v3.2.0-beta.2

What's Changed

• two bugs with request param by @paulswartz in #299
• introspection improvements by @paulswartz in #300
• two fixes with client JWK signing by @paulswartz in #302
• Allow to pass url_extension for token retrieval by @maennchen in #303
• Introduce Quirks option to allow unsupported grant types by @maennchen in #304
• Allow to pass body_extension for token retrieval by @maennchen in #305
• feat: document_overrides quirk to patch invalid OIDD files by @paulswartz in #307
• Properly Validate & Cast Token Responses (#306) by @maennchen in #308
• Upgrade @actions/artifact actions by @maennchen in #311
• feat: include config params for PAR, JARM, and DPoP by @paulswartz in #312
• feat: Pushed Authorization Request (PAR) by @paulswartz in #313
• fix(PAR): ensure we don't send duplicate parameters by @paulswartz in #314
• feat: Demonstrating Proof of Posession (DPoP) by @paulswartz in #315
• FAPI2 profile support by @paulswartz in #317
• Update Test Elixir / OTP Versions by @maennchen in #323
• feat: JARM by @paulswartz in #321
• feat: support encrypted ID tokens and Userinfo responses by @paulswartz in #326
• fix(jarm): check encryption/signature before validating claims by @paulswartz in #329
• tls_client_auth by @paulswartz in #328
• Fix typos by @kianmeng in #331
• fix: small fixes for DPoP by @paulswartz in #332
• feat: small features to support ConnectID.com.au profile by @paulswartz in #333
• Bump actions/cache from 3 to 4 by @dependabot in #335
• feat: function to locally validate a JWT by @paulswartz in #330
• feat: profile for mTLS sender-constrained tokens by @paulswartz in #336
• Implement backoff algorithm for configuration worker by @maennchen in #337
• Always refresh keys on empty JWK by @maennchen in #339

New Contributors

• @kianmeng made their first contribution in #331

Full Changelog: v3.1.1...v3.2.0-beta.2

v3.2.0-beta.1

What's Changed

• feat: document_overrides quirk to patch invalid OIDD files by @paulswartz in #307
• Properly Validate & Cast Token Responses (#306) by @maennchen in #308
• Upgrade @actions/artifact actions by @maennchen in #311
• feat: include config params for PAR, JARM, and DPoP by @paulswartz in #312
• feat: Pushed Authorization Request (PAR) by @paulswartz in #313
• fix(PAR): ensure we don't send duplicate parameters by @paulswartz in #314
• feat: Demonstrating Proof of Posession (DPoP) by @paulswartz in #315
• FAPI2 profile support by @paulswartz in #317
• Update Test Elixir / OTP Versions by @maennchen in #323
• feat: JARM by @paulswartz in #321
• feat: support encrypted ID tokens and Userinfo responses by @paulswartz in #326
• fix(jarm): check encryption/signature before validating claims by @paulswartz in #329
• tls_client_auth by @paulswartz in #328
• Fix typos by @kianmeng in #331
• fix: small fixes for DPoP by @paulswartz in #332
• feat: small features to support ConnectID.com.au profile by @paulswartz in #333
• Bump actions/cache from 3 to 4 by @dependabot in #335
• feat: function to locally validate a JWT by @paulswartz in #330
• feat: profile for mTLS sender-constrained tokens by @paulswartz in #336
• Implement backoff algorithm for configuration worker by @maennchen in #337

New Contributors

• @kianmeng made their first contribution in #331

Full Changelog: v3.1.2-beta.1...v3.2.0-beta.1

v3.1.2-beta.1

What's Changed

• two bugs with request param by @paulswartz in #299
• introspection improvements by @paulswartz in #300
• two fixes with client JWK signing by @paulswartz in #302
• Allow to pass url_extension for token retrieval by @maennchen in #303
• Introduce Quirks option to allow unsupported grant types by @maennchen in #304
• Allow to pass body_extension for token retrieval by @maennchen in #305

Full Changelog: v3.1.1...v3.1.2-beta.1

v3.1.1

What's Changed

• fix: don't crash if none is a supported request signing alg by @paulswartz in #297
• Specify minimum OTP26 version requirement in the README.md by @jozuas in #298

