Skip to content

0.14.0

Choose a tag to compare

View all tags
@lakhansamani lakhansamani released this 09 Mar 13:26
· 750 commits to main since this release
0.14.0
1b387f7

Features

  • Add support for OpenID auth flow #130
    It tries to suffice the standards mentioned here
  • Add support for PKCE flow. This will help user to perform authentication and authorization in safe memory and prevent from CSRF attack. It also enables perform authorization with safety on mobile applications (Tried and tested with Expo AuthSession)
  • Add support for Implicit Flow
  • Rotate Refresh Token with each refresh token request
  • Rotate Access Token with each access token request
  • Add support for offline_access scope which will allow user to get refresh token and make silent refresh
  • Add version information in Admin Dashboard
  • Introduce client id and client secret for each instance

Technical details

  • Adds authorizer endpoint with PKCE & Implicit flow support. This helps in authorizing / redirecting user based on session state
  • Addstoken endpoint to get access_token, id_token, refresh_token
  • Adds /.well-known/openid-configuration for supported open id configurations
  • Adds /.well-known/jwks.json public key information for open id
  • Adds /logout endpoint
  • Adds /oauth/revoke to revoke refresh token
  • Adds userinfo to get user profile data

Breaking Change

  • Recommended to set RS256 with PKCS1/ PKCS8 signed keys inorder to activate open id PKCE flow
Assets 5
Loading