Skip to content
Snippets Groups Projects
Select Git revision
  • dependabot/go_modules/github.com/go-sql-driver/mysql-1.9.1
  • dependabot/go_modules/github.com/redis/go-redis/v9-9.7.3
  • dependabot/go_modules/github.com/coreos/go-oidc/v3-3.13.0
  • prerel default protected
  • master protected
  • dependabot/go_modules/github.com/coreos/go-oidc/v3-3.8.0
  • dependabot/go_modules/golang.org/x/mod-0.14.0
  • dependabot/go_modules/github.com/gofiber/fiber/v2-2.51.0
  • dependabot/go_modules/github.com/valyala/fasthttp-1.51.0
  • dependabot/go_modules/golang.org/x/oauth2-0.15.0
  • dependabot/go_modules/github.com/lestrrat-go/jwx-1.2.27
  • dependabot/go_modules/golang.org/x/term-0.15.0
  • dependabot/go_modules/golang.org/x/crypto-0.16.0
  • dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.1
  • dependabot/go_modules/golang.org/x/crypto-0.15.0
  • dependabot/go_modules/golang.org/x/oauth2-0.14.0
  • dependabot/go_modules/golang.org/x/term-0.14.0
  • dependabot/go_modules/github.com/redis/go-redis/v9-9.3.0
  • dependabot/go_modules/github.com/coreos/go-oidc/v3-3.7.0
  • dependabot/go_modules/github.com/gofiber/fiber/v2-2.50.0
  • v0.10.1
  • v0.10.0
  • v0.9.2
  • v0.9.1
  • v0.9.0
  • v0.8.1
  • v0.8.0
  • v0.7.2
  • v0.7.1
  • v0.7.0
  • v0.6.1
  • v0.6.1-c
  • v0.6.1-b
  • v0.6.1-a
  • v0.6.0
  • v0.5.4
  • v0.5.3
  • v0.5.2
  • v0.5.1
  • v0.5.0
40 results
Blame Permalink
To find the state of this project's repository at the time of any of these versions, check out the tags.
CHANGELOG.md 13.92 KiB

mytoken 0.7.2

Bugfixes

  • Fixed a bug in the webinterface where the metadata discovery was broken.

mytoken 0.7.1

Bugfixes

  • Fixed a bug in the webinterface with the local storage that caused problems with outdated discovery information
  • Fixed a bug in the webinterface where the Expand Collapse buttons (e.g. in the consent screen) got the wrong text.

mytoken 0.7.0

Features

  • Webinterface has option to show event history for other mytokens in mytoken list.
  • Webinterface has a new option in the tokeninfo pane to create a new mytoken with the same properties.
  • Added server side profiles and templates
    • Can be used in the API, i.e. mytoken requests can include profiles, the capability, restrictions, and rotation claims can use templates
    • Can be used in the webinterface

Enhancements

  • Improved responsiveness of webinterface
  • Expired mytokens are now greyed-out in webinterface mytoken list
  • The database auto-cleanup now only removes mytokens expired more than a month ago.
    • This allows expired tokens to be shown in a mytoken list for extended periods.
    • This also allows to obtain history for expired tokens (by using a mytoken with the manage_mytokens:list capability) for a longer time.
    • Mytokens are still directly deleted when revoked.
  • Requests from private IPs (e.g. from within the same entwork where the server is located) are now geolocated to the country where the server stands.
  • The 'Create Mytoken' tab in the webitnerface now supports an r query parameter that takes a base64 encoded request from which the form is prefilled.
    • This allows 'create-a-mytoken-with-these-properties' links.

API

  • Added profile endpoint:
    • Any user can get list of groups
    • Any user can get profiles, and templates (capabilities, restrictions, rotation) for all the groups
    • Groups credentials are defined in the config file
      • With Basic authentication profiles and templates for the authenticated group can be created, updated, and deleted.
  • Renamed revocation_id to mom_id
  • Restructured capabilities related to other mytokens
  • Added possibility to obtain history information for children and other tokens (capability)
  • Added a name for OPs in the supported_providers of the mytoken configuration endpoint

Bugfixes

  • Fixed a bug where transfer codes could be used just like a short token (but only while the transfer code did not expire)

mytoken 0.6.1

API

  • Changed the restriction ip key to hosts:
    • Backward compatibility is preserved. The legacy key ip is still accepted.
    • The hosts entry can contain:
      • Single ip address
      • Subnet address
      • Host name (with or without wildcard)
        • To compare against this, on request a reverse dns lookup is done for the request's ip address

Enhancements

  • Location restriction can now be done with host names, not only plain ip addresses, see above for more details.
  • Webinterface: Added message to tokeninfo after MT creation and TC exchange to indicate that users must copy the mytoken to persist it.
  • Improved code quality

Bugfixes

  • Fixed a bug in the web interface where the scope selection indicator for access tokens where not updated.

