<!-- Template: -->
<!-- ### Features -->
<!--  -->
<!-- ### API -->
<!--  -->
<!-- ### Enhancements -->
<!--  -->
<!-- ### Bugfixes -->
<!--  -->
<!-- ### OpenID Provider -->
<!--  -->
<!-- ### Dependencies -->
<!--  -->

## mytoken 0.4.0

### Features

- Smart Logging: Only log up to a certain log level on default, but on error log everything
- Added User Settings endpoint
- Added possibility for user grants: grants that are not enabled on default, but can be enabled / disabled by a user
  and (might) require additional setup
- Added `ssh` user grant:
  - Can be enabled / disabled at the grants endpoint
  - SSH keys can be added, removed, listed at ssh grant endpoint
  - Added ssh keys can be used to obtain ATs, MTs, and other information (e.g. tokeninfo) through the ssh protocol at
    port `2222`
- Extended capabilities:
  - Some capabilities now have a "path" and "sub"-capabilities, e.g. (`tokeninfo` includes `tokeninfo:introspect`
    and more).
  - Some capabilities have a read only version, e.g. `read@settings`
  - Some capabilities have been renamed, e.g. (`tokeninfo_introspect` -> `tokeninfo:introspect`)

### API

- Changed default redirect type in auth code grant to `native`

### Mytoken

- Added `auth_time` to mytoken

### Enhancements

- Added request ids to response header and logging
- Refactored database; now using stored procedures which should ease database migration
- Moved automatic cleanup of expired database entries to the database
- Support symlinks when reading files

### Security Fixes

- Fixed a bug, where mytokens could be created from any mytoken not only from mytokens with the `create_mytoken`
  capability.

### Bugfixes

- Fixed a bug where restrictions did not behave correctly when multiple subnets were used
- Fixed response type on oidc errors on redirect in the authorization code flow
- Fixed `404` on api paths returning `html` instead of `json`

### Dependencies

- Updated various dependencies to the newest version

### Other

- Dropped the `mytoken-dbgc` tool, now moved to the database

## mytoken 0.3.3

### Mytoken

- Added the name of a mytoken to the JWT.

### API

- Don't redirect from `/.well-known/openid-configuration` to `/.well-known/mytoken-configuration`. Instead returning the
  same content on both endpoints.

### Enhancements

- Removed buttons from webinterface in the tokeninfo tabs. The content now loads directly when switching the tab.
- Removed most need for CDNs; now self-hosting resources.
- Added setup of db database and db user to the setup utility.
- Made Link in the web interface on the create-mytoken page better visible.

### Bugfixes

- Fixed the error returned from the server if no capability for a mytoken was provided.
- Fixed PKCE code verifier length.
- Fixed Datetimepicker issues on consent page.
- Fixed response type if an (oidc) error occures on the redirect step of the authorization code flow.
- Fixed a bug where mytokens that are not yet valid could not be created

## mytoken 0.3.2

- Fixed password prompt for migratedb

## mytoken 0.3.1

- Improved helper tools

## mytoken 0.3.0

### Features

- Changes to the mytoken
  - Added a version to the mytoken token
  - Added token type 'mytoken'
  - Now using a hash value as the subject
- Added Dockerfiles; mytoken can easily run with swarm
- Added OIDC-compatibility for requesting ATs
  - ATs can be requested using the mytoken as the refresh token in a OIDC refresh flow
- Deployment Configuration
  - Added option to set maximum lifetime of mytokens
  - Added option to disable restriction keys 
  - Made request limits configurable
- Changed setup db to new db migration tool
- Added support for token rotation, incl. optional auto revocation
- Added option to set maximum token length when requesting a mytoken

### Webinterface
- Added option to create mytoken in the web interface
- Reworked consent screen
- Added possibility to set scopes and audiences when requesting an AT
- Improvements

### Enhancements
- Using better cryptographic functions
- Set cookie as secure if issuer uses https, indepent of a potential proxy
- Improved packaging
- Improved code base
- Improved error tracebility

### Bugfixes
- Fixed bugs in the webinterface
- Fixed other bugs

### OIDC
- Add PKCE support

### Dependencies
- Bumped several dependencies