All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added per provider configuration, which allows multiple Cognito providers to be set for different user pools.
- BREAKING: remove option to handle refresh tokens by passing as an argument to the callback URL. This approach involved transmitting the refresh token to the browser and as such was in violation of the OAuth 2.0 RFC.
- Add support for configuring scopes to include.
- BREAKING: minimum ueberauth version is now 0.7
- Standardize handling of CSRF Attack protection
- BREAKING: minimum Elixir version is now 1.7
- Added per app configuration based on the otp_app
- Support some optional parameters for Cognito
/authorize - Modified to return
info/1with the information of User inUeberauth.Auth.Info
Thank you to @mdillavou and @yagince for their contributions to this release!
- Initial release