v3.1.1

3.1.1 (2023-10-24)

Bug Fixes

• build callback url from server, not op (#468) (e5f0dca)
• server: do not get client by id for introspection (#467) (73a1982)

v3.1.0

3.1.0 (2023-10-24)

Features

• op: allow Legacy Server extension (#466) (bab5399)

v3.0.3

3.0.3 (2023-10-24)

Bug Fixes

• op: terminate session from request in legacy server (#465) (164c5b2)

v3.0.2

What's Changed

• chore(deps): upgrade go-chi/chi to v5 by @muhlemmer in #462

Full Changelog: v3.0.1...v3.0.2

v3.0.1

3.0.1 (2023-10-13)

Bug Fixes

• op: return state in token response only for implicit flow (#460) (0dc2a6e)

v3.0.0

3.0.0 (2023-10-13)

Bug Fixes

• modify ACRValues parameter type to space separated strings (#388) (e43ac6d)
• Only set GrantType once (#353) (#367) (312c2a0), closes #352

chore

• replace gorilla/mux with go-chi/chi (#332) (57fb9f7), closes #301

• Merge pull request #456 from zitadel/next-main (976b406), closes #456

Features

• add context to all client calls (#345) (6af94fd), closes #309
• add slog logging (#432) (0879c88)
• Allow modifying request to device authorization endpoint (#356) (c778e83), closes #354
• generic Userinfo and Introspect functions (#389) (d5a9bd6)
• merge the verifier types (#336) (33c716d)
• op: Server interface (#447) (0f8a058)
• rp: return oidc.Tokens on token refresh (#423) (6708ef4), closes #364

BREAKING CHANGES

• • Just making sure v3 release is triggered.
• rp: - rename RefreshAccessToken to RefreshToken

• RefreshToken returns *oidc.Tokens instead of *oauth2.Token

This change allows the return of the id_token in an explicit manner,
as part of the oidc.Tokens struct.
The return type is now consistent with the CodeExchange function.

When an id_token is returned, it is verified.
In case no id_token was received,
RefreshTokens will not return an error.

As per specifictation:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse

Upon successful validation of the Refresh Token,
the response body is the Token Response of Section 3.1.3.3
except that it might not contain an id_token.

• rp.Userinfo and rs.Introspect now require
  a type parameter.
• • The various verifier types are merged into a oidc.Verifir.

• oidc.Verfier became a struct with exported fields

• use type aliases for oidc.Verifier

this binds the correct contstructor to each verifier usecase.

• fix: handle the zero cases for oidc.Time

• add unit tests to oidc verifier

• fix: correct returned field for JWTTokenRequest

JWTTokenRequest.GetIssuedAt() was returning the ExpiresAt field.
This change corrects that by returning IssuedAt instead.

• The returned router from op.CreateRouter() is now a chi.Router

v1.13.5

1.13.5 (2023-10-13)

Bug Fixes

• v1: update all go mod deps (#457) (55acd00)

v3.0.0-next.11

3.0.0-next.11 (2023-09-28)

Features

• op: Server interface (#447) (0f8a058)

v2.11.0

2.11.0 (2023-09-07)

Features

• issuer from Forwarded header (#443) (364a759)

v2.10.0

2.10.0 (2023-09-01)

Features

• op: add opentelemetry to token endpoint (#436) (1683b31)