Skip to content

oidc-agent 4.0.0
Compare
Choose a tag to compare
@zachmann zachmann released this 02 Nov 11:03
· 1232 commits to master since this release
v4.0.0
b89449b

oidc-agent 4.0.0

Incompatible Changes

  • IPC encryption changed, therefore agents and clients (oidc-gen, oidc-add,
    oidc-token, etc.) must have the same major version to be able to
    communicate. Agent must be restarted after updating!
  • Some options were removed from oidc-gen; these options are:
    • --output Splitting client configuration and agent account configuration is
      no longer supported.
    • --qr If qrencode is installed a QR code is automatically printed to the
      terminal.
    • --qrt If qrencode is installed a QR code is automatically printed to the
      terminal.
    • --split-config Splitting client configuration and agent account configuration is
      no longer supported.
    • --clients Splitting client configuration and agent account configuration is
      no longer supported.

Features

  • Add option --only-at to obtain AT through oidc-gen without creating an
    account configuration.
  • Add oidc-agent-server an oidc-agent version that can run as a central
    server.
  • oidc-add can now load locally existing configurations to a remote
    oidc-agent-server.
  • oidc-token can also be used to obtain tokens from a remote
    oidc-agent-server.
  • oidc-gen can now be used completely non-interactive
  • Add --pw-file option to read decryption password from file
  • Allow users to rename accounts.
  • Add status command to oidc-agent to get information about the currently
    running agent.
  • Add possibility to easily force a new AT through oidc-token.

API

  • Add encryption to liboidc-agent (now depends on libsodium).
  • Also add encryption to the go and python library.
  • The libraries now automatically support obtaining tokens from a remote
    oidc-agent-server.

Enhancements

  • User can now choose between cli and gui prompts (or none for oidc-gen).
  • Add several new options for passing information to oidc-gen.
  • When the 'max' keyword is used for scopes and a public client is used,
    this now uses the maximum scopes for that public client, not the issuer.
  • Change how the symmetric key is derived in ipc communication to be able
    to support ipc encryption with golang lib.
  • On default cnid (oidc-gen) is set to the hostname; so the hostname is
    included in the client name.
  • Improve password prompt on autoload.
  • Improve bash completion of oidc-gen short options.
  • Delete oidc client when deleting agent configuration.
  • Write temporary data to oidc-agent instead of tmp file.

Bugfixes

  • Fix a possible conflict between the application type 'web' and custom
    scheme redirect uris.
  • Fix bug where oidc-gen would use a public client instead of aborting when
    generating an account configuration with a shortname that is already
    loaded.
  • Fix duplicated output of oidc-agent when redirecting the stdout output.
  • Fix segmentation fault in oidc-gen issuer selection when selecting 0
  • Fix more segmentation faults.
  • Fix memory leaks.

OpenID Provider

  • Add public client for aai-demo.egi.eu
  • Add aai-demo.egi.eu

Dependencies

  • liboidc-agent4 now depends on libsodium.
  • Update cJSON library.
Assets 3
Loading