zmartzone/lua-resty-openidc v1.7.1

release 1.7.1

on GitHub

Note that opts.secret and opts.redirect_uri_path are now deprecated and will be removed in a next release; a warning is issued in the log now.

Bugfixes

• don't select one of the jwt token auth methods if the required key material is not present; see #238
• fixed a bad error return value in certain setups of bearer_jwt_verify; see #234; thanks @JoshTheGoldfish
• make sure opts.discovery is resolved when iss is returned as part of the authorization response; see #224 ; thanks @mijohansen

Features

• added support for the client_secret_jwt authentication method; see #229
• added support for the private_key_jwt authentication method; see #217; thanks @pamiel

Other

• remove strict iss check in Discovery metadata document; see #219 (may help Azure AD setups)