CHANGELOG.md · 0f4cff5e593192ca76b8258eae9919f4c6c640f6 · m-team / oidc / mytoken / server · GitLab

Snippets Groups Projects

1 year ago
0f4cff5e

[web] improve JWT badge in tokeninfo pane · 0f4cff5e
Gabriel Zachmann authored 1 year ago

Verified
0f4cff5e

History

[web] improve JWT badge in tokeninfo pane
Gabriel Zachmann authored 1 year ago

To find the state of this project's repository at the time of any of these versions, check out the tags.

  CHANGELOG.md  18.96 KiB 
  
   
Edit single file  
              Edit this file only.
            
 
         















mytoken 0.10.0

Enhancements
In the tokeninfo pane in the webinterface expires JWTs now get a more precise badge.


mytoken 0.9.1

Enhancements
Improfile includes handling in the webitnerface restrictions editor.


Dependencies
Bump golang.org/x/oauth2 from 0.15.0 to 0.17.0
Bump golang.org/x/crypto from 0.17.0 to 0.19.0
Bump golang.org/x/mod from 0.14.0 to 0.15.0
Bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.9.0
Bump github.com/gofiber/template/mustache/v2 from 2.0.7 to 2.0.8
Bump github.com/lestrrat-go/jwx from 1.2.27 to 1.2.28
Bump github.com/gofiber/fiber/v2 from 2.51.0 to 2.52.0
Bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0
Bump github.com/valyala/fasthttp from 1.51.0 to 1.52.0
Bump github.com/coreos/go-oidc/v3 from 3.8.0 to 3.9.0
Bump github.com/gliderlabs/ssh from 0.3.5 to 0.3.6
Bump github.com/go-resty/resty/v2 from 2.10.0 to 2.11.0
Bump golang.org/x/term from 0.15.0 to 0.17.0


mytoken 0.9.0

Changes
Changed the tokeninfo history api when used with a mom_id, now multiple mom_ids can be passed in a single
request. Also, the response now contains the mom_id in the entry object.


Features
Added experimental support for OpenID Connect federations
Added "Guest mode" to try mytoken out without using a real OP


API
Added mom_id parameter to tokeninfo introspection response
Added mom_id parameter to mytoken responses


Enhancements
Webinterface: Improved the title / placeholder for the hosts restrictions key in the GUI editor to make it more
clear that also subnets can be used.
Webinterface: Changed the login provider selector and added search functionality
Webinterface: Improved (re-)discovery of mytoken configuration
Webinterface: Fixed a problem with scope discovery if there was no OP selected.
Profiles: Improved / Fixed includes in especially restrictions when includes involve arrays.


Bugfixes
Finally fixed a problem with database times when the database was not set to UTC.
Fixed a bug where sometimes a 'state mismatch' occured


Dependencies
Bump golang.org/x/mod from 0.11.0 to 0.14.0
Bump golang.org/x/oauth2 from 0.9.0 to 0.15.0
Bump golang.org/x/term from 0.9.0 to 0.15.0
Bump golang.org/x/crypto from 0.10.0 to 0.16.0
Bump golang.org/x/net from 0.14.0 to 0.17.0
Bump github.com/valyala/fasthttp from 1.47.0 to 1.51.0
Bump github.com/gofiber/fiber/v2 from 2.49.1 to 2.51.0
Bump github.com/gofiber/template/mustache/v2 from 2.0.4 to 2.0.7
Bump github.com/lestrrat-go/jwx from 1.2.26 to 1.2.27
Bump github.com/redis/go-redis/v9 from 9.1.0 to 9.3.0
Bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0
Bump github.com/go-resty/resty/v2 from 2.7.0 to 2.10.0
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
Bump github.com/coreos/go-oidc/v3 from 3.6.0 to 3.8.0


mytoken 0.8.1

Enhancements
Improved returned transfercodes (do not include l and I)


Bugfixes
Fixed wrong (negative) expires_at time returned in tokeninfo for tokens without expiration
Fixed response if token revocation call does not contain token


Dependencies
Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
Bump golang.org/x/term from 0.8.0 to 0.9.0
Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26
Bump golang.org/x/crypto from 0.9.0 to 0.10.0
Bump golang.org/x/mod from 0.10.0 to 0.11.0
Bump github.com/gofiber/template from 1.8.1 to 1.8.2
Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0
Bump github.com/gofiber/fiber/v2 from 2.46.0 to 2.47.0


mytoken 0.8.0

Features
Added support for RFC8707 for requesting audience restricted ATs


Changes
Default behavior for requesting audience restricted ATs is now according to RFC8707; the previous behavor can be
configured with these options:

audience:
  use_rfc8707: false
  request_parameter: "audience"
  space_separate_auds: true



API
When creating a mytoken from a mytoken and it is returned as a transfer code the response now contains the
mom_id of the created mytoken.


Bugfixes
Fixed a bug where wrong dates where returned if the database used a different timezone than UTC.
Fixed a bug in mytoken-migratedb were empty databases could not be setup.


