Skip to content

release 1.7.3

Compare
Choose a tag to compare
@zandbelt zandbelt released this 10 Sep 15:26
· 90 commits to master since this release

Features

  • added optional support for RFC 7636 "Proof Key for Code Exchange" aka. PKCE; see #320
  • ability to disable keepalive from lua-resty-http; by disabling keepalive we disable the native connection pool, avoiding errors when dealing with invalid connections; this is specially useful when proxying AJAX requests; see #307; thanks @Dudssource

Bugfixes

  • when unauth_action is pass and a token refresh fails the session will get marked as no longer authenticated and a proper error is returned; see #286; thanks @cretzel
  • no longer echo the URI parameters back on default error page when OIDC provider returns an error in call to redirect_uri; see #306; thanks @barrelmaker97
  • ensure discovery has been attempted when calling userinfo endpoint

Other

  • allow OPM installation with newer lua-resty-http versions; see #279; thanks @GUI
  • fix failed installing dependency lua-resty-jwt;see #327; thanks @kg0r0