v3.2.0-beta.3
Pre-release
Pre-release
github-actions
released this
03 Apr 14:50
·
46 commits
to main
since this release
What's Changed
- two bugs with
request
param by @paulswartz in #299 - introspection improvements by @paulswartz in #300
- two fixes with client JWK signing by @paulswartz in #302
- Allow to pass url_extension for token retrieval by @maennchen in #303
- Introduce Quirks option to allow unsupported grant types by @maennchen in #304
- Allow to pass body_extension for token retrieval by @maennchen in #305
- feat:
document_overrides
quirk to patch invalid OIDD files by @paulswartz in #307 - Properly Validate & Cast Token Responses (#306) by @maennchen in #308
- Upgrade @actions/artifact actions by @maennchen in #311
- feat: include config params for PAR, JARM, and DPoP by @paulswartz in #312
- feat: Pushed Authorization Request (PAR) by @paulswartz in #313
- fix(PAR): ensure we don't send duplicate parameters by @paulswartz in #314
- feat: Demonstrating Proof of Posession (DPoP) by @paulswartz in #315
- FAPI2 profile support by @paulswartz in #317
- Update Test Elixir / OTP Versions by @maennchen in #323
- feat: JARM by @paulswartz in #321
- feat: support encrypted ID tokens and Userinfo responses by @paulswartz in #326
- fix(jarm): check encryption/signature before validating claims by @paulswartz in #329
tls_client_auth
by @paulswartz in #328- Fix typos by @kianmeng in #331
- fix: small fixes for DPoP by @paulswartz in #332
- feat: small features to support ConnectID.com.au profile by @paulswartz in #333
- Bump actions/cache from 3 to 4 by @dependabot in #335
- feat: function to locally validate a JWT by @paulswartz in #330
- feat: profile for mTLS sender-constrained tokens by @paulswartz in #336
- Implement backoff algorithm for configuration worker by @maennchen in #337
- Always refresh keys on empty JWK by @maennchen in #339
Security
- Patch of GHSA-mj35-2rgf-cv8p Atom Exhaustion DoS Vulnerability
New Contributors
Full Changelog: v3.1.2...v3.2.0-beta.3