1.2.0 (13/02/2023)¶ ↑
Features¶ ↑
Pushed Authorization Requests (PAR)¶ ↑
RFC: datatracker.ietf.org/doc/html/rfc9126
rodauth-oauth
supports Pushed Authorization Requests, via the :oauth_pushed_authorization_request
feature.
More info about the feature in the wiki.
mTLS Client Auth (+ certificate-bound access tokens)¶ ↑
RFC: www.rfc-editor.org/rfc/rfc8705
The :oauth_tls_client_auth
feature adds support for the variants of mTLS Client Authentication “PKI Mutual-TLS Method” and 2Self-Signed Certificate Mutual-TLS Method“. It also supports client certificate bound access tokens.
More about it in the wiki.
Dynamic Client Registration management¶ ↑
RFC: www.rfc-editor.org/rfc/rfc7592
Support for dynamci client registration management was added to the :oauth_dynamic_client_registration
feature.
More info about it in the wiki.
Improvements¶ ↑
-
Support for 3rd-party initiated login was added, by including support for the
initiate_login_uri
attribute in the register route from the:oauth_dynamic_client_registration
feature. -
Support for multitenant resource ownership was added, here’s a description from the wiki.
Bugfixes¶ ↑
-
oidc: userinfo claims were not including claims with value
false
, such as"email_verified"
. This behaviour has been fixed, and only claims of valuenull
are omitted.