Skip to content

Releases: ory/fosite

v0.19.2

19 May 14:21
@aeneasr aeneasr
v0.19.2
e9339d7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.19.2 
openid: Resolves timing issues by setting now to the future (#270)
Assets 2
Loading

v0.19.1

19 May 13:59
@aeneasr aeneasr
v0.19.1
eee3dad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.19.1 
openid: Improves validation errors and uses UTC everywhere (#269)
Assets 2
Loading

v0.19.0: openid: Improves prompt, max_age and id_token_hint validation (#268)

17 May 15:36
@aeneasr aeneasr
v0.19.0
7ccad77
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.19.0: openid: Improves prompt, max_age and id_token_hint validation (#268) 
This patch improves the OIDC prompt, max_age, and id_token_hint
validation.
Assets 2
Loading

v0.18.1: openid: Adds a validator used to validate OIDC parameters (#266)

01 May 10:04
@aeneasr aeneasr
v0.18.1
91c9d19
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.18.1: openid: Adds a validator used to validate OIDC parameters (#266) 
The validator, for now, validates the prompt parameter of OIDC requests.
Assets 2
Loading

v0.18.0: oauth2: Introspection should return token type (#265)

30 Apr 09:59
@aeneasr aeneasr
v0.18.0
2bf9b6c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.18.0: oauth2: Introspection should return token type (#265) 
Closes #264

This patch allows the introspection handler to return the token type (e.g. `access_token`, `refresh_token`) of the
introspected token. To achieve that, some breaking API changes have been introduced:

* `OAuth2.IntrospectToken(ctx context.Context, token string, tokenType TokenType, session Session, scope ...string) (AccessRequester, error)` is now `OAuth2.IntrospectToken(ctx context.Context, token string, tokenType TokenType, session Session, scope ...string) (TokenType, AccessRequester, error)`.
* `TokenIntrospector.IntrospectToken(ctx context.Context, token string, tokenType TokenType, accessRequest AccessRequester, scopes []string) (error)` is now `TokenIntrospector.IntrospectToken(ctx context.Context, token string, tokenType TokenType, accessRequest AccessRequester, scopes []string) (TokenType, error)`.

This patch also resolves a misconfigured json key in the `IntrospectionResponse` struct. `AccessRequester AccessRequester json:",extra"` is now properly declared as `AccessRequester AccessRequester json:"extra"`.
Assets 2
Loading

0.17.2

26 Apr 07:15
@aeneasr aeneasr
v0.17.2
99029e0
Compare
Choose a tag to compare
0.17.2 
core: Regression fix for request ID in refresh token flow (#262)

Signed-off-by: Beorn Facchini <[email protected]>
Assets 2
Loading

0.17.1

22 Apr 12:58
@aeneasr aeneasr
v0.17.1
0fcdf33
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.17.1 
core: Adds ExactScopeStrategy (#260)

The ExactScopeStrategy performs a simple string match (case sensitive)
of scopes.
Assets 2
Loading

v0.17.0

08 Apr 13:35
@aeneasr aeneasr
v0.17.0
018b5c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.17.0 
core: Sanitizes request body before sending it to the storage adapter…
Assets 2
Loading

0.16.5

17 Mar 12:40
@aeneasr aeneasr
v0.16.5
338399b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.16.5 
v0.16.5

introspection: Improves debug messages (#254)
Assets 2
Loading

0.16.4

07 Feb 10:02
@aeneasr aeneasr
v0.16.4
4512853
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.16.4 
handler: Adds PKCE implementation for none and S256 (#246)

This patch adds support for PKCE (https://tools.ietf.org/html/rfc7636) which is used by native apps (mobile) and prevents eavesdropping attacks against authorization codes.

PKCE is enabled by default but not enforced. Challenge method plain is disabled by default. Both settings can be changed using `compose.Config.EnforcePKCE` and `compose.config.EnablePKCEPlainChallengeMethod`.

Closes #213
Assets 2
Loading