Releases: rarebit-one/standard_id-provider
Releases · rarebit-one/standard_id-provider
Release list
v0.3.0
Added
- Per-IP rate limiting on the token introspection (RFC 7662) and revocation
(RFC 7009) endpoints. Both are credential-guessable; the throttle runs
before client authentication (30/15min by IP, override with
RATE_LIMIT_INTROSPECT_PER_IP/RATE_LIMIT_REVOKE_PER_IP). Reuses the
standard_idengine's rate-limit store and JSON 429 handler.
v0.2.0
Added
.editorconfigfor consistent indentation and whitespace across editors.AGENTS.mddescribing the OIDC engine surface (ConsentGrant + RevokedToken models, ID token service, extension flows) for AI coding agents and new contributors.lefthook.ymlplus.lefthook/scripts for pre-push checks (whitespace, signed commits, RuboCop, Brakeman, RSpec) and post-checkout/rewrite/mergebundle installsync. Install viabrew install lefthook && lefthook install; skip withLEFTHOOK=0.- SimpleCov branch coverage reporting wired into
spec/spec_helper.rb. Reports are emitted tocoverage/(gitignored). No minimum threshold is enforced — this enables visibility today, with a threshold to follow once the spec suite is reconciled with upstreamstandard_id. - Brakeman static analysis and bundler-audit dependency scanning now run on every CI build, surfacing security issues before they reach a release.
Changed
- CI workflow migrated to the shared
rarebit-one/.githubreusable workflow (reusable-gem-ci.yml@v1);.github/workflows/ci.ymlis now a thin shim. The lint job runs RuboCop plus Brakeman and bundler-audit security scans viaextra-lint-commands. The test matrix is intentionally empty (ruby-versions: '[]') — the dummy app still references the legacyStandardConfigconstant that was removed upstream, so RSpec cannot boot. Re-enabling the matrix is tracked as follow-up work. The previous bespoke RuboCop result cache is dropped becausehashFilescannot be evaluated when resolving reusable-workflow inputs; lint runs on this gem are short enough that the cache is not worth the extra plumbing. - Release workflow migrated to the shared
rarebit-one/.githubreusable workflow (reusable-gem-release.yml@v1);.github/workflows/release.ymlis now a thin shim.
Removed
- BREAKING: Dropped support for Ruby < 4.0. The gem now requires Ruby 4.0+, matching the upstream
standard_idgem (standard_id#195).
v0.1.0
Added
- Initial release of OpenID Connect Identity Provider addon for StandardId
- ID token issuance, consent management, token introspection, and token revocation
- OIDC discovery endpoint