0.22.0

Fixes

• Fix adding custom claims to id_token #160

0.21.0

Features

• Add support for following envs to connect to cassandra cloud
  • DATABASE_CERT -> base64 encoded cert
  • DATABASE_CERT_KEY -> base64 encode key
  • DATABASE_CA_CERT -> base64 encode ca cert

0.20.0

Features

• Added support for cassandra db
• Added support for following envs for cassandra db atm
  • DATABASE_USERNAMER
  • DATABASE_PASSWORD
  • DATABASE_PORT
  • DATABASE_HOST
• Add template for database providers

Fixes

• Fix email access with github login

0.19.0

Fixes

• Allow CORS request with x-authorizer-url header

0.18.1

Fixes

• Resolve MySQL error (key specification without a key length) #156

0.18.0

Fixes

• Allow using the right host & domain while using a gateway / service-mesh setup #155
  • Example: https://github.com/lakhansamani/authorizer-proxy-setup
• Update authorizer-react version to 0.17.0

https://www.loom.com/share/e7a4c81544974c0a99c91d1720ab62a5

authorizer-js 0.10.0

• Allow passing extra headers from config
• Set authorizerURL as default x-authorizer-url header in all requests

authorizer-react 0.17.0

• Update core authorizer-js

0.17.0

Features

• Add ability to configure access_token & id_token expiry time from dashboard #109 (kudos to @MedvedewEM )

authorizer-js 0.9.0

• Add universal fetcher to getToken and revokeToken

authorizer-react 0.16.0

• Update core authorizer-js

0.16.0

Features

• Add query to verify refresh_token, access_token or id_token #149
• Add ability to revoke access of a user from dashboard #135
• Add ability to enable access of a revoked user from dashboard #143
• Add ability to generate new JWT keys for different jwt algorithms from dashboard #150
• Add strong password validation #141 #142

Fixes

• Make disabled fields read only #133
• Fix setting different jwt algorithm bug from dashboard

authorizer-js (0.8.0)

• Adds helper to validate jwt token
• Fixes test cases
• Fixes types

authorizer-react (0.15.0)

• Add strong password validation and visualization

0.15.0

Features

• Add ability to invite users (#44 #138 #137 #136 )
• Add the ability to disable sign up for your early beta product (#139 #134 )

Fixes

• Fix rotating session token on /oauth/token
• Fix redirecting uri

authorizer-react (0.13.0)

• Fix redirecting
• Add support for is_sign_up_enabled meta field

authorizer-js (0.7.0)

• Fix redirecting
• Add support for is_sign_up_enabled meta field

0.14.0

Features

• Add support for OpenID auth flow #130
  It tries to suffice the standards mentioned here
• Add support for PKCE flow. This will help user to perform authentication and authorization in safe memory and prevent from CSRF attack. It also enables perform authorization with safety on mobile applications (Tried and tested with Expo AuthSession)
• Add support for Implicit Flow
• Rotate Refresh Token with each refresh token request
• Rotate Access Token with each access token request
• Add support for offline_access scope which will allow user to get refresh token and make silent refresh
• Add version information in Admin Dashboard
• Introduce client id and client secret for each instance

Technical details

• Adds authorizer endpoint with PKCE & Implicit flow support. This helps in authorizing / redirecting user based on session state
• Addstoken endpoint to get access_token, id_token, refresh_token
• Adds /.well-known/openid-configuration for supported open id configurations
• Adds /.well-known/jwks.json public key information for open id
• Adds /logout endpoint
• Adds /oauth/revoke to revoke refresh token
• Adds userinfo to get user profile data

Breaking Change

• Recommended to set RS256 with PKCS1/ PKCS8 signed keys inorder to activate open id PKCE flow