I just released version 2.3.4 of the package.
It fixes a critical bug on the authorization code grant. Hoping you did not encounter it, this version looks to be ok. Leave a note if you have any issues.
Thank you @dorgan for having highlighted this.
1 Like
Here is the beta of the 3.0.0 release out.
This version supports Self-Sovereign Identity abilities with the issuance of verifiable credentials and improving security with Pushed Authorization requests and Demonstration of Proof-of-Possession.
The implemented specifications:
- OpenID for Verifiable Credential Issuance
- Self-Issued OpenID Provider v2
- RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)
- RFC 9126 - OAuth 2.0 Pushed Authorization Requests
The verification of credentials is yet to be implemented and will be part of the final 3.0 version.
As usual, feedback is very welcome.
Cheers!
5 Likes
I see that the major version bump. What are the breaking changes?
No breaking changes but the implementation of Self-Sovereign Identity specifications.
2 Likes
@pknoth Sorry if this is not the best place to ask this question, but is there a way to extend the OauthClient schema / use a custom one?
For now, there isn’t. You can setup a one-one relationship with an other table to have additional data to the clients.
That said, depending on your use case, there is the possibility to add an additional_data field to the clients if it makes sense. You can create a GitHub issue if you think it is relevant to go on the discussion there.
Thank you for the reply! How to add this additional_data to a client struct?
1 Like