Dependencies

  • Bump go version to 1.19
  • Bump golang.org/x/mod from 0.5.1 to 0.7.0
  • Bump golang.org/x/crypto to 0.2.0
  • Bump golang.org/x/term to 0.2.0
  • Bump github.com/gofiber/fiber/v2 from 2.37.1 to 2.39.0
  • Bump github.com/gofiber/helmet/v2 from 2.2.16 to 2.2.18

mytoken 0.6.0

API

  • Dropped subtoken_capabilities, since the benefit was minimal, but made things more complex
    • Removed subtoken_capabilities from all API requests and responses
    • Removed subtoken_capabilities from the mytoken

Enhancements

  • Added introduction text in the web interface
  • Session mytoken in web interface no longer uses subtoken_capabilities due to the drop, moved subtoken capabilities to the session mytoken as capabilities; added rotation on AT requests, added auto revocation

Bugfixes

  • Fixed a bug where mytokens with the revoke_any_token capabilities could revoke mytokens of other users if they can get possesion of the revocation_id
  • Fixed problems in the web interface with restrictions / issuer selection when not logged in.

Dependencies

  • Bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.4.0
  • Bump github.com/gofiber/template from 1.6.30 to 1.7.1
  • Bump github.com/gofiber/fiber/v2 from 2.36.0 to 2.37.1
  • Bump github.com/valyala/fasthttp from 1.39.0 to 1.40.0
  • Bump github.com/gliderlabs/ssh from 0.3.4 to 0.3.5
  • Bump github.com/gofiber/helmet/v2 from 2.2.15 to 2.2.16

mytoken 0.5.4

Bugfixes

  • Fixed a bug in the webinterface where scope restrictions did not update correctly when not logged in and issuer changed

mytoken 0.5.3

Bugfixes

  • Fixed a bug in the webinterface where mytokens could not be created when not logged-in

mytoken 0.5.2

Bugfixes

  • Fixed a bug with requesting a consent screen for mytoken requests

mytoken 0.5.1

Enhancements

  • In the tokeninfo - subtokens pane of the webinterface now only show the subtokens of the token in question, leaving out the actual token as their parent

Bugfixes

  • Fixed two bugs in the tokeninfo webinterface when introspecting mytokens issued by another server
  • Fixed CORS of jwks

mytoken 0.5.0

Features

  • Trusted web applications can skip the consent screen
  • Reworked and improved major parts of the web interface:
    • Consent Screen:
      • On default a more compressed view is shown, where sections can be expanded if needed.
      • Displays the content of the application_name parameter if given.
      • Added possibility for clients to create a consent screen for mytoken-from-mytoken requests
    • Home Screen:
      • Replaced the tokeninfo pane with a new one
        • Removed tokeninfo about the session's mytoken
        • Added a tokeninfo pane to display tokeninfo for arbitrary mytokens (incl. introspection, history, subtokens)
        • Added possibility to create a transfer code
        • Moved the list of mytokens to a separate pane
        • Improved displaying the tree structure of mytokens
        • Reversed the token history order
      • Added "Exchange transfercode" pane, where a transfercode can be exchanged into a mytoken
      • Some parts can be used without being logged-in
    • Token Revocation:
      • Added possibility to revoke a mytoken in the tokeninfo pane
      • Added possibility to revoke listed tokens in the "My Mytokens" pane and in the "Tokeninfo - Subtokens" pane.
    • Capabilities:
      • Simplified the checking of capabilities
      • Read/Write capabilities are now not split but can be toggled
    • Create Mytoken:
      • After creation the mytoken is displayed in the tokeninfo pane, where it can be copied and of course information about the token is displayed
    • Settings:
      • Grant Types:
        • Include pages of different grant types in this view.
        • Grant Types can be expanded (collapsed on default).
        • Link to grant type page that was not clear enough is no longer needed.

API

  • Added application_name to mytoken requests.
  • Added token_type to token introspection response.
  • Added possibility to revoke tokens by revocation_id:
    • Added new revoke_any_token capability.
    • Added revocation_id parameter to responses that list tokens.

