v0.2.0

New features:

• Added support for more signing algorithms, notably Ed25519, ES256, PS256, but also ES384, PS384, PS512, RS384, RS512.

• The providers config section can now also be a list (instead of a map), in which case a name is derived from issuer.

Breaking changes:

• Diridp now incorporates the ring crate, which introduces portions of code using the OpenSSL license to the diridp build.

• It is now required to define signing keys for providers in configuration. The previous default was hardcoded RS256, and you may keep using this type of signing key by simply adding the following to your provider config:

  keys:
    - alg: RS256

• Some provider configuration properties have been moved to be made per signing key:

  • providers[].keys_dir -> providers[].keys[].dir
  • providers[].key_lifespan -> providers[].keys[].lifespan
  • providers[].key_publish_margin -> providers[].keys[].publish_margin

• The default location of signing keys on disk has changed. If you relied on the default location (ie. did not override it using keys_dir), you should move your old keys to the new location to prevent accidental rekeying:

  cd /var/lib/diridp/PROVIDER/keys
  mkdir RS256
  mv index.json key-*.pem RS256/

v0.1.1

• Fixed token check failing when creation time is not available. Now falls back to modification time.
• Set ProtectHome in systemd unit when sandboxing.
• Fixed NixOS module virtual host logic.
• Fixed Cargo metadata, now also publishing on crates.io.

v0.1.0

• Initial release