Version 2.1.0
Fixed
- Handle token expiration when there is no
refresh_token
or no token URL (#39)
Changed
- Restore the
OVERWRITE_REDIRECT_URI
configuration option asOIDC_OVERWRITE_REDIRECT_URI
. - The
redirect_uri
that is generated and sent to the ID provider is no longer forced to HTTPS, because the the OIDC spec is actually only a strong recommendation (#35). You can useOIDC_OVERWRITE_REDIRECT_URI
if you want to force it to HTTPS (or any other URL).