Allow cookie_session authentication to have configurable Method for request to the check_session_url #381
Hierarchic scope strategy not working for OAuth2 Introspection authn #377
README.md: Broken link to Envoy configuration page + missing link to AWS API Gateway #374
What is the format for the AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_REQUEST_HEADERS environment variable in OathKeeper? #366
High Latency with id\_token mutator and RS256 keys #364
Log specified http request headers #360
Can't override authenticators.oauth2\_introspection.config.from\_token value from config file in API Access Rules file #359
Clean up docker compose file #324
Url matching should be available in authenticators #205

Merged pull requests:

fix(mutator/id_token): fix token expiration error in tests #390 (kaorimatz)
feat(authz): Add remote_json authorizer #389 (kaorimatz)
chore: bump ory/x to have csv parsing for env vars #388 (zepatrik)
repository_memory: Add rule id to malformed configuration error #386 (hefekranz)
chore: moved WatchAndValidateViper to viperx #384 (zepatrik)
docs: Updates issue and pull request templates #382 (aeneasr)
fix: Don't send scope with OAuth2 introspection request #379 (tleef)
feat: Enable tracing #376 (ptescher)
fix: Update README.md to fix #374 #375 (tricky42)
fix: disable test that fails with low cache hit rate #372 (aeneasr)
feat: oauth intsropsection configurable timeout #370 (pike1212)
Fix: link to Developer Install Guide #369 (jaredpreston)
fix: Improve id_token performance with caching #367 (aeneasr)
fix: Load config file only in serve command #365 (aeneasr)
fix(config.schema.json): fixed examples for some keys #363 (zepatrik)
Docker compose cleanup #325 (KarthikNayak)

v0.36.0-beta.2 (2020-02-14)

Full Changelog

v0.36.0-beta.3 (2020-02-14)

Full Changelog

v0.36.0-beta.4 (2020-02-14)

Full Changelog

v0.36.0-beta.1 (2020-02-05)

Full Changelog

Closed issues:

Implement additional matching strategies and use negative lookahead regex #321

Merged pull requests:

ci: Bump orb versions #356 (aeneasr)
docs: Updates issue and pull request templates #355 (aeneasr)
feat(ci): Add nancy vuln scanner #354 (aeneasr)
#321 #334 (ayzu)

v0.35.5-beta.2 (2020-01-31)

Full Changelog

v0.35.5-beta.1 (2020-01-27)

Full Changelog

Merged pull requests:

Hash enabled check to further improve performance #353 (ecktom)
ci: Bump sdk orb #352 (aeneasr)

v0.35.4-beta.1 (2020-01-26)

Full Changelog

Merged pull requests:

Update release pipeline and tests #351 (aeneasr)

v0.35.3-beta.1 (2020-01-26)

Full Changelog

Fixed bugs:

High latencies #346

Closed issues:

Support for TLS certificate authentication #347

Merged pull requests:

Use integer instead of number in config JSON schema #350 (aeneasr)
ci: Bump ory/sdk orb and Go version #349 (aeneasr)
Cache config to improve latencies #348 (ecktom)
Set min/max for port range in config JSON Schema #345 (aeneasr)
Fix profiling env variable not being picked up #343 (ecktom)
docs: Updates issue and pull request templates #341 (aeneasr)

v0.35.1-beta.1 (2020-01-14)

Full Changelog

Merged pull requests:

ci: Move to goreleaser orb #338 (aeneasr)

v0.35.0-alpha.1 (2020-01-13)

Full Changelog

v0.35.0-beta.1 (2020-01-13)

Full Changelog

Closed issues:

support the cookie as token source (token_from) for JWT authenticator #330
oathkeeper-maester start failed #327

Merged pull requests:

Update upgrade guide #337 (aeneasr)
authn/cookie_session: Add subject_from modifier #336 (aeneasr)
authn/cookie_session: Add extra_from modifier #335 (aeneasr)
Move to new SDK pipeline #333 (aeneasr)
pipeline/authn: add unit test for token_from->cookie for both jwt and oauth2_introspection authenticators (#330) #331 (ngrigoriev)

v0.34.0-beta.1 (2019-12-26)

