Issues
 | Support manipulating claims encoded inside authz code and tokens | Unassigned | Henri Mikkonen |  | Unresolved | May 27, 2022 | May 27, 2022 | ||||
| Support Direct Encryption for JWE encryption / decryption | Unassigned | Philip Smart | | Unresolved | May 27, 2022 | May 27, 2022 | ||||
| Plugin idea and implications | Unassigned | Simone Avogadro | | Unresolved | May 24, 2022 | May 24, 2022 | ||||
| Documentation: functions to sign/encrypt/decrypt JWTs | Unassigned | Simone Avogadro | | Unresolved | May 24, 2022 | May 24, 2022 | ||||
 | IDTokenLifetime property misspelled in metadata-backed wiring | Unassigned | Scott Cantor | | Fixed | May 20, 2022 | May 20, 2022 | ||||
 | SAML Metadata for OIDC does not support space delimiter in response_types | Unassigned | Sam Bennett | | Fixed | May 19, 2022 | May 26, 2022 | ||||
 | Release 3.1.2 | Unassigned | Henri Mikkonen | | Completed | May 17, 2022 | May 17, 2022 | ||||
| Support to manipulate claims within the ID_Token | Unassigned | Simone Avogadro | | Unresolved | May 10, 2022 | May 20, 2022 | ||||
| Introspection and revocation endpoint authentication failing with private_key_jwt | Unassigned | Simone Avogadro | | Fixed | May 2, 2022 | May 17, 2022 | ||||
| TokenDeliveryClaimsClaimsSet class seems unneeded | Unassigned | Scott Cantor | | Unresolved | Apr 27, 2022 | Apr 27, 2022 | ||||
| Releasing IAT, EXP and NBF claims from the UserInfo endpoint | Unassigned | Simone Avogadro | | Won't Do | Apr 22, 2022 | Apr 26, 2022 | ||||
| Support OAuth 2.0 Authorization Server Issuer Identification as per RFC9207 | Unassigned | Simone Avogadro | | Unresolved | Apr 22, 2022 | May 20, 2022 | ||||
| OIDC Access token using RFC 9068 "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens" on Authorization Code Flow with PKCE | Unassigned | Simone Avogadro | | Duplicate | Apr 22, 2022 | Apr 22, 2022 | ||||
| support C_HASH in ID_Token also for Authorization Code Flow with PKCE | Unassigned | Simone Avogadro | | Unresolved | Apr 22, 2022 | May 20, 2022 | ||||
| Still unable to request a claim to be placed in the ID_token | Unassigned | Simone Avogadro | | Fixed | Apr 22, 2022 | May 17, 2022 | ||||
| Release 3.1.1 | Unassigned | Henri Mikkonen | | Completed | Apr 21, 2022 | Apr 26, 2022 | ||||
| Missing oauth2-authn-config.xml breaks on Windows | Unassigned | Scott Cantor | | Fixed | Apr 20, 2022 | May 16, 2022 | ||||
| Windows compatibility in spring inport | Unassigned | Simone Avogadro | | Duplicate | Apr 20, 2022 | Apr 20, 2022 | ||||
| Support for refresh token rotation | Unassigned | Simone Avogadro | | Unresolved | Apr 19, 2022 | May 16, 2022 | ||||
| Public clients are not able to access the token endpoint | Unassigned | Ryan Larscheidt | | Fixed | Apr 18, 2022 | May 16, 2022 | ||||
| Revocation of individual tokens | Unassigned | Scott Cantor | | Unresolved | Apr 15, 2022 | Apr 15, 2022 | ||||
| Inbound and outbound interceptor flows are not wired to the OIDC flows | Unassigned | Henri Mikkonen | | Fixed | Apr 11, 2022 | Apr 15, 2022 | ||||
| Honoring semantics for forceAuthn flag in the same manner as SAML | Unassigned | Simone Avogadro | | Fixed | Apr 7, 2022 | Apr 15, 2022 | ||||
| Hashed IdP Session ID audit log token for OIDC | Unassigned | Ryan Larscheidt | | Fixed | Apr 2, 2022 | Apr 15, 2022 | ||||
| Facilitate login_hint sanitization | Unassigned | Henri Mikkonen | | Done | Mar 31, 2022 | Apr 15, 2022 | ||||
