glewlwyd

The "Containment Release"

• Add OAuth2/OIDC authentication scheme to authenticate to Glewlwyd via an external provider
• Add Proof Key for Code Exchange by OAuth Public Clients for OAuth2 and OIDC plugins
• Add token introspection and token revocation for OAuth2 and OIDC plugins
• Add OpenID Connect Dynamic Registration for OIDC plugin
• Add Form Post Response Mode for OIDC plugin
• Allow signed JWT requests using RSA or ECDSA algorithms in /auth or /token endpoints
• Catch close signal in another thread (Closes: #103)
• Fix bug to make Glewlwyd compatible with Apache Module auth_openidc

• Add claims exp and nbf in access tokens (see #99)
• Fix libjwt version required to help Debian Buster users

• Add custom css files so users can safely adapt css to their own identity
• Add packed format support in webauthn scheme
• improve webauthn scheme
• Fix i18n errors and typos
• Add Dutch translation in UI
• Add HTTP Basic Authentication Scheme
• Add defaultScheme option in UI config for passwordless authentication
• Add bind_address option in the config file
• Add possibility for users to remove their own account
• Add plugin Register to allow users to create new accounts
• Add HTTP Basic Auth scheme
• Multiple bugfixes and UI improvements
• Many thanks to all helpers who send feedbacks and bugfixes! Keep running :-)

Official release for Glewlwyd 2.0.0

New features:

• Massive rework for the better good
• Introduction of modules to handle different backend users, clients and authentication scheme
• Backends:
  • Database (user and client)
  • LDAP (user and client)
  • HTTP (user only)
• Schemes:
  • password
  • HOTP/TOTP
  • Code sent by e-mail
  • webauthn
  • TLS Certificate
• Introduction of plugins to handle authentication workflows
  • Legacy OAuth2 workflow
  • OpenID Connect core workflow
• User Interface revamped

Improvements since release 2.0.0-rc2:

• Fix UI bugs
• Fix Microsoft Edge bug
• Add possibility to build UI with Internet Explorer support
• Fix gcc9 warnings
• Add autocomplete="off" and autofocus properties in some input
• Clean UI code a lot by adding most libraries in package.json instead of static files in webapp-src/js
• Use vanilla qrcode-generator instead of jquery.qrcode because the last one embedded the first one, so it was overkill

• Allow to emit certificates for certificate scheme
• Bug fixes and improvements on certificate scheme
• Fix UI bugs
• Fix small backend bugs
• Add docker image
• Add Fail2ban script and config

• Improve documentation
• Improve OpenID Connect core plugin
• Add OpenID Connect discovery
• Add OpenID Connect core requests
• Add OpenID Connect address claims
• Add option max_age for session passwords
• Change OpenID Connect access token payload format to match id_token format
• Fix PostgreSQL database
• TOTP: forbid to use the same code twice
• Allow to use environment variables instead of or in addition to configuration file
• Add scheme TLS certificate
• Allow to use profile picture for users

• Add OpenID Connect core plugin
• Fix lots of bugs and memory leaks
• Add more tests
• Change return type of all modules function *_init() to json_t * so the front-end will know about the error
• Improve documentation

• Fix sample config with correct variable names, fix #57
• Fix webauthn bugs
• Improve documentation
• Fix build on supported platforms
• Fix #59 and add action reset to modules
• Make build and tests reproductible using huddersfield

• Massive rework for the better good
• Introduction of modules to handle different backend users, clients and authentication scheme
• Backends:
  • Database (user and client)
  • LDAP (user and client)
  • HTTP (user only)
• Schemes:
  • password
  • HOTP/TOTP
  • Code sent by e-mail
  • webauthn
• Introduction of plugins to handle authentication workflows
  • Legacy OAuth2 workflow
• User Interface revamped

• Small bugfixes
• Clean some memory leaks

• Add Travis CI script
• Fix http_auth backend

• Adapt Glewlwyd build to the new version of the underlying libraries: orcania, yder, hoel, ulfius (thanks ythogtha!)
• Improve doc about front-end pages, as mentionned in #46, and fix libjwt install doc

• Fix client confidential bug in code authorization flow, thanks to Bisco
• Improve Documentation

• Add current token scope list in the api /api/profile when authenticated with the OAuth2 token
• Fix issue in client_check that made it not check properly if a client is authorized or not
• Remove auth_type code for g_admin client, because it inly uses token

• LDAP search error more verbose
• LDAP search with pagination
• Fix users and clients lists bugs

• Add option auth_code_match_ip_address to prevent glewlwyd to check the match of the ip address that requested a code and the ip address that requested the refresh token
• Fix bug with confidentials clients that were not able to get refresh tokens
• Fix bug that made Glewlwyd crash when try to add users and ldap auth was disabled

Update libraries dependency versions

• Add LDAP config properties search_scope, scope_property_user_match and scope_property_client_match
• Add Debian hardening patch on Makefile
• Add journald log mode

• Fix client_credentials bug
• Move documentation to /docs