1.7.1

v1.7.1

Fixed Static Configuration Loading (#63)

1.7.0

Federation (#61)

* Fix CORS header spelling

* Temprarily disable an unreliable test due to bad test setup

* Federation: Implemented Code Flow

* Federation: External User Generation

* Plugin system rewrite

* Federation Integration

* Clients are now loaded via the Plugin API

* YAML is now the default user backend

* Better test setup

* All persistent state is now stored in either /keys or /config

* Removed `import_certfile` option.

This is now possible thanks to a much simpler saving location of /keys/<client_id>.cert

* Automated Setup with Plugins

* Plugin for persistent storage
Uses Postgres

Configuration Defaults are now part of Omejdn

* Plugin Documentation

* Rubocop

* Update Gemfile

* SIOP Implementers Draft Support

* Add missing audience check

* Better internal user selection handling

* Refactoring

* UI improvements

* Per-user consent

* Federation Fixes

* Federation Plugin Documentation

* Self-contained Federation Plugin

* Plugin System: Flow Events

1.6.2

v1.6.2

Update Dependencies (#62)

1.6.1

Fixed missing JWT alg check (#60)

* Fixed missing JWT alg check

* Fixed uninitialized variable

* Updated Rubocop Lint

1.6.0

Client metadata (#57)

* Aligning `clients.yml` with OAuth terminology
using the keys specified in RFC 7591

* Proper Client Authentication

* Show client information on the consent page

* Necessary Client Authentication Methods, Code refactoring, Better Tests

* Adapted Metadata

* Fixes

* Further Bugfixes

* Rubocop

* Respect `response_mode` in error responses (#54)

* Keep track of metadata during auth flows
This addresses issue #55

* Relocate jwks.json
It is not a .well-known endpoint

* OIDC RP-initiated Logout

* Build Server changes

* Test scripts run with `bundle`

* Fix: User now added to authorization cache

* "If You Want Them to RTFM, Make a Better FM"
Let's give it a try

* Uniform rules for scope checks for all auth grants

* Removed unspecified parameters at token endpoint during code flow

* Fixed default client auth method

* Selfmade CORS

* Removed `allowed_origin` configuration option

* Fix pipeline

* Refactoring and dependency management

* Updated main README

* Documentation Updates and Fixes

* Minor Bugfixes

* Default configuration

1.5.1

v1.5.1

Fixed a bug where the issuer as nil in ID Tokens (#53)

1.5.0

Obscure features are obscure (#52)

https://ruby-doc.org/core-3.1.0/Hash.html#method-i-compact-21

1.4.2

What's Changed

• Add Access-Control-Allow-Methods Header by @bellebaum in #45

Full Changelog: v1.4.1...v1.4.2

1.4.1

Bugfixes metadata (#44)

* Fixed Static Metadata Errors

* Dependency update

1.4.0

JAR and PAR (#39)

* Initial implementation of JAR and PAR
(RFC 9101 and 9126)

* Rubocop changes. Increased Limits for Complexity

Reasoning:
OAuth defines a lot of errors to returned to the client upon the first sign of problems.
These are not trivially handled without branches in the program. CyclomaticComplexity
and PerceivedComplexity do however count each occurence of tokens like `||`,`if`, etc.
and throw errors for each function having too many of those.

Why wasn't this a problem so far?
Most error handling was done within blocks of Sinatras `get` or `post` functions,
which do not count as functions.

Why is this a problem now?
As routines get more complicated due to new implemented standards, the code would become
unreadable without implementing some behaviors in their own functions.
Also, we might want to reuse code for some endpoints adressable via both `get` and `post`
in the future.

* RFC 8414 - Metadata implemented

* OAuth/OIDC Auth Flow Error Handling via redirects

* Added support for `fragment` and `form_post` response modes

* Configuration Metadata split to please Rubocop

* Code simplifications

* Require Request URI Registration