v23.47-alpha4

Breaking changes

• Public URL configuration changed, see #330 for migration guide.

What's Changed

• Remove access token from websocket protocol header during introspection by @byewokko in #324
• Separate login factors in session object by @byewokko in #325
• Load Kibana Batman configuration from "elasticsearch" section by @language-shprt in #326
• Unify public URL config by @byewokko in #328
• Post-fix: Unify public URL config by @byewokko in #330

New Contributors

• @language-shprt made their first contribution in #326

Full Changelog: v23.47-alpha...v23.47-alpha4

v23.44-beta

CHANGELOG

Pre-releases

• v23.44-alpha6
• v23.44-alpha5
• v23.44-alpha4
• v23.44-alpha3

Breaking changes

• Dropped support for authorize query params ldid and expiration (#296, PLUM Sprint 231006)

Fix

• Fix client cookie introspection (#322, INDIGO Sprint 231110, v23.44-alpha5)
• Handle missing webauthn data in login request (#314, INDIGO Sprint 231027, v23.44-alpha4)
• Fix default authorize parameter values when redirecting (#313, PLUM Sprint 231020)

Features

• Log successful authorization requests (#323, INDIGO Sprint 231110, v23.44-alpha6)
• Lower client ID length limit (#322, INDIGO Sprint 231110, v23.44-alpha5)
• Include client ID and scope in session detail (#318, INDIGO Sprint 231027, v23.44-alpha4)
• Reduce grafana sync frequency (#317, INDIGO Sprint 231027, v23.44-alpha3)
• Authorization for websocket requests (#300, PLUM Sprint 231006)
• Silence stable log messages (#312, PLUM Sprint 231006)
• External login registration webhook (#286, PLUM Sprint 231006)
• OAuth Authorize ignores all unknown parameters (#296, PLUM Sprint 231006)
• Log failure reasons in introspection and authorization flow (#315, INDIGO Sprint 231027)

Refactoring

• Do not log "unhappy flow" as errors (#315, INDIGO Sprint 231027)

v23.47-alpha

What's Changed

• Synchronize Kibana spaces to Seacat tenants by @byewokko in #281

Full Changelog: v23.44-beta...v23.47-alpha

v23.44-alpha6

What's Changed

• Log successful authorization requests by @byewokko in #323

Full Changelog: v23.44-alpha5...v23.44-alpha6

v23.44-alpha5

What's Changed

• Fix client cookie introspection by @byewokko in #322

Full Changelog: v23.44-alpha4...v23.44-alpha5

v23.44-alpha4

v23.44-alpha3

What's Changed

• Handle missing webauthn data in login request by @byewokko in #314
• Include client ID and scope in session detail by @byewokko in #318

Full Changelog: v23.44-alpha3...v23.44-alpha4

v23.44-alpha3

What's Changed

• Do not log "unhappy flow" as errors by @byewokko in #315
• Reduce grafana sync frequency by @byewokko in #317

Full Changelog: v23.44-alpha2...v23.44-alpha3

v23.42-beta2

Breaking changes

• NGINX introspection endpoints paths changed and moved to private API. This is a major breaking change and requires updates to your Nginx configuration files. See #311 for migration guide and backward compatibility options.
• Dropped support for authorize query params ldid and expiration (#296).

---

Full changelog

Fix

• Preserve nonce when redirecting to login (#294, PLUM Sprint 230908, @elpablos)
• Allow username for WebAuthn credentials username (#297, PLUM Sprint 230908)
• NGINX introspection endpoints moved to private API (#301, #311, PLUM Sprint 231006)
• Fix default authorize parameter values when redirecting (#313, PLUM Sprint 231020)

Features

• Login with AppleID (#293, PLUM Sprint 230908, @filipmelik)
• Webauthn authenticator metadata (#256, PLUM Sprint 230908)
• Configurably disable auditing of anonymous sessions (#304, PLUM Sprint 231006)
• Authorization for websocket requests (#300, PLUM Sprint 231006)
• Silence stable log messages (#312, PLUM Sprint 231006)
• External login registration webhook (#286, PLUM Sprint 231006)
• OAuth Authorize ignores all unknown parameters (#296, PLUM Sprint 231006)

v23.42-beta1

Breaking changes

• NGINX introspection endpoints paths changed and moved to private API. This is a major breaking change and requires updates to your Nginx configuration files. See #311 for migration guide and backward compatibility options.
• Dropped support for authorize query params ldid and expiration (#296).

---

Full changelog

Fix

• Preserve nonce when redirecting to login (#294, PLUM Sprint 230908, @elpablos)
• Allow username for WebAuthn credentials username (#297, PLUM Sprint 230908)
• NGINX introspection endpoints moved to private API (#301, #311, PLUM Sprint 231006)

Features

• Login with AppleID (#293, PLUM Sprint 230908, @filipmelik)
• Webauthn authenticator metadata (#256, PLUM Sprint 230908)
• Configurably disable auditing of anonymous sessions (#304, PLUM Sprint 231006)
• Authorization for websocket requests (#300, PLUM Sprint 231006)
• Silence stable log messages (#312, PLUM Sprint 231006)
• External login registration webhook (#286, PLUM Sprint 231006)
• OAuth Authorize ignores all unknown parameters (#296, PLUM Sprint 231006)

v23.42-beta

Breaking changes

• NGINX introspection endpoints paths changed and moved to private API. This is a major breaking change and requires updates to your Nginx configuration files. See #311 for migration guide and backward compatibility options.

---

Full changelog

Fix

• Preserve nonce when redirecting to login (#294, PLUM Sprint 230908, @elpablos)
• Allow username for WebAuthn credentials username (#297, PLUM Sprint 230908)
• NGINX introspection endpoints moved to private API (#301, #311, PLUM Sprint 231006)

Features

• Login with AppleID (#293, PLUM Sprint 230908, @filipmelik)
• Webauthn authenticator metadata (#256, PLUM Sprint 230908)
• Configurably disable auditing of anonymous sessions (#304, PLUM Sprint 231006)