0.5.0 (08/02/2021)¶ ↑
RP-Initiated Logout¶ ↑
:oidc plugin can now do RP-Initiated Logout. It’s disabled by default, so read the docs to learn how to enable it.
:oauth_jwt (and by association,
:oidc) plugin(s) verifies the claims of used JWT tokens. This is a very important security fix, as without it, there is no protection against replay attacks and other types of misuse of the JWT token.
A new auth method,
generate_jti(claims), was added to the list of oauth_jwt plugin options. By default, it’ll hash the
iat claims together, but you can overwrite how this is done.