New Contributors

• @jozuas made their first contribution in #298

Full Changelog: v3.1.0...v3.1.1

v3.1.0

What's Changed

• Handle optional config parameters in authorization request_object generation by @maennchen in #281
• Introduce Quirks Options by @maennchen in #282
• Call edoc directly from Mix by @maennchen in #283
• Switch to stable erlfmt by @maennchen in #284
• Fix URI composition for relative Issuer URIs without a trailing slash by @maennchen in #286
• fix: application:get_env/2 returns {ok, Value} by @paulswartz in #288
• Provide default for token_endpoint_auth_signing_alg_values_supported by @maennchen in #290
• feat: preferred_auth_methods argument for request_token by @paulswartz in #291
• doc: correct documentation for oidcc_token:access() by @paulswartz in #293
• feat: support Elixir 1.14.4+ by @paulswartz in #294
• fix: support unsigned ID tokens even when JOSE disables them by @paulswartz in #295

New Contributors

• @paulswartz made their first contribution in #288

Full Changelog: v3.0.1...v3.1.0

v3.1.0-beta.2

What's Changed

• Call edoc directly from Mix by @maennchen in #283
• Switch to stable erlfmt by @maennchen in #284
• Fix URI composition for relative Issuer URIs without a trailing slash by @maennchen in #286
• fix: application:get_env/2 returns {ok, Value} by @paulswartz in #288
• Provide default for token_endpoint_auth_signing_alg_values_supported by @maennchen in #290
• feat: preferred_auth_methods argument for request_token by @paulswartz in #291

New Contributors

• @paulswartz made their first contribution in #288

Full Changelog: v3.1.0-beta.1...v3.1.0-beta.2

v3.1.0-beta.1

What's Changed

• Handle optional config parameters in authorization request_object generation by @maennchen in #281
• Introduce Quirks Options by @maennchen in #282

Full Changelog: v3.0.1...v3.1.0-beta.1

v3.0.1

What's Changed

• fix: elixir example variable by @yordis in #273
• Prevent double slashes when concatenating URLs by @maennchen in #277

New Contributors

• @yordis made their first contribution in #273

Full Changelog: v3.0.0...v3.0.1

v3.0.0

What's Changed

• Reword the README by @lburgey in #217
• Fix Config Deadline with cache-control header without max-age by @maennchen in #218
• Stipend Implementation (v3) by @maennchen in #220
• Bump actions/checkout from 3 to 4 by @dependabot in #222
• Fix & Improve JWT / Response Validations by @maennchen in #224
• Link to oidcc_plug in README by @maennchen in #225
• Document Telemetry Events by @maennchen in #226
• Cleanup rebar3 / mix Test Config by @maennchen in #227
• Transform none_alg_used error to Elixir struct by @maennchen in #228
• Simplify Conformance Testing using oidcc_plug by @maennchen in #229
• Support concurrent reads in oidcc_provider_configuration_worker by @maennchen in #234
• Check Issuer on Config Load by @maennchen in #240
• Fix HS256 Key Checking by @maennchen in #241
• Support JWT authorization request parameter by @maennchen in #242
• Support OpenID Dynamic Client Registration by @maennchen in #243
• Support client_secret_jwt & private_key_jwt for token auth by @maennchen in #251
• Handle PKCE method selection by @maennchen in #253
• Add SECURITY.md by @maennchen in #254
• Setup GitHub Actions Package Publish by @maennchen in #255
• Improve Test Coverage by @maennchen in #256
• Format maybe_expr code by @maennchen in #257
• Implement RP Initiated Logout by @maennchen in #258
• Differentiate between authenticated and unauthenticated client contexts by @maennchen in #259
• Improve CI Test Matrix by @maennchen in #260
• Mention certification in README by @maennchen in #261

New Contributors

• @lburgey made their first contribution in #217
• @dependabot made their first contribution in #222

Full Changelog: v1.8.1...v3.0.0

v3.0.0-rc.6

What's Changed

• Improve Test Coverage by @maennchen in #256
• Format maybe_expr code by @maennchen in #257
• Implement RP Initiated Logout by @maennchen in #258

Full Changelog: v3.0.0-rc.5...v3.0.0-rc.6