Releases: stremovskyy/orionis
Releases · stremovskyy/orionis
Release list
Orionis v0.3.1
Patch release for wildcard request expansion.
- Treat wildcard scopes in token requests as selectors over concrete allowed_scopes.
- Issue token responses and JWT scope claims with concrete scopes only after expansion.
- Keep wildcard allowed_scopes as policy shortcuts for concrete requests, without issuing wildcard token scopes.
- Update Docker/GHCR, release compose, ECS, GitHub Pages, and wiki examples to 0.3.1.
Orionis v0.3.0
Highlights
- Adds recursive wildcard scopes with suffix patterns:
prefix.*for one segment andprefix.**for recursive matching. - Allows client credentials token requests to include multiple wildcard scopes in the OAuth space-separated
scopefield. - Makes
orionis.Claimsandginorion.Require(...)wildcard-aware so resource services can keep route checks concrete. - Keeps
default_scopesconcrete-only and validates malformed wildcard patterns in config/build paths.
Verification
go test ./...go test -race ./...go vet ./...staticcheck ./...govulncheck ./...docker build --build-arg TARGET=./cmd/orionis-auth -t stremovskyy/orionis:ci .scripts/smoke-release-image.sh stremovskyy/orionis:cidocker compose buildgit diff --check
Orionis v0.2.0
Highlights
- Added JSON key rotation for
cmd/orionis-authwithkeysandactive_kidwhile preserving legacy single-key config. - Added
/readyzbeside/healthzfor readiness checks. - Added endpoint-specific rate limiting and structured audit logs for
/oauth/tokenand/readyz. - Kept
cmd/orionis-auththin by moving runtime/config/security wiring into internal auth runtime code. - Added release image smoke testing that validates
/healthz,/readyz, JWKS rotation, token issuance, and active JWTkid.
Docker and Deploy
- Docker Hub and GHCR release images are pinned to
0.2.0in docs and ECS examples. - ECS config and task definition now support active and previous signing-key PEM secrets for rotation.
- CI and Docker publish workflows build and smoke-test the auth image before publish.
Verification
go test -count=1 ./...go test -race -count=1 ./...go vet ./...staticcheck ./...govulncheck ./...- JSON and Docker Compose config validation
scripts/smoke-release-image.sh stremovskyy/orionis:ci
Orionis v0.1.3
Highlights
- Add provider-agnostic
private_key_pem_envsigning-key mode fororionis-auth, so production keys can be injected from Secrets Manager, Vault, Kubernetes secrets, or another runtime without provider SDKs in Orionis. - Keep the existing file-backed
private_key_pathmode for local Docker/demo deployments. - Update AWS ECS/Fargate templates to inject
ORIONIS_CONFIG_JSONandORIONIS_SIGNING_KEY_PEMas task secrets, removing the EFS volume/access-point requirement from the default template. - Update pinned Docker/ECS documentation and templates from
0.1.2to0.1.3.
Included since v0.1.2
- docs: remove wiki publish helper
- docs: add AWS ECS Fargate deployment assets
- feat: load signing key from secret environment
Validation
go mod tidy -diffgit diff --checkgo test ./...go test -race ./...go vet ./...staticcheck ./...govulncheck ./...jq empty deploy/aws/ecs/task-definition.template.json deploy/aws/ecs/orionis-config.example.jsondocker build --build-arg TARGET=./cmd/orionis-auth -t orionis-auth:local .docker compose build
Orionis v0.1.2
Full Changelog: v0.1.1...v0.1.2
v0.1.1
What's Changed
- Add Java and PHP client examples by @stremovskyy in #1
New Contributors
- @stremovskyy made their first contribution in #1
Full Changelog: v0.1.0...v0.1.1
v0.1.0
First public release of Orionis, a compact Go toolkit and Gin authorization server for service-to-service OAuth 2.0 client_credentials flows with signed JWT access tokens.
Highlights:
- OAuth2 token server with Ed25519 JWT signing and JWKS validation.
- Client token provider, caching HTTP transport, verifier, and Gin middleware.
- Dockerfile and Docker Compose demo for auth, billing, and orders services.
- Runtime hardening, CI coverage, and quieter non-debug server logging.
- README coverage for local runs, Docker runs, and production-style service-to-service configuration.
Verified before release:
go test ./...docker build --build-arg TARGET=./cmd/orionis-auth -t orionis-auth:release-check .