What's Changed
- Fix typo in kanidm docs by @WhySoBad in #136
- docs: fix typos in getting-started by @LucasFA in #139
- fix: #148 fix logout when user is unauthorized by @sevensolutions in #149
- docs: #153: improve provider docs for Pocket ID and ZITADEL by @sevensolutions in #154
- chore(deps): bump the dependencies group in /website with 27 updates by @dependabot in #151
- fix: fix some missing null-checks when validating the session by @sevensolutions in #158
- feat: error pages by @sevensolutions in #150
Breaking Changes
There is a small breaking change.
When users are authenticated but unauthorized, because of your authorization config, the returned status code will now be a 403 (Forbidden) instead of a 401 (Unauthorized).
According to the standard a 403 is more appropriate for this case.
So this means:
| Action | Returned Status Code |
|---|---|
| User is not logged in | 401 Unauthorized |
| User is logged in but not authorized | 403 Forbidden |
| User is logged in and authorized | 200 or whatever the upstream service is returning |
New Contributors
Full Changelog: v0.11.0...v0.12.0