v0.2.0
New Features
- Authservice can now be configured to ignore specific url paths, like
/healthz, allowing users to access these specific pages of an application without being redirected to the IDP. Refer to the documentation for the newtrigger_rulesconfig option. - When access tokens expire, authservice will now automatically use refresh tokens to renew them.
- Tokens and other session data are now stored in an in-memory session store. They used to be stored in cookies. This was necessary in order to implement token refreshing, but also allowed us to simplify some of our code. The new config options
idle_session_timeoutandabsolute_session_timeoutwere added to control the duration of session storage. - After a successful login, redirect to the url from the original request. Specifying a
landing_pageconfig option for your application is no longer needed or supported. - Custom root certificates may now be specified for an IDP. Refer to the documentation for the new
trusted_certificate_authorityconfig option.
Breaking changes
- The config options
authorization_uri,token_uri, andcallback_urihave been simplified . They are now specified as URL strings, instead of broken down into scheme/hostname/port/path. - The config options
cryptor_secretandtimeoutwere removed, as they are no longer needed now that session state is no longer stored in browser cookies. - The config option
landing_pagewas removed, now that end users will automatically land on the page which they had originally requested.
Known Limitations
Currently authservice can be used at either the sidecar or gateway. However, there may be issues when it is used at the gateway in an installation with multiple gateway instances. These issues are due to session state being stored in-memory, and only happen when users go from talking to one authservice instance to another mid-session. Such problems can be avoided it the gateway instances are placed behind a load balancer that supports session affinity.
The docker image associated with this release can be downloaded here:
docker pull docker.pkg.github.com/istio-ecosystem/authservice/authservice:0.2.0-13adf7f5f994