0.1.0 (31/7/2020)¶ ↑
Features¶ ↑
OpenID¶ ↑
rodauth-oauth
now ships with support for OpenID Connect. In order to enable, you have to:
plugin :rodauth do enable :oidc end
For more info about integrating it, check the wiki.
It supports omniauth openID integrations out-of-the-box, check the OpenID example, which integrates with omniauth_openid_connect.
Improvements¶ ↑
-
JWT:
sub
claim now also handles “pairwise” subjects. For that, you have to set theoauth_jwt_subject_type
option ("public"
or"pairwise"
) andoauth_jwt_subject_secret
(will be used for salting thesub
when the type is"pairwise"
). -
JWT:
auth_time
claim is now supported; if your application uses therodauth
feature:account_expiration
, it’ll use thelast_account_login_at
method, otherwise you can set thelast_account_login_at
option:
last_account_login_at do convert_timestamp(db[accounts_table].where(account_id_column => account_id).get(:that_column_where_you_keep_the_data)) end
-
JWT:
iss
claim now defaults toauthorization_server_url
when not defined; -
JWT:
aud
claim now defaults to the token application’s client ID (client_id
claim was removed as a result);
Breaking Changes¶ ↑
rodauth-oauth
URLs no longer have the oauth-
prefix, so make sure you update your integrations accordingly, i.e. where you used to rely on /oauth-authorize
, you’ll have to use /authorize
.
URI schemes for client applications redirect URIs have to be https
. In order to override this, set the oauth_valid_uri_schemes
to an array of your expected URI schemes.
Bugfixes¶ ↑
-
Authorization request submission can receive the
scope
as an array of values now, instead of only dealing with receiving a white-space separated list. -
fixed trailing “/” in the “issuer” value in server metadata (
https://server.com/
->https://server.com
).