This minor release fixes a bug impacting an edge case where a client application is configured to require PKCE but is also allowed to use the implicit flow (a flow that can't support PKCE by definition). While not recommended, applications created with the PKCE requirement can now use the implicit flow if they have been granted the response_type=id_token
, response_type=token
or response_type=id_token token
response type permissions.
This release also includes a work around for Oracle MySQL users (for more information, read #1234)