OpenIDC/mod_auth_openidc v1.7.3

release 1.7.3

on GitHub

Bug fixes

• fix symmetric key decryption of JWTs encrypted with A128CBC-HS256 and A256CBC-HS512
• fix memory leak in RSA key conversion
• Allow {... "error": null ...} in JSON responses (@fatlotus)
• get rid of extraneous ; in Set-Cookie headers
• fix configuration validation check where no config would be checked if OIDCProviderIssuer is set
  but both OIDRedirectURI and OIDCCryptoPassphrase are not set

Features

• update to draft-bradley-oauth-jwt-encoded-state-03: change target_uri parameter name to target_link_uri

Other

• add preliminary support for local JWT access token validation (contact the author for docs)
• JWT code refactoring & extended test coverage