Nextcloud OpenID Connect Provider App - 1.16.4

This is the an OIDC App for Nextcloud. This application allows to use your Nextcloud Login at other services supporting OpenID Connect.

Provided features:

Support for OpenID Connect Code (response_type = code) and Implicit (response_type = id_token) Flow - Implicite Flow must be activated per client
Support for PKCE
Public and confidential types of clients are supported
Creation of ID Token with claims based on requested scope (Currently supported scopes: openid, profile, email, roles, groups, and offline_access)
Supported signing algorithms RS256 (default) and HS256
Group memberships are passed as roles in ID token
Clients can be assigned to dedicated user groups - Only users in the configured group are allowed to retrieve an access token to fetch the ID token
Support for RFC9068 JWT Access Tokens (must be activated per client)
Discovery & WebFinger endpoint provided
Logout endpoint
Dynamic Client Registration
Client Configuration Management (RFC 7592)
Token Introspection (RFC 7662)
Support for resource url (RFC 9728) at introspection
User Consent Management
Support for custom claims
Administration of clients via CLI
Generation and validation of access tokens using events
User specific settings to define which data is passed to clients in ID token and via userinfo endpoint

Changes:

Changed log level for jwt validation based on events (#625)
Added support for RFC 6749 VSCHAR characters in client_id and client_secret (#638)
Updated dependencies
Updated translations

Full documentation can be found at:

What's Changed

Build(deps): Bump firebase/php-jwt from 7.0.3 to 7.0.4 by @dependabot[bot] in #634
Build(deps-dev): Bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #636
Build(deps): Bump firebase/php-jwt from 7.0.4 to 7.0.5 by @dependabot[bot] in #637
fix(validation): allow RFC 6749 VSCHAR characters in client_id and client_secret by @tony-engineering in #638

Full Changelog: 1.16.3...1.16.4