forked from OpenIDC/liboauth2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
136 lines (101 loc) · 3.16 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
06/21/2021
- printout remote username claim when not found, for debugging purposes
06/10/2021
- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV
closes #26; thanks @niebardzo
- avoid memory leaks on JWT validation errors
- release 1.4.3
06/07/2021
- correct iat slack validation defaults, see https://github.com/zmartzone/mod_oauth2/discussions/20
thanks @DrakezulsMinimalism
- release 1.4.2.1
05/28/2021
- add Travis and LGTM
05/25/2021
- set memory alignment of shm cache structs to 64 bytes; see #21 and #24
- release 1.4.2
04/19/2021
- apache: use include directory from APXS; thanks @abbra
- pass missing argument to oauth2_error in _oauth2_dpop_jti_validate; thanks @abbra
02/02/2021
- avoid creating files for anonymous shared memory segments; see #18
- release 1.4.1
01/30/2021
- fix Apache cleanup routines; see zmartzone/liboauth2#18 and zmartzone/mod_oauth2#7
01/26/2021
- add support for RFC 8705 OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens
https://tools.ietf.org/html/rfc8705; thanks @vdzhuvinov
12/23/2020
- use per-process semaphore locking to prevent multi-process issue; see #18
- release 1.4.0.1
12/21/2020
- release 1.4.0
12/03/2020
- add oauth2_cfg_openidc_set_options for configurable state cookie handling
12/02/2020
- cleanup OIDC expired/superfluous state cookies; closes zmartzone/ngx_openidc_module#6
11/13/2020
- add support for PKCE
11/12/2020
- separate OpenID client configs and named providers
- fix parsing in oauth2_cfg_set_flag_slot
- add configurable state and session cookie paths
11/11/2020
- fix session cache handler cloning
- support configurable cookie path for session cookie
11/09/2020
- refactored caching; use named caches consistently
11/08/2020
- use endpoint more consistently
- harmonize naming of endpoint, endpoint auth and ropc
11/07/2020
- don't use automake config.h; closes #10; thanks @babelouest
10/07/2020
- add support for DPOP bound access tokens
- bump to 1.4.0-dev
02/27/2020
- lock access to cache globals
- log corrections and improvements
02/26/2020
- resolve some TODOs; valgrind
- bump to 1.3.0
02/25/2020
- change to named sessions
02/21/2020
- add serialized id_token to session
- externalize oauth2_jose_jwt_verify and allow verification context to be NULL
- bump to 1.2.5
02/13/2020
- add userinfo endpoint request and claims
- bump to 1.2.4
- change to named cache configurations
02/10/2020
- implement session expiry checks
- bump to 1.2.3
02/05/2020
- add missing ROPC config functions
- bump to 1.2.2
02/04/2020
- add generic endpoint config struct and ROPC client capability
- bump to 1.2.1 and bump copyright year
01/31/2020
- sane session cfg defaults
09/12/2019
- change http request header function naming
- more openidc handling
- bump to 1.2.0
09/02/2019
- fix type (auth->client_secret_jwt.aud = NULL); closes #3; thanks @pengjiaoyang
08/19/2019
- add first outline of openidc and sessions
07/03/2019
- return status code from HTTP callouts
- bump to version 1.1.1
07/01/2019
- encapsulate oauth2_log_sink_t
- bump to version 1.1.0
05/20/2019
- add Apache Require claim authorization functions
- bump to version 1.0.1
03/22/2019
- initial import of version 1.0.0