Sha256: cd5edd2216a258112ec2deb6e7fd7e26e775fd44dc618f61cc39339ef2499e9f
Contents?: true
Size: 1.32 KB
Versions: 23
Compression:
Stored size: 1.32 KB
Contents
### 0.0.6 (6/7/2020) #### Features The `oauth_jwt` feature now supports JWT Secured Authorization Request (JAR) (see https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-20). This means that client applications can send the authorization parameters inside a signed JWT. The client applications keeps the private key, while the authorization server **must** store a public key for the client application. For encrypted JWTs, the client application should use one of the public encryption keys exposed in the JWKs URI, to encrypt the JWT. Remember, **tokens must be signed then encrypted** (or just signed). ###### Options: * `:oauth_application_jws_jwk_column`: db column where the public key is stored; since it's stored in the JWS format, it can be stored either as a String (JSON-encoded), or as an hstore (if you're using postgresql); * `:oauth_jwt_jwe_key`: key used to decrypt the request JWT; * `:oauth_jwt_jwe_public_key`: key used to encrypt the request JWT, and which will be exposed in the JWKs URI in the JWK format; #### Improvements * Removing all `_param` options; these defined the URL params, however we're using protocol-defined params, so it's unlikely (and undesired) that these'll change. * Hitting the revoke endpoint with a JWT access token returns a 400 error; #### Chore Removed React Javascript from example applications.
Version data entries
23 entries across 23 versions & 1 rubygems