Skip to content

Releases: curveball/a12n-server

v0.11.2

30 Dec 16:39
f03b756
Compare
Choose a tag to compare
  • Support for the /.well-known/change-password endpoint, as defined in
    RFC8615.
  • Fixed a bug that could cause the TOTP field to not be rendered, even if it's
    required.
  • Fixed a bug where users weren't getting activated using the "Create user"
    form.

v0.11.1

23 Jan 00:02
8693a05
Compare
Choose a tag to compare
  • Last release broke the OAuth2 authorization endpoint.

v0.11.0

23 Jan 00:02
20fef82
Compare
Choose a tag to compare
  • Support for a new user type: 'group'. Groups can contain users and will in a
    future release allow roles to be created with privileges that can be applied
    to entire groups.
  • TOTP can now be set to 'required', 'optional' and 'disabled' via a server-
    wide flag.
  • OAuth2 access, refresh and authorization code expiry times are now
    configurable.
  • Better design for notifications vs. error messages.
  • It's now possible for an admin to create new users via an API or form.
  • It's now possible to authenticate with the a12nserver via a Bearer token,
    allowing clients to directly call a12nserver APIs.
  • The OAuth2 login flow now also shows the lost password and registration
    links, if they were enabled.

v0.10.2

23 Jan 00:10
0fc9b52
Compare
Choose a tag to compare
  • Fix a small bug in the /introspect endpoint. Successful responses were not
    returning.

v0.10.1

23 Jan 00:10
de56fb7
Compare
Choose a tag to compare
  • Fixed a small CSS layout bug on login.
  • /introspect endpoint now doesn't require login.

v0.10.0

23 Jan 00:10
d33117c
Compare
Choose a tag to compare
  • Added a 'lost password' feature that uses email for validating using
    accounts.
  • The audit log now tracks the 'User agent'.
  • Better autocomplete hints on the login and registration form for password
    managers.

0.4.1

14 Mar 14:17
Compare
Choose a tag to compare
  • refresh_token can now be used without a client secret.
  • authorization_code no longer requires a client secret.
  • authorization_code grant now returns a refresh token.
  • The token endpoint now returns cors headers.

0.4.0

14 Mar 14:17
c02af5b
Compare
Choose a tag to compare
  • Default port is 8531.
  • Added a 'Getting started' guide.
  • Added all database schemas to set up a new server.
  • The password grant type is now supported.
  • Refreshing tokens now works.
  • The allowed_grant_types is now actively enforced for every client.
  • Returning correct OAuth2 error responses for more internal errors.