Skip to main content

FPX Jericho

Released: 2023-04-24

Core Feature Updates

Session Extensions Based on API Activity

We have improved the end-user experience by extending the mobile and web Wallet sessions to keeping users logged in if they remain active, up to a maximum session length. Any authenticated activity on the Wallet API, which involves interaction with the Wallet Server APIs, will automatically trigger a session extension.

User Guides to Build a Custom Wallet End-User Experience

An FPX deployment may use a custom or off-the-shelf Wallet User Interface. Our developer documentation covers integration details for all required flows:

  • Log in and set up of a Wallet account
  • Managing and connecting to data sources
  • Consent request presentation and management

Resource Server Adapter shares additional information to the Wallet Server

Enhancements have been made to the Resource Server Adapter's Resource Management API to return both resources delegated to the user AND the specific resources owned by the user.

Enhanced Monitoring & Logging

The Authorization Server, Wallet Server, and RSA-OIDC Server now expose Health Monitoring APIs for Operators. These Health APIs provide information about the availability of any application:

  • Liveness Check: Indicates whether an application's internal state allows it to work correctly or recover if it fails.
  • Readiness Check: Indicates whether the application is ready to accept client requests. For example, your infrastructure system, such as Kubernetes, can use the Readiness state to determine if it should route traffic to this instance.

We standardized the approach and format of Logs across the Authorization Server, Wallet, and RSA-OIDC. Additional Improvements include:

  • User Guides now contain exception lookup codes for easy administration
  • Improved error reporting and messaging for ‘path not found’ incidents (API path validation)
  • More accurate and informative log messages and API error responses

General Improvements and Bug Fixes

  • General vulnerability fixes across Authorization Server, Wallet, RSA-OIDC and RSA-FHIR.
  • Updated Authorization Server endpoint ‘/.well-known/version/fpx’ to automatically pull the current version and build date.
  • Administrators may configure custom HTML for each Service Provider’s consent request. We’ve enabled optional, free-form text for the Title, Subtitle and Footer on the Consent Request page.
  • Administrators are now enabled to set a priority value for required Data Sources. When multiple data sources are marked as required, the assigned priority values enable Wallet Clients to enforce the order of data sources that the user must connect to.
  • The Wallet Server’s  ‘/profile’ endpoint returns a non-null value for the IDP Management URL field even if the Identity Provider used to authenticate to the Wallet is not deemed a ‘verified source.’ 
  • The Wallet Server’s Transaction endpoint /tx/{id}/user returns ‘logo_url,’ ‘style_color,’ and ‘style_font_color’ attributes of the resource definition.
  • The Wallet Server will prevent all Data Source Connections for a given Data Source from being disabled when the user intended only to disable a single connection.
  • Wallet Server no longer allows duplicate nicknames for data source connections.
  • The Admin API’s for the Authorization Server and the Wallet Server support an array of static Authorization tokens. This allows more flexibility for token rotation, management and auditing.
    • In the Wallet Admin Configuration File: ‘wallet-admin.static-tokens’
    • In the Authorization Admin Configuration File: ‘as-admin.static-tokens’