I just released version 2.3.4 of the package.
It fixes a critical bug on the authorization code grant. Hoping you did not encounter it, this version looks to be ok. Leave a note if you have any issues.
Thank you @dorgan for having highlighted this.
1 Like
Here is the beta of the 3.0.0 release out.
This version supports Self-Sovereign Identity abilities with the issuance of verifiable credentials and improving security with Pushed Authorization requests and Demonstration of Proof-of-Possession.
The implemented specifications:
- OpenID for Verifiable Credential Issuance
- Self-Issued OpenID Provider v2
- RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)
- RFC 9126 - OAuth 2.0 Pushed Authorization Requests
The verification of credentials is yet to be implemented and will be part of the final 3.0 version.
As usual, feedback is very welcome.
Cheers!
5 Likes
I see that the major version bump. What are the breaking changes?
No breaking changes but the implementation of Self-Sovereign Identity specifications.
2 Likes
