[ruby-talk:444712] [ANN] rodauth-oauth 1.6.4 released

[Tiago Cardoso via ruby-talk]

rodauth-oauth 1.6.4 has been released.

rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0
authorization servers, as well as OpenID Authentication Providers.
rodauth-oauth
is certified <https://openid.net/certification/&gt; for the following profiles
of the OpenID Connect™ protocol:

Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, Form Post OP, 3rd
Party Init OP
Session Management OP, RP-Initiated Logout OP, Front-Channel OP,
Back-Channel OP

# as simple as
rodauth do
  enable :oauth_authorization_code_grant
  # or
  enable :oidc
end

Among its features, it supports:

* Authorization Code Grant
* Refresh Token Grant
* Implicit Grant
* Client Credentials Grant
* Device Code Grant
* Token Revocation
* Token Introspection
* Auth Server Metadata
* PKCE
* Resource Indicators
* JWT Access Tokens
* mTLS Client Authentication
* Assertion Framework
* SAML 2.0 Bearer Assertion Grant
* JWT Bearer Assertion Grant
* JWT Secured authorization requests (JAR)
* JWT Secured authorization response mode (JARM)
* Pushed Authorization requests (PAR)
* Demonstrating Proof-of-Possession at the Application Layer (DPoP)
* Dynamic Client Registration
* OpenID
* OpenID Discovery
* OpenID Multiple Response types
* OpenID Self Issued Tokens
* OpenID Connect Dynamic Client Registration
* OpenID Session Management
* OpenID RP Initiated Logout
* OpenID Frontchannel Logout
* OpenID Backchannel Logout

It can also be used with Rails (via the "rodauth-rails" gem).

Website: rodauth-oauth · honeyryder
Documentation: Rodauth OAuth: OAuth 2.0 and OpenID for rodauth
Wiki: Home · Wiki · OS / rodauth-oauth · GitLab
CI: https://gitlab.com/honeyryderchuck/rodauth-oauth/pipeline

These are the release notes since the last update:

### 1.6.4

#### Bugfixes

* on `/userinfo` request, enforce existence of oauth grant before proceeding with the userinfo requests.

#### Chore

* linting + tweaks to example scripts.

### 1.6.3

#### Improvements

* all routes can now be used via rodauth `internal_request` feature.

#### Bugfixes

* `oauth_application_management` feature: fixed "new oauth application" link to account for for prefix usage.

### 1.6.2

#### Bugfixes

* fix oauth_base `supported_response_type?` when `grant_types` column is set in the database, but `response_types` is not.

### 1.6.1

#### Bugfixes

Fixed regressions in rails generated templates:

* some `:oauth_dpop` form fields not being rendered;
* `check_box_tag` rails helper usage was wrongly setting all checkboxes to "checked"

#### Chore

* Updated latest features (`:oauth_dpop`) options documentation.
* rails tests will now exercise the rails generated templates again.