Releases: ncsa/oa4mp
Releases · ncsa/oa4mp
v6.0
Issues addressed
- #116 - link/unlink help in CLI updated
- #136 - NPE in logger on load in certain cases
- #181 - Device code flow does not apply header claim source rules
- #200 -- JWT utility online examples improved
- #201 - CLI throws ugly stack trace if server not running. This can still be seen if you use the -v switch at startup, but is otherwise suppressed.
- #202 - Rewrite getting started pages for client and server to point to the snazzy new installers
- #204 - Maven poms de-crufted substantially during package rename
- #205 - Rename packages for OA4MP to start with org.oa4mp
- #206 - callbacks no longer required on registration page. This supports device flow only clients
- #207 - Add in library entries for OA4MP directly, not in configuration file. These should be available everywhere so user's never have to see another Java class path
- #208 - internal class name migrator for 5.6 --> 6.0
- #209 - Support for the client credentials flow
- #210 - QDL CLC should resolve all reference when loading a configuration from an ini file
- #211 - Ersatz clients should be able to fork from any refresh token, not just the very first one.
- #212 - Post migration, the QDL ACL module was not completely initialized.
- #213 - The QDL runtime engine needs to completely initialize its state object before attempting to deserialize stored state.
Full Changelog: v5.6...v6.0
v5.6
OA4MP Version 5.6
- #93 upkeep for unused clients.
- #117 - vet bad admin requests in the client management API
- #179 - wrong type name in documentation
- #186 - documentation of scopes was antiquated
- #187 - using Tomcat as the authz server was broken
- #192 -- added documentation for using RFC 7523 with OA4MP
- #193 - new installer created
- #194 -- jwt command line util documentation added.
- #195 - jwt command line tools now allows for setting a default key id when creating keys
- #196 - The OA4MP QDL distribution can now read a server configuration and pull out its QDL configuration, allowing you to run the exact same configuration locally.
- #197 -- RFC 7523 error handling much improved
- #198 - NCSA sec-lib changes required some updates in OA4MP
- #199 -- added ability to echo HTTP requests and response in CLC.
Full Changelog: v5.5...v5.6
v5.5
Full Changelog: v5.4.3...v5.5-rc2
- #141 - NPE during device code flow
- #149 - VO table asserts last_modified timestamp is a BigInt but tried to process it as a timestamp
- #150 - Client configuration improvements for CLC
- #151 - Update client management web page
- #152 - Default Refresh Token lifetime not being read from server config
- #153 - Get issuer from well-known page in command line client
- #154 - Add query facility for client management servlet
- #155 - Do not send original scopes as refresh/exchange scopes unless they are explicitly sent in the request
- #156 - Unused client cleanup deleting in-use clients
- #157 - Client should not check if an ID token was returned for pure OAuth clients on refresh
- #158 - Audit user id token claims in restrictive cases
- #161 - Improve test suite with introspection
- #163 - CLI remove client should remove the permissions
- #164 - RFC 7636 support for RFC 8628
- #165 - Template resolution for access token scopes should use originally returned scopes if none specified
- #166 - Refresh endpoint must check for required refresh token
- #167 - Track last login for clients
- #168 - approval_ts in client approval store not accurate
- #169 - Remove old client management tests
- #170 - Update testing harness to use in-memory and file store from Derby
- #171 - Retool unit tests for clients
- #174 - Cannot remove unmanaged clients in the CLI
- #176 - CM RT lifetime policy on create and update.
- #177 - CM assumes every admin client is in a VO.
- #178 - CM should assert expires_in for token exchange.
- #184 - NPE getting ersatz chain.
v5.5-rc1
What's Changed
- Document retrieving all clients using the cmd tools by @GeorgianaElena in #43
- Do not assume an anonymous client is public. by @bbockelm in #81
- Bring up javadoc up to Java 11 standards by @bbockelm in #82
New Contributors
- @GeorgianaElena made their first contribution in #43
- @bbockelm made their first contribution in #81
Full Changelog: v5.2.4...v5.5-rc1
Contributors
bbockelm and GeorgianaElena
Assets 22
5.4.3
5.4.2
Fixes:
(The qdl.jar is for people that want to update their local install manually. Generally you should use the qdl-installer for a new install or even its update mode, which also updates all the documentation in the distribution too.)
NOTE: This version of OA4MP requires that the java mail file be upgraded to 1.6.7. Get the jar at https://repo1.maven.org/maven2/com/sun/mail/jakarta.mail/1.6.7/jakarta.mail-1.6.7.jar and follow the standard instructions at https://oa4mp.org/server/configuration/server-email.html