0.8.0 (12/03/2022)¶ ↑
Features¶ ↑
-
Device code grant
rodauth-oauth
now supports the Device code grant RFC, via the oauth_device_grant
feature.
-
OAuth Tokens Management
An OAuth Tokens Management Dashboard is now provided (via r.oauth_tokens
call to enable the routes). It allows the logged in account to list and revoke OAuth Tokens which have been issued for its resources.
-
Assertion Framework (+ SAML and JWT Bearer Grant)
A new plugin, oauth_assertion_base, was introduced to provide a baseline for implementing custom Bearer Assertion as per the OAuth Client Assertion Framework RFC. This in turn was used to refactor and reintroduce the oauth_saml_bearer_grant and the oauth_jwt_bearer_grant features, which implement the respective and most recent version of the assertion RFCs.
(as a result, oauth_saml
was removed, which implemented a very old draft version of the SAML Bearer spec).
Improvements¶ ↑
The OAuth functionality was refactored from 1 big feature, into several features:
-
oauth_device_grant
-
oauth_token_management
They’re still loaded together via the oauth
feature for backwards compatibility. This will change in a major version.
Bugfixes¶ ↑
-
oauth_jwt integration with the
json-jwt
gem does proper claims validation now;