Bug fixes
- fix symmetric key decryption of JWTs encrypted with
A128CBC-HS256
andA256CBC-HS512
- fix memory leak in RSA key conversion
- Allow
{... "error": null ...}
in JSON responses (@fatlotus) - get rid of extraneous
;
inSet-Cookie
headers - fix configuration validation check where no config would be checked if
OIDCProviderIssuer
is set
but bothOIDRedirectURI
andOIDCCryptoPassphrase
are not set
Features
- update to
draft-bradley-oauth-jwt-encoded-state-03
: changetarget_uri
parameter name totarget_link_uri
Other
- add preliminary support for local JWT access token validation (contact the author for docs)
- JWT code refactoring & extended test coverage