No changes yet.
- [#75] Fix return value for
after_successful_response
(thanks to @daveed)
- [#72] Add
revocation_endpoint
andintrospection_endpoint
to discovery response (thanks to @scarfacedeb)
- [#70] This gem now requires Doorkeeper 5.0, and actually has done so since v1.5.4 (thanks to @michaelglass)
- [#69] Return
crv
parameter for EC keys (thanks to @marco-nicola)
- [#66] Fix an open redirect vulnerability (CVE-2019-9837, thanks to @meagar)
- [#67] Don't delete existing tokens with
prompt=consent
(thanks to @nov)
- [#62] Support customization of redirect params in
id_token
andid_token token
responses (thanks to @meagar)
- [#60] Don't break native authorization in Doorkeeper 5.x
- [#58] Use versioned migrations for Rails 5.x (thanks to @tvongaza)
- [#56] The previous release was a bit premature, this fixes some compatibility issues with Doorkeeper 5.x
- [#55] This gem is now compatible with Doorkeeper 5.x
- [#52] Custom claims can now also be returned directly in the ID token, see the updated README for usage instructions
- Support for Ruby versions older than 2.3 was dropped
- Redirect errors per Section 3.1.2.6 of OpenID Connect 1.0 (by @ryands)
- Set
id_token
when it's nil in token response (it's used inrefresh_token
requests) (by @Miouge1)
- Support for Implicit Flow (
response_type=id_token
andresponse_type=id_token token
), see the updated README for usage instructions (by @nashby, @nhance and @stevenvegt)
- The configuration setting
jws_private_key
was renamed tosigning_key
, you can still use the old name until it's removed in the next major release
- Support for pairwise subject identifiers (by @travisofthenorth)
- Support for EC and HMAC signing algorithms (by @110y)
- Claims now receive an optional third
access_token
argument which allow you to dynamically adjust claim values based on the client's token (by @gigr)
- Fixes the
undefined local variable or method 'pre_auth'
error
- The configuration setting
jws_public_key
wasn't actually used, it's deprecated now and will be removed in the next major release - The undocumented shorthand
to_proc
syntax for defining claims (claim :user, &:name
) is not supported anymore
- Claims now receive an optional second
scopes
argument which allow you to dynamically adjust claim values based on the requesting applications' scopes (by @nbibler) - The
prompt
parameter valueslogin
andconsent
are now supported - The configuration setting
protocol
was added (by @gigr)
- Standard Claims are now mapped correctly to their default scopes (by @tylerhunt)
- Blank
nonce
parameters are now ignored
nil
values and empty strings are now removed from the UserInfo and IdToken responses- Allow
json-jwt
dependency at ~> 1.6. (by @nbibler) - Configuration blocks no longer internally use
instance_eval
which previously gave undocumented and unexpectedself
access to the caller (by @nbibler)
This release is a general clean-up and adds support for some advanced OpenID Connect features.
- This version adds a table to store temporary nonces, use the generator
doorkeeper:openid_connect:migration
to create a migration - Implement the new configuration callbacks
auth_time_from_resource_owner
andreauthenticate_resource_owner
to support advanced features
- Add discovery endpoint (a16caa8)
- Add webfinger and keys endpoints for discovery (f70898b)
- Add supported claims to discovery response (1d8f9ea)
- Support prompt=none parameter (c775d8b)
- Store and return nonces in IdToken responses (d28ca8c)
- Add generator for initializer (80399fd)
- Support max_age parameter (aabe3aa)
- Respect scope grants in UserInfo response (25f2170)