Skip to content

2.5.0
Compare
Choose a tag to compare
@ramosbugs ramosbugs released this 11 Jan 22:49
· 3 commits to support/2.x since this release
2.5.0
0db8ad1

New Features

  • Ignore unrecognized signature algorithms, encryption algorithms, and public keys when parsing provider metadata and JWK sets (#99).

    Previously, this crate would return a deserialization error if it encountered any unrecognized signature/encryption algorithms or public keys in the ProviderMetadata and JsonWebKeySet. This release changes the behavior to instead ignore these unexpected values, with the aim of improving compatibility with OIDC providers that support other algorithms but don't necessarily use them to sign JWTs. The OIDC spec allows for new algorithms and key types to be used, so these OIDC providers are fully compliant with the spec.

  • Propagate signature algorithms from OIDC discovery to token verifier (#87). Previously, these had to be configured manually when instantiating the token verifier.

Bug Fixes

  • Use serde_plain instead of the oauth2 crate's variant_name helper to convert algorithm names and other values to strings. This should ensure compatibility with arbitrary Serialize implementations for these types.

Other Changes

  • Replace constant time from ring with subtle in preparation for removing ring entirely in 3.0 (#89).
Assets 2
Loading