[ANN] rodauth-oauth 0.5.0 released

rodauth-oauth 0.5.0 has been released.

rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0
authorization servers, as well as OpenID Authentication Providers.

# as simple as
rodauth do
  enable :oauth

It can also be used with Rails (via the "rodauth-rails" gem).

Website: · Rodauth OAuth
Documentation: Rodauth OAuth: OAuth 2.0 and OpenID for rodauth
Wiki: https://gitlab.com/honeyryderchuck/rodauth-oauth/wikis/home
CI: https://gitlab.com/honeyryderchuck/rodauth-oauth/pipeline

### 0.5.0

#### RP-Initiated Logout

The `:oidc` plugin can now do [RP-Initiated Logout](
RP Initiated Logout · Wiki · HoneyryderChuck / rodauth-oauth · GitLab).
It's disabled by default, so read the docs to learn how to enable it.

#### Security

The `:oauth_jwt` (and by association, `:oidc`) plugin(s) verifies the
claims of used JWT tokens. This is a **very important security fix**, as
without it, there is no protection against replay attacks and other types
of misuse of the JWT token.

A new auth method, `generate_jti(claims)`, was [added to the list of
oauth_jwt plugin options](
JWT Access Tokens · Wiki · HoneyryderChuck / rodauth-oauth · GitLab).
By default, it'll hash the `aud` and `iat` claims together, but you can
overwrite how this is done.