We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
- Institution SSO migration
- Updated institutions-auth.xsl for kuleuven
- Updated copyright year 2021
- Supports the department attribute for institution SSO
- Added postman tests for testing SAML institutions
- Fixed key uniqueness of institution login URL map for shared-SSO
- Updated institutions-auth.xsl to normalize princeton and brown attributes
- Added extra logging for shared-SSO attribute isMemberOf for thepolicylab
- Supports CenterForOpenScience/osf.io#9484
- Supports CenterForOpenScience/osf.io#9447
- Fixed ORCID login failure due to OAuth profile timeout
- Fixed an issue that OSF developer apps may take over branded info on the login page by decreasing registered service evaluation order to the lowest for OAuth apps
- Fixed broken OKState SSO due to multi-factor update at their end
- Ignored non-String and multi-value attributes for institutions using CAS-pac4j based SSO
- Improved logging for pac4j auth delegation
- Added automatic institution selection
- Fixed branded sign-in for frenxiv
- Fixed heading for authorization failure page
- Improved generic login success page
- Move all OSF-customized auth exceptions to their decidated package
- Split the general institution login exception into three specialized ones
- Fixed an issue where the institution exception may be thrown for general OAuth failures
- Rewrite JavaDoc, comments, log messages and auth exceptions for non-interative login actions
- OSF TOTP model change: the "deleted" field is now a timestamp (which was a boolean)
- Update institutions-auth.xsl to normalize BT attributes
- Add Concordia College to institution SSO via CAS
- Branded sign-in for HSRxiv
- Fixed user status check for new unconfirmed ORCiD user
- Updated the institution SSO guide for both SAML and CAS
- Added a guide for common apache / shibboleth errors
- Update copyright year: 2020
- Branded sign-in for BioHackrXiv
- Add UBC Prod and Test to institutions-auth.xsl
- Gracefully handle exceptions during delegated login using pac4j-1.7.x
- Add / Update / Fix Apache 2.0 license header
- Update SSO for California Lutheran University
- Fix change log for 19.2.1
- Add callutheran2 to institutions-auth.xsl
- Manually set Prefix URL for pac4j CAS clients
- Update the column name for OSF TOTP / 2FA model:
deleted->is_deleted - Refactor JavaDoc, comments and code style for the OAuth module
- Refactor the main readme and add several new guides
- Fixed ORCiD login for local development
- Enable TODO comments
- Update CAS login URL for callutheran
- Add callutheran to inst attr map
Update inst attr map (base and unc) and tweak PR template
Update CAS for OSF token-scope relationship model change.
- Add M2M relationship between PAT and scope
- Add scopeId and isPublic to the scope model
- Remove scopes from the PAT model
- Update OSF DAO and its implementation
- Query token-scope by token's PK
- Query scope by scope's PK Update PAT handler
- Update the PR template
- Add the authors list
- Fixed type in readme
- Update TCI to switch from oraclejdk8 to openjdk8
- Fix oraclejdk8 build failure on travis
- Add branded login support for indiarxiv
- Add branded login support for edarxiv
- Add branded login support for metaarxiv
- Update logo for bodoarxiv
- Add branded login support for bodoarxiv
- Update copyright year for 2019
- Improve login context and login handler
- Add branded login support for mediarxiv
- Allow empty REMOTE_UESR header during institution auth
- Support OSF signup via ORCiD login
- Add branded login support for ecoevorxiv and banglarxiv
- Fix typo in CHANGELOG.md
- Add CHANGELOG.md
- Fix the infinite loop caused by invalid verification key