v0.7.0

New feature

• Support request_uri query in ahtorization endpoint.

Version 0.6.0

BREAKING CHANGE

• Default code expiration are shorten to 1 minute from 5 minutes.
• Change cors_origin option for client to array of glob. Now you can use multiple or flexible domain.

Fix

• CORS header of userinfo endpoint are now do correct behavior.
• Fix bug that shown consent page if new client even if set prompt=none query. Now prompt=none is work.

Version 0.5.0

New feature

• Support request jwt object in authorization endpoint.
• Add CORS header for clients that work on browser.
• Add x5c property into jwks.

Version 0.4.0

BREAKING CHANGE

• Now showing consent page when login by new client.

New feature

• Supported number and []number type in the claims.
• Claims that set in config are now always includes in response even if missing value in LDAP.

Improve

• Enhanced endpoints query checking. Now more secure and helpful.

Fix

• Fixed problem that login form was broken in some device sizes or settings.

Version 0.3.0

BREAKING CHANGE

• Changed default config format to TOML. Now easy to append client!
• Moved allow_implicit_flow option from global config to client specific config.
• Removed disable_client_auth option because client registration is now enough easy.

New feature

• Added display client name and icon on the login page.
• Implemented authorization (not authentication) page for prompt=consent.

Improve

• Remade login page design.
• gen-client command's output are now includes helpful comments.

Version 0.2.0

New feature

• Add --tls-auto option for generate TLS cert with Let's Encryption.

Improve

• Support POST method in user info endpoint.

Fix

• Enforce set nonce in OpenID implicit/hybrid flow.
• Fix typo in openid-configuration.

Version 0.1.0

New feature

• Support RP-Initiated logout.

Improve

• Metrics and logs

Version 0.0.0

Almost stable.