Skip to content

Release Notes

What's New in Version 3.1.4#

New Features#

  • #229 client_secret_expires_at removed from oxd server

  • #215 oxd can now be built without git

  • #214 scopes variable is now scope to align with oxAuth changes

  • #213 access_token validation skipped when protect_commands_with_access_token=false

  • #205 oxd API scope changed from uma_protection to oxd

  • #202 Client secret removed from logs

  • #200 Can now pass different names for setup client and normal client with setup_client command

  • #199 Script to print oxd_id entry details created

  • #197 client_token_endpoint_auth_signing_alg parameter added during registration

  • #184 If id_token doesn't have at-hash claim, access_token validation is skipped with a warning in the logs

  • #179 postLogoutRedirectUrl now taken from site registration

  • #94 oxd-https-extension: Reuse connection to oxd instead of opening it for each command


  • #212 oxd-https-extension fails with IllegalArgumentException if 403 error occurs

  • #211 In oxd-https-extension, introspect_access_token and introspect_rpt APIs work without access token

  • #208 Some error messages prompt user to the wrong URL

  • #207 oxd throws UMA-related error when working with OP that does not support UMA

  • #206 oxd https sometimes sends error 500 instead of 403

  • #204 autogenerated client name typo fixed

  • #201 If client is created, then update_site run without setting grant-type, oxAuth resets it based on response_type

  • #193 OP host stored as oxd server name

  • #192 Client name is not saved on oxd's side and null is sent to license server

  • #191 oxd throws NullPointerException if expires_in is not returned from token endpoint

  • #186 Command line typo fixed