release 1.6.0
- refer to updated
lua-resty-jwt
that supports OpenSSL 1.1.x ; see: #162; thanks @cdbattags - when refreshing tokens the
id_token
is now refreshed as well (if included inside the token response); see #158; thanks @grrolland - add
Cache-Control: no-cache
header to authorization requests to avoid replays of state/nonce; see zmartzone/mod_auth_openidc#321