Edit

Release Notes

What's New in Version 4.0#

oxd 4.0 includes architectural changes as well as different bug fixes and improvements:

  • introduced support for swagger 2.0 to oxd (we are planning to move to 3.0 when swagger codegen is ready)
  • socket transport is removed from oxd-server
  • https transport is made as main transport for oxd-server
  • oxd-https-extension module is completely removed
  • all configuration is now in one single yaml file, see sample oxd-server.yml
  • new tests set-up and tear-down based on dropwizard
  • Upgraded dropwizard to latest stable 1.3.1 version
  • Changed oxd commands runner to avoid additional serialization/deserialization which improves performance.

New Features#

Fixes / Enhancements#

  • #347 Do not use PAT to request introspection (avoid exception related to missed uma_protection )

  • #342 Bug : we got post_logout_redirect_uris included into redirect_uris

  • #338 add idTokenSignedResponseAlg and other params to /register-site command

  • #337 oxd has to use newest setScope oxauth-client method otherwise oxauth falls back to all default scopes

  • #334 Add params map to /get-authorization-url api

  • #331 post_logout_redirect_uri is left empty when registering client via oxd

  • #329 oxd: Getting Forbidden : 403 while using lsox script

  • #310 Add client_credentials grant_type automatically to clients registered by oxd

  • #308 GG request : add authorization_redirect_uri parameter support to /get-authorization-url command

  • #305 Return id_token's claims as is in id_token_claims

  • #269 BUG: Getting error in introspect-access-token

  • #261 Return client_name in register_site response

  • #233 Provide swagger based tests (copy of existing tests but based on swagger generated client)

  • #228 Bug : Swagger client returns relative timestamps instead of number of seconds since January 1 1970 UTC

  • #225 Drop "status" from protocol for all commands that was used by sockets. In REST it is covered by HTTP status.

  • #222 Remove license protection in all oxd released branches up to 2.4.4

  • #220 Revise /register-site and /setup-client and check whether we can stick with one single command for registration.

  • #217 During registration we should pass list of post_logout_redirect_uris instead of single value

  • #209 oxd has to catch invalid scope expressions during resource registration

  • #196 Deploy beta oxd-server 3.2.0 and swagger-ui to gluu.org server.

  • #183 Drop jackson 1.x from oxd when oxauth is migrated to jackson 2.x

  • #181 Introduce swagger 2.0 to oxd

  • #180 Client gets deleted from oxd-server after update_site command

  • #155 added better error handling if pre-registered client is added without client_secret

  • #141 Remove oxd_id from setup_client and keep setup_client just for protection access token

  • #130 Enable client to set custom state value