OpenIDC/mod_auth_openidc v2.3.3

release 2.3.3

on GitHub

Features

• add support for passing claims resolved from the UserInfo endpoint as a JSON object or (when available) as a JWT with OIDCPassUserInfoAs; closes #311
• add support for authentication to the introspection endpoint with a bearer token using OIDCOAuthIntrospectionClientAuthBearerToken; thanks @cristichiru (works in OAuth 2.0 mode only, does not mix with OIDC setups because of a bug in 2.3.3)

Bugfixes

• avoid crash when no scheme is set on OIDCProviderMetadataURL; closes #303; thanks @iconoeugen
• avoid crash when no OIDCOAuthClientID is set for remote access token validation
• don't enforce iat checks on locally validated JWT access tokens (e.g. as issued by Keycloak)

Other

• the Github repository is transferred to ZmartZone IAM
• a number of compiler/static/runtime code analysis issues were addressed

Packaging

• the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
• Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise