Skip to content

Releases: ory/fosite

v0.49.0

12 Dec 13:51
653c812
Compare
Choose a tag to compare

What's Changed

  • refactor: refresh token rotation by @aeneasr in #838
  • chore(deps): bump golang.org/x/crypto from 0.23.0 to 0.31.0 by @dependabot in #839

Full Changelog: v0.48.0...v0.49.0

v0.48.0

04 Dec 08:32
db74aa7
Compare
Choose a tag to compare

What's Changed

  • fix: require redirect_uri for OpenID Connect calls by @aeneasr in #814
  • fix: pass JWK for singing so that KeyID is set in JWTs by @mitar in #799
  • fix: do not store stacktrace in sentinel errors by @mitar in #823
  • chore: minor improvements to readability and updated code style by @zepatrik in #827
  • feat: add identity ID to password grant extra claims by @hperl in #831
  • chore: update ory/x and ristretto by @aeneasr in #832
  • fix: remove duplicated matcher split by @acynothia in #834
  • revert: signature extraction in the HMAC strategy by @zepatrik in #835
  • chore: make serialization error wrappable by @aeneasr in #837

New Contributors

Full Changelog: v0.47.0...v0.47.1

v0.47.0

16 Jul 08:29
3ec8db8
Compare
Choose a tag to compare

BREAKING CHANGES: Going forward, please instantiate the HMACSHAStrategy using oauth2.NewHMACSHAStrategy():

-var hmacshaStrategy = oauth2.HMACSHAStrategy{
-	Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")}},
-	Config: &fosite.Config{
-		AccessTokenLifespan:   time.Hour * 24,
-		AuthorizeCodeLifespan: time.Hour * 24,
-	},
-}

+var hmacshaStrategy = oauth2.NewHMACSHAStrategy(
+	&hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")}},
+	&fosite.Config{
+		AccessTokenLifespan:   time.Hour * 24,
+		AuthorizeCodeLifespan: time.Hour * 24,
+	},
+)

What's Changed

  • chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.3 by @dependabot in #800
  • chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @dependabot in #804
  • chore(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot in #811
  • chore: remove unneeded dependency github.com/ecordell/optgen by @James-REANNZ in #810
  • chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 by @dependabot in #812
  • chore(deps): bump golang.org/x/net from 0.13.0 to 0.23.0 by @dependabot in #808
  • refactor: split HMAC SHA strategy by @aeneasr in #813
  • fix: WriteIntrospectionResponse should always issue headers by @mitar in #802
  • revert: splitting the HMAC SHA strategy (#813) by @aeneasr in #815
  • refactor: improve dependency injection capabilities by @aeneasr in #816

New Contributors

Full Changelog: v0.46.1...v0.47.0

0.46.1

01 Mar 09:29
1f27af4
Compare
Choose a tag to compare
v0.46.1

fix: use stdlib to check loopback address (#795)

0.46.0

13 Feb 08:20
9b98b55
Compare
Choose a tag to compare

What's Changed

  • fix: fix broken link in History.md by @Suvink in #783
  • fix: call DeleteOpenIDConnectSession during successful authcode exchange by @cfryanr in #793
  • fix: do not list client_secret_jwt as supported by @mitar in #787
  • fix: [#754] Requester ID fix by @vivshankar in #756

New Contributors

Full Changelog: v0.45.0...v0.46.0

0.45.0

03 Jan 12:07
2c69fd8
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.44.0...v0.45.0

0.44.0

07 Dec 12:20
e570564
Compare
Choose a tag to compare
refactor: allow secret configuration to return errors (#726)

BREAKING CHANGE: `GetGlobalSecret` and `GetRotatedGlobalSecrets` signatures changed and it is now possible to add an error.

0.43.0

10 Oct 07:01
Compare
Choose a tag to compare
v0.43.0

chore: update repository templates to https://github.com/ory/meta/com…

v0.42.2

17 Apr 17:27
Compare
Choose a tag to compare
autogen(docs): regenerate and update changelog

v0.42.1

04 Feb 18:33
Compare
Choose a tag to compare
autogen(docs): regenerate and update changelog