0.0.5 (26/6/2020)¶ ↑
Features¶ ↑
-
new option:
oauth_scope_separator
(default:" "
), to define how scopes are stored;
Resource Server mode¶ ↑
rodauth-oauth
can now be used in a resource server, i.e. only for authorizing access to resources:
plugin :rodauth do enable :oauth is_authorization_server? false authorization_server_url "https://auth-server" end
It requires the authorization to implement the server metadata endpoint (/.well-known/oauth-authorization-server
), and if using JWS, the JWKs URI endpoint (unless oauth_jwt_public_key
is defined).
Improvements¶ ↑
-
Multiple Redirect URIs are now allowed for client applications out-of-the-box. In order to use it in API mode, you can pass the
redirect_uri
with an array of strings (the URLs) as values; in the new client application form, you can add several input fields with name field asredirect_uri[]
. ATTENTION!! When using multiple redirect URIs, passing the desired redirect URI to the authorize form becomes mandatory. -
store scopes with whitespace instead of comma; set separator as
oauth_scope_separator
option, to keep backwards-compatibility; -
client application can now store multiple redirect uris; the POST API parameters can accept the redirect_uri param value both as a string or an array of string; internally, they’ll be stored in a whitespace-separated string;
Bugfixes¶ ↑
-
Fixed
RETURNING
support in the databases supporting it (such as postgres).
Chore¶ ↑
-
option
scopes_param
renamed toscope_param
; *