Bugfixes
- fix return result FALSE when JWT payload parsing fails; see #389; thanks @amdonov
- fix reading access_token form POST parameters when combined with
AuthType auth-openidc
; see #376; thanks Nicolas Salerno - fix using access token as endpoint auth method in introspection calls; closes #377; thanks @skauffmann
Features
- add option to set an upper limit to the number of concurrent state cookies via
OIDCStateMaxNumberOfCookies
; see #331 - make the default maximum number of parallel state cookies 7 instead of unlimited; see #331
- improve auto-detection of XMLHttpRequests via
Accept
header; see #331 - allow usage with LibreSSL; closes #380; thanks @hihellobolke
Other
- initialize
test_proto_authorization_request
properly; see #382; thanks @jdennis - add sanity check on
provider->auth_request_method
; closes #382; thanks @jdennis - add LGTM code quality badges, see #385; thanks @xcorail
Packaging
- the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
- Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise