Features
- authentication option for Redis cache server using
OIDCRedisCachePassword
OIDCUnAuthAction
primitive that defines how to act on unauthenticated requests; deprecatesOIDCReturn401
- JWT encryption support for
RSA-OAEP
andA128GCM
,A192GCM
,A256GCM
- support encrypted JWTs using
A192KW
andA192CBC-HS384
- graceful handling of browser-back on authorization response, issue #89
- graceful handling of invalid (expired) authorization response state, issue #86
- support (non-sid-based) HTTP logout spec: http://openid.net/specs/openid-connect-logout-1_0.html
Bugfixes
- fix parsing of
OIDCOAuthTokenExpiryClaim
, PR #90, thanks @bester - improve logging on metadata parsing failures, issue #94
Security
- add CSRF protection to Discovery, see: https://bitbucket.org/openid/connect/issues/979/discovery-security-considerations-csrf