💡Features and Improvements
- Support for Client credentials Grant.
- For users using
idtokenauthentication mode, we validate the following claims as described in the ID Token Validation documentation:
- The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
- The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element.
- If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present.
- If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id is the Claim Value.
📑Documentation
- Clarify JWT Signature verification/generation
⚙️Dependency Upgrades
- Built with Micronaut 2.1.4
Bumps nimbus-jose-jwt from 9.0.1 to 9.1.2. Nimbus Changelog, Nimbus Commits