Enhancements

  • Admins can adapt the webinterface, i.e. for a custom style

Bugfixes

  • Fixed a bug in the mytoken webinterface where token introspection did not work on the settings page
  • Fixed a bug in the mytoken webinterface restrictions editor, where audiences would always be set to zero when switching from the JSON editor to the GUI editor
  • Fixed a bug where non-expiring mytokens would be revoked when database cleanup was enabled.
  • Fixed a bug where the server could potentially crash

Dependencies

  • Bump github.com/valyala/fasthttp from 1.37.0 to 1.39.0
  • Bump github.com/gofiber/fiber/v2 from 2.34.0 to 2.35.0
  • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
  • Bump github.com/gofiber/template from 1.6.28 to 1.6.30
  • Bump github.com/gofiber/helmet/v2 from 2.2.13 to 2.2.15

mytoken 0.4.3

Bugfixes

  • Fixed a bug where mytokens could not be used with x-www-form-urlencoding
  • Fixed a bug where x-www-form-urlencoding was not accepted on token revocation endpoint

Dependencies

  • Bumped github.com/jmoiron/sqlx from 1.3.4 to 1.3.5
  • Bumped github.com/lestrrat-go/jwx from 1.2.18 to 1.2.23
  • Bumped github.com/gofiber/template from 1.6.22 to 1.6.27
  • Bumped github.com/gofiber/helmet/v2 from 2.2.6 to 2.2.12
  • Bumped github.com/pires/go-proxyproto from 0.6.1 to 0.6.2
  • Bumped github.com/gofiber/fiber/v2 from 2.26.0 to 2.32.0
  • Bumped github.com/valyala/fasthttp from 1.33.0 to 1.36.0

mytoken 0.4.2

Bugfixes

  • Fixed a bug where the webinterface was not updated to use the renamed tokeninfo subtokens action

mytoken 0.4.1

API

  • Changed tokeninfo subtokens action name
  • Added the tokeninfo capability to the default capabilities of a mytoken

Enhancements

  • The tokeninfo capability is now checked by default when creating a mytoken
  • Improved the output in the ssh protocol on bad requests

Bugfixes

  • Fixed tooltip text in webinterface on the book icon of read-only capabilities
  • Fixed a bug where in the webinterface when creating a new mytoken the instructions to go to the consent screen, where still visible after the mytoken was obtained
  • Fixed a bug where the consent screen stopped working after a timeout without displaying any error message
  • Fixed a bug where 404 and other status codes where logged as errors

Dependencies

  • Bumped github.com/gofiber/fiber/v2 from 2.25.0 to 2.26.0
  • Bumped github.com/gofiber/template from 1.6.21 to 1.6.22
  • Bumped github.com/gofiber/helmet/v2 from 2.2.5 to 2.2.6

mytoken 0.4.0

Features

  • Smart Logging: Only log up to a certain log level on default, but on error log everything
  • Added User Settings endpoint
  • Added possibility for user grants: grants that are not enabled on default, but can be enabled / disabled by a user and (might) require additional setup
  • Added ssh user grant:
    • Can be enabled / disabled at the grants endpoint
    • SSH keys can be added, removed, listed at ssh grant endpoint
    • Added ssh keys can be used to obtain ATs, MTs, and other information (e.g. tokeninfo) through the ssh protocol at port 2222
  • Extended capabilities:
    • Some capabilities now have a "path" and "sub"-capabilities, e.g. (tokeninfo includes tokeninfo:introspect and more).
    • Some capabilities have a read only version, e.g. read@settings
    • Some capabilities have been renamed, e.g. (tokeninfo_introspect -> tokeninfo:introspect)

API

  • Changed default redirect type in auth code grant to native

Mytoken

  • Added auth_time to mytoken

Enhancements

  • Added request ids to response header and logging
  • Refactored database; now using stored procedures which should ease database migration
  • Moved automatic cleanup of expired database entries to the database
  • Support symlinks when reading files

Security Fixes

  • Fixed a bug, where mytokens could be created from any mytoken not only from mytokens with the create_mytoken capability.

Bugfixes

  • Fixed a bug where restrictions did not behave correctly when multiple subnets were used
  • Fixed response type on oidc errors on redirect in the authorization code flow
  • Fixed 404 on api paths returning html instead of json

Dependencies

  • Updated various dependencies to the newest version

Other

  • Dropped the mytoken-dbgc tool, now moved to the database

mytoken 0.3.3

Mytoken

  • Added the name of a mytoken to the JWT.

API

  • Don't redirect from /.well-known/openid-configuration to /.well-known/mytoken-configuration. Instead, returning the same content on both endpoints.

Enhancements

  • Removed buttons from webinterface in the tokeninfo tabs. The content now loads directly when switching the tab.
  • Removed most need for CDNs; now self-hosting resources.
  • Added setup of db database and db user to the setup utility.
  • Made Link in the web interface on the create-mytoken page better visible.

Bugfixes

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog