- arrow & static class methods as adapter factories (#1197) (cee552f)
- updated
signed to trusted in the Interaction model (#1192) (eb91aea)
- client schema invalidation code not set (edf22fb)
- allow native app callbacks in client post_logout_redirect_uris (3fca22b)
- bump backchannelLogout to draft-07 (95611d9)
- graduate issAuthResp feature as stable and enable by default (e774f60)
- ensure jwt replay detection takes clockTolerance into account (f167233)
- substr > slice change in mountPath should have been substring (adc0d63)
- resourceIndicators: await the result of useGrantedResource (#1173) (64a8028)
- add iss to error responses when issAuthResp is enabled (05ac3a8)
- expose invalid_dpop_proof error code and set it to 401 on userinfo (2628d7e)
- use paseto configuration from
getResourceServerInfo (#1150) (02c821d)
- clearly mark that multiple pop mechanisms are not allowed (49eed4c)
- duplicate iss and aud as JWE Header Parameters (b26ea44)
- add LTS Gallium as a supported runtime version (19b4d0d)
- use insufficient_scope instead of invalid_scope at userinfo_endpoint (ba8a8f0)
- OAuth 2.0 Pushed Authorization Requests (PAR) is now a stable feature (3c54d8d)
- CIBA Core 1.0 is now a stable feature (cc8bc0d)
- support v3.local, v3.public, and v4.public paseto access tokens format (aca5813)
- add missing x-ua-compatible to form_post and dag input (f773669), closes #1052
- memory adapter grant references for intended models (2fe4dc8)
- use correct keystore select method for paseto access tokens (ce394bc)
- issue id tokens with claims when resource is used (#1038) (4b16c71)
- use 303 See Other HTTP response status code for built in redirects (c243bf6)
- handle backchannel requests in grant revocation (8fe9aec)
- fapi: Draft feature
fapiRW was replaced by a stable fapi
feature.
- fapi: The default profile for the new
fapi feature is
Financial-grade API Security Profile 1.0 - Part 2: Advanced (Final) rather than
Financial-grade API - Part 2: Read and Write API Security Profile (ID2).
ID2 albeit being an Implementer’s Draft remains a possible
features.fapi.profile option
- deviceFlow: ensure pairwise device flow clients prove ownership of their jwks_uri (ec99201)
- remove default got user-agent (d65187c)
- skip validating client redirect_uris presence when not required (90965bb)
- account claims scope argument type during refresh token exchange (bd1bee1), closes #1000
- store original PAR signed request object after decryption (fa26e55)
- update DPoP implementation to ietf draft 03 (d08126f)
- enable customizing client auth jwt assertion expected audience (e6286a6)
- interaction uid is now an alias to its jti, it is not stored anymore either (2d85768)
- keyselection for ecdh when both OKP and EC are present (a0f8f7d)
- v1.paseto token alg keystore value to be PS384 instead of RS384 (ae1f879)
← Newer entries | Older entries →
