[5.1.0] - 2025-05-22
๐ Features
- Support custom JWT authentication for external KACLS using an RSA keypair in the Google CSE migration flow
- Expose the RSA public key via the new
/certsendpoint - Rewrite
/rewrapendpoint to fully support the migration flow logic - Rewrite
/privilegedunwrapendpoint to properly integrate with the migration process - Support for PKCE (Proof Key for Code Exchange) authentication from the CLI with the Cosmian KMS
- Concurrent multi-factor authentication with clear cascading rules (OIDC / Client Certificates / API Token)
๐ Bug Fixes
- Unclear cascading rules in multi-factor authentication
๐ Refactor
- Refactor server configuration to include a dedicated google_cse section
- Derive the Google CSE KACLS URL from the public_url configuration value for better flexibility
โ๏ธ Miscellaneous Tasks
- Expose user_id in the response from the /token endpoint for improved UI identification
๐งช Testing
- Add unit tests for Google CSE digest computation, validating against Google's official documentation appendix
- Test custom JWT generation and parsing to ensure compatibility and correctness
๐ Documentation
- Revise the Google CSE documentation section for clarity and accuracy
- Add a new section on migrating Google CSE data from Drive, including practical steps and examples
- PKCE documentation with configuration examples
- Improved authentication documentation, both client and server side