release 1.7.3
Features
- added optional support for RFC 7636 "Proof Key for Code Exchange" aka. PKCE; see #320
- ability to disable keepalive from
lua-resty-http
; by disabling keepalive we disable the native connection pool, avoiding errors when dealing with invalid connections; this is specially useful when proxying AJAX requests; see #307; thanks @Dudssource
Bugfixes
- when
unauth_action
ispass
and a token refresh fails the session will get marked as no longer authenticated and a proper error is returned; see #286; thanks @cretzel - no longer echo the URI parameters back on default error page when OIDC provider returns an error in call to
redirect_uri
; see #306; thanks @barrelmaker97 - ensure discovery has been attempted when calling userinfo endpoint
Other