Issues
 | Release 3.3.0 | Unassigned | Henri Mikkonen |  | Completed | Nov 29, 2022 | Nov 29, 2022 | ||||
| Add internal proxies for HttpServletRequest and Response | Unassigned | Henri Mikkonen | | Done | Nov 25, 2022 | Nov 25, 2022 | ||||
 | Add property for defining c14n flows for the OAuth2Client flow | Unassigned | Henri Mikkonen | | Done | Nov 25, 2022 | Nov 25, 2022 | ||||
| Provide temporary method for other plugins to inject relying-party beans | Unassigned | Henri Mikkonen | | Done | Nov 24, 2022 | Nov 25, 2022 | ||||
| KeySet and Configuration audit logging missing informative response binding value | Unassigned | Philip Smart | | Fixed | Nov 23, 2022 | Nov 25, 2022 | ||||
| Configuration options for OIDC signature validation | Unassigned | Simone Avogadro | | Fixed | Nov 23, 2022 | Nov 25, 2022 | ||||
| Enable OP flow inheritance by other plugins | Unassigned | Henri Mikkonen | | Done | Nov 16, 2022 | Nov 25, 2022 | ||||
| endpointURI logging issue | Unassigned | Lambertz, Björn |  | Fixed | Nov 15, 2022 | Nov 25, 2022 | ||||
| Allow customization for mappedErrors of OP flows | Unassigned | lorenzo.ferrigno | | Done | Nov 10, 2022 | Nov 25, 2022 | ||||
| Improve customization methods for the configuration flow | Unassigned | Henri Mikkonen | | Done | Nov 1, 2022 | Nov 29, 2022 | ||||
 | Logging of missing relying party ID is confusing | Unassigned | Scott Cantor | | Fixed | Oct 24, 2022 | Oct 24, 2022 | ||||
| Remove dependency on Gson library | Unassigned | Henri Mikkonen | | Done | Oct 13, 2022 | Oct 13, 2022 | ||||
| Custom response header filter should be updated or removed | Unassigned | Scott Cantor | | Unresolved | Oct 3, 2022 | Oct 3, 2022 | ||||
 | Support OAuth authorization requests | Unassigned | Henri Mikkonen | | Completed | Sep 16, 2022 | Nov 29, 2022 | ||||
| Include sid claim in id_token | Unassigned | Henri Mikkonen | | Done | Sep 16, 2022 | Nov 4, 2022 | ||||
| The scope identifier does not work in audit logging | Unassigned | Henri Mikkonen | | Fixed | Sep 2, 2022 | Oct 7, 2022 | ||||
| OIDC Client Information Resolver unknown behaviour | Unassigned | Philip Smart | | Unresolved | Aug 16, 2022 | Aug 16, 2022 | ||||
| refresh_token & audience | Unassigned | Florian Ritterhoff | | Fixed | Aug 14, 2022 | Oct 7, 2022 | ||||
| create scope predicate for use in activation conditions | Unassigned | Liam Hoekenga | | Completed | Aug 8, 2022 | Oct 19, 2022 | ||||
| Support jwk or jku in encrypted JWT headers | Unassigned | Philip Smart | | Unresolved | Aug 4, 2022 | Aug 19, 2022 | ||||
| Logging messages for No allowed audiences for client warn => debug | Unassigned | Simone Avogadro | | Fixed | Jul 21, 2022 | Oct 7, 2022 | ||||
| userinfo error response for revoked token should be invalid_token, not invalid_request | Unassigned | Matteo Perego | | Fixed | Jul 8, 2022 | Oct 7, 2022 | ||||
| Release 3.2.1 | Unassigned | Henri Mikkonen | | Completed | Jul 7, 2022 | Jul 7, 2022 | ||||
| Take clock skew into account in revocation lifetimes | Unassigned | Henri Mikkonen | | Fixed | Jul 6, 2022 | Jul 7, 2022 | ||||
| Permit token without redirect_uri when client has registered only one redirect_uri | Unassigned | Matteo Perego | | Done | Jul 4, 2022 | Jul 7, 2022 | ||||
| Release 3.2.0 | Unassigned | Henri Mikkonen | | Done | Jun 30, 2022 | Jun 30, 2022 | ||||
| Single broken key in JwksData (SAML metadata) makes whole keyset invalid | Unassigned | Henri Mikkonen | | Unresolved | Jun 23, 2022 | Jun 29, 2022 | ||||
| Stricter-then-standard parameter checking | Unassigned | Simone Avogadro | | Won't Do | May 30, 2022 | May 31, 2022 | ||||
| PROTOCOL_MESSAGE.OAUTH2 log appender to trace all the exchanged protocol messages | Unassigned | Simone Avogadro | | Done | May 30, 2022 | Nov 25, 2022 | ||||
| Support manipulating claims encoded inside authz code and tokens | Unassigned | Henri Mikkonen | | Done | May 27, 2022 | Jun 17, 2022 | ||||
| Support Direct Encryption for JWE encryption / decryption | Unassigned | Philip Smart | | Unresolved | May 27, 2022 | Aug 18, 2022 | ||||
| Plugin idea and implications | Unassigned | Simone Avogadro | | Unresolved | May 24, 2022 | May 24, 2022 | ||||
| Documentation: functions to sign/encrypt/decrypt JWTs | Unassigned | Simone Avogadro | | Unresolved | May 24, 2022 | May 24, 2022 | ||||
| IDTokenLifetime property misspelled in metadata-backed wiring | Unassigned | Scott Cantor | | Fixed | May 20, 2022 | May 20, 2022 | ||||
| SAML Metadata for OIDC does not support space delimiter in response_types | Unassigned | Sam Bennett | | Fixed | May 19, 2022 | Jun 21, 2022 | ||||
| Release 3.1.2 | Unassigned | Henri Mikkonen | | Completed | May 17, 2022 | May 17, 2022 | ||||
| Support to manipulate claims within the ID_Token | Unassigned | Simone Avogadro | | Done | May 10, 2022 | Jun 10, 2022 | ||||
| Token rotation: revocation flooding | Unassigned | Simone Avogadro | | Unresolved | May 3, 2022 | Jun 28, 2022 | ||||
| Introspection and revocation endpoint authentication failing with private_key_jwt | Unassigned | Simone Avogadro | | Fixed | May 2, 2022 | May 17, 2022 | ||||
| TokenDeliveryClaimsClaimsSet class seems unneeded | Unassigned | Scott Cantor | | Done | Apr 27, 2022 | Jun 14, 2022 | ||||
| Releasing IAT, EXP and NBF claims from the UserInfo endpoint | Unassigned | Simone Avogadro | | Won't Do | Apr 22, 2022 | Apr 26, 2022 | ||||
| Support OAuth 2.0 Authorization Server Issuer Identification as per RFC9207 | Unassigned | Simone Avogadro | | Completed | Apr 22, 2022 | Jun 15, 2022 | ||||
| OIDC Access token using RFC 9068 "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens" on Authorization Code Flow with PKCE | Unassigned | Simone Avogadro | | Duplicate | Apr 22, 2022 | Apr 22, 2022 | ||||
| support C_HASH in ID_Token also for Authorization Code Flow with PKCE | Unassigned | Simone Avogadro | | Answered | Apr 22, 2022 | Jun 15, 2022 | ||||
| Still unable to request a claim to be placed in the ID_token | Unassigned | Simone Avogadro | | Fixed | Apr 22, 2022 | May 17, 2022 | ||||
| Release 3.1.1 | Unassigned | Henri Mikkonen | | Completed | Apr 21, 2022 | Apr 26, 2022 | ||||
| Missing oauth2-authn-config.xml breaks on Windows | Unassigned | Scott Cantor | | Fixed | Apr 20, 2022 | May 16, 2022 | ||||
| Windows compatibility in spring inport | Unassigned | Simone Avogadro | | Duplicate | Apr 20, 2022 | Apr 20, 2022 | ||||
| Support for refresh token rotation | Unassigned | Simone Avogadro | | Done | Apr 19, 2022 | Jun 30, 2022 | ||||
| Public clients are not able to access the token endpoint | Unassigned | Ryan Larscheidt | | Fixed | Apr 18, 2022 | May 16, 2022 |
1-50 of 140