CHANGELOG.md



To find the state of this project's repository at the time of any of these versions, check out the tags.


mytoken 0.6.1

API

Changed the restriction ip key to hosts:

Backward compatibility is preserved. The legacy key ip is still accepted.
The hosts entry can contain:

Single ip address
Subnet address
Host name (with or without wildcard)

To compare against this, on request a reverse dns lookup is done for the request's ip address


Enhancements

Location restriction can now be done with host names, not only plain ip addresses, see above for more details.
Webinterface: Added message to tokeninfo after MT creation and TC exchange to indicate that users must copy the
mytoken to persist it.
Improved code quality


Bugfixes

Fixed a bug in the web interface where the scope selection indicator for access tokens where not updated.


Dependencies

Bump go version to 1.19
Bump golang.org/x/mod from 0.5.1 to 0.6.0
Bump github.com/gofiber/fiber/v2 from 2.37.1 to 2.38.1
Bump github.com/gofiber/helmet/v2 from 2.2.16 to 2.2.17


mytoken 0.6.0

API

Dropped subtoken_capabilities, since the benefit was minimal, but made things more complex

Removed subtoken_capabilities from all API requests and responses
Removed subtoken_capabilities from the mytoken


Enhancements

Added introduction text in the web interface
Session mytoken in web interface no longer uses subtoken_capabilities due to the drop, moved subtoken
capabilities to the session mytoken as capabilities; added rotation on AT requests, added auto revocation


Bugfixes

Fixed a bug where mytokens with the revoke_any_token capabilities could revoke mytokens of other users if they
can get possesion of the revocation_id

Fixed problems in the web interface with restrictions / issuer selection when not logged in.


Dependencies

Bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.4.0
Bump github.com/gofiber/template from 1.6.30 to 1.7.1
Bump github.com/gofiber/fiber/v2 from 2.36.0 to 2.37.1
Bump github.com/valyala/fasthttp from 1.39.0 to 1.40.0
Bump github.com/gliderlabs/ssh from 0.3.4 to 0.3.5
Bump github.com/gofiber/helmet/v2 from 2.2.15 to 2.2.16


mytoken 0.5.4

Bugfixes

Fixed a bug in the webinterface where scope restrictions did not update correctly when not logged in and issuer
changed


mytoken 0.5.3

Bugfixes

Fixed a bug in the webinterface where mytokens could not be created when not logged-in


mytoken 0.5.2

Bugfixes

Fixed a bug with requesting a consent screen for mytoken requests


mytoken 0.5.1

Enhancements

In the tokeninfo - subtokens pane of the webinterface now only show the subtokens of the token in question,
leaving out the actual token as their parent


Bugfixes

Fixed two bugs in the tokeninfo webinterface when introspecting mytokens issued by another server
Fixed CORS of jwks


mytoken 0.5.0

Features

Trusted web applications can skip the consent screen
Reworked and improved major parts of the web interface:

Consent Screen:

On default a more compressed view is shown, where sections can be expanded if needed.
Displays the content of the application_name parameter if given.
Added possibility for clients to create a consent screen for mytoken-from-mytoken requests


Home Screen:

Replaced the tokeninfo pane with a new one

Removed tokeninfo about the session's mytoken
Added a tokeninfo pane to display tokeninfo for arbitrary mytokens (incl. introspection, history, subtokens)
Added possibility to create a transfer code
Moved the list of mytokens to a separate pane
Improved displaying the tree structure of mytokens
Reversed the token history order


Added "Exchange transfercode" pane, where a transfercode can be exchanged into a mytoken
Some parts can be used without being logged-in


Token Revocation:

Added possibility to revoke a mytoken in the tokeninfo pane
Added possibility to revoke listed tokens in the "My Mytokens" pane and in the "Tokeninfo - Subtokens" pane.


Capabilities:

Simplified the checking of capabilities
Read/Write capabilities are now not split but can be toggled


Create Mytoken:

After creation the mytoken is displayed in the tokeninfo pane, where it can be copied and of course
information about the token is displayed


Settings:

Grant Types:

Include pages of different grant types in this view.
Grant Types can be expanded (collapsed on default).
Link to grant type page that was not clear enough is no longer needed.


API

Added application_name to mytoken requests.
Added token_type to token introspection response.
Added possibility to revoke tokens by revocation_id:

Added new revoke_any_token capability.
Added revocation_id parameter to responses that list tokens.


Enhancements

Admins can adapt the webinterface, i.e. for a custom style


Bugfixes

Fixed a bug in the mytoken webinterface where token introspection did not work on the settings page
Fixed a bug in the mytoken webinterface restrictions editor, where audiences would always be set to zero when
switching from the JSON editor to the GUI editor
Fixed a bug where non-expiring mytokens would be revoked when database cleanup was enabled.
Fixed a bug where the server could potentially crash


Dependencies

Bump github.com/valyala/fasthttp from 1.37.0 to 1.39.0
Bump github.com/gofiber/fiber/v2 from 2.34.0 to 2.35.0
Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
Bump github.com/gofiber/template from 1.6.28 to 1.6.30
Bump github.com/gofiber/helmet/v2 from 2.2.13 to 2.2.15


mytoken 0.4.3

Bugfixes

Fixed a bug where mytokens could not be used with x-www-form-urlencoding
Fixed a bug where x-www-form-urlencoding was not accepted on token revocation endpoint


Dependencies

Bumped github.com/jmoiron/sqlx from 1.3.4 to 1.3.5
Bumped github.com/lestrrat-go/jwx from 1.2.18 to 1.2.23
Bumped github.com/gofiber/template from 1.6.22 to 1.6.27
Bumped github.com/gofiber/helmet/v2 from 2.2.6 to 2.2.12
Bumped github.com/pires/go-proxyproto from 0.6.1 to 0.6.2
Bumped github.com/gofiber/fiber/v2 from 2.26.0 to 2.32.0
Bumped github.com/valyala/fasthttp from 1.33.0 to 1.36.0


mytoken 0.4.2

Bugfixes