Skip to content

v0.23.1
Compare
Choose a tag to compare
@sebadob sebadob released this 17 May 15:18
· 529 commits to main since this release
v0.23.1
b143508
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Features

Global Cookie Encryption

All Rauthy cookies (except for the locale) are now encrypted globally inside the whole app by default.
This is just another defense in depth. The AEAD algorithm makes sure, that you can't tamper with the cookie values,
even if you would try to do it manually.

4fdb3f2

Easier extraction of CSRF tokens with external Frontend

If you are in the situation where you run Rauthy behind a reverse proxy on the exact same origin with another app,
and you want to build custom user facing UI parts, you had to retrieve the original HTML for /authorize or the
password reset to extract the CSRF token from the HTML content.
Doing this in tests is fine, but very tedious and wasteful for a production deployment.

For this reason, there are now 2 new possibilities:

  • POST /oidc/session endpoint to create a session in Init state, which will return the cookie and the
    correct CSRF token in a json body
  • the password reset link returns a json with a CSRF token instead of an HTML document, if you request it
    with a Accept: application/json header

c37e1f5

Bugfix

  • the password expiry reminder E-Mail had a wrong a link to the account page, a left over from older versions
    with .html appended
    d728317

Images

Postgres

ghcr.io/sebadob/rauthy:0.23.1

SQLite

ghcr.io/sebadob/rauthy:0.23.1-lite
Assets 2
Loading