rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0
authorization servers, as well as OpenID Authentication Providers.
# as simple as
It can also be used with Rails (via the "rodauth-rails" gem).
* A new method, `get_additional_param(account, claim)`, is now exposed;
this method will be called whenever non-OIDC scopes are requested in the
emission of the ID token.
* The `form_post` response mode is now supported, either by passing the
`response_mode=form_post` request param in the authorization URL, or by
setting `oauth_response_mode "form_post"` option. This improves the overall
security of an Authorization server even more, as authorization codes are
sent to client applications via a POST request to the redirect URI.
* For the OIDC `address` scope, proper claims are now emitted as per the
standard, i.e. the "formatted", "street_address", "locality", "region",
"postal_code", "country". These will be the ones referenced in the
* The rails default templates were missing declarations from a few params,
which made some of the flows (the PKCE for example) not work out-of-the box;
* rails tests were silently not running in CI;
* The CI suite was revamped, so that all Oauth tests would be run under
rails as well. All versions from rails equal or above 5.0 are now targeted;