v1.0.0

github-actions released this 05 Dec 16:11

· 12 commits to main since this release

356dd89

1.0.0 (2022-12-05)

Bug Fixes

add authorization to cors (#48) (d02653e)
add authorizations to userinfo (#37) (2966355)
add code_challenge_methods_supported to discovery endpoint (#43) (57cf8ee)
Add db scanner methods for SpaceDelimitedArray (#194) (5fb36bf)
add missing WithCustomEndSessionEndpoint (5af734d)
add missing WithCustomKeysEndpoint (c3e583b)
allow additional scopes (#69) (2370409)
allow http schema for redirect url for native apps in dev mode (#242) (a314c14)
allow loopback redirect_uri for native apps (72fc861)
allowed ConcatenateJSON with empty input (#138) (c45f03e)
another typo (4cf6c6d)
append client id to aud (#71) (13b1473)
aud (a731a46)
avoid potential race conditions (#220) (c4b7ef9)
change callbackpath (#74) (27f3bc0)
change channel for GetSigningKey to time (a2e2f06)
Change op.tokenHandler to follow the same pattern as the rest of the endpoint handlers (#210) (2d248b1)
check grant types and add refresh token to discovery (14faebb)
check refresh token grant type (#100) (3e336a4)
cli client (#92) (5cd7bae)
clock skew when using jwt profile (b23f37f)
code challenge (c316986)
create access token from storage (5e7e5eb)
custom absolute endpoints (660519a)
decode basic auth header components (clientID, clientSecret) (deb3365)
dependencies (5b6175a)
Ease dev host name constraints (8661300)
encoding of basic auth header values (d7d7daa)
end session (#35) (628bc4e)
ensure signer has key on OP creation (e39146c)
explicit allow Origin from request (c88e6b4)
grant_types_supported in discovery (2ebbd7a)
handle code separately (#30) (58545a1)
handle keys without use in FindMatchingKey (bcd9ec8)
handle single aud string claim, extract en/decoder interface, comments (#51) (abd3b6f)
implement storage (7700cb3)
improve example & fix userinfo marshal (#132) (ff2c164)
improve interceptor handling (#49) (c828290)
improve JWS and key verification (#128) (a63fbee)
jwt profile request in op (fd3daa2)
make checkKey public (7e2c22f)
make GenerateJWTProfileToken public (#82) (fa92a20)
make pkce code_verifier spec compliant #125 (fcad98f)
make pkce code_verifier spec compliant #125 (af3a497), closes /datatracker.ietf.org/doc/html/rfc7636#section-4
marshal user info address (#58) (60560ce)
move to new org (#177) (550f787)
parse error (cae42cc)
parse max_age and prompt correctly (and change scope type) (#105) (400f5c4)
possible nil pointer on userinfo (f40a07f)
remove bracket (#40) (3507057)
remove signing key creation (when not found) (06dcac4)
remove test because we know it works. :P (28f731c)
removeUserinfoScopes return new slice (without manipulating passed one) (#110) (1132c9d)
return error when delegating user in jwt profile request (#94) (a2601f1)
rp verification process (#95) (850faa1)
rp.RefreshAccessToken did not work (#216) (88a98c0)
simplify JWTProfileVerifier interface (39fef3e)
state and auth code response encoding (#185) (854e14b)
storage interface (17a72cc)
supported ui locales from config (#107) (8a35b89)
typo (df432c8)
unmarshalling of audience as array (#53) (f645dd3)
url safe encryption with no padding (#93) (b258b3c)
use default redirect uri when not passed on end_session endpoint (#201) (53ede2e)
UserInfo with JWT access token (return error in DecryptAES) (9b480be)
WithPath on NewCookieHandler set domain instead! (#240) (89d1c90)
cli: added implementation for token to client for caching (#29) (303fdfc)
version (535c758)
version! (80f1272)
wrap original fetch key error (f2f509a)

Features

add access token verifier ops to openidProvider (#221) (328d0e1)
add all optional claims of the introspection response (653209a)
add clock skew and option to put userinfo (profile, email, phone, address) into id_token (2412055)
add cors * to handler (3f97c5c)
add http interceptor function for auth and token endpoints (f0d17fd)
add possibility to add verifier opts to default RP (8f07a5b)
add rp.RefreshAccessToken (#198) (94871af)
add rp.RevokeToken (#231) (39852f6)
add WithPath CookieHandlerOpt (#217) (62daf4c)
allow id token hint verifier to specify algs (#229) (1aa75ec)
Allow the use of a custom discovery endpoint (#152) (5601add)
bearer access token includes tokenid and subject (#62) (9943f20)
check allowed scopes (and pass clientID to GetUserinfoFromScopes) (b311610)
dev mode on client, check client configuration (#41) (c6e22df)
Enable parsing email_verified from string. (#139) (763d333), closes #949441
get all claims (#209) (fca6cf9)
support EndSession with RelyingParty client (#230) (bd47b5d)
op: implemented support for client_credentials grant (#172) (86fd502)
rp: Adding end_session endpoint to relaying party interface (#179) (9b0954f)
rp: provide key by data (not only path) for jwt profile (#168) (c195452)
build the redirect after a successful login with AuthCallbackURL function (#164) (c07557b)
preselect user with id_token_hint (#16) (a8d1094)
prompt option (#59) (6cfd02e)
refresh token (#98) (8e884bd)
service account token exchange (7a109a7)
terminate session (front channel logout) (e8f3010)
token introspection (#83) (1518c84)
Token Revocation, Request Object and OP Certification (#130) (eb10752), closes /github.com/caos/oidc/pull/130/files#diff-fad50c8c0f065d4dbc49d6c6a38f09c992c8f5d651a479ba00e31b500543559eL170-R171 /github.com/caos/oidc/pull/130/files#diff-fe246e428e399ccff599627c71764de51387b60b4df84c67de3febd0954e859bL11-L19 /github.com/caos/oidc/pull/130/files#diff-3a01c7500ead8f35448456ef231c7c22f8d291710936cac91de5edeef52ffc72L52-R52 /github.com/caos/oidc/pull/130/files#diff-2538e0dfc772fdc37f057aecd6fcc2943f516c24e8be794cce0e368a26d20a82R19-R32 /github.com/caos/oidc/pull/130/files#diff-19ae13a743eb7cebbb96492798b1bec556673eb6236b1387e38d722900bae1c3L355-R391 /github.com/caos/oidc/pull/130/files#diff-4ed8f6affa4a9631fa8a034b3d5752fbb6a819107141aae00029014e950f7b4cL14
cli: added implementation for codeflow with a cli (#26) (b52fd09)

BREAKING CHANGES

- move functions from utils package into separate packages

Assets 2