What's Changed
- feat: prevent open redirect attacks by @sevensolutions in #160
- chore: restructure repository by @sevensolutions in #162
- docs: #145 improve documentation for authorization by @sevensolutions in #163
- fix: Fix Keycloak URL in readme by @I-Al-Istannen in #166
- docs: fix authorization.md (docker label) by @Sorio6 in #167
- feat: add CheckOnEveryRequest authorization option by @Sorio6 in #169
- chore(deps): bump the dependencies group in /website with 28 updates by @dependabot in #175
- feat: #164 change default for TokenValidation to IdToken by @sevensolutions in #174
Breaking Changes
Starting with version 0.13.0 the plugin will use the IdToken by default for validation.
Make sure all your required claims are mapped into the IdToken.
If you still want to use the AccessToken, configure TokenValidation: "AccessToken" in the provider config.
When using the redirect_uri query parameter of the /login or /logout endpoints you now need to allow the needed urls explicitly by specifying ValidPostLoginRedirectUris and/or ValidPostLogoutRedirectUris.
New Contributors
- @I-Al-Istannen made their first contribution in #166
- @Sorio6 made their first contribution in #167
Full Changelog: v0.12.0...v0.13.0