Full Changelog

Implemented enhancements:

Provide an endpoint that allows to fetch configuration information #131
Add WWW-Authenticate Header on 401 #119
TLS Termination 'X-Forwarded-Proto' #95

Closed issues:

cookie_session authenticator masks 401 errors #298
Customizable on unauthenticated, forbidden, route not found, and other error handlers #284
[Feature Request] Changing the default oathkeeper error message #252
Unify access rule-level and global config #241

Merged pull requests:

pipe/err: Improve IP and MIME matching #323 (aeneasr)
Add customizable error handlers #322 (aeneasr)

v0.33.1-beta.1 (2019-12-18)

Full Changelog

Fixed bugs:

Loading ENV vars still not working #305

Closed issues:

Replace the base image with alpine #312
token_from required for oauth2_introspection but ignores "seperated" values #308
Allow path in cookie\_session.check\_session\_url to be used #296
Remote audit log #242

Merged pull requests:

Properly merge env vars into pipeline configs #320 (aeneasr)
cmd: Add health check commands #319 (tleef)
Switch to alpine Docker base-image #318 (aeneasr)
Add more details to decision logging #316 (aeneasr)
authn: Improve session endpoint debugability #315 (aeneasr)
cmd: Health endpoints now emit TRACE logs #314 (aeneasr)
rule: Resolve matcher cache #313 (aeneasr)
Use default logic if header is Authorization #311 (pike1212)

v0.33.0-beta.1 (2019-12-16)

Full Changelog

Implemented enhancements:

Extend JWT authenticator per rule config with global config #255

Fixed bugs:

Missing Content-type #289
Should not fatal when rule configmap changes #229

Closed issues:

Bug in documentation #309
Decisions API works? #306
Error: unknown command "migrate" for "oathkeeper" #294

Merged pull requests:

Update documentation banner image #307 (jfcurran)
allow specifying additional headers for the oauth introspection request #302 (paulbdavis)
add cookie as an option for oauth2_introspection authenticator #301 (paulbdavis)
add preserve_path option for cookie session to not override the path #297 (paulbdavis)
pipeline/mutator: Refactor hydrator retry config #287 (aeneasr)

v0.32.1-beta.1 (2019-10-30)

Full Changelog

Implemented enhancements:

Remove the need for outbound internet connection from Oathkeeper #234

Fixed bugs:

vendor: Update ory/x/viperx dependency #285 (aeneasr)

Closed issues:

[Helm chart] Quick changes #278
Env vars for jwks_url in id_token mutator not working in versions >v0.19.0-beta.1 #276
missing release assets in release v0.19.2-beta.1+oryOS.12 #275
Env vars for client ID/secret in oauth2_introspection don't work anymore in v0.19.0-beta.1 #270

Merged pull requests:

authz: Add Content-Type header in the call to Keto #290 (Sbou)
Auto-kill test runner after 10 retries #286 (aeneasr)
Dereference config schema and resolve issues #282 (aeneasr)

v0.32.0-beta.1 (2019-10-20)

Full Changelog

v0.31.0-beta.1 (2019-10-20)

Full Changelog

Implemented enhancements:

Version access rules #266
rule: Add migration capabilities #268 (aeneasr)

Fixed bugs:

Client Credentials Authenticators not compatible with Hydra? #260
"jwt" authenticator returns 403 instead of 401 #256

Closed issues:

Access-rules conversion error. #274
The configuration is invalid and could not be loaded. #273
Update mutators in documentation #261
Support fully both Oauth & JWT authenticator in access rule #257

Merged pull requests:

Support alternative token location #271 (kubadz)
authn: Force auth style in oauth2 client credentials authn #267 (aeneasr)
fix #256: change error code from 403 to 401 #259 (ngrigoriev)

v0.19.0-beta.1 (2019-09-23)

Full Changelog

Closed issues:

Keto engine doesn't build correctly the payload to call keto for URL with query parameters #250
Mutator: unrecognized by oathkeeper (v0.17.5) #248
Mutator issuing JWT with custom claims #228

