This is a rather small release.
The main reason it is coming so early is the license change.
License Change To Apache 2.0
With this release, the license of Rauthy is changed from the AGPLv3 to an Apache 2.0.
The Apache is way more permissive and makes the integration with other open source projects and software a lot easier.
DPoP Token Support (Experimental)
The first steps towards DPoP Token support have been made.
It is marked as experimental though, because the other authentication methods have been tested and verified with
various real world applications already. This is not the case for DPoP yet.
Additionally, the only supported alg for DPoP proofs is EdDSA for now. The main reason being that I am using Jetbrains
IDE's and the Rust plugin for both IDEA and RustRover are currently broken in conjunction with the rsa crate
(and some others) which makes writing code with them a nightmare. RSA support is prepared as much as possible
though and I hope they will fix this bug soon, so it can be included.
If you have or use a DPoP application, I would really appreciate testing with Rauthy and to get some feedback, so I
can make the whole DPoP flow more resilient as well.
Please note that Authorization Code binding to a DPoP key is also not yet supported, only the /token endpoint accepts
and validates the DPoP header for now.
Changes
Bugfixes
- Typos have been changed in docs and config
51dc320 - Listen Scheme was not properly set when only HTTP was selected exclusively
c002fbe - Resource links in default error HTML template did not work properly in all locations
5965d9a
New Contributors
Images
Postgres
ghcr.io/sebadob/rauthy:0.18.0
SQLite
ghcr.io/sebadob/rauthy:0.18.0-lite