Current section

Files

Jump to
boruta CHANGELOG.md
Raw

CHANGELOG.md

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [1.2.0]
### Added
- `public_refresh_token` per client configuration allowing to refresh tokens without providing client secret.
- `refresh_token_ttl` per client configuration setting refresh tokens duration (along with `refresh_tokne_max_ttl` :boruta mix configuration).
- `issuer` :boruta mix configuration.
### Fixed
- `boruta.gen.controllers` generated paths in umbrella apps.
- Refreshed tokens has associated access_token scope as default.
- Requests with no client secret won't raise an error.
### Changed
- `invalid_client` do not return neither format, nor redirect_uri in `Boruta.Oauth.Error`.
## [1.1.0]
### Added
- `AuthorizeApplication`, `IntrospectApplication`, `RevokeApplication`, and `TokenApplication` behaviours allowing to implement separatly different OAuth use cases.
- `list_active_tokens` Ecto admin function
- `Boruta.AccessTokensAdapter`, `Boruta.CodesAdapter`, `Boruta.ClientsAdapter`, and `Boruta.ScopesAdapter` encapsulating adapters that are set in configuration.
- `Boruta.Oauth.AuthorizeResponse.redirect_to_url/1` function
- `Boruta.Oauth.Error.redirect_to_url/1` function
- `boruta.gen.controllers` mix task
- `Boruta.Ecto` schemas documentation
### Security
- do not issue access_tokens from other clients refresh tokens
### Fixed
- Internal server errors when no client_id provided to token and refresh_token grants
## [1.0.3] - 2021-07-29
### Security
- Refresh token revocation
## [1.0.2] - 2021-06-29
### Added
- Differents OAuth flows integration guides
## [1.0.1] - 2021-03-10
### Fixed
- Migration fix generated by `mix boruta.gen.migration` task
### Added
- Documentation
## [1.0.0] - 2021-03-10