Merged pull requests:

Resolve broken tests #262 (aeneasr)
Homogenize configuration management #258 (aeneasr)
Fix #250: Ignore query parameters to build payload for Keto engine #251 (GuillaumeSmaha)

v0.18.0-beta.1 (2019-08-22)

Full Changelog

Merged pull requests:

ID Token Custom Claims #246 (aeneasr)
docs: Updates issue and pull request templates #245 (aeneasr)
Add mutator for modifying authenticationSession with external API #240 (kubadz)
docs: Updates issue and pull request templates #239 (aeneasr)
docs: Updates issue and pull request templates #238 (aeneasr)
docs: Updates issue and pull request templates #237 (aeneasr)
doc: Add adopters placeholder #236 (aeneasr)
support multiple mutators #233 (jakkab)

v0.17.4-beta.1 (2019-08-09)

Full Changelog

Merged pull requests:

Add sprig template library #235 (hypnoglow)
docs: Updates issue and pull request templates #232 (aeneasr)

v0.17.3-beta.1 (2019-08-03)

Full Changelog

Fixed bugs:

rule: Resolve k8s configmap reload issue #231 (aeneasr)

v0.17.2-beta.1 (2019-08-02)

Full Changelog

Closed issues:

Panic on rolling update in Kubernetes #224
Helm chart for oathkeeper #186

Merged pull requests:

rules: Support kubernetes configmap reloading #230 (aeneasr)
docs: Updates issue and pull request templates #226 (aeneasr)

v0.17.1-beta.1 (2019-07-23)

Full Changelog

Merged pull requests:

Fix panic on send on closed channel #225 (hypnoglow)

v0.17.0-beta.1 (2019-07-18)

Full Changelog

Implemented enhancements:

Add file watcher for access rules #216
Add file watcher for config file #215

Merged pull requests:

ci: Automate schema confiugration sync #222 (aeneasr)
Validate Configuration with JSON Schema #220 (aeneasr)
cmd: Do not fatal when immutable value is changed #218 (aeneasr)
Watch configuration and access rule changes #217 (aeneasr)
Add support for rules in YAML format #213 (hypnoglow)

v0.16.0-beta.5 (2019-06-28)

Full Changelog

Closed issues:

Unable to build docker image on linux #207
Always return 404 when used with Ambassador Auth Service #199

Merged pull requests:

Add description into the name of subtest #212 (minchao)
Add cookie session authenticator #211 (alexdavid)
ci: Update golangci install script #210 (aeneasr)
docker: Use non-root user in image #209 (aeneasr)
Remove binary license #208 (aeneasr)
Update config.yaml #204 (haf)

v0.16.0-beta.4 (2019-05-28)

Full Changelog

Merged pull requests:

server: Properly declare negroni middleware #200 (aeneasr)
docs: Updates issue and pull request templates #198 (aeneasr)
docs: Updates issue and pull request templates #197 (aeneasr)
docs: Updates issue and pull request templates #196 (aeneasr)

v0.16.0-beta.3 (2019-05-19)

Full Changelog

Implemented enhancements:

Clean up environment variables and throw errors on misconfiguration #140
Missing serve all, both proxy/api using 4455 #122

Closed issues:

json: cannot unmarshal string into Go value #183
Oathkeeper (v0.14.2_oryOS.10) returning empty reply on slow/long distance database calls #178
Moving forward with ORY Oathkeeper #177
Replace ORY Hydra JWK fetcher with local strategy and storage #174
Support multiple JWKS URL in oathkeeper config rather than environment variable #168
Move to new configuration management #164
Do not disable filters, instead show decent error messages on misconfiguration #141
make id_token credential issuer optional #136

Merged pull requests:

ci: Rename job release-docs to docs #193 (aeneasr)
ci: Resolve goreleaser issues #192 (aeneasr)
ci: Update release pipeline #191 (aeneasr)
docs: Updates issue and pull request templates #189 (aeneasr)
install.sh: fix install script #187 (mkontani)
Reduce deployment complexity and refactor internals #185 (aeneasr)

v0.15.2 (2019-05-04)