| Submission: LocalDynamicClientInformationResolver | Unassigned | Simone Avogadro | | Unresolved | Mar 25, 2022 | Mar 25, 2022 | ||||
| OIDC SSO happens even with different ACR | Unassigned | Simone Avogadro | | Invalid | Mar 18, 2022 | Mar 25, 2022 | ||||
| Admin flow to read/delete client registrations | Unassigned | Scott Cantor | | Done | Mar 17, 2022 | Apr 15, 2022 | ||||
| Dyn.reg. profile config setting secretExpirationPeriod is not honored | Unassigned | Henri Mikkonen | | Fixed | Mar 17, 2022 | Apr 15, 2022 | ||||
| Profile config flag refreshTokensEnabled not honored by the token flow | Unassigned | Henri Mikkonen | | Fixed | Mar 17, 2022 | Apr 15, 2022 | ||||
| Extension of well-known configuration | Unassigned | Florian Ritterhoff | | Done | Mar 14, 2022 | Apr 15, 2022 | ||||
| Claims-parameter in the authn request only affects attribute filtering | Unassigned | Henri Mikkonen | | Fixed | Mar 11, 2022 | Apr 15, 2022 | ||||
| Wrong JSONObject type when decoding claims from Signed JAR Authentication request | Unassigned | Simone Avogadro | | Fixed | Mar 9, 2022 | Apr 15, 2022 | ||||
| Support resource owner password grant | Unassigned | Scott Cantor | | Unresolved | Feb 23, 2022 | Mar 17, 2022 | ||||
| Facilitate custom response header settings (e.g. CORS) | Unassigned | Henri Mikkonen | | Completed | Feb 18, 2022 | Apr 15, 2022 | ||||
| Logging ID for flows is defined globally instead of per-flow. | Unassigned | Scott Cantor | | Fixed | Jan 31, 2022 | Apr 15, 2022 | ||||
| Release 3.0.4 | Unassigned | Henri Mikkonen | | Done | Jan 31, 2022 | Feb 1, 2022 | ||||
| Support for requests by reference is unconstrained | Unassigned | Scott Cantor |  | Fixed | Jan 28, 2022 | Jan 31, 2022 | ||||
| Expand the set of supported claims in dynamic client registration | Unassigned | Henri Mikkonen | | Done | Jan 14, 2022 | Apr 15, 2022 | ||||
| Lack of openid scope in metadata doesn't prevent id_token issuance | Unassigned | Scott Cantor | | Fixed | Jan 5, 2022 | Apr 15, 2022 | ||||
| Scope handling changes to accomodate client_credentials grant | Unassigned | Scott Cantor | | Done | Jan 4, 2022 | Apr 15, 2022 | ||||
| Release 3.0.3 | Unassigned | Henri Mikkonen | | Done | Jan 3, 2022 | Feb 1, 2022 | ||||
| Request object (JWT) validation is incomplete | Unassigned | Henri Mikkonen | | Fixed | Dec 30, 2021 | Mar 17, 2022 | ||||
| Introspection and revocation flows don't support SAML metadata | Unassigned | Henri Mikkonen | | Fixed | Dec 22, 2021 | Mar 17, 2022 | ||||
| Mutual TLS client authentication | Unassigned | Scott Cantor | | Unresolved | Dec 20, 2021 | Mar 17, 2022 | ||||
| JWT client authentication support is incomplete | Unassigned | Scott Cantor | | Fixed | Dec 20, 2021 | Mar 17, 2022 | ||||
| Refactor client authentication on OAuth2 endpoints into a login flow | Unassigned | Scott Cantor | | Done | Dec 14, 2021 | Apr 15, 2022 | ||||
| Missing required PKCE code challenges should raise an error in the authorization endpoint | Unassigned | Henri Mikkonen | | Fixed | Dec 10, 2021 | Apr 15, 2022 | ||||
| Profile config for bypassing attribute resolution not honored | Unassigned | Scott Cantor | | Done | Dec 9, 2021 | Apr 15, 2022 | ||||
| Support metadata policies in the dyn. reg. profile configuration | Unassigned | Henri Mikkonen | | Completed | Dec 3, 2021 | Apr 15, 2022 |
1-50 of 110