Janrain Support Announcements
Akamai has been made aware of the recent Kernel vulnerability that was disclosed by the Netflix Security team on June 17, 2019. The issue is related to a number of TCP flaws in the Linux and FreeBSD kernels, one of which can be used to send a so-called ping of death to an Internet-facing Linux server and bring about a denial of service. The vulnerability is known as the "SACK Ping of Death". As part of our early response security procedures, we have confirmed with the AWS team that the AWS services used by the Identity Cloud are safe and protected from the reported vulnerability. Specifically, AWS applied updates to the Application Load Balancer (ALB) and Elastic Load Balancer (ELB), which detect and remediate the issue. The issue has been resolved and all Identity Cloud services are running uninterrupted. Please direct any questions or concerns to the Technical Support team.
Facebook applications created before April 18th, 2017 will automatically update from version 2.8 to version 2.9 on April 18th, 2019.
There are no changes necessary to your Janrain applications in order to prepare, as Janrain has already implemented all changes needed to handle the migration to 2.9.
If you are using the Facebook API directly with a version 2.8 application, the Facebook changelog outlines all changes between 2.8 and 2.9 that you may wish to take into account.
Customers may receive a notification that they must migrate all calls to 2.9 prior to April 18th in order to avoid breaking changes. Janrain APIs will update on this date and all current Facebook functionality provided by Janrain will continue to work as it does today.
Janrain intentionally enables older APIs as late as possible to ensure customers on the oldest Facebook APIs have adequate time to make adjustments and utilize API versions that are still supported by Facebook.
As part of ongoing security upgrades for the Identity Cloud, we are now requiring that all requests to the Configuration API and Console use at least TLS 1.2.
If you receive a connection refused error when making requests to the Configuration API, you will need to ensure that your client is using TLS 1.2 or higher, since TLS 1.0 and TLS 1.1 requests will be rejected.
For Console users, only old, insecure browsers would not be using TLS 1.2. If your browser does not support TLS 1.2, you would need to upgrade to a more secure browser in order to continue accessing Console.
On April 30, 2019, Janrain will be decommissioning the Janrain Capture Dashboard. The Capture dashboard will no longer be accessible from the list of applications customers have access to after logging into dashboard.janrain.com.
The Capture Dashboard is replaced by the more feature-rich and easier to use Janrain Console. Console is available at console.janrain.com to all existing Janrain clients who currently have access to the Capture Dashboard through dashboard.janrain.com.
Please note that this end of life notice is related only to our Capture/Registration product. Social Login customers will continue to use the current Engage/Social Login dashboard to manage social login functionality until it has been migrated into Console as well. If you haven’t already, please visit Console to ensure you have the correct access before April 30, and check out the Identity Cloud Education Center for information on the application and user management capabilities that are available in Console.
In December 2018, LinkedIn announced that it would be making changes to its Sign In APIs that included shutting off their v1 APIs and disabling the use of OAuth1.
Janrain’s current LinkedIn integration relies on both on OAuth1 and the v1 Sign In APIs. We have been building an entirely new LinkedIn (OAuth2) provider in order to support the migration. This new provider will be available in the Engage dashboard as of Monday February 25 and can be immediately enabled for your applications.
In order for LinkedIn logins to continue working, customers will need to take the following steps by March 1, 2019:
Configure the new LinkedIn (OAuth2) provider in the Janrain dashboard using your existing LinkedIn developer app.
In the Janrain dashboard, you will simply need to copy your existing clientID and secret from the current LinkedIn provider and move them to the new LinkedIn (OAuth2) provider.
Configure new callback URL in LinkedIn
Example: https://<appname>.rpxnow.com/linkedin-oauth2/callback
Update which providers are enabled in the dashboard and possibly your website.
No changes are needed to the LinkedIn (OAuth1) provider other than removing it from the list of available providers for login. Otherwise, two LinkedIn buttons will be presented.
If you are specifying providers on your web page instead of relying on configured providers from the dashboard, you will need to update the following JS setting:
janrain.settings.providers
The list should include ‘linkedin-oauth2’ instead of ‘linkedin’
If you are not relying on the Janrain widget to render login buttons then you will need to use ‘linkedin-oauth2’ in place of ‘linkedin’ for the provider name.
Google+ End of Life on March 7, 2019
Google announced at the end of last year that they would be shutting down Google+ for consumers on March 7,2019. Janrain has been taking action to ensure a seamless transition for our customers.
Janrain has already updated our integration to use Sign In with Google APIs. We have also been in the process of updating branding from Google+ to Google across our interfaces for the past several months.
The final step in this process will occur the week of February 11th. All Google+ scopes will be automatically removed from Janrain Social Login configurations prior to February 15th to ensure that logins to functioning normally as the shutdown of Google+ begins.
