Skip to content

release 1.8.5
Compare
Choose a tag to compare
@zandbelt zandbelt released this 21 Sep 07:22
· 1418 commits to master since this release
v1.8.5
b219c4d

Features

  • authentication option for Redis cache server using OIDCRedisCachePassword
  • OIDCUnAuthAction primitive that defines how to act on unauthenticated requests; deprecates OIDCReturn401
  • JWT encryption support for RSA-OAEP and A128GCM, A192GCM, A256GCM
  • support encrypted JWTs using A192KW and A192CBC-HS384
  • graceful handling of browser-back on authorization response, issue #89
  • graceful handling of invalid (expired) authorization response state, issue #86
  • support (non-sid-based) HTTP logout spec: http://openid.net/specs/openid-connect-logout-1_0.html

Bugfixes

  • fix parsing of OIDCOAuthTokenExpiryClaim, PR #90, thanks @bester
  • improve logging on metadata parsing failures, issue #94

Security

Assets 11
Loading