Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
OTHER License
Bot releases are visible (Hide)
user_backend_api_run_enabled
, user_middleware_backend_api_run_enabled
, client_backend_api_run_enabled
, scheme_api_run_enabled
to list authorized backend or schemes for a Glewlwyd instanceoriginating_ip_header
to specify the header value containg the originating IP address, if anyresponse_body_limit
and max_header
to limit download sizes when relevantPublished by babelouest almost 2 years ago
-Wconversion
Published by babelouest about 2 years ago
Published by babelouest about 2 years ago
This release contains a security fix in the library rhonabwy. If you allow encrypted tokens using RSA-OAEP algorithms, please upgrade your Glewlwyd version.
login_api_enabled
to enable/disable authentication APIsplugin_api_run_enabled
to list authorized plugins for a Glewlwyd instancePublished by babelouest over 2 years ago
response_allowed_compression
to enable/disable API response compressionadmin_session_authentication
to enable/disable admin API authentication methods, API key is disabled by defaultprofile_session_authentication
to enable/disable user profile API authentication methodsallow_multiple_user_per_session
to enable/disable multiple users per sessionPublished by babelouest over 2 years ago
cookie_same_site
and max_post_size
glewlwyd_resource.c
bug with token verificationPublished by babelouest over 2 years ago
The "Third dose Release"
issued_for
recordsusername
as claim in the access tokenPublished by babelouest over 2 years ago
This is a security release, if you use the webauthn scheme, please upgrade your Glewlwyd version.
Published by babelouest almost 3 years ago
This is a security release, please upgrade your Glewlwyd version.
plugin_user_revoke
in pluginsadd_x_frame_option_header_deny
to allow removing header X-Frame-Options: deny
Published by babelouest almost 3 years ago
The "Green Zone Release"
Published by babelouest about 3 years ago
Published by babelouest over 3 years ago
Published by babelouest almost 4 years ago
Published by babelouest almost 4 years ago
identify
action to authenticate via schemes oauth2 or certificate without giving the usernamerestrict-scope-client-property
to restrict a client to certain scopes if neededPublished by babelouest almost 4 years ago
The "Recontainment Release"
aud
property to fit JWT access token specgzip
or deflate
when relevantPublished by babelouest about 4 years ago
The "Second Wave Release"
client_id
and redirect_uri
on grant scopeparameters
object on *_load()
functions resultnone
by defaultid_token
and /userinfo
/mod/reload/
to reload modules listsPublished by babelouest about 4 years ago
Published by babelouest over 4 years ago
readdir()
, closes #150Published by babelouest over 4 years ago
Published by babelouest over 4 years ago
The "Saint-Jean-Baptiste Release"
redirect_uri
check to make Glewlwyd OIDC plugin conform to OAuth 2.0 for Native Apps specificationid_token
in response type password
when the scope openid
is addedpassword
by default for OIDC plugin configopenid
is assumed to be always granted to clients for OIDC pluginone-time-use
refresh token option