Contents

### 0.5.0 (08/02/2021)

#### RP-Initiated Logout

The `:oidc` plugin can now do [RP-Initiated Logout](https://gitlab.com/os85/rodauth-oauth/-/wikis/RP-Initiated-Logout). It's disabled by default, so read the docs to learn how to enable it.

#### Security

The `:oauth_jwt` (and by association, `:oidc`) plugin(s) verifies the claims of used JWT tokens. This is a **very important security fix**, as without it, there is no protection against replay attacks and other types of misuse of the JWT token.

A new auth method, `generate_jti(claims)`, was [added to the list of oauth_jwt plugin options](https://gitlab.com/os85/rodauth-oauth/-/wikis/JWT-Access-Tokens#rodauth-options). By default, it'll hash the `aud` and `iat` claims together, but you can overwrite how this is done.

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
rodauth-oauth-1.6.3	doc/release_notes/0_5_0.md
rodauth-oauth-1.6.2	doc/release_notes/0_5_0.md
rodauth-oauth-1.6.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.5.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.4.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.3.2	doc/release_notes/0_5_0.md
rodauth-oauth-1.3.1	doc/release_notes/0_5_0.md
rodauth-oauth-1.3.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.2.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.1.0	doc/release_notes/0_5_0.md
rodauth-oauth-1.0.0	doc/release_notes/0_5_0.md