0.9.3 (30/05/2022)¶ ↑
Bugfixes¶ ↑
-
oauth_jwt: new access tokens generated via the
"refresh_token"
grant type are now JWT (it was falling back to non JWT behaviour); -
oidc
: a newid_token
is now generated via the"refresh_token"
grant type with “rotation” policy (it was being omitted from the response); -
oidc
: fixing calculation of"auth_time"
claim, which (as per RFC) needs to stay the same across first authentication and subsequent"refresh_token"
requests;-
it requires a new db column (default:
"auth_time"
, datetime) in the"oauth_tokens"
database;
-
-
hash-column
"refresh_token"
will now expose the refresh token (instead of the hash column version) in the"refresh_token"
grant type response payload (only happened in “non-rotation” refresh token mode).