Skip to content

Latest commit

 

History

History
86 lines (73 loc) · 16.1 KB

CHANGELOG.md

File metadata and controls

86 lines (73 loc) · 16.1 KB

v1.1.0 (2020-03-24)

Features

  • Add support for user authentication using shraga proxy and support (21f2522)
  • Add user information given by authentication provider on token (1e7507a)
  • Create user permissions management endpoint for managing user (e7eef2d)
  • Creating improved decision endpoint for user consent (7a51ad7)

v1.0.0 (2020-03-24)

Bug Fixes

  • Add error handler to the management controller and routes, Closes #5. Also fixed the problem with returning client manager authentication strategy errors, just pass the errors to the error handler. Closes #11 (9ec5627)
  • Add file name headers (474cce8)
  • Add JWT access token created for all the flows and update the token introspection for verifying the jwt and pass information about it. #38 (b992052)
  • Add Mongoose/Mongo error handler for deep error handling, Closes #17 (9b028ec)
  • Add oauth2.utils file including utilities for oauth2, modify generateCertificate script for generating public key and set ssl configuration in config (38deb0e)
  • Add passport wrapper for changing the 'unauthorized' text response to json, Also add not found route handling for changing 'Cannot XXX XXX/XXX' to 'Page not found' in json response (659a321)
  • Add scope field in JWT payload (ad6103a)
  • Add validators for hostUri and redirectUri in the client model, Closes #34 (d2fbf7f)
  • Adding more test cases validating the uniqueness of multiple hostsUris for making sure it unique (1227659)
  • Changing hostUri to hostUris for multiple hosts, and also add lowercase for host uris and redirect uris before validation (4d55f79)
  • Fix 'expires_in' value to contain actual validation time in seconds of token (742f697)
  • Fix all OAuth2 flows and routes, basic OAuth2 flow is now working well. Closes #1. Fix interfaces array type declarations and Add optional scopes property for client model. Closes #7 (b7cdfbb)
  • Fix authorization code flow, validating when generating code, that we don't have token. Closes #33. Also, Fix E11000 Mongo error message when there's duplicate tokens or authorization codes (1fc98d3)
  • Fix circular imports when importing collectionName from model, also refactor interfaces of model to be in separated file (5a4f0c0)
  • Fix client manager authentication strategy, still need to check if works (ac6adc9)
  • Fix code changes for different environment (d2fe217)
  • Fix errors and implement oauth2 routes, Add views and login and decision endpoints, Add automation scripts for copy files during compliation (212ab04)
  • Fix hostname of jwt issuer. (821343e)
  • Fix incorrect path for ssl configuration files (30c3c25)
  • Fix issue caused by having same values but different letter cases. Closes #57 (d6732b0)
  • Fix management verification on scopes of client manager cause of the new scope model (226e580)
  • Fix minor bug when importing utility functions from test file, instead just create new file with utility functions and import from there (48ee3c7)
  • Fix multiple hosts bug when updating same host in array duplicated (b32c84e)
  • Fix npm scripts, add start script and init script when first cloning the repo, add also scripts for generate certificates and generate env file (c1b79f4)
  • Fix OAuth route validation error, reference incorrect route (50d25f2)
  • Fix returning 'expires_at' in milliseconds timestamps (5cf34ea)
  • Fix token introspection endpoint to include audience verification and letting audience validate access token. (0e699da)
  • Fix token payload wasnt showing clientId. (a0b9b8a)
  • Fix tsc errors partially. (9fe8e24)
  • Fixing all incorrect types in schemas of access token and referesh token (fb9b966)
  • Fixing client credentials flow, allow clients without scopes, add 'audience' index on access token model (0f6d38d)
  • Fixing critical token expiration bug in client credentials flow, Closes #42 (e09c18a)
  • Fixing deletion of port when received 443 (URL Package overrides the port as default) (69af2d3)
  • Fixing hostUri and redirectUris regexs minor slipping use-cases (923cfe6)
  • Fixing integration errors with 3rd party users, fix passport client manager strategy validation of registration token, fix REST API to include clientId request parameter in read, update and delete requests and improve delete response with only status 204 (No-Content), fix hiding mongo internal fields in responses containing client model (dad562f)
  • Fixing the token introspection endpoint due incorrect algorithm used in jwt signing (07a95fd)
  • Fixing ttl expiration time for access token and add note about future development for defining individual ttl for access token document (847a26a)
  • Fixing update of case insensitive values in hostUri and redirectUris, as mentioned in #56 (5b8e3bf)
  • Fixing update validators error, when using findOneAndUpdate, 'this' context cannot reference the updating model due the way mongoose designed so I just seperated the query (a531b5c)
  • Make use of the major error handler instead auth2orize default error handler. Closes #29 (ddb938d)
  • Refactoring the mongoose aggregation query on access token, add virtual field on access token model for populating the audience from clients collection. Closes #47 (d8065ec)
  • Refactoring the OAuth2 operations by deleting unnecessary validations, and change all simple mongoose query to lean queries, also delete in models validators the validation for unique and use index instead. (ae6ddcf)
  • Remove unused imports (25a1122)

Features

  • Add JWT access token in Authorization Code flow with audience specification in authorize request, also add the audience property to authCode model and accessToken model and make it part of the uniqueness of the models. Also make small quickfix for the problem in #42 (03c76aa)
  • Add JWT access token in Client Credentials flow and audience parameter specification in request body (93bfef8)
  • Add JWT access token in Implicit flow and include audience parameter specification in request query parameters (5cb3380)
  • Add JWT access token in Refresh token flow and use audience parameter in body request, also modify a little bit the quick fix of #42 (4c9213e)
  • Add JWT access token in Resource Owner Password Credentials and audience specification in body of the request (f4cafd5)
  • Add mock of client management controller, interface and routes. Also configure the client model a little bit for applying the client management options (133d230)
  • Add scope model and change access token and client models to support new scope model. Also created scopes utils for utilites for working with scopes (5bf504d)
  • Add support for multiple tokens creation (1971786)
  • Add token introspection route for introspect token information for specific clients (3d4cb37)
  • Addding '/.well-known' route for exporting certificate and public key in pem format and public key in jwks format as defined in specs. Closes #44 (e550b7c)
  • Added partial support for scope model ONLY in Client Credentials and Token Introspection (ba3538a)
  • Adding client credentials reset feature for resetting client id and secret and all associated access tokens and authcodes (d9ea146)
  • Adding elastic apm monitor for the server (db1fa5c)
  • Adding full logging for whole server, also update README.md and generation of env files (35107b6)
  • Adding host validation option for running the server with or without host validation of the requester, Closes #71 (236d025)
  • Adding multiple hosts support for client model as mentioned in #66 (642b4cf)
  • Adding multiple hostUri and checking of ip related to hostnames in hostnameUtils (7aaa701)
  • Change only the client secret when resetting client credentials, so the ClientId remains as a constant. (2c937ac)
  • Changing the redirectUris field to accept only suffix redirectUri instead of full redirectUri (b9514ca)
  • Implement client manager authentication for client registration and management. Closes #10. Fix whole client registration and management controller logic. Closes #2 (567df01)
  • Implement client registration logic and routes without client manager authentication, Also implement passport strategy for client manager and registration token authentication, as Issued at #2 (5e13611)