0.8.0

Main Changes since 0.7.x

Support for PEM certificates

PEM certificates can now be used directly without being converted to Java Keystore or PKCS12 formats.
To use PEM certificates, set the oauth.ssl.truststore.type option to PEM and either specify location of the PEM file in oauth.ssl.truststore.location or set the certificates directly in oauth.ssl.truststore.certificates.

Replaced keycloak-core library with nimbus-jose-jwt

Now JWT token validation uses a different third-party library. As a result ECDSA support no longer requires the BouncyCastle library. Also, some JWT tokens that would fail previously, can now be handled, widening the support of different authorization servers.

Option oauth.audience has been added to client and server configuration

Sometimes authorization server may require audience option to be passed when authenticating to the token endpoint.

Pass the configured oauth.scope option on the Kafka broker as scope when performing clientId + secret authentication on the broker

While the option has existed, it was only used for inter-broker authentication, but not for OAuth over PLAIN.

For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.8.0 milestone.