Release 1.4.4

New Features

OIDC Claims in ID Tokens - Configurable Behavior (#56)

Added controls for including OpenID Connect scope claims (email, profile, phone, address) in ID tokens:

• New global setting: IncludeOpenIDConnectClaimsInIdToken (default: enabled)
• Per-client override available (default/on/off)
• Claims remain available via /userinfo endpoint regardless of setting
• Default behavior matches industry standards (Auth0, Microsoft, Keycloak)
• For strict OIDC Core 5.4 conformance, claims can now be restricted to /userinfo only

Use case: Organizations requiring strict OIDC conformance or wanting to minimize ID token size can now disable scope claims in ID tokens while maintaining full claim access via the userinfo endpoint.

Improvements

• Developer Experience: Added make format target to all modules for consistent code formatting
• Test Organization: Split monolithic test files into focused, maintainable modules:
  • authorize_test.go (5,597 lines) → 5 focused test files
  • token_test.go (1,665 lines) → 7 focused test files

Changes

• Applied consistent code formatting across entire codebase
• Database migration 000013 adds new configuration columns (auto-applied on startup)

Breaking Changes

None - fully backward compatible.