Security Fixes
Replaced the uuid library; the old library had a security flaw CVE-2021-3538


Dependencies
Bump golang.org/x/term from 0.5.0 to 0.8.0
Bump github.com/valyala/fasthttp from 1.44.0 to 1.47.0
Bump golang.org/x/net from 0.6.0 to 0.7.0
Bump golang.org/x/crypto from 0.6.0 to 0.9.0
Bump golang.org/x/oauth2 from 0.5.0 to 0.8.0
Bump golang.org/x/mod from 0.8.0 to 0.9.0
Bump github.com/gofiber/helmet/v2 from 2.2.24 to 2.2.25
Bump github.com/gofiber/template from 1.7.5 to 1.8.0
Bump github.com/gofiber/fiber/v2 from 2.42.0 to 2.46.0
Bump github.com/pires/go-proxyproto from 0.6.2 to 0.7.0
Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1
Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
Bump github.com/coreos/go-oidc/v3 from 3.5.0 to 3.6.0
Replaced github.com/satori/go.uuid with github.com/gofrs/uuid


mytoken 0.7.2

Bugfixes
Fixed a bug in the webinterface where the metadata discovery was broken.


mytoken 0.7.1

Bugfixes
Fixed a bug in the webinterface with the local storage that caused problems with outdated discovery information
Fixed a bug in the webinterface where the Expand Collapse buttons (e.g. in the consent screen) got the wrong text.


mytoken 0.7.0

Features
Webinterface has option to show event history for other mytokens in mytoken list.
Webinterface has a new option in the tokeninfo pane to create a new mytoken with the same properties.
Added server side profiles and templates
Can be used in the API, i.e. mytoken requests can include profiles, the capability, restrictions, and rotation
claims can use templates
Can be used in the webinterface



Enhancements
Improved responsiveness of webinterface
Expired mytokens are now greyed-out in webinterface mytoken list
The database auto-cleanup now only removes mytokens expired more than a month ago.
This allows expired tokens to be shown in a mytoken list for extended periods.
This also allows to obtain history for expired tokens (by using a mytoken with the manage_mytokens:list
capability) for a longer time.
Mytokens are still directly deleted when revoked.

Requests from private IPs (e.g. from within the same entwork where the server is located) are now geolocated to
the country where the server stands.
The 'Create Mytoken' tab in the webitnerface now supports an r query parameter that takes a base64 encoded
request from which the form is prefilled.
This allows 'create-a-mytoken-with-these-properties' links.



API
Added profile endpoint:
Any user can get list of groups
Any user can get profiles, and templates (capabilities, restrictions, rotation) for all the groups
Groups credentials are defined in the config file
With Basic authentication profiles and templates for the authenticated group can be created, updated, and deleted.


Renamed revocation_id to mom_id
Restructured capabilities related to other mytokens
Added possibility to obtain history information for children and other tokens (capability)
Added a name for OPs in the supported_providers of the mytoken configuration endpoint


Bugfixes
Fixed a bug where transfer codes could be used just like a short token (but only while the transfer code did not
expire)


mytoken 0.6.1

API
Changed the restriction ip key to hosts:
Backward compatibility is preserved. The legacy key ip is still accepted.
The hosts entry can contain:
Single ip address
Subnet address
Host name (with or without wildcard)
To compare against this, on request a reverse dns lookup is done for the request's ip address





Enhancements
Location restriction can now be done with host names, not only plain ip addresses, see above for more details.
Webinterface: Added message to tokeninfo after MT creation and TC exchange to indicate that users must copy the
mytoken to persist it.
Improved code quality


Bugfixes
Fixed a bug in the web interface where the scope selection indicator for access tokens where not updated.


Dependencies
Bump go version to 1.19
Bump golang.org/x/mod from 0.5.1 to 0.7.0
Bump golang.org/x/crypto to 0.2.0
Bump golang.org/x/term to 0.2.0
Bump github.com/gofiber/fiber/v2 from 2.37.1 to 2.39.0
Bump github.com/gofiber/helmet/v2 from 2.2.16 to 2.2.18


mytoken 0.6.0

API
Dropped subtoken_capabilities, since the benefit was minimal, but made things more complex
Removed subtoken_capabilities from all API requests and responses
Removed subtoken_capabilities from the mytoken



Enhancements
Added introduction text in the web interface
Session mytoken in web interface no longer uses subtoken_capabilities due to the drop, moved subtoken
capabilities to the session mytoken as capabilities; added rotation on AT requests, added auto revocation


Bugfixes
Fixed a bug where mytokens with the revoke_any_token capabilities could revoke mytokens of other users if they
can get possesion of the revocation_id
Fixed problems in the web interface with restrictions / issuer selection when not logged in.


Dependencies
Bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.4.0
Bump github.com/gofiber/template from 1.6.30 to 1.7.1
Bump github.com/gofiber/fiber/v2 from 2.36.0 to 2.37.1
Bump github.com/valyala/fasthttp from 1.39.0 to 1.40.0
Bump github.com/gliderlabs/ssh from 0.3.4 to 0.3.5
Bump github.com/gofiber/helmet/v2 from 2.2.15 to 2.2.16


mytoken 0.5.4

Bugfixes
Fixed a bug in the webinterface where scope restrictions did not update correctly when not logged in and issuer
changed


mytoken 0.5.3

Bugfixes
Fixed a bug in the webinterface where mytokens could not be created when not logged-in

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog