Skip to content

v0.23.0

Latest
Latest

Choose a tag to compare

View all tags
@luikyv luikyv released this 15 Jun 13:54
· 1 commit to main since this release
v0.23.0
7fc57b3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release v0.23.0

Summary

Token exchange grant (RFC 8693) is now supported. Provider option names have been standardized for consistency, and OpenID Federation configuration has been streamlined.

Breaking Changes

Option Renames

Handler/action callbacks drop the Func suffix and use a noun-suffix pattern:

  • WithHandleGrantFunc -> WithGrantHandler
  • WithHandleTokenFunc -> WithTokenHandler
  • WithHandleErrorFunc -> WithErrorHandler
  • WithRenderErrorFunc -> WithErrorRenderer
  • WithDCRHandleClientFunc -> WithDCRClientHandler
  • WithDCRValidateInitialTokenFunc -> WithDCRInitialTokenValidator
  • WithVerifyClientSecretFunc -> WithClientSecretVerifier
  • WithConsumeJTIFunc -> WithJTIConsumer
  • WithRARValidateDetailFunc -> WithRARDetailValidator
  • WithRARCompareDetailsFunc -> WithRARDetailsComparator
  • WithPairwiseSubjectFunc -> WithPairwiseSubject
  • WithPARHandleSessionFunc -> WithPARSessionHandler
  • WithCIBAHandleSessionFunc -> WithCIBASessionHandler
  • WithRefreshTokenShouldIssueFunc -> WithRefreshTokenShouldIssue
  • WithClientIDFunc -> WithDCRClientID
  • WithAuthTimeout -> WithAuthSessionLifetime
  • WithSignerFunc -> WithSigner
  • WithDecrypterFunc -> WithDecrypter
  • WithOpenIDFedSignerFunc -> WithOpenIDFedSigner
  • WithOpenIDFedHTTPClientFunc -> WithOpenIDFedHTTPClient
  • WithOpenIDFedHandleClientFunc -> WithOpenIDFedClientHandler
  • WithOpenIDFedRequiredTrustMarksFunc -> WithOpenIDFedRequiredClientTrustMarks

OpenID Federation

  • WithOpenIDFederation signature changed. Trusted anchors are now a []string slice instead of variadic, and authority hints are a required parameter: WithOpenIDFederation(manager, jwksFunc, authorityHints, trustedAnchors).
  • WithOpenIDFedAuthorityHints removed. Authority hints are now passed directly to WithOpenIDFederation.
  • WithOpenIDFedTrustMark renamed to WithOpenIDFedTrustMarks and now takes ...goidc.TrustMarkConfig instead of map[goidc.TrustMark]string.
  • New goidc.TrustMarkConfig type replaces the previous map-based trust mark configuration.

Other Breaking Changes

  • goidc.HandleGrantFunc signature changed. Now receives GrantType as a second argument: func(context.Context, GrantType, *Grant) error.
  • goidc.JWTBearerHandleAssertionFunc return type changed. Now returns goidc.JWTBearerResult instead of a plain string subject, allowing a Store map to be passed through.

New Features

  • Token exchange grant (RFC 8693). New WithTokenExchangeGrant(handler) option enables urn:ietf:params:oauth:grant-type:token-exchange. Use WithTokenExchangeClientAuthnRequired() to require client authentication. New types: goidc.TokenExchangeRequest, goidc.TokenExchangeResult, goidc.TokenExchangeHandleFunc, goidc.TokenTypeIdentifier.
  • Token exchange does not require client authentication by default, aligning with RFC 8693 which leaves this to deployment policy.
  • WithDefaultAuthn sets the default client authentication method.

What's Changed

Full Changelog: v0.22.0...v0.23.0

Contributors

luikyv
Assets 2
Loading