v3.2.0
·
40 commits
to main
since this release
What's Changed
- two bugs with
requestparam by @paulswartz in #299 - introspection improvements by @paulswartz in #300
- two fixes with client JWK signing by @paulswartz in #302
- Allow to pass url_extension for token retrieval by @maennchen in #303
- Introduce Quirks option to allow unsupported grant types by @maennchen in #304
- Allow to pass body_extension for token retrieval by @maennchen in #305
- feat:
document_overridesquirk to patch invalid OIDD files by @paulswartz in #307 - Properly Validate & Cast Token Responses (#306) by @maennchen in #308
- Upgrade @actions/artifact actions by @maennchen in #311
- feat: include config params for PAR, JARM, and DPoP by @paulswartz in #312
- feat: Pushed Authorization Request (PAR) by @paulswartz in #313
- fix(PAR): ensure we don't send duplicate parameters by @paulswartz in #314
- feat: Demonstrating Proof of Posession (DPoP) by @paulswartz in #315
- FAPI2 profile support by @paulswartz in #317
- Update Test Elixir / OTP Versions by @maennchen in #323
- feat: JARM by @paulswartz in #321
- feat: support encrypted ID tokens and Userinfo responses by @paulswartz in #326
- fix(jarm): check encryption/signature before validating claims by @paulswartz in #329
tls_client_authby @paulswartz in #328- Fix typos by @kianmeng in #331
- fix: small fixes for DPoP by @paulswartz in #332
- feat: small features to support ConnectID.com.au profile by @paulswartz in #333
- Bump actions/cache from 3 to 4 by @dependabot in #335
- feat: function to locally validate a JWT by @paulswartz in #330
- feat: profile for mTLS sender-constrained tokens by @paulswartz in #336
- Implement backoff algorithm for configuration worker by @maennchen in #337
- Always refresh keys on empty JWK by @maennchen in #339
- Update README.md to include the SAFE audit by @mohamedalikhechine in #340
- Fix
-definetypo in oidcc.hrl by @matlaj in #344 - Document PAR Telemetry Events by @maennchen in #345
- Fix DPoP with JWK Set by @maennchen in #346
Security
- Patch of GHSA-mj35-2rgf-cv8p Atom Exhaustion DoS Vulnerability
New Contributors
- @kianmeng made their first contribution in #331
- @mohamedalikhechine made their first contribution in #340
- @matlaj made their first contribution in #344
Full Changelog: v3.1.2...v3.2.0
Contributors
kianmeng, paulswartz, and 4 other contributors