rodauth-oauth now ships with support for OpenID Connect. In order to enable, you have to:
plugin :rodauth do enable :oidc end
For more info about integrating it, check the wiki.
It supports omniauth openID integrations out-of-the-box, check the OpenID example, which integrates with omniauth_openid_connect.
subclaim now also handles “pairwise” subjects. For that, you have to set the
oauth_jwt_subject_secret(will be used for salting the
subwhen the type is
auth_timeclaim is now supported; if your application uses the
:account_expiration, it’ll use the
last_account_login_atmethod, otherwise you can set the
last_account_login_at do convert_timestamp(db[accounts_table].where(account_id_column => account_id).get(:that_column_where_you_keep_the_data)) end
issclaim now defaults to
authorization_server_urlwhen not defined;
audclaim now defaults to the token application’s client ID (
client_idclaim was removed as a result);
rodauth-oauth URLs no longer have the
oauth- prefix, so make sure you update your integrations accordingly, i.e. where you used to rely on
/oauth-authorize, you’ll have to use
URI schemes for client applications redirect URIs have to be
https. In order to override this, set the
oauth_valid_uri_schemes to an array of your expected URI schemes.
Authorization request submission can receive the
scopeas an array of values now, instead of only dealing with receiving a white-space separated list.
fixed trailing “/” in the “issuer” value in server metadata (