Features
- proto: pass the
scopeparameter as returned from the token endpoint in theOIDC_scopeheader/environment variable and make it available forRequire claim scope:purposes, if not available as a claim returned in theid_tokenoruserinfoendpoint; thanks Amaury Buffet
Bugfixes
- metadata: fix parsing the OPs
token_endpoint_auth_methods_supportedand avoid the log error:
oidc_metadata_provider_parse: oidc_provider_token_endpoint_auth_set: invalid value
and falling back toclient_secret_basicafter that; thanks François Kooman - fix memory leaks when using provider specific client keys and/or
signed_jwks_uri_keyin.a multi-provider setup; thanks Sami Korvonen - allow for regular Apache processing (e.g. setting response/security headers) by deferring HTML/HTTP output generation to the content handler (instead of user id check handler) for the following use cases:
OIDCProviderAuthRequestMethod POSTOIDCPreservePost On(both internal and template-based)- POST page for the implicit grant type
- Request URI handler
- internally generated POST logout page
- session management RP iframe
- session management logout HTML top-window redirect page
Commercial
- binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, and IBM AIX 7.x are available under a commercial agreement via sales@openidc.com
- support for Redis/Valkey over TLS, Redis/Valkey (TLS) Sentinel, and Redis/Valkey (TLS) Cluster is available under a commercial license via sales@openidc.com