<a name"0.78.0">
0.78.0 (2017-01-11)
Bug Fixes
- security:
<a name"0.77.0">
0.77.0 (2017-01-04)
Bug Fixes
- codes: Remove authorization codes after use. (e0f8961d)
- memorydb: token createdAt used instead of client createdAt (#436) r=vladikoff,seanmonstar (02dec664, closes #421)
- tokens: Begin expiring access tokens beyond a configurable epoch. (b3463264)
<a name"0.76.0">
0.76.0 (2016-12-13)
Bug Fixes
- deps: update to hapi 16, add srinkwrap scripts, update other prod deps (c102046e)
Features
- authorization: add uri validation on the authorization endpoint (#428) r=jrgm,seanmonstar (fcc0b52a, closes #387, #388)
<a name"0.74.0">
0.75.0 (2016-11-30)
Bug Fixes
- tokens: ttl parameter must be positive (#429) r=vladikoff (1764d73a)
Features
- hpkp: Add the hpkp headers to all requests (#416) r=vladikoff (6b8a8c86)
<a name"0.73.0">
0.73.0 (2016-11-02)
Bug Fixes
- deps: update to hapi 14 and joi 9 (9bc87c01, closes #424)
- travis: test on node4/node6 with default npm & g++-4.8 (b4e1dd8e)
<a name"0.71.0">
0.71.0 (2016-10-05)
Features
- docker: Add CloudOps Dockerfile & CircleCI build instructions (a80b4b47)
- shared: add new locales (d6e88df0)
<a name"0.70.0">
0.70.0 (2016-09-21)
Bug Fixes
- purge-expired:
- accept a list of pocket-id's (1c843a93)
- Promise.delay takes milliseconds; allow subsecond delay (10c61034)
- moar logging (80c360e7)
- set db.autoUpdateClients config to false (bc66fc37)
- use db.getClient() to check for unknown clientId (c33f1d9c)
- log uncaughtException; minimum log level of info (264271ef)
<a name"0.69.0">
0.69.0 (2016-09-08)
Bug Fixes
Features
- oauth:
<a name"0.68.0">
0.68.0 (2016-08-24)
Bug Fixes
- log: avoid crashing on bad payload (#411) r=rfk,jrgm (19ebed51, closes #410)
- test: encrypt refresh_token on db query (#414) r=seanmonstar,vladikoff (7f52d46d)
<a name"0.66.0">
0.66.0 (2016-07-27)
Bug Fixes
- deps: update some dependencies (09aa7b0e)
- spelling: minor spelling fix in tests (#403) r=vladikoff (d4ff105b)
<a name"0.65.0">
0.65.0 (2016-07-13)
Bug Fixes
- scopes: Dont treat
foo:writeas a sub-scope offoo. (b4b30c29) - tokens: Added scripts that purge expired access tokens. (10bbb240)
<a name"0.64.0">
0.64.0 (2016-07-02)
Bug Fixes
- scopes: Dont treat
foo:writeas a sub-scope offoo. (fe2f1fef)
<a name"0.61.0">
0.61.0 (2016-05-04)
- travis: drop node 0.12 support (b4eba468)
<a name"0.59.0">
0.59.0 (2016-03-30)
<a name"0.57.0">
0.57.0 (2016-03-05)
Bug Fixes
- db: Fix an old db patch to apply cleanly in local dev. (c7fa6336)
- dependencies: switch back to main generate-rsa-keypair now that my fix to it was merged (1c1268b0)
- shrinkwrap: restore deleted npm-shrinkwrap.json (63834811)
- tests:
- validation: Restrict characters allowed in 'scope' parameter. (7dd2a391)
<a name"0.56.0">
0.56.0 (2016-02-10)
Bug Fixes
- openid: Generate openid keys on npm postinstall to file (5f15afaa)
Features
- clients: Added initial support for using previous client secret (4f9df20c)
- docker: Additional Dockerfile for self-hosting (83a8b6c1)
<a name"0.53.1">
0.53.1 (2016-01-11)
<a name"0.53.0">
0.53.0 (2016-01-04)
Bug Fixes
- deps: switch from URIjs to urijs (ecdf31ed, closes #347)
- travis: build on node 0.10, 0.12, 4, no allowed failures (6684e8c8)
Features
- openid:
<a name"0.51.0">
0.51.0 (2015-12-02)
Bug Fixes
- config: option autoUpdateClients, will be disable in prod/stage (802a0b22)
Features
<a name"0.50.0">
0.50.0 (2015-11-18)
Bug Fixes
- config: update config to use getProperties (c2ed6ebd, closes #349)
- db: make schema.sql accuratley reflect latest patch state (b17b0008)
- docs: add git guidelines link (a00167ce)
- travis: remove broken validate shrinkwrap (1729764f)
Features
- tokens: allow using JWT grants from Service Clients (55f88a9c, closes #328)
- verify: add opt out parameter to verify endpoint (e4c54ff6, closes #358)
<a name"0.48.1">
0.48.1 (2015-10-28)
Bug Fixes
<a name"0.48.0">
0.48.0 (2015-10-20)
Bug Fixes
