Versions Compared

Old Version 7

changes.mady.by.user Tom Zeller

Saved on

compared with

New Version 8

changes.mady.by.user Philip Smart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-227

    • Very simple to fix but was time-consuming to find

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-200

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-225

      • New lookup functions serve PAR and JAR (request-object logic) in a thread-safe fashion

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-229

      • Previously the invalid scopes have simply been filtered out

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-231

    • Switched the workaround for the Nimbus' resource parameter handling

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-230

Ian

John

Marvin

Phil

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-29

    • Any error when canonicalizing the username input into the registration flow is just ignored. It is only used as a way to indicate if the user has FIDO credentials for the MFA logic to use.

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-27
    (Dev branch)

    • Added customisable policies to accept or reject authenticators that create credentials during registration e.g. authenticator provider allow list

      • Can not yet do this on the supported options (such as UserVerification) of an authenticator in metadata, the metadata spec is wrong and the Yubico libraries are out of synch with it.

    • Added customisable ‘Inspectors’ that can inspect the authenticator during registration and record capabilities/properties in the credential that gets stored. For example, this authenticator (software say) should only be allowed as a second factor and not a sole factor.

    • Adding a policy engine for rejecting authenticators/credentials being used during authentication e.g. this is a sole factor authentication, but this credential was created by an authenticator that can only be used as a second factor.

Rod

Its all about the Jetty plugin.

...