Skip to content

Release 1.5.0

Choose a tag to compare

View all tags
@leodip leodip released this 09 Feb 00:02
· 19 commits to main since this release
v1.5.0
80615f9

New Features

OIDC prompt parameter support (#57)

Full implementation of the OIDC prompt parameter on the /auth/authorize endpoint:

  • prompt=none — Silent authentication. Returns an error if the user is not already authenticated or if consent is required, without displaying any UI.
  • prompt=login — Forces re-authentication even if the user has an active session.
  • prompt=consent — Forces the consent screen even if consent was previously granted.
  • Combinations — Values can be combined (e.g., prompt=login consent), except none which must be used alone.
  • Advertised in the /.well-known/openid-configuration discovery endpoint via prompt_values_supported.

Client logo management (#33)

Clients can now have a logo image displayed on authentication and consent screens:

  • Upload, view, and delete logos via the admin console (Logo tab in client settings) or the REST API.
  • Public endpoint GET /client/logo/{clientIdentifier} serves logos with ETag and Cache-Control headers for efficient caching.
  • Supported formats: JPEG, PNG, GIF, WebP. Max dimensions: 512x512. Max size: 3MB.

Client display settings

New fields on clients to control how they appear to users during authentication:

  • displayName — A human-friendly name shown instead of the client identifier. Falls back to the client identifier if empty.
  • description — A short description shown on auth/consent screens.
  • websiteURL — A link to the client's website, shown on the consent screen.
  • Visibility togglesshowLogo, showDisplayName, showDescription, showWebsiteURL control which elements are visible on auth screens.
  • Display name can be set during client creation (admin console and API).

System-level entity editing

System-level clients (admin-console-client) and resources (authserver) can now be edited with targeted immutability guards:

  • Identifiers are protected — cannot be renamed.
  • Deletion is blocked — system-level entities cannot be removed.
  • All other settings are editable — description, display name, redirect URIs, permissions, etc.
  • Built-in permission identifiers on the authserver resource (userinfo, manage-account, manage, admin-read, manage-users, manage-clients, manage-settings) cannot be renamed or deleted, but new permissions can be added.

Improvements

  • Dockerfile reliabilitycurl commands for downloading yq and Tailwind CLI now include --retry options for more resilient builds.
  • Dependency updates — Go module dependencies updated across all three modules (core, authserver, adminconsole). Test integration app dependencies updated.

Database Migrations

Four new migrations are included (applied automatically on startup):

Migration Description
000014 Add client_logos table
000015 Fix DATETIME2 precision on MSSQL (MSSQL only)
000016 Add website_url column to clients
000017 Add display_name and description columns to clients; add show_logo, show_display_name, show_description, show_website_url columns

No breaking changes

Update to v1.5.0 using your preferred deployment method (Docker images or native binaries). Database migrations will run automatically on first startup.

Assets 12
Loading