No customer action is required to ensure that Google signins continue to operate. This is also true for native mobile logins since those integrations are direct to Google and already rely on Sign In with Google.
Note: If your app relies on a Native Sign in with Google login experience, please ensure that you are using the latest version of our SDKs. The latest SDKs require your app to retrieve an auth code using Google SignIn libraries and then pass that auth code to Janrain to log in the user. Details can be found in our SDKs for iOS and Android.
Also, Janrain widgets have already been updated to follow Sign in with Google branding guidelines. The only changes to consider are branding updates from Google+ to Google if you do not rely on Janrain widgets to render the login buttons in your application.
Connect with PayPal - Profile changes on March 4, 2019
PayPal has announced that starting March 4, 2019, profile data will need to be retrieved from a new profile endpoint and that fewer data attributes will be returned.
Janrain will automatically handle the updates to ensure that PayPal logins continue to operate.
Customers should review their apps to ensure they are not relying on any data that will no longer be returned. According to PayPal’s documentation the following fields will no longer be returned:
- birthdate
- age_range
- phones
- phone
- account_type
- account_creation_date
- zoneinfo
- Locale
- language
If you are not relying on any of the attributes that will no longer be available, then no action is needed at this time.
Janrain’s new administrative Console is now live and available for early access! See our Console User Guide for information on the application and user management capabilities that are available in Console.
Console will replace the Capture Dashboard as the control center from which you manage the Janrain Identity Cloud. This fully redesigned user interface will let you do daily tasks faster with streamlined workflows and powerful new tools. The Capture Dashboard will remain available until Q4 2018. Console is fully available in the US, EU, and AU regions; partially available in China; and coming soon to Singapore and Sao Paulo. Check back here or the Console release notes for updates on availability.
Console is available at console.janrain.com to all existing Janrain clients who have access to the Capture Dashboard through dashboard.janrain.com. Console offers a whole new set of roles that are designed to give you more control over who can do what, including the ability to assign users multiple roles. The admin role will give a user full administrative access to an application in both the Capture Dashboard and Console, but all other roles from the Capture Dashboard will be deprecated. Users who are currently assigned a role other than admin will have view-only access to application configuration settings in Console until a new role is assigned through Console.
Janrain recommends that all clients take this opportunity to review who has access to their Janrain applications and update all users to have the least permissions necessary.
Console also remains the home of the Customer Care Portal, a set of features that allow customer service representatives to create, edit, and view user records through customized profile forms and to send password reset and verification emails to customers. All new application management functionality is accessible only to specific Console user roles, so the addition of these new features will have no impact on Customer Care Portal Agent workflows.
Facebook applications created before July 13th, 2016 will automatically update from version 2.6 to version 2.7 on July 13th, 2018.
There are no changes necessary to your Janrain applications in order to prepare, as Janrain already supports the new API version.
If you are using the Facebook API directly with a version 2.6 application, the Facebook changelog outlines all changes between 2.6 and 2.7 that you may wish to take into account.
Customer may receive a notification that they must migrate all calls to 2.7 prior to July 13th in order to avoid breaking changes. Janrain APIs will update on this date and all current Facebook functionality provided by Janrain will continue to work as it does today.
Janrain intentionally maintains backwards compatibility as late as possible to ensure customers on the oldest Facebook APIs have adequate time to make adjustments and utilize API versions that are still supported by Facebook.
Recent updates to Facebook’s platform including the deprecation of the publish_actions permission, which is a breaking change for any applications that are using authenticated Facebook share.
As of April 24, 2018, new apps will not be able request the publish_actions permission.
Apps created before April 24, 2018 can continue to use the publish_actions permission until August 1, 2018. After August 1, apps will no longer be to allowed to use the permission.
Without the publish_actions permission, it is no longer possible for applications to share content on behalf of users. Instead, all sharing must be performed directly through Facebook and does not require users to grant special permissions.
This change reflects a general trend in the industry over the last couple of years where users are very hesitant to grant applications permission share on their behalf. The native sharing experience removes the need for that permission while still allowing end users to share content.
Please see below an FAQ on required updates in order for Facebook share to continue to work after August 1, 2018.
FAQ
What changes are needed for Facebook sharing to work after August 1?
Share widgets will need to be updated to use native sharing instead of authenticated sharing. Native share will use native Facebook functionality for sharing and does not require the user to grant any permissions.
Janrain’s dashboard or Share JavaScript API can be used to switch from the facebook provider to the native-facebook provider. Details on provider configuration in the dashboard can be found after the FAQs.
I’m using Janrain’s Share v2 widget, what changes do I need to make?
The Share v2 widget does not support the native share providers specified above. If your website is still using Share v2 it will need to be updated to use the current version of the Janrain Share widget (v3).
