rodauth-oauth 1.6.4 has been released.
rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0
authorization servers, as well as OpenID Authentication Providers.
rodauth-oauth
is certified <https://openid.net/certification/> for the following
profiles
of the OpenID Connect™ protocol:
Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, Form Post OP, 3rd
Party Init OP
Session Management OP, RP-Initiated Logout OP, Front-Channel OP,
Back-Channel OP
# as simple as
rodauth do
enable :oauth_authorization_code_grant
# or
enable :oidc
end
Among its features, it supports:
* Authorization Code Grant
* Refresh Token Grant
* Implicit Grant
* Client Credentials Grant
* Device Code Grant
* Token Revocation
* Token Introspection
* Auth Server Metadata
* PKCE
* Resource Indicators
* JWT Access Tokens
* mTLS Client Authentication
* Assertion Framework
* SAML 2.0 Bearer Assertion Grant
* JWT Bearer Assertion Grant
* JWT Secured authorization requests (JAR)
* JWT Secured authorization response mode (JARM)
* Pushed Authorization requests (PAR)
* Demonstrating Proof-of-Possession at the Application Layer (DPoP)
* Dynamic Client Registration
* OpenID
* OpenID Discovery
* OpenID Multiple Response types
* OpenID Self Issued Tokens
* OpenID Connect Dynamic Client Registration
* OpenID Session Management
* OpenID RP Initiated Logout
* OpenID Frontchannel Logout
* OpenID Backchannel Logout
It can also be used with Rails (via the "rodauth-rails" gem).
Website: rodauth-oauth · honeyryder
<https://honeyryderchuck.gitlab.io/rodauth-oauth/>
Documentation: Rodauth OAuth: OAuth 2.0 and OpenID for rodauth
<https://honeyryderchuck.gitlab.io/rodauth-oauth/rdoc/>
Wiki: Home · Wiki · OS / rodauth-oauth · GitLab
<https://gitlab.com/honeyryderchuck/rodauth-oauth/wikis/home>
CI: https://gitlab.com/honeyryderchuck/rodauth-oauth/pipeline
These are the release notes since the last update:
### 1.6.4
#### Bugfixes
* on `/userinfo` request, enforce existence of oauth grant before
proceeding with the userinfo requests.
#### Chore
* linting + tweaks to example scripts.
### 1.6.3
#### Improvements
* all routes can now be used via rodauth `internal_request` feature.
#### Bugfixes
* `oauth_application_management` feature: fixed "new oauth application"
link to account for for prefix usage.
### 1.6.2
#### Bugfixes
* fix oauth_base `supported_response_type?` when `grant_types` column is
set in the database, but `response_types` is not.
### 1.6.1
#### Bugfixes
Fixed regressions in rails generated templates:
* some `:oauth_dpop` form fields not being rendered;
* `check_box_tag` rails helper usage was wrongly setting all checkboxes to
"checked"
#### Chore
* Updated latest features (`:oauth_dpop`) options documentation.
* rails tests will now exercise the rails generated templates again.