oidc-agent 4.2.4

oidc-agent 4.2.4

Bugfixes:

• Fixed potential uncontrolled format string

oidc-agent 4.2.3

oidc-agent 4.2.3

Bugfixes:

• Fixed cleanup of tmp directory for oidc-agent-service; in 4.2.2 we deleted too much

oidc-agent 4.2.2

oidc-agent 4.2.2

Bugfixes:

• Fixed cleanup of tmp directory for oidc-agent-service
• Fixed typo that could cause a wrongly formatted error message

Other

• Fixed a typo
• Fixed cast warning on libmicrohttpd >= 0.9.71

oidc-agent 4.2.1

oidc-agent 4.2.1

Enhancements

• Encoding spaces printed authorization url, so it can be easily opened.

Bugfixes

• Fixed problems on MacOS where automatic url opening did not work.

oidc-agent 4.2.0

oidc-agent 4.2.0

RPMs for various distributions are now available at: http://repo.data.kit.edu/

RPMS for Fedora 34 are attached to this release.

Features

• Add option to encrypt account config file through gpg agent with an existing gpg key instead of using an encryption
  password
  • This feature comes very handy for accounts where the refresh tokens changes often (but can be used with any
    account configuration file)
  • To use gpg encryption when creating a new account include the --gpg=<key_id> option to your oidc-gen call
  • To update an existing account configuration to use gpg encryption run oidc-gen -u <shortname> --gpg=<key_id>
• Add Auto-re-authentication feature: When oidc-agent discovers that a refresh token expired it automatically triggers
  a re-authentication flow.

API

• IPC-API:
  • The error response for an Access Token Request now might contain an info field. If present this field contains a
    formatted help message that gives instructions to the user how the problem can most likely be solved. Applications
    should display this message to the user if it is present.
• The C library liboidcagent4 now has functions that return an agent_response that on error include the error and
  the help message. For details see https://indigo-dc.gitbook.io/oidc-agent/api/api-c#error-handling
• The go and python libraries have been adapted to support the help message. For details refer to:
  • https://indigo-dc.gitbook.io/oidc-agent/api/api-go
  • https://indigo-dc.gitbook.io/oidc-agent/api/api-py#error-handling

Enhancements

• Now using libqrencode to print a QR code when using the device flow; instead of using qrencode only if already
  installed.
• Token revocation can now handle cases where there must be provided a client_id in the request.

Bugfixes

• Fixed a bug where an error message was printed even tough no error occurred when oidc-gen tried to read a tmp file
  from oidc-agent and oidc-gen could not connect to agent.
• Fixed bug on MacOS where command line flags that are aliases would not accept argument
• Excluded .log files from account list
• Fixed bugs where some --pw-* options (mainly --pw-file and --pw-env) where not used by oidc-agent
• Fixed memory leaks in oidc-agent.
• Fixed handling of multiple OIDC flows by oidc-agent.
• Fixed bash completion on bullseye printing deprecation message
• Fixed potential TOCTOU filesystem race condition

Dependencies

• Now (directly) depending on libqrencode instead of optionally using qrencode binary.

oidc-agent 4.1.1

OpenID Provider

• Fixed scopes for EGI public clients
• Added compute.* scopes for WLCG public client
• Removed https://unity.eudat-aai.fz-juelich.de/oauth2/
• Added public client for B2ACCESS

oidc-agent 4.1.0

oidc-agent 4.1.0

oidc-agent-server

• Support for oidc-agent-server has been dropped.

Features

• Added option to oidc-gen to read the refresh token from environment variable.
• Added option to oidc-gen and oidc-add to read the encryption password from environment variable.
• Added option to oidc-agent to silence pid echo.
• Added option to oidc-agent to obtain env var values as json.
• Added option to oidc-gen to allow account generation without saving it.
• Added oidc-agent-service to easily start, stop, and restart an agent
  throughout a session.

Enhancements

• Improved Xsession integration by using oidc-agent-service.
• Improved unexpected error message when account not loaded.
• Added success message at the end of oidc-gen.
• Public clients are now also read from the oidc-agent directory

Bugfixes

• Fixed compilation issues on modern compilers
• Fixed oidc-agent output on --status if $OIDC_SOCK not set.

Dependencies

• Update cJSON library.

Debian Packaging

We changed the structure of the debian packages. To update run:

sudo apt-get dist-upgrade

oidc-agent 4.0.2

oidc-agent 4.0.2

Bugfixes

• Fixed a json merge conflict when device authorization endpoint was set by user
• Fixed a bug where a message was printed to terminal when using the device flow
  when qrencode was not installed on the user's system

oidc-agent 4.0.1

oidc-agent 4.0.1

Bugfixes

• Fixed a bug in liboidc-agent where getAccessTokenforIssuer never returned.
• Fixed agent forwarding with liboidc-agent.

oidc-agent 4.0.0

oidc-agent 4.0.0

Incompatible Changes

• IPC encryption changed, therefore agents and clients (oidc-gen, oidc-add,
  oidc-token, etc.) must have the same major version to be able to
  communicate. Agent must be restarted after updating!
• Some options were removed from oidc-gen; these options are:
  • --output Splitting client configuration and agent account configuration is
    no longer supported.
  • --qr If qrencode is installed a QR code is automatically printed to the
    terminal.
  • --qrt If qrencode is installed a QR code is automatically printed to the
    terminal.
  • --split-config Splitting client configuration and agent account configuration is
    no longer supported.
  • --clients Splitting client configuration and agent account configuration is
    no longer supported.

Features

• Add option --only-at to obtain AT through oidc-gen without creating an
  account configuration.
• Add oidc-agent-server an oidc-agent version that can run as a central
  server.
• oidc-add can now load locally existing configurations to a remote
  oidc-agent-server.
• oidc-token can also be used to obtain tokens from a remote
  oidc-agent-server.
• oidc-gen can now be used completely non-interactive
• Add --pw-file option to read decryption password from file
• Allow users to rename accounts.
• Add status command to oidc-agent to get information about the currently
  running agent.
• Add possibility to easily force a new AT through oidc-token.

API

• Add encryption to liboidc-agent (now depends on libsodium).
• Also add encryption to the go and python library.
• The libraries now automatically support obtaining tokens from a remote
  oidc-agent-server.

Enhancements

• User can now choose between cli and gui prompts (or none for oidc-gen).
• Add several new options for passing information to oidc-gen.
• When the 'max' keyword is used for scopes and a public client is used,
  this now uses the maximum scopes for that public client, not the issuer.
• Change how the symmetric key is derived in ipc communication to be able
  to support ipc encryption with golang lib.
• On default cnid (oidc-gen) is set to the hostname; so the hostname is
  included in the client name.
• Improve password prompt on autoload.
• Improve bash completion of oidc-gen short options.
• Delete oidc client when deleting agent configuration.
• Write temporary data to oidc-agent instead of tmp file.

Bugfixes

• Fix a possible conflict between the application type 'web' and custom
  scheme redirect uris.
• Fix bug where oidc-gen would use a public client instead of aborting when
  generating an account configuration with a shortname that is already
  loaded.
• Fix duplicated output of oidc-agent when redirecting the stdout output.
• Fix segmentation fault in oidc-gen issuer selection when selecting 0
• Fix more segmentation faults.
• Fix memory leaks.

OpenID Provider

• Add public client for aai-demo.egi.eu
• Add aai-demo.egi.eu

Dependencies

• liboidc-agent4 now depends on libsodium.
• Update cJSON library.