0.0.4 (13/6/2020)

Features

Token introspection

rodauth-oauth now ships with an introspection endpoint (/oauth-introspect).

Authorization Server Metadata

rodauth-oauth now allows to define an authorization metadata endpoint, which has to be defined at the route of the router:

route do |r|
  r.rodauth
  rodauth.oauth_server_metadata
  ...

JWKs URI

the oauth_jwt feature now ships with an endpoint, /oauth-jwks, where client applications can retrieve the JWK set to verify generated tokens.

JWT access tokens as authorization grants

The oauth_jwt feature now allows the usage of access tokens to authorize the generation of new tokens, as per the RFC;

Improvements

Bugfixes