github sebadob/rauthy v0.19.0
on GitHub

latest releases: v0.25.0, v0.24.1, v0.24.0...
10 months ago

Solid OIDC Support

This is the main new feature for this release.

With the now accepted RSA signatures for DPoP tokens, the ephemeral, dynamic clients and
the basic serving of webid documents for each user, Rauthy should now fully support Solid OIDC.
This feature just needs some more real world testing with already existing applications though.

These 3 new features are all opt-in, because a default deployment of Rauthy will most probably
not use them at all. There is a whole new section in the Config
called EPHEMERAL CLIENTS where you can configure these things. The 3 main variables you need
to set are: 

# Can be set to 'true' to allow the dynamic client lookup via URLs as
# 'client_id's during authorization_code flow initiation.
# default: false
ENABLE_EPHEMERAL_CLIENTS=true

# Can be set to 'true' to enable WebID functionality like needed
# for things like Solid OIDC.
# default: false
ENABLE_WEB_ID=true

# If set to 'true', 'solid' will be added to the 'aud' claim from the ID token
# for ephemeral clients.
# default: false
ENABLE_SOLID_AUD=true

Afterward, the only "manual" thing you need to do is to add a custom scope called webid
once via the Admin UI.

EVENT_MATRIX_ERROR_NO_PANIC

This new config variable solves a possible chicken and egg problem, if you use a self-hosted
Matrix server and Rauthy as its OIDC provider at the same time. If both services are offline,
for instance because of a server reboot, you would not be able to start them.

  • The Matrix Server would panic because it cannot connect to and verify Rauthy
  • Rauthy would panic because it cannot connect to Matrix

Setting this variable to true solves this issue and Rauthy would only log an error in that
case instead of panicking. The panic is the preferred behavior though, because this makes
100% sure that Rauthy will actually be able to send out notification to configured endpoints.

Features

  • ~20% smaller binary size by stripping unnecessary symbols
    680d5e5
  • Accept DPoP tokens with RSA validations
    daade41
  • Dynamically build up and serve custom scopes in the /.well-known/openid-configuration
    904cf09
  • A much nicer way of generating both DEV and PROD TLS certificates by using Nioca
    has been integrated into the project itself, as well as the
    Rauthy Book
    463bf8a
    a14beda
  • Implement opt-in ephemeral clients
    52c84c2
    617908b
  • Implement opt-in basic webid document serving
    bca77f5
    1e32f6f
    79cb836
    55433f4
    3cdf81c
  • For developers, a new CONTRIBUTING.md
    guide has been added to get people started quickly
    7c38142
    411393f
  • Add a new config variable EVENT_MATRIX_ERROR_NO_PANIC to only throw an error instead of
    panic on Matrix connection errors
    4fc3382
  • Not really a bug nor a feature, but the "App Version Update" watcher now remembers a
    sent notification for an update and will only notify after a restart again.
    be19735

Bugfixes

  • In a HA deployment, the new integrated health watcher from v0.17.0 could return false positives
    93d75d5
    9bbaeb2
  • In v0.18.0 a bug has been introduced because of internal JWKS optimizations. This produced
    cache errors when trying to deserialize cached JWKS after multiple requests.
    3808423

New Contributors

damooo

Images

Postgres

ghcr.io/sebadob/rauthy:0.19.0

SQLite

ghcr.io/sebadob/rauthy:0.19.0-lite
Check out latest releases or
releases around sebadob/rauthy v0.19.0

Don't miss a new rauthy release

NewReleases is sending notifications on new releases.

Get notifications