Contents

### 0.5.0 (08/02/2021)

#### RP-Initiated Logout

The `:oidc` plugin can now do [RP-Initiated Logout](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/wikis/RP-Initiated-Logout). It's disabled by default, so read the docs to learn how to enable it.

#### Security

The `:oauth_jwt` (and by association, `:oidc`) plugin(s) verifies the claims of used JWT tokens. This is a **very important security fix**, as without it, there is no protection against replay attacks and other types of misuse of the JWT token.

A new auth method, `generate_jti(claims)`, was [added to the list of oauth_jwt plugin options](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/wikis/JWT-Access-Tokens#rodauth-options). By default, it'll hash the `aud` and `iat` claims together, but you can overwrite how this is done.

Version data entries

12 entries across 12 versions & 1 rubygems

Version	Path
rodauth-oauth-1.0.0.pre.beta2	doc/release_notes/0_5_0.md
rodauth-oauth-1.0.0.pre.beta1	doc/release_notes/0_5_0.md
rodauth-oauth-0.10.4	doc/release_notes/0_5_0.md
rodauth-oauth-0.10.3	doc/release_notes/0_5_0.md
rodauth-oauth-0.10.2	doc/release_notes/0_5_0.md
rodauth-oauth-0.10.1	doc/release_notes/0_5_0.md
rodauth-oauth-0.10.0	doc/release_notes/0_5_0.md
rodauth-oauth-0.9.3	doc/release_notes/0_5_0.md
rodauth-oauth-0.9.2	doc/release_notes/0_5_0.md
rodauth-oauth-0.9.1	doc/release_notes/0_5_0.md
rodauth-oauth-0.9.0	doc/release_notes/0_5_0.md
rodauth-oauth-0.8.0	doc/release_notes/0_5_0.md