linked to one myconext account
- Redesign of landing page
- Allow downloading of personal data
- Fix FIDO2 login on Apple devices
- Fix session lost if opening the magic-link in an other browser
- Fix security issue in account linking
- Feature toggle for webauthn was not honored in IdP
- Minor textual changes
- Minor textual changes
- Warn a user when using an institutional email adres
- Add allowlist feature (default disabled) to only allow sign up from known email-domains
- Log all user-events in standarised json format
- Direct user to known email-providers after registration
- Add ability to test webauthn/fido2 authentication
- Improve translations
- Respond with 'NoAuthnContext' status if an unknown ACR is requested
- Fix/add forgotten password routine
- Fix users being 'stuck' in registration flow-
- Fix error after stepup authentication in ALA flow
- Use the last linked account for selecting validated names
- After deleting all links, request a new link for acr validated-names
- Show the service name in the current language
- Security updates for dependencies
- Add JSON logging
- Add WebAuthn (feature toggle)
- Add Account Linking
- Use AuthenticationContextClassReference for a SP request account linking
- Filter error warnings
- Allow multiple SP's for the eduID IDP
- Update path-matching in redirects
- Bugfixes
- Add oneGini migration
- Set correct shacHomeOrg values
- Update text and translations
- Update layout and images
- Change identifier in nameID
- Imporove responsive design
- Warn if migration email-address is in use
- Fix open redirect
- Fix possible loop on logout
- Update translations
- Change loglevel for unknown emails
- Enlarge clickable area for menu in SP
- Fix translations
- Update layouts