release 2.0.0

change LICENSE to Apache 2.0

Bugfixes

• correct error log upon mismatch in iss claim: id_token->JWT

Features

• allow to use local file through file:// protocol for metadata or jwks; see #51; thanks @pladen

release 1.6.3

Features

• nginx: add nginx_oauth2_set_require to be used with OAuth2Require etc.
  see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen
• nginx: add NGINX macros/functions for setting claim variables in the request context
  see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen

Bugfixes

• allow NGINX primitives in an if block within a location block in the http block

release 1.6.2

Bugfixes

• fix NGINX local port detection so it works with NGINX >= 1.27.0; closes #49; thanks @anpin

Other

• add PCRE2_CFLAGS to cache/server object linking

Packaging

• add Ubuntu Noble packages

release 1.6.1

Features

• add support for RFC 8705 OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens to the NGINX binding
• add support for Redis 6 ACL username based authentication; see: OpenIDC/mod_oauth2#63

release 1.6.0

Features

• add support for the OAuth 2.0 Client Credentials grant type
• use CURLOPT_REDIR_PROTOCOLS_STR when libcurl >= 7.55.0; thanks @babelouest

release 1.5.2

Features

• complete OAuth 2.0 Demonstrating Proof of Possession (DPoP) support following RFC 9449
• printout more cjose error details when errors occur verifying JWT access tokens

Other

• fix timing issue in check_openidc.c from test suite; closes #47

release 1.5.1

Edit: on May 11, 2023 the Debian/Ubuntu packages were updated from 1.5.1-1 to 1.5.1-2 because of packaging bug #46

Features

• add issuer validation for JWT access tokens when configured through OAuth2Verify metadata; closes #44; thanks @chris-crunchr
• add support for resolving provider metadata from a Discovery endpoint URL; see OpenIDC/ngx_openidc_module#18
• add error logs about missing or invalid "active" boolean claim in introspection response

Other

• move repo to OpenIDC Github organization

release 1.5.0

Features

• add support for PCRE2 regular expressions in Apache's Require oauth2_claim statements; see OpenIDC/mod_oauth2#39 and https://github.com/zmartzone/mod_oauth2/wiki#authorization

Bugfixes

• fix memory leak in _oauth2_jose_options_jwk_set_rsa_key when using OpenSSL 3.x

Packaging

• depend on libpcre2

release 1.4.5.5

Features

• add support for introspect.params which allows for adding custom POST parameters in the call to the token introspection endpoint; see OpenIDC/mod_oauth2#44

Bugfixes

• hack for el7/x86 where openssl 1.0.2 and openssl 1.1.1 are both co-installed for respectively Apache and NGINX 1.20.1

release 1.4.5.4

Bugfixes

• fix NGINX https schema detection