Last Update: 2023-01-10 23:21:31 +0000

0.9.3 (30/05/2022)


  • oauth_jwt: new access tokens generated via the "refresh_token" grant type are now JWT (it was falling back to non JWT behaviour);

  • oidc: a new id_token is now generated via the "refresh_token" grant type with “rotation” policy (it was being omitted from the response);

  • oidc: fixing calculation of "auth_time" claim, which (as per RFC) needs to stay the same across first authentication and subsequent "refresh_token" requests;

    • it requires a new db column (default: "auth_time", datetime) in the "oauth_tokens" database;

  • hash-column "refresh_token" will now expose the refresh token (instead of the hash column version) in the "refresh_token" grant type response payload (only happened in “non-rotation” refresh token mode).