This release optimizes the performance of authorization code grant flows by minimizing the number of database queries. We acheive this by storing the flow in an AEAD-encoded cookie and AEAD-encoded request parameters for the authentication and consent screens.
BREAKING CHANGE:
- The client that is used as part of the authorization grant flow is stored in the AEAD-encoding. Therefore, running flows will not observe updates to the client after they were started.
- Because the login and consent challenge values now include the AEAD-encoded flow, their size increased to around 1kB for a flow without any metadata (and increases linearly with the amount of metadata). Please adjust your ingress / gateway accordingly.
Bug Fixes
- Version clash in apk install (24ebdd3)
Code Generation
- Pin v2.2.0-rc.2 release commit (b183040)
Features
Changelog
- 4194d75 autogen(docs): regenerate and update changelog
- 898aa00 autogen(docs): regenerate and update changelog
- b183040 autogen: pin v2.2.0-rc.2 release commit
- a8ecf80 feat: hot-reload Oauth2 CORS settings (#3537)
- 3ec683d feat: sqa metrics v2 (#3533)
- 24ebdd3 fix: version clash in apk install
Artifacts can be verified with cosign using this public key.