Janrain’s dashboard and docs site for social sharing provides details on implementing Share v3.
Are there any other changes I should be aware of when using native sharing?
Yes. Since native share occurs on the provider’s site using their tools, we can no longer provider analytics around sharing.
Should I update all of my providers to use native share instead of authenticated share?
Yes. As mentioned above, there is an industry trend away from authenticated share and in the next couple of months, we expect to announce timelines for winding down our authenticated share products.
What happens if I don’t update my application?
If you don’t update your application, Facebook share will be broken after August 1, 2018.
What error messages should I expect to see?
In Share v3, the following error will display:
In Share v2, the following error will display:
Dashboard Configuration and Share Widget Code
- Log in to dashboard.janrain.com
- Go the Configuration dashboard for you Engage application
- Click on ‘Sharing’ under ‘Widgets and SDKs’
- Select the native providers under step 2 in the second column.
- Copy/update the code below into your application
If you've been using PayPal as a social logon identity provider (IDP), then you're probably aware that, on May 20, 2018, PayPal is discontinuing support for its legacy protocol (commonly known as PayPal Access).
PayPal Access is being superseded by a new PayPal integration known as Open ID Connect/Login with PayPal. This new integration offers an extended set of features that promise better security and a better user experience, as well as privacy controls compatible with the European Union's General Data Protection Regulation (GDPR).
As long as you follow the steps outlined in this document, this switch should be straightforward.
As of August 1, 2018 any Janrain customer currently using Facebook Authenticated Share with Janrain's v2 or v3 Social Sharing Widgets, needs to update to use native Facebook Share, which is only available in Share v3. After this date if you have not migrated to Share v3, this functionality will no longer be available to your end-users.
For more information, please see https://developers.facebook.com/docs/sharing
Facebook applications created before April 12th, 2016 will automatically update from version 2.5 to version 2.6 on April 12th, 2018.
There are no changes necessary to your Janrain applications in order to prepare, as Janrain has already implemented all changes needed to handle the migration to 2.6.
If you are using the Facebook API directly with a version 2.5 application, the Facebook changelog outlines all changes between 2.5 and 2.6 that you may wish to take into account.
Customer may receive a notification that they must migrate all calls to 2.6 prior to April 12th in order to avoid breaking changes. Janrain APIs will update on this date and all current Facebook functionality provided by Janrain will continue to work as it does today.
Janrain intentionally maintains backwards compatibility as late as possible to ensure customers on the oldest Facebook APIs have adequate time to make adjustments and utilize API versions that are still supported by Facebook.
In order to enhance security for Facebook apps, Facebook will begin requiring strict URI matching for redirect URIs in the Facebook app configuration beginning in March 2018 (Facebook has not been more specific than the March timeframe).
Any newly created apps or apps using API v2.11 are now subject to the strict URI matching requirement.
The Facebook error message we have seen which corresponds to this new policy is:
"Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
Janrain customers using Facebook login will need to audit their Facebook app Login Settings and update the Valid OAuth redirect URIs list.
The URI that should be listed here is the same URI provided in your Janrain dashboard for the Site URL setting.
It will have the following format:
https://engage-app-name.rpxnow.com/facebook/callback
Just replace ‘engage-app-name’ with the name of your Engage app and update the setting in your Facebook app.
We’ll be updating our dashboard and docs site soon with these details as well.
Due to a required maintenance in our Infrastructure-as-a-Service provider, Amazon Web Services, we will need to place the Engage Dashboard into maintenance mode on Thursday, November 3rd from 9:00 am PST to 6:00pm PST.
During this time, we will be migrating services to updated infrastructure and the Engage Dashboard will be unavailable. All end user facing services will function normally during this maintenance event, however, the following dashboard capabilities will be unavailable:
- Updating social login app configuration including credentials for social login providers and URL whitelisting
- Social login analytics
We apologize for the inconvenience and as part of this maintenance, we will be ensuring that future maintenance windows will be much smaller as to limit impact on developers and administrators.
Facebook applications created before October 5th, 2015 will automatically update from version 2.3 to version 2.4 on October 9th, 2017.
There are no changes necessary to your Janrain applications in order to prepare, as Janrain has already implemented all changes needed to handle the migration to 2.4.
If you are using the Facebook API directly with a version 2.3 application, the Facebook changelog outlines all changes between 2.3 and 2.4 that you may wish to take into account.
Customer may receive a notification that they must migrate all calls to 2.4 prior to October 9th in order to avoid breaking changes. Janrain APIs will update on this date and all current Facebook functionality provided by Janrain will continue to work as it does today.
Janrain intentionally enables older APIs as late as possible to ensure customers on the oldest Facebook APIs have adequate time to make adjustments and utilize API versions that are still supported by Facebook.