Skip to content

Releases: google/oauth2l

v1.3.2

04 Dec 19:50
7fb0aba
Compare
Choose a tag to compare

What's Changed

  • chore: Update Makefile to support arm64 for darwin and linux by @andyrzhao in #176

Full Changelog: v1.3.1...v1.3.2

v1.3.1

03 Dec 19:55
5ecd939
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v1.3.0...v1.3.1

OAuth2l v1.3.0 Release

19 Jul 20:42
c5870a6
Compare
Choose a tag to compare

This release contains major security updates.

Features added:

  1. 3LO Loopback Flow:
  • Add support for 3LO loopback flow, which redirects the authorization code to a localhost server (managed by OAuth2l) to complete the 3LO flow. This is in contrast with the deprecated 3LO Out-of-band (OOB) flow that required users to manually copy-and-paste the auth code.
  • The 3LO loopback flow is automatically triggered when using a client ID credentials file where redirect_uris is set to "localhost" (this is the default value for credentials file obtained from Google Cloud Console). Furthermore, the browser will be automatically be opened to bring up the consent page (unless this behavior is disabled using the flag "disableAutoOpenConsentPage").
  1. PKCE:
  • Add PKCE (Proof Key Code Exchange) to 3LO flow, which protects against CSRF and authorization code injection attacks.

OAuth2l v1.2.2 Release

03 Aug 21:51
6aa2b5c
Compare
Choose a tag to compare

Features:

  • Support "scope" for self-signed JWT in addition to "audience".

Bug fixes:

  • Support "id_token" and "scope" as token extras and cache these extra token fields correctly.

OAuth2l v1.2.1 Release

30 Jun 17:21
f8ab771
Compare
Choose a tag to compare

Include id_token field in JSON output when applicable.

NOTE: v1.2.1 release does not properly cache id_token field - id_token field will be omitted when oauth2l returns a cached token. For id_token caching support, please use v1.2.2

OAuth2l v1.2.0 Release

18 May 17:27
5b0a501
Compare
Choose a tag to compare

This is a major release containing several new features and bug fixes.

Features added:

  1. Service Account Impersonation:
  • Added "--impersonate-service-account xxx" option to exchange the retrieved User access token with a Service Account access token using Google's IAM Service.
  1. Domain-wide Delegation:
  • Use "--email xxx" option to specify a user email account for domain-wide delegation when authenticating with Service Account credentials.
  1. Exporting gcloud Refresh Token Credentials:
  • Use “--output_format refresh_token” to export a gcloud refresh token credentials JSON when authenticating with 3-legged OAuth. This credentials JSON can subsequently be used for user-based authentication in client libraries.
  1. Replaced “sgauth” module with official “oauth2” library:
  • The “sgauth” module that powered oauth2l was a forked version of the golang “oauth2” library. The feature gaps have been reconciled, and oauth2l will use the official oauth2 library going forward.

OAuth2l v1.1.0 Release

12 Aug 22:54
3eea11c
Compare
Choose a tag to compare

This is a major release containing several new features and bug fixes.

Features added:

  1. STS support:
  • Added "--sts" boolean flag to perform STS token exchange as a final step, converting the fetched OAuth Access Token to STS token. This flag is compatible with oauth and sso auth types, as well as curl and caching.
  • Added "--quota_project" GUAC parameter for use in STS claim.
  1. OAuth2l Playground support:
  • Added "web" command to install and launch an interactive web app version of the OAuth2l tool via local deployment via docker. This feature is currently in experimental phase and will be enhanced in future releases.
  1. Improved handling of expired access tokens in cache:
  • OAuth2l will no longer return expired access tokens from the cache to the user.
  • OAuth2l will automatically refresh expired access token (via refresh token), if the "--refresh" parameter is enabled. This eliminates the hassle of having to redo the authorization flow for 3LO when the access token has expired.

v1.0.2

26 Nov 23:27
Compare
Choose a tag to compare

Functionally equivalent to v1.0.1, but tagged to test and verify the new autobuild system.

OAuth2l v1.0.1 Release

01 Nov 18:16
Compare
Choose a tag to compare

November 2019 Update

Support Go modules

Initial version of Golang with refined interface

05 Aug 20:44
Compare
Choose a tag to compare

July 2019 Update

The oauth2l client has been redesigned to support a richer set of
command-line options. Options such as "scope", "audience", and "email" can
now be specified explicitly in order to avoid ambiguity and mis-use.
Furthermore, several options have been deprecated and/or renamed for clarity:

  • --json is now --credentials
  • --credentials_format is now --output_format
  • --jwt is now --type jwt
  • --sso is now --type sso

Note: The tool maintains backward compatibility with the old option names
and continues to accept implicit options for "scope", "audience", and
"email" based on context. However, please use the new style of explicit
options going forth. Refer to the "Command Options" section for details.

Please check the README file for more information about the usage.