Skip to content

Releases: curveball/a12n-server

v0.18.3

20 Apr 22:37
Compare
Choose a tag to compare
  • updatePassword now supports creating a password without having an
    existing password.

v0.18.2

15 Apr 23:13
1870e4f
Compare
Choose a tag to compare
  • Activating users did not correctly check for "admin" privileges. This is
    now fixed.
  • Added support for PUT on /users/123
  • Allowing users to be activated using the token-exchange API.

v0.18.1

06 Apr 02:56
6e9b4b2
Compare
Choose a tag to compare
  • Url decode the 'href' on the /user/byhref endpoint.
  • Make the 'privilege policy' textarea bigger.

v0.18.0

05 Apr 18:11
6f76fd9
Compare
Choose a tag to compare
  • Added UIs for editing user information. (@mihok)
  • Added preliminary support for JWT bearer tokens (draft-ietf-oauth-access-token-jwt-12).
  • Added a new markdown-based home document, which will be a bit more user-
    friendly for non-devs.
  • Added UI for setting privileges. (@mihok)
  • All secret tokens are now URL-safe and generated non-blocking.
  • Throw a 404 when trying to access the 'active sessions' page for a
    group-principal.

v0.17.2

26 Mar 20:12
Compare
Choose a tag to compare
  • Added a /user/:id/password endpoint. This allows an admin to easily
    change a user's password.

v0.17.1

14 Mar 21:49
027b7db
Compare
Choose a tag to compare
  • updated simplewebauthn dependencies to the latest version.
  • switched to 'indirect' attestation-type by default, allowing anomimized
    attestations to be used.
  • it's now possible to set the value for the cors allow-origin option. by
    default it's enabled, but if cors.alloworigin is supplied, this can be
    overridden.

v0.17.0

11 Mar 20:17
b28d7e7
Compare
Choose a tag to compare
  • Privileges assigned to groups are now inherited by all users who are part of
    that group, allowing the use of groups as 'roles'.
  • Added a /user/by-href/:href endpoint, allowing API clients to look up
    users by their 'identity' like their email address.
  • Added a hasPassword property to each user. This is only visible on 'your
    own' user or if you are an admin.
  • The /token-exchange endpoint for one-time tokes now requires a client_id
    parameter, similar to OAuth2 endpoints.
  • Fixed a number of internal APIs that let people generate passwords for non-
    user principals, or oauth2 credentails for groups. Everything is a bit
    stricter.
  • Internally, 'users', 'apps' and 'groups' are now more often referred to by
    the name 'principal'. Before, these 3 categories of things were also referred
    to as 'user'. This migration is not complete, but it's a big first step.
    Eventually we'll have separate API roots for each of these.

v0.16.0

07 Mar 22:40
e01d9d9
Compare
Choose a tag to compare
  • Added a login.defaultRedirect option. This setting allows an admin to
    specify where users should be redirected to after they log in.
  • Added a 'one time token' API, allowing privileged clients to exchange tokens
    with regular OAuth2 access tokens. This is useful for custom implementations
    of 'lost password' features.
  • Added an 'active sessions' API. This API lists all currently active
    access/refresh tokens for a user.
  • Added an 'access token' endpoint, allowing you to generate a new access
    token if you had an already valid session.

v0.15.5

23 Feb 06:51
bf5577e
Compare
Choose a tag to compare
  • Another re-release to try and make Github npm packages function.

v0.15.4

23 Feb 06:46
bfa767a
Compare
Choose a tag to compare
  • This package is now published on npm under @curveball/a12n-server.