github OpenIDC/mod_auth_openidc v2.3.8
release 2.3.8

latest releases: v2.4.16.5, v2.4.16.4, v2.4.16.3...
6 years ago

Bugfixes

  • fix return result FALSE when JWT payload parsing fails; see #389; thanks @amdonov
  • fix reading access_token form POST parameters when combined with AuthType auth-openidc; see #376; thanks Nicolas Salerno
  • fix using access token as endpoint auth method in introspection calls; closes #377; thanks @skauffmann

Features

  • add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331
  • make the default maximum number of parallel state cookies 7 instead of unlimited; see #331
  • improve auto-detection of XMLHttpRequests via Accept header; see #331
  • allow usage with LibreSSL; closes #380; thanks @hihellobolke

Other

  • initialize test_proto_authorization_request properly; see #382; thanks @jdennis
  • add sanity check on provider->auth_request_method; closes #382; thanks @jdennis
  • add LGTM code quality badges, see #385; thanks @xcorail

Packaging

  • the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
  • Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise

Don't miss a new mod_auth_openidc release

NewReleases is sending notifications on new releases.