v0.4.1

Make header handling case-insensitive per HTTP RFC.

v0.4.0

https://github.com/istio-ecosystem/authservice/packages/42399\

New Features

• Add availability to use ext_authz V3 API.
• Introduced backward compatibility layer between v2 and v3 API
• oidc_override filter that is merged with default_oidc_config

v0.3.1

Bugs Fixed

• Issue #90 Authservice should handle cookies that contain '=' characters
• Issue #91 Authservice should not drop requests when invoking callback url after session expiration
• Miscellaneous doc fixes

The container image for this release can be found here: https://github.com/istio-ecosystem/authservice/packages/42399?version=0.3.1-d3cd2d498169

v0.3.0

New Features

• Issue #63: Support http proxy servers when exchanging authcode for token
  • See new configuration option proxy_uri in docs/README.md

Bugs Fixed

• Issue #79: authservice fails to exchange authorization code for access token with keycloak

The container image for this release can be found here: https://github.com/istio-ecosystem/authservice/packages/42399

v0.2.0

New Features

• Authservice can now be configured to ignore specific url paths, like /healthz, allowing users to access these specific pages of an application without being redirected to the IDP. Refer to the documentation for the new trigger_rules config option.
• When access tokens expire, authservice will now automatically use refresh tokens to renew them.
• Tokens and other session data are now stored in an in-memory session store. They used to be stored in cookies. This was necessary in order to implement token refreshing, but also allowed us to simplify some of our code. The new config options idle_session_timeout and absolute_session_timeout were added to control the duration of session storage.
• After a successful login, redirect to the url from the original request. Specifying a landing_page config option for your application is no longer needed or supported.
• Custom root certificates may now be specified for an IDP. Refer to the documentation for the new trusted_certificate_authority config option.

Breaking changes

• The config options authorization_uri, token_uri, and callback_uri have been simplified . They are now specified as URL strings, instead of broken down into scheme/hostname/port/path.
• The config options cryptor_secret and timeout were removed, as they are no longer needed now that session state is no longer stored in browser cookies.
• The config option landing_page was removed, now that end users will automatically land on the page which they had originally requested.

Known Limitations

Currently authservice can be used at either the sidecar or gateway. However, there may be issues when it is used at the gateway in an installation with multiple gateway instances. These issues are due to session state being stored in-memory, and only happen when users go from talking to one authservice instance to another mid-session. Such problems can be avoided it the gateway instances are placed behind a load balancer that supports session affinity.

The docker image associated with this release can be downloaded here:
docker pull docker.pkg.github.com/istio-ecosystem/authservice/authservice:0.2.0-13adf7f5f994

Authservice 0.1.0

This is the initial release of the Authservice.

This release includes:

• ID Token acquisition via the Auth Code grant flow
• Logout functionality
• Examples showing integration with the Istio bookinfo sample apps
• Support for acquiring a new ID Token upon expiration.

Known issues:

• Due to an upstream Envoy proxy bug, Access Tokens are not supported. The Envoy proxy bug has been patched in upstream and is finding it's way into the Istio ecosystem. Further explanation and instructions for patching and deploying Istio with the patched Envoy can be found here.

The docker image associated with this release can be downloaded here:
docker.pkg.github.com/istio-ecosystem/authservice/authservice:0.1.0-243af67fc9eb