0.2.0 (9/9/2020)¶ ↑
Features¶ ↑
SAML Assertion Grant Type¶ ↑
rodauth-auth
now supports using a SAML Assertion to request for an Access token.In order to enable, you have to:
plugin :rodauth do enable :oauth_saml end
For more info about integrating it, check the wiki.
Supporting rotating keys¶ ↑
At some point, you’ll want to replace the pkeys and algorithm used to generate and verify the JWT access tokens, but you want to keep validating previously-distributed JWT tokens, at least until they expire. Now you can, via two new options, oauth_jwt_legacy_public_key
and oauth_jwt_legacy_algorithm
, which will be declared in the JWKs URI and used to verify access tokens.
Reuse access tokens¶ ↑
If the oauth_reuse_access_token
is set, if there’s already an existing valid access token, any new grant for the same application / account / scope will keep the same access token. This can be helpful in scenarios where one wants the same access token distributed across devices.
require_authorizable_account¶ ↑
The method used to verify access to the authorize flow is called require_authorizable_account
. By default, it checks if a user is logged in by using rodauth’s own require_account
. This is the method you’d want to redefine in order to augment these requirements, i.e. request 2fa authentication.
Improvements¶ ↑
Expired and revoked access tokens end up generating a lot of garbage, which will have to be periodically cleaned up. You can mitigate this now by setting a uniqueness index for a group of columns, i.e. if you set a uniqueness index for the oauth_application_id/account_id/scopes
column, rodauth-oauth
will transparently reuse the same db entry to store the new access token. If setting some other type of uniqueness index, make sure to update the option oauth_tokens_unique_columns
(the array of columns from the uniqueness index).
Bugfixes¶ ↑
Calling before_*_route
callbacks appropriately.
Fixed some mishandling of HTTP headers when in in resource-server mode.
Chore¶ ↑
-
97.7% test coverage;
-
rodauth-oauth
CI tests run against sqlite, postgresql and mysql.