Full Changelog

Fixed bugs:

Credential issuer config is base64 encoded #182

Merged pull requests:

Fix json encode of config for "credentials_issuer" and "authorizer" during import #184 (stszap)

v0.15.1 (2019-04-29)

Full Changelog

Merged pull requests:

vendor: Add go.sum #180 (aeneasr)

v0.15.0 (2019-04-29)

Full Changelog

Implemented enhancements:

Adopt new Keto SDK #172

Closed issues:

Forward all auth* headers in judge mode #166
Move to go-swagger client #165
Unable to install oathkeeper CLI #161
Using Oathkeeper - External Consumer App #158
Allow multiple rules for one URL #157
CORS Not working as expected #151
keto_engine_acp_ory not working with oryOS10 #150
Update README building-from-source part with the gomodule way #149
required_scope of authenticator validate only scope claim and not scp claim #138

Merged pull requests:

docker: Remove full tag from build pipeline #179 (aeneasr)
sdk: Remove sdk dependencies to keto/hydra #173 (aeneasr)
ci: Adopt new release pipeline #171 (aeneasr)
sdk: Move to go-swagger SDK code generation #170 (aeneasr)
judge: Set request headers for credential issuers #169 (aeneasr)
Update dependencies #163 (aeneasr)
proxy: Use scp,scope,scopes in jwt authenticator #162 (aeneasr)
ci: Resolve CI build issue #160 (aeneasr)
Ensure rule matcher is locked before updating #159 (jtescher)
proxy: improve debugability of JWT authenticator #156 (aeneasr)
issue #149 - Update README building-from-source part with the gomodul… #152 (pink-lucifer)

v0.14.2+oryOS.10 (2018-12-13)

Full Changelog

Merged pull requests:

ci: Fix docker push arguments in publish task #148 (aeneasr)

v0.14.1+oryOS.10 (2018-12-13)

Full Changelog

Merged pull requests:

ci: Fix docker release task #147 (aeneasr)

v0.14.0+oryOS.10 (2018-12-13)

Full Changelog

Closed issues:

Moving forward with this project's versioning #130
Add OPA authorizer #98

Merged pull requests:

vendor: Update keto to latest #146 (aeneasr)
proxy: Update to recent keto changes #145 (aeneasr)
docs: Update documentation links #144 (aeneasr)
docs: Align changelog, upgrade with new versions #143 (aeneasr)
docs: Fix proxy help command description #142 (aeneasr)
Ignore query parameters when matching url in rules. #139 (stszap)
Support "scope" claim as a string in jwt authenticator #137 (stszap)
docs: Improve some docs and update SDK #135 (aeneasr)
Add environment parameters (and description) to configure proxy server timeout settings #132 (7phs)
Make subject configurable using go template #129 (lsjostro)
docs: Updates issue and pull request templates #127 (aeneasr)
docs: Updates issue and pull request templates #126 (aeneasr)
cmd: TLS environment variables #124 (fredbi)
docs: Fix typo in README. #118 (ddunkin)

v0.13.9+oryOS.9 (2018-11-14)

Full Changelog

Implemented enhancements:

proxy: Add JWT authenticator #109 (aeneasr)
cmd: Disable cors per default #107 (aeneasr)

Fixed bugs:

proxy: Improve compatibility with ORY Hydra 1.0.0-beta.8 #108 (aeneasr)

Merged pull requests:

cmd: Properly document JWT refresh #117 (aeneasr)
cmd: Enables TLS option on serve api #116 (fredbi)
Prepare beta.9 release #115 (aeneasr)
Aligned TLS options with hydra: allow cert&key to be specified with file #114 (fredbi)
Improve integration tests #113 (aeneasr)
cmd: Remove config flag #111 (aeneasr)
(fix) Typo in checkResponse function print message #106 (devprincess)
proxy: add cookies ci to handler factory #103 (zikes)
proxy: add cookies credentials issuer #102 (zikes)
Headers Credentials Issuer #100 (zikes)