rodauth-oauth 1.6.4 has been released. rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0 authorization servers, as well as OpenID Authentication Providers. rodauth-oauth is certified <https://openid.net/certification/>; for the following profiles of the OpenID Connect™ protocol: Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, Form Post OP, 3rd Party Init OP Session Management OP, RP-Initiated Logout OP, Front-Channel OP, Back-Channel OP # as simple as rodauth do enable :oauth_authorization_code_grant # or enable :oidc end Among its features, it supports: * Authorization Code Grant * Refresh Token Grant * Implicit Grant * Client Credentials Grant * Device Code Grant * Token Revocation * Token Introspection * Auth Server Metadata * PKCE * Resource Indicators * JWT Access Tokens * mTLS Client Authentication * Assertion Framework * SAML 2.0 Bearer Assertion Grant * JWT Bearer Assertion Grant * JWT Secured authorization requests (JAR) * JWT Secured authorization response mode (JARM) * Pushed Authorization requests (PAR) * Demonstrating Proof-of-Possession at the Application Layer (DPoP) * Dynamic Client Registration * OpenID * OpenID Discovery * OpenID Multiple Response types * OpenID Self Issued Tokens * OpenID Connect Dynamic Client Registration * OpenID Session Management * OpenID RP Initiated Logout * OpenID Frontchannel Logout * OpenID Backchannel Logout It can also be used with Rails (via the "rodauth-rails" gem). Website: rodauth-oauth · honeyryder <https://honeyryderchuck.gitlab.io/rodauth-oauth/> Documentation: Rodauth OAuth: OAuth 2.0 and OpenID for rodauth <https://honeyryderchuck.gitlab.io/rodauth-oauth/rdoc/> Wiki: Home · Wiki · OS / rodauth-oauth · GitLab <https://gitlab.com/honeyryderchuck/rodauth-oauth/wikis/home> CI: https://gitlab.com/honeyryderchuck/rodauth-oauth/pipeline These are the release notes since the last update: ### 1.6.4 #### Bugfixes * on `/userinfo` request, enforce existence of oauth grant before proceeding with the userinfo requests. #### Chore * linting + tweaks to example scripts. ### 1.6.3 #### Improvements * all routes can now be used via rodauth `internal_request` feature. #### Bugfixes * `oauth_application_management` feature: fixed "new oauth application" link to account for for prefix usage. ### 1.6.2 #### Bugfixes * fix oauth_base `supported_response_type?` when `grant_types` column is set in the database, but `response_types` is not. ### 1.6.1 #### Bugfixes Fixed regressions in rails generated templates: * some `:oauth_dpop` form fields not being rendered; * `check_box_tag` rails helper usage was wrongly setting all checkboxes to "checked" #### Chore * Updated latest features (`:oauth_dpop`) options documentation. * rails tests will now exercise the rails generated templates again.