release 2.3.1

Bugfixes

• handle multiple values in X-Forwarded-* headers as to better support multiple chained reverse proxies in front of mod_auth_openidc
• fix bug where token_endpoint_auth set to private_key_jwt would fail to provide the credential if client_secret wasn't set
• remove A128GCM and A192GCM from the supported algorithms in the config file (and docs)

Features

• assume the default port when X-Forwarded-Proto has been set; closes #282 and may address #278
• support sending the authentication request via HTTP POST through HTML/Javascript autosubmit with OIDCProviderAuthRequestMethod
• support private_key_jwt and client_secret_jwt as client authentication methods for OAuth 2.0 bearer token introspection

Other

• log request headers when used and set
• printout support for libjq expressions at startup
• update (experimental) token binding support to https://tools.ietf.org/html/draft-campbell-tokbind-ttrp-00 and depend on mod_token_binding >= 0.3.0
• refactored quite a bit of code to support compiler #define-d strings

Packaging Notes

• the libcjose 0.5.1 dependency (with a security fix and renaming) was packaged with release 2.3.0
• Ubuntu Wily packages can also be used on Xenial and Yakkety