- config: remove 00000... from hashedSecrets (8dcfd560, closes #339)
- dependencies: move fxa-jwtool from dev-dependencies to dependencies (79b0427a, closes #345)
Features
0.47.0 (2015-10-07)
Bug Fixes
0.46.0 (2015-09-23)
Features
0.45.0 (2015-09-11)
Bug Fixes
Features
0.44.0 (2015-08-26)
Bug Fixes
- authorization: allow empty scope with implicit grant (1d6ac8e5, closes #315)
- db: don't change client database at startup; footgun (8877f818)
0.43.0 (2015-08-04)
Bug Fixes
- db: we need to enforce only a minimum patch level (not {n,n+1}) (e12f54d5)
- events: require events to be configured in production (1bef9e0a)
- server: exit if db patch level is wrong (78d63829)
Breaking Changes
- Server will fail to start up if
config.eventsis not set with values when in production. (1bef9e0a)
0.42.0 (2015-07-22)
Bug Fixes
- config: set expiration.accessToken default to 2 weeks (7a4742de)
- sql:
- tests: sleep additional half second to adjust for mysql round of timestamp (a02f5161)
Features
- api: add ttl parameter to POST /authorization (36087fe6)
<a name"0.41.0">
0.41.0 (2015-07-07)
Bug Fixes
- api:
- config: update redirect_uri values to not be blank (5267c62a)
Features
<a name"0.39.0">
0.39.0 (2015-06-10)
Bug Fixes
- api:
- clients: fixes client registration to use payload.whitelisted (83e145b0)
- docs:
- fatal-error: Exit with non-zero exit code for fatal errors (7c90ff08, closes #244)
Features
<a name"0.36.1">
0.36.1 (2015-04-30)
Bug Fixes
- db: remove db name from clients (c7244393)
Features
- auth: redirect to content-server oauth root by default (34ad867c, closes #245)
- clients:
- untrusted-clients: restrict scopes that untrusted clients can request (8fd228ad, closes #243)
<a name"0.36.0">
0.36.0 (2015-04-27)
Features
- authorization: exit early if assertion invalid returns first (5a27ee61)
- config:
- developers: adds support for oauth developers (abe0e52a)
- logging:
<a name"0.35.0">
0.35.0 (2015-04-13)
Bug Fixes
- clients: support client/client_id route via the internal server (ce04da76)
0.33.0 (2015-03-16)
Bug Fixes
- clients: fixes client endpoint for clients with no redirect_uri (6d47110f, closes #228)
- travis: install libgmp3-dev so optionaldep bigint will be built for browserid-crypto (a64cb183)
Features
- clients: move client management api to a separate port (07a61af2)
0.30.3 (2015-02-20)
Bug Fixes
- clients: update email validation (92d4bfc3)
- db: make the clients key mandatory in the config file (ac7a39e8)
Features
- docker: Dockerfile and README update for basic docker development workflow (342d87bb)
0.30.2 (2015-02-09)
Bug Fixes
- api: remove stray payload restriction from authorization route (e0d53682)
- logging: use route.path in debug message, not route.url (7d9efc25)
0.30.1 (2015-02-03)
Bug Fixes
- api:
Breaking Changes
- If you're passing invalid parameters, stop it. (3b4fa244)
0.30.0 (2015-02-02)
Bug Fixes
- api: reject requests with bad content-types (26672287, closes #199)
- clients: fix server error when omitting optional fields in client registration (80768c51)
Features
- api:
- db: add basic migration infrastructure to mysql backend (012e605c)
0.29.0 (2015-01-20)
Bug Fixes
- docs: minor spelling fixes (33ad1ec0)
Features
- api: Add
action=force_authto GET /v1/authorization. (33603bd2)
0.26.2 (2014-11-20)
Bug Fixes
- logging: use space-free tokens for mozlog (11f73f9e)
0.26.1 (2014-11-13)
Features
- logging: log details when generating code (81933f70)
0.26.0 (2014-11-12)
Bug Fixes
- api: set update to return an empty object (6f334c66)
- error: AppError uses Error.captureStackTrace (2337f809, closes #164)
Features
- clients: client registration apis (1a80294d)
- error: add info property with link to docs (681044c6)
- logging:
- verify: added 'client' to /verify response (4c575516, closes #149)
Breaking Changes
- both the config and the logging output has changed.
Closes #156 (ec0f5db1)
0.24.0 (2014-10-20)
Features
- server: set HSTS header for 180 days (d43accb9)