mytoken-server 0.4.2

mytoken 0.4.2

Bugfixes

• Fixed a bug where the webinterface was not updated to use the renamed tokeninfo subtokens action

mytoken-server 0.4.1

mytoken 0.4.1

API

• Changed tokeninfo subtokens action name
• Added the tokeninfo capability to the default capabilities of a mytoken

Enhancements

• The tokeninfo capability is now checked by default when creating a mytoken
• Improved the output in the ssh protocol on bad requests

Bugfixes

• Fixed tooltip text in webinterface on the book icon of read-only capabilities
• Fixed a bug where in the webinterface when creating a new mytoken the instructions to go to the consent screen, where
  still visible after the mytoken was obtained
• Fixed a bug where the consent screen stopped working after a timeout without displaying any error message
• Fixed a bug where 404 and other status codes where logged as errors

Dependencies

• Bumped github.com/gofiber/fiber/v2 from 2.25.0 to 2.26.0
• Bumped github.com/gofiber/template from 1.6.21 to 1.6.22
• Bumped github.com/gofiber/helmet/v2 from 2.2.5 to 2.2.6

mytoken-server 0.4.0

mytoken 0.4.0

Features

• Smart Logging: Only log up to a certain log level on default, but on error log everything
• Added User Settings endpoint
• Added possibility for user grants: grants that are not enabled on default, but can be enabled / disabled by a user
  and (might) require additional setup
• Added ssh user grant:
  • Can be enabled / disabled at the grants endpoint
  • SSH keys can be added, removed, listed at ssh grant endpoint
  • Added ssh keys can be used to obtain ATs, MTs, and other information (e.g. tokeninfo) through the ssh protocol at
    port 2222
• Extended capabilities:
  • Some capabilities now have a "path" and "sub"-capabilities, e.g. (tokeninfo includes tokeninfo:introspect
    and more).
  • Some capabilities have a read only version, e.g. read@settings
  • Some capabilities have been renamed, e.g. (tokeninfo_introspect -> tokeninfo:introspect)

API

• Changed default redirect type in auth code grant to native

Mytoken

• Added auth_time to mytoken

Enhancements

• Added request ids to response header and logging
• Refactored database; now using stored procedures which should ease database migration
• Moved automatic cleanup of expired database entries to the database
• Support symlinks when reading files

Security Fixes

• Fixed a bug, where mytokens could be created from any mytoken not only from mytokens with the create_mytoken
  capability.

Bugfixes

• Fixed a bug where restrictions did not behave correctly when multiple subnets were used
• Fixed response type on oidc errors on redirect in the authorization code flow
• Fixed 404 on api paths returning html instead of json

Dependencies

• Updated various dependencies to the newest version

Other

• Dropped the mytoken-dbgc tool, now moved to the database

mytoken-server 0.3.3

Changelog

Mytoken

• Added the name of a mytoken to the JWT.

API

• Don't redirect from /.well-known/openid-configuration to /.well-known/mytoken-configuration. Instead returning the
  same content on both endpoints.

Enhancements

• Removed buttons from webinterface in the tokeninfo tabs. The content now loads directly when switching the tab.
• Removed most need for CDNs; now self-hosting resources.
• Added setup of db database and db user to the setup utility.
• Made Link in the web interface on the create-mytoken page better visible.

Bugfixes

• Fixed the error returned from the server if no capability for a mytoken was provided.
• Fixed PKCE code verifier length.
• Fixed Datetimepicker issues on consent page.
• Fixed response type if an (oidc) error occures on the redirect step of the authorization code flow.
• Fixed a bug where mytokens that are not yet valid could not be created

mytoken-server 0.3.2

Changelog

• fixed password prompt for migratedb

mytoken-server 0.3.1

Changelog

• Fixed dbmigrate issues
• Improved utility binaries

mytoken-server 0.3.0

Features

• Changes to the mytoken
  • Added a version to the mytoken token
  • Added token type 'mytoken'
  • Now using a hash value as the subject
• Added Dockerfiles; mytoken can easily run with swarm
• Added OIDC-compatibility for requesting ATs
  • ATs can be requested using the mytoken as the refresh token in a OIDC refresh flow
• Deployment Configuration
  • Added option to set maximum lifetime of mytokens
  • Added option to disable restriction keys
  • Made request limits configurable
• Changed setup db to new db migration tool
• Added support for token rotation, incl. optional auto revocation
• Added option to set maximum token length when requesting a mytoken

Webinterface

• Added option to create mytoken in the web interface
• Reworked consent screen
• Added possibility to set scopes and audiences when requesting an AT
• Improvements

Enhancements

• Using better cryptographic functions
• Set cookie as secure if issuer uses https, indepent of a potential proxy
• Improved packaging
• Improved code base
• Improved error tracebility

Bugfixes

• Fixed bugs in the webinterface
• Fixed other bugs

OIDC

• Add PKCE support

Dependencies

• Bumped several dependencies

mytoken-server 0.2.0

This is the first released of the mytoken server.
mytoken is under active development and currently not considered stable.

Features

• Obtain mytokens
  • Through authorization code flow
  • Through mytoken
  • Through transfer code
  • Support for native application (polling codes)
• Obtain access tokens
• Tokeninfo
• Token Revocation
• Mytokens as JWT, short token, and transfer code
• Capabilities
• Restrictions

For more information please refer to the documentation

mytoken server 0.1.0

mytoken server 0.1.0

This is the first release of the mytoken server.
mytoken is still under active development and is not yet considered stable.

The first release supports the following important features:

• Super tokens
  • Create from authorization code flow
  • Create from super token
  • JWT, short token, transfer code
  • Restrictions
• Obtain access token from